Professional Documents
Culture Documents
AUDIT –
AUDIT – AN
AN OVERVIEW
THE PROFESSIONAL
PROFESSIONAL STANDARDS
STANDARDS
THE AUDITOR’S RESPONSIBILITY
RESPONSIBILITY
THE AUDIT PROCESS –
PROCESS – ACCEPTING
ACCEPTING AN ENGAGEMENT
AUDIT PLANNING
CONSIDERATION
CONSIDERATION OF INTERNAL CONTROL
AUDITING IN AN COMPUTERIZED ENVIRONMENT
ENVIRONMENT
PERFORMING SUBSTANTIVE TESTS
AUDIT SAMPLING
COMPLETING THE AUDIT
AUDIT REPORTS ON FINANCIAL STATEMENTS
STATEMENTS
ASSURANCE AND RELATED SERVICES
THE CODE OF ETIHICS AND REPUBLIC ACT 9298
AUDIT –
AUDIT – AN
AN OVERVIEW
An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about
“
economic actions and events to ascertain the degree of correspondence between the assertions and established
criteria and communicating
criteria and communicating the results to interested users.”
users.” – AASC
AASC
Types of Audit
1. Financial Statement Audit – audit conducted to determine whether the FSs of an entity are fairly presented
with an identified financial reporting framework. (Conducted by EXTERNAL AUDITORS )
2. Compliance Audit – a review of an organization’s procedures to determine whether the organization adhered
to specific procedures, rules, contracts, or regulations . (Conducted usually by GOVERNMENT
GOVERNMENT AUDITORS)
3. Operational Audit –
Audit – study of a specific unit of the organization for the purpose of measuring its performance.
(Conducted usually by INTERNAL AUDITORS )
MANAGEMENT is responsible for preparing and presenting the FSs in accordance with the financial reporting
framework.
The AUDITOR’S RESPONSIBILITY
RESPONSIBILITY is to form and express an opinion on the FSs based on his audit.
An audit conducted with PSA is designed to provide only REASONABLE ASSURANCE that the FSs taken as a
whole are free from material misstatements.
Limitations of an Audit
1. Conflict of Interest
2. Expertise
3. Remoteness
4. Financial Consequences
Theoretical Framework of Auditing (Assumptions or Ideas that Support the Audit Function)
Opinion
PHILIPPINE
PHILIPPINE STANDARDS ON AUDITING (PSA)
The Philippine Standard on Auditing (PSA) establishes the independent auditor’s overall responsibilities when
conducting an audit of financial statements in accordance with PSAs. These are issued by AASC as interpretations to
GAAS.
Quality controls are policies and procedures adopted by CPAs to provide reasonable assurance of conforming to
professional standards in performing audit and related services.
1. Leadership Responsibilities
Responsibilities for Quality on Audits
2. Ethical Requirements (Integrity, Objectivity, Professional Competence & Due Care, Confidentiality, Professional
Behavior)
3. Independence
4. Acceptance and Continuance of Client Relationships
5. Human Resources and Assignment (Recruitment, Performance evaluation, Capabilities, Career Dev’t,
Engagement Team Assignment)
6. Engagement Performance (Direction, Supervision, Review, Consultation, Engagement Quality Control Review,
Differences of Opinion)
7. Monitoring
The government thru the Professional Regulatory Board of Accountancy (BOA) has required all CPA firms and individual
CPA firms and individual CPAs in public practice to obtain a certificate of accreditation to practice public accountancy.
AUDITOR’S RESPONSIBILITY
The auditor’s responsibility is to design the audit to provide reasonable assurance of detecting material
misstatements in the FSs. These misstatements may emanate from:
Error
Fraud
Noncompliance with Laws and Regulations
FRAUD – refers to intentional act by one or more individuals among management, employees, or third parties which results in
misrepresentation of financial statements.
Types of Fraud:
1. Management Fraud/ Fraudulent Financial Reporting – involves intentional misstatements or omissions of amounts
or disclosures, usually done by members of management or those charged with governance.
Examples: manipulation of documents or records, misrepresentation of effects of transactions, recording of
transactions w/o substance, intentional application of accounting policies
2. Employee Fraud/ Misappropriation of assets – fraud that is accompanied by false or misleading records in order to
conceal the fact that assets are missing.
Examples: embezzling receipts, stealing entity’s assets, lapping of AR
AUDITOR’S RESPONSIBILITY:
The auditor is not and cannot be held responsible for the prevention of fraud and error . The auditor’s responsibility is to
design the audit to obtain reasonable assurance that the FS are free from material misstatements whether caused by error or
fraud.
1. Make inquiries of 3. Perform procedures necessary to 5. The auditor should obtain a written
management about determine whether material representation from the client’s
possibility of misstatement misstatements exist. management
2. Assess the risk that
4. Consider whether such a 6. When the auditor believes that
fraud/error may cause the
misstatement resulted from error or material error/fraud exists, he should
FS to contain material
fraud. (Errors will only result to request the mgmt. to revise the FS .
misstatements.
adjustment of FS but fraud may have
7. If the auditor is unable to evaluate the
other implications on an audit)
effect of fraud on FS, the auditor should
either qualify or disclaim his opinion on
the FS.
NONCOMPLIANCE WITH LAWS AND REGULATIONS – refers to acts or commission by the entity being audited, either
intentional or intentional, which are contrary to the prevailing laws or regulations.
Examples: Tax evasion, violation of environmental protection laws, inside trading of securities, violation of SEC
requirements
MANAGEMENT’S RESPONSIBILITY (PSA 250) – to ensure that the entity’s operations are conducted in accordance with laws
and regulations. The responsibility for the prevention and detection of noncompliance rests with management.
AUDITOR’S RESPONSIBILITY:
An audit cannot be expected to detect noncompliance with all laws and regulations . Nevertheless, the auditor should
recognize that noncompliance by the entity with laws and regulations may materially affect the FS.
PLANNING PHASE TESTING PHASE COMPLETION PHASE
1. Obtain a general 4. When the auditor is aware 6. The auditor should obtain a written
understanding of the legal concerning instance of representation from the client’s
and regulatory framework noncompliance, evaluate the management.
applicable to entity possible effect on the FS.
2. Design procedures to help 7. When the auditor believes that there is
identify instances of 5. When the auditor believes noncompliance, the auditor should request
noncompliance with laws and there maybe noncompliance, the the mgmt. to revise the FS. Otherwise, a
regulations auditor should document the qualified or adverse opinion will be issued.
3. Design audit procedures to findings, discuss them with
8. If a scope limitation has precluded the
obtain sufficient appropriate mgmt. and consider the
auditor from obtaining sufficient appropriate
audit evidence about implication on other aspects of
evidence, the auditor should express a
compliance with laws and the audit.
qualified opinion or a disclaimer of opinion .
regulations
Auditors are primarily concerned with the noncompliance what will have a direct and material effect in the F S.
Noncompliance may involve conduct designed to conceal it such as collusion, forgery, senior 5mgmt. override of
controls, failure to record transactions, or intentional misrepre sentations being made to auditor.
ISSUING A REPORT
Forms a conclusion on FS (in
COMPLETING THE AUDIT
OVERVIEW OF THE the form of opinion)
Obtaining detailed
ACCEPTING AN ENGAGEMENT
knowledge about the entity
and preliminary assessment
Evaluation of auditor’s of risk and materiality
qualification and
auditability of
prospective client’s FS
ACCEPTING AN ENGAGEMENT
In deciding whether to accept or reject an engagement, the firm should consider:
1. Competence – acquired through a combination of education, training, and experience. The auditor should
obtain a preliminary knowledge of client’s business and industry to determine whether the auditor has the
degree of competence required by the engagement.
2. Independence – the auditor should consider whether there are threats to audit team’s independence and
objectivity and, if so, whether adequate safeguards can be satisfied.
3. Ability to serve the client properly – An engagement should not be accepted if there are no enough qualified
personnel to perform the audit. PSA 220 suggests that the audit work should be assigned to personnel who have
the appropriate capabilities, competence, and time to perform the audit enga gement in accordance with
professional standards.
4. Integrity of the management – PSA 220 requires the firm to conduct a background investigation of the
prospective client in order to minimize the likelihood of association with clients whose mgmt. lacks integrity.
This involves:
Making inquiries of appropriate parties in the business community
Communicating with the predecessor auditor
AUDIT PLANNING
Audit planning – involves developing a general audit strategy and a detailed approach for the expected conduct of
the audit. The auditor’s main objective in planning the audit is to determine the scope of the audit procedures to be
performed.
PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment including the internal
control. Such understanding involves obtaining knowledge of entity’s:
Industry, regulatory, and other external factors, including financial reporting framework
Nature of the entity
Objectives and strategies and the related risks that may result in material misstatement of FS
Measurement and review of entity’s performance
Internal control
When developing an audit strategy, the auditor must consider carefully the appropriate levels of materiality and audit
risk.
MATERIALITY
“Information is material if its omission or misstatement could influence the economic decision of users ”
In designing an audit plan, the auditor should make a preliminary estimate of materiality .
Materiality may be viewed as: (1) the largest amount of misstatement that the auditor could tolerate in the FS
or (2) the smallest aggregate amount that could misstate the FS
There is an inverse relationship between materiality and evidence.
Use of materiality: (1) in the planning stage , to determine the scope of the audit and (2) in the completion
stage, to evaluate the effect of misstatements in the FS
Using materiality levels:
Step 1. Determine the Overall Materiality – Financial Statement Level*
PLANNING STAGE
Step 2. Determine the Tolerable Misstatement – Account Balance Level**
Perform audit procedures
COMPLETION STAGE Step 3. Compare the aggregate amount of misstatements with overall materiality
* Common method of estimating materiality at FS level is statement base (total assets, sales, etc.) x certain %
** Also known as performance materiality. This process is highly subjective and requires the exercise of great deal of
auditor’s judgment
Bases that can be used to determine materiality level: alternative for annual FS if not available – annualized
interim FS, prior year’s FS, budgeted FS for the current year
AUDIT RISK
AUDIT RISK refers to the risk that the auditor gives an inappropriate audit opinion on the FS . This occurs
because the auditor believes that the FS are fairly stated when in fact the FS are materially misstated.
Audit Risk Model
CONTROL RISK is the risk that the material misstatement that could occur in an account balance or class of
transactions will not be prevented or detected on a timely basis by accounting and control systems .
Control risk is related to the effectivene ss of the client’s internal control.
If the entity’s internal control is effective, the assessed level of control risk decreases (and vice versa).
As the assessed level of CONTROL RISK INCREASES , the auditor should design MORE EFFECTIVE SUBSTANTIVE
PROCEDURES.
DETECTION RISK is the risk that an auditor’s substantive procedure will not detect a material misstatement.
Detection risk is a function of the effectiveness of the auditor’s substantive procedures.
As the acceptable level of DETECTION RISK DECREASES , the ASSURANCE DIRECTLY PROVIDED FROM
SUBSTANTIVE TESTS INCREASES . Hence, the auditor should design more effective audit procedures in order to
achieve the desired level of assurance.
Unlike inherent and control risk, THE AUDITOR CAN CONTROL THE LEVEL OF DETECTION RISKS by performing
more effective substantive procedures.
Steps in using the audit risk model:
Step 1. Set the desired level of audit risk.*
AUDIT PLANNING
Step 2. Assess the level of inherent risk. **
CONSIDERATION OF INTERNAL CONTROL Step 3. Assess the level of control risk. ***
Step 4. Determine the acceptable level of detection risk. ****
PERFORMING SUBSTANTIVE TESTS
Step 5. Design substantive tests.
* The auditor uses his judgment in determining th e risk that he is willing to take of accepting an assertion as fairly stated when in fact is materially misstated.
** Consider the specific factors related to client that may aff ect the risk of material misstatement for a particular amount. In making this assessment, the auditor will
rely primarily on his knowledge of the client’s business and industry, and the results of his preliminary analytical procedures.
*** Assessment of control risk would involve studying and evaluating the effectiveness of the client’s accounting and internal control systems.
**** The acceptable level of detection risk can be determined as follows:
Detection risk = Audit Risk
Inherent risk * Control Risk
Low Acceptable Level of Detection Risk More effective substantive procedures year-end procedures larger sample size
High Acceptable Level of Detection Risk Less effective substantive procedures Tests at interim smaller sample size
RISK ASSESSMENT PROCEDURES – the procedures performed by auditors to obtain an understanding of the entity and
its environment including its internal control and to assess the risks of material misstatements in the FS. These include:
Inquiries of management and others within the entity
Analytical procedures
Observation and inspection
ANALYTICAL PROCEDURES – involves analysis of significant ratios and trends including the resulting investigation of
fluctuations and relationships that are inconsistent with other relevant information or deviate from particular amounts.
PSA 520 requires the auditor to use analytical procedures in the planning and overall stages of the audit.
Steps in Applying Analytical Procedures
Step 1. Develop expectations regarding FS using:
Prior year’s financial statements
Anticipated results such as budgets and forecasts
Industry averages ( FS of other entities operating w/in the same industry)
Non-financial information
Typical relationships among FS account balances
Step 2. Compare expectations with the FS under audit.
Step 3. Investigate significant unexpected differences (unusual fluctuations) to determine whether FS contain
material misstatements
Uses of Analytical Procedures:
As a planning tool, to determine the nature, timing, and extent of other auditing procedures
to understand the client’s business
to identify areas that may represent specific risks
In using analytical procedures as a planning tool, if the difference between recorded balances in FS and
expectations is significant, the auditor must design more extensive substantive tests (or vice versa)
As a substantive test to obtain corroborative evidence about particular assertions related to account balance or
transaction class
As an overall review of the financial statements in the completion phase of the audit
to identify unusual fluctuations that were not identified in the planning and testing phases of the audit
to confirm conclusions reached w/ respect to the fairness of the FS
Documenting the Audit Plan – the final step in planning process is the documentation of the audit planning process by
preparing:
Audit plan – the overview of the expected scope and conduct of the a udit . It sets out in broad terms the
nature, timing, and extent of the audit procedures to be performed.
Audit program – it sets out in detail the audit procedures to be performed in each segment of the audit.
Time budget – is an estimate of the time that it will spent in executing the audit procedures listed in the audit
program.
In the audit of FS, the auditor is only concerned with those policies and procedures within the accounting and
internal control systems that are relevant to the financial statement assertions .
Components of Internal Control:
1. Control Environment – includes the attitudes, awareness, and actions of the mgmt . and those charged with
governance concerning the entity’s IC and its importance in the entity.
Integrity and ethical values Commitment in competence
Mgmt. philosophy and operating style Personnel policies and procedures
Active participation of those charged w/ Assignment of responsibility and authority/
governance Organizational Structure
2. Risk Assessment – mgmt. should adopt policies and procedures that are designed to identify and analyze
business risks.
For audit purposes, the auditor is only concerned with risks that are relevant to preparation of reliable
financial statements.
Business risk – is the risk that the entity’s business objectives will not be attained as a result of internal
and external factors such as technological developments, changes in customer demand, etc.
3. Information and Communication Systems
An information system encompasses methods and records that:
identify and record all valid transactions,
describe on a timely basis the transactions in sufficient detail to permit proper classification ,
measure transactions in their proper monetary value ,
determine the time period to permit recording of transactions in proper accounting period , and
present properly the transactions and disclosures in FS.
Communication involves providing an understanding of individual roles and responsibilities pertaining to
internal control over financial reporting .
4. Control Activities – are policies and procedures that help ensure that mgmt. directives are carried out .
Specific control procedures that are relevant to FS audit would include:
Performance reviews – review and analysis of actual performance vs. budgets, forecasts, and PY’s .
Information Processing – to check accuracy, completeness, and authorization of transactions.
Physical Controls – physical security of assets, authorization for access to programs and data files,
periodic counting and comparison w/ amounts shown on control records
Segregation of Duties – assigning different people the responsibilities of authorizing transactions,
recording transactions, and maintaining custody of assets.
5. Monitoring – the process of assessing the quality of internal control performance over time.
Auditors are not responsible for establishing and maintaining an entity’s accounting and internal control systems :
that is the responsibility of the management.
STEPS IN CONSIDERATION OF INTERNAL CONTROL
1. OBTAIN UNDERSTANDING OF THE INTERNAL CONTROL
Evaluating the design of a control
This can be obtained by: making inquiries of appropriate individuals, inspecting documents and records,
and observing entity’s activities and operations
Determining whether it has been implemented
This can be accomplished by performing a WALK-THROUGH TEST. This involves tracing one or two
transactions through the entire accounting systems, from their initial recording at source to their final
destination as a component of an account balance in the FS.
TEST OF CONTROLS – are performed to obtain evidence about the effectiveness of the:
Design of the accounting and internal control systems; or
Operation of the internal control through the period
According to PSA, the auditor should obtain audit evidence through test of control to support any assessment
of control risk at less than high level . The lower assessment of control risk , the more support the auditor
should obtain that the IC is suitably designed and operating effectively.
Nature of Test of Controls
Inquiry – searching for appropriate information about the effectiveness of internal control from
knowledgeable persons inside or outside the entity.
Observation – refers to looking at the process being performed by others.
Inspection – involves examination of documents and records to provide evidence of reliability depending
on their nature and source and the effectiveness of IC over their processing
Reperformance – involves repeating the activity performed by the client to determine whether proper
results were obtained.
Timing of tests of controls: auditors usually perform tests of controls during an interim visit, in advance of
period end. However, auditors cannot rely on it w/o co nsidering the need to obtain further evidence on the
remainder of the period.
In determining whether or not to test the remaining period, these must be considered: the results of the interim
tests, the length of the remaining period, and whether changes have occurred in accounting and internal control
systems during the remaining period.
Extent of test of controls: The auditor cannot examine all transactions related to certain control procedures. In
an audit, the auditor should examine the size of a sample sufficient to support the assessed level of control
risk.
Operating effectiveness vs. implementation
- When obtaining audit evidence of implementation by performing risk assessment procedures, the auditor
determines that the relevant controls exist and the entity is using them .
- When performing tests of the operating effectiveness of controls , the auditor obtains audit evidence that
controls operate effectively. This includes obtaining evidence about how controls were applied at relevant
times during period under audit, the consistency which they were applied, and by whom or by what means
they were applied.
Documenting the assessed level of control risk
- If the control risk is assessed at high level, the auditor should document his conclusion that the control risk
is at high level.
- If the control risk is assessed at less than high level, the auditor should document his conclusion that control
risk is less than high level and the basis for the assessment (basis is actually the results of TOC).
Communication of Internal Control Weaknesses
- Auditor is required to report the matter to the appropriate level of mgmt. material weaknesses in the
design or operation of the accounting and IC systems.
- Auditors are not required to search for and/or identify material control weaknesses.
- Internal control weaknesses are documented in a formal management letter.
2. Systems development and documentation controls – to facilitate use of program as well as changes that
may be introduced to system
3. Access controls – adequate security controls, such as use of passwords
4. Data recovery controls – provides maintenance of back-up files and off-site storage procedures.
5. Monitoring controls – to ensure that CIS controls are working effectively as planned.
B. Application Controls – are those policies and procedures that relate to the specific use of the system .
1. Controls over Input – designed to provide reasonable assurance that data submitted for processing are
complete, properly authorized and accurately translated into machine readable form.
Key verification – this requires data to be entered twice to provide assurance that there are no key entry
errors committed.
Field check - this ensures that the input data agree with required field format.
Ex.: SSS number must contain 10 digits. An input of SSS number w/ more or less than 10 digits will be rejected
Validity check – info entered are compared with valid info in the master file to determine the authenticity of
the input.
Ex.: Employees’ master file may contain two valid codes to indicate the employee’s gender “1” for male and
“2” for female. A code of “3” is invalid and will be r ejected.
Self-checking digit – this is a mathematically calculated digit w/c is usually added to a document number to
detect common transpositional errors in data submitted for processing.
Limit check – or reasonable check is designed to ensure that data submitted for processing do not exceed a
predetermined or reasonable amount.
Control totals – these are totals computed based on the data submitted for processing. Control totals ensure
the completeness of data before and after they are processed.
Financial totals – sum total of the peso amount in the documents
Hash totals – sum total of the control numbers in the documents
Record count - total number of the documents
2. Controls over Processing – designed to provide reasonable assurance that input data are processed
accurately, and that data is not lost, added, excluded, duplicated, or improperly changed.
Almost all of input controls mentioned above are also part of processing controls.
3. Controls over Output – designed to provide reasonable assurance that the results of processing are
complete, accurate, and that these outputs are distributed only to authorized personnel.
Develop Expectations
about the FS
NO
Is the
Conduct further
difference
Investigation
significant?
YES
When intending to perform analytical procedures as substantive tests, the auditor should focus on those
accounts that are predictable. The following generalizations may be helpful in assessing the predictability
of those accounts:
Income statement accounts are more predictable compared to balance sheet accounts.
Accounts that are not subject to management discretion are generally predictable.
Relationships in a stable environment are more predictable than those in a dynamic or unstable
environment.
2. Test of Details
It involves examining the actual details making up the various account balances . This approach may take
the form of:
Test of details of balances – involves direct testing of the ending balance of an account
* This will be used when account balances are affected by large volume of relatively immaterial
transactions.
Test of details of transactions - involves testing the transactions which give rise to the ending
balance of the account.
* This is useful if account balances are comprised of a smaller volume of transactions representing
relatively material amounts.
Primary Secondary
Support the auditor’s opinion on FS Planning future audits
Support the auditor’s representation as to Providing information useful in rendering other
compliance with PSA. services (MAS or tax consultancy)
Assist the auditor in the planning, performance, Providing adequate defense in case of litigation
review and supervision of the engagement.
Form, Content, and Extent of Audit Documentation
In deciding on these, the auditor should consider what would enable an experienced auditor, having no
previous connection with the audit, to understand:
a. The nature, timing, and extent of the audit procedures to comply with PSAs and applicable legal and
regulatory requirements
b. The results of the audit procedures and the audit evidence obtained.
c. Significant matters during the audit and the conclusions reached thereon.
Classification of Working Papers
Permanent file – contains information of continuing significance to the auditor in performing recurring
audits.
This file would most likely include: copies of articles of incorporation and by-laws, major contracts,
engagement letter, org. chart, analyses of long-term accounts, etc.
Current file – contains evidence gathered and conclusions reached relevant to the audit of a particular year.
This file includes: copy of FS, audit program, working TB, lead schedules, correspondence w/ other parties.
Ownership of working papers
Working papers are the property of the auditor and the client has no right to the working papers prepared
by the auditor.
Working papers may sometimes serve as reference source for the client but they should not be considered
as part or as a substitute for the client’s records .
Confidentiality of working papers
Although the working papers are the personal property of the auditor, these working papers cannot be
shown to third parties w/o client’s permission , except:
When disclosure is required by law or when the working papers are subpoenaed at court.
When there is a professional right to disclose information such as when the auditor uses his
working papers to defend himself when sued by client for negligence.
Retention of working papers. Working papers should be retained by the auditor for a period of time sufficient
to meet the needs of his practice and to satisfy any pertinent legal requirements of record retention .
Guidelines for the preparation of working papers.
The following techniques may be used by the auditor:
heading (to be properly identified with such information such as client name, type of working paper,
content description, period covered)
indexing (use of lettering or numbering system to identify accounts),
cross-indexing/cross referencing (to provide a trail in reviewing),
tick marks (symbols to describe the audit procedures performed).
In addition, the auditor may use one or a combination of the following approaches:
1. Review and test the process used by mg mt. to develop the estimate.
2. Make an independent estimate
3. Review subsequent events which confirm the estimate made.
RELATED PARTIES – refers to persons or entities that may have dealings w/ one another in which one party as the ability
to exercise significant influence or control over the oth er party in making financial and operating decisions.
Management’s Responsibility: Mgmt. is responsible for the identification and disclosure of related parties and
transactions with such parties.
Auditor’s responsibility: The auditor should obtain and review information provided by the directors and mgmt.
identifying the names of all known related parties and related party transaction.
- An audit cannot be expected to provide assurance that all related party transactions will be discovered.
AUDIT SAMPLING
PSA 530 defines audit sampling as, “the application of audit procedures to less than 100% of the items within
an account balance or class of transactions such that all sampling units have a chance of selection.
Risks in Sampling
1. Sampling risk –refers to the possibility that the auditor’s conclusion, based on a sample may be different from
the conclusion reached if the entire population were subjected to the same audit procedures. This exists
because the sample selected for testing may not be truly representative of a population.
The only way to eliminate sampling risk is to examine the whole population, yet it is not feasible to do so.
Controlling Sampling Risk: This can be done by:
Increasing the sample size
Using an appropriate selection method
2. Non-sampling risk – refers to the risk that the auditor may draw incorrect conclusions about the account
balance or class of transactions because of human errors.
Non-sampling risk is something that cannot be eliminated even if the auditor examines the population.
Controlling Non-sampling Risk: This can be done by proper planning , adequate direction, review, and
supervision of the audit team.
General Approaches to Audit Sampling
1. Statistical sampling – is a sampling approach that uses random based selection of sample and uses the law of
probability to measure sampling risk and evaluate sample results.
2. Non-statistical sampling - is a sampling approach that purely uses auditor’s judgment in estimating sampling
risks, determining sample size, and evaluating sample results.
Audit Sampling Plans
Define the population and the Define the population and its
conditions that constitute a deviation. characteristics.
3. Determine the sample size. Consider the effects of the following Consider the effects of the following
factors in determining the sample factors in determining the sample
size: size:
Acceptable sampling risk Acceptable sampling risk
(inverse) (inverse)
Tolerable deviation rate Tolerable misstatement
(inverse) (inverse)
Expected population deviation Expected misstatement and
rate (direct) population variation (direct)
4. Select the sample. Use any of the following techniques: Use any of the following techniques
Random number selection and stratify the population, when
Systematic selection appropriate:
Haphazard selection (applies Random number selection
only to non-statistical Systematic selection
sampling) Haphazard selection (applies
only to non-statistical
sampling)
Value weighted selection
5. Apply the audit procedures. Apply the audit procedures to the Apply the audit procedures to the
sample items. sample items.
6. Evaluate the sample results. Decide whether the results supported Decide whether to accept account
the planned degree of reliance on balance as fairly stated or to require
internal control. further actions.
*It is to be emphasized that steps 1, 2, 5, and 6 will be performed whether the auditor uses auditor sampling or not.
Sample Selection Methods for Test of Controls a nd Substantive Tests (Step 4):
1. Random number selection – the auditor selects the sample by matching random numbers , generated by a
random number table or a computer software generator.
2. Systematic selection – this involves a constant sampling interval and then selects the sample based on the s ize
of the interval.
3. Haphazard selection – the sample is selected without following an organized or structured technique.
For Substantive Tests only:
In addition, the auditor may divide or stratify the population to decrease the effect of variance in the
population.
4. Value Weighted Selection/ Probability Proportional or Size Sampling/ Monetary Unit Sampling – each peso is
treated as one sampling unit. This method gives monetary values greater representation in the sample.
Situations that Auditor May Encounter in Step 4 & 5:
1. Void documents – such document should be replaced by another sample item.
2. Missing documents – such document must be treated as a deviation.
Evaluating the Results for Test of Control (Step 6):
1. Determine the sample deviation rate.
2. Compare the sample deviation rate with tolerable deviation rate and draw an overall conclusion of the
population.
If sample deviation rate is greater than tolerable deviation rate – means that sample results do not support the
planned degree of reliance on IC. Control risks will be assessed at high level and more extensive ST will be
performed.
If sample deviation rate is less than tolerable deviation rate – consider the allowance for sampling risk (the
possibility that these sample results could have occurred even if the actual population deviation rate is higher
than TD)
a. If SD is considerably lower than TD (Ex.: SD at 2% vs. TD of 1 0%) – the sample results supported the planned
degree of reliance on IC.
b. If SD is barely lower than TD (Ex.: SD at 8% vs. TD of 10%) - there is high possibility that the actual deviation
rate will exceed the TD rate.
Other Sampling Applications:
1. Sequential sampling/ stop-or-go sampling – used when an auditor expects very few deviations within the
population. Under this method, the auditor does not use fixed sample size.
2. Discovery sampling – this form of attribute sampling is most appropriate when no deviations are expected in
the population. This is normally used when the auditor suspects that an irregularity might have been committed.
Evaluating the Results for Substantive Tests (Step 6):
3. Project the misstatements in the population.
PSA 580 requires an auditor to obtain sufficient appropriate audit evidence that the entity’s mgmt. has
acknowledged that has fulfilled its responsibility for the preparation and presentation of fair FS and has
approved the FS – such evidence can be obtained using a WRITTEN representation from the mgmt. (can be
requested from CEO and CFO or other equivalent officers)
Mgmt. written representations complement the audit evidence the auditor accumulates, but they do not
substitute for the performance of audit procedures.
Written representation should be addressed to the auditor and the date shall be as near as practicable to, but
not after the date of auditor’s report.
When mgmt. does not provide written representation or the auditor concludes that there is sufficient doubt on
the integrity of the mgmt., the auditor should consider these as scope limitation that would warrant a
DISCLAIMER OF OPINION.
4. Performing wrap-up procedures.
Wrap-up procedures are procedures done at the end of the audit that generally cannot be performed before
the other audit work is complete. These include:
a. Final analytical procedures
PSA 520 states that the auditor should apply analytical procedures at or near the end of the audit.
Analytical procedures applied in completion phase should focus on: identifying unusual fluctuations
that were not previously identified and assessing the validity of the conclusions reached and
evaluating the overall FS presentation.
b. Evaluation of the entity’s ability to continue as a going concern
The auditor’s responsibility is to consider the appropriateness of mgmt. use of GC assumption
(consider whether there are event s that cast a significant doubt on entity’s ability to continue as
going concern and evaluate mgmt.’s assessment of the entity’s ability to continue as GC )
When evaluating the entity’s GC assumption, the auditor should remember that the conditions and
events that may indicate significant doubt about entity’s continued existence may be mitigated by
other factors (alternatives such as disposal of assets, obtaining additional capital, etc.)
Effect on the auditor’s report:
If there is reasonable assurance that the entity is going concern , the auditor should express an
UNMODIFIED OPINION.
If there is uncertainty and is adequately disclosed that the entity is going concern, the auditor
should express an UNMODIFIED OPINION WITH EMPHASIS OF MATTER PARAGRAPH .
If there is uncertainty and is not adequately disclosed that the entity is going concern, the
auditor should express EITHER QUALIFIED OR ADVERSE OPINION.
If the GC assumption is not appropriate, the FS should be prepared using other appropriate
basis. Otherwise the auditor should issue an ADVERSE OPINION.
c. Evaluating audit findings and preparing a list of potential adjusting entries.
If mgmt. accepts all adjusting entries proposed by the auditor, an UNMODIFIED OPINION is
issued.
If mgmt. refuses to correct the FS, a QUALIFIED OR AN ADVERSE OPINION will be issued.
POST AUDIT RESPONSIBILITIES (Events after the FS have been issued)
Ordinarily, the auditor does not have any responsibility to perform additional procedures after the FS are
issued, unless the auditor is aware that the audit report issued may be inappropriate (he must take steps to
prevent future reliance on such report).
Subsequent discovery of facts
1. Discuss the matter w/ the appropriate level of mgmt. and consider whether the FS needs
revision.
2. Advise mgmt. to take steps to ensure the users of the previous issued FS are informed of the
situation.
If mgmt. makes appropriate revisions and disclosures, the auditor should issue a new audit
report that includes an EMPHASIS OF MATTER PARAGRAPH . If mgmt. refuses to revise the
FS or to inform the users about the new info, the auditor should notify the persons
responsible for the refusal and intent to prevent reliance to the audit report.
Subsequent discovery of omitted procedures
1. Assess the importance of the omitted procedures to the auditor’s ability to support his opinion
2. Undertake to apply the omitted procedures or the corresponding alternative procedures.
If omission impairs the current ability to support his opinion, apply the procedures.
If, after applying the omitted procedures, it makes the report inappropriate, discuss this
matter with mgmt. to take steps to prevent reliance in the report.
Piecemeal Opinion
It is an unmodified opinion expressed on one or more components of the FS while expressing an adverse or
disclaimer of opinion as a whole. PSA 705 does not allow this practice.
EMPHASIS OF MATTER PARAGRAPH (placed after Auditor’s Opinion Paragraph)
EMPHASIS OF MATTER
(to give emphasis on an important matter affecting the FS or the auditor’s report;
these does not negate the auditor’s unmodified opinion)
1. Uncertainties*
2. Going Concern** Adequately Unmodified
3. Early Application of New Accounting Standards disclosed in the Opinion with
4. Major Catastrophe notes to the FS Emphasis Matter
5. Subsequent Discovery of Facts
Paragraph
6. Special Purpose FS
OTHER MATTER
(to communicate a matter other than those that are presented or disclosed in the FS)
MATERIAL INCONSISTENCIES – exists when the other information* contradicts the information contained in the
audited FS.
MATERIAL MISSTATEMENT OF FACTS: This exists when other information, not related to matters appearing to FS, is incorrectly
presented. If the auditor concludes that there is a material misstatement of fact and the mgmt. refuses to correct the other
information, the auditor should notify the audit committee and if necessary, obtain legal advice.
ASSURANCE ENGAGEMENTS
PSA 3000 states that assurance engagements are intended to enhance the credibility of information about a
subject matter by evaluating whether the subject matter conforms in all material respects with suitable criteria.
Types of assurance engagement: reasonable assurance engagement (audit) and limited assurance engagement
(review).
Elements of Assurance Engagements:
1. Three-party relationship
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report
REPORTS ON PROSPECTIVE FINANCIAL INFORMATION
Prospective financial information is financial information based on assumptions about events that may occur in
the future and possible actions of the entity. There are two types:
1. Forecast - PFI prepared on the basis of the assumptions as to future events which mgmt. e xpects to take as
of the date the information is prepared (best-estimate assumptions)
2. Projections – PFI prepared on the basis of hypothetical assumptions or a mixture of best-estimate and
hypothetical.
PSA 3400 states that the auditor, when examining PFI, should obtain sufficient appropriate evidence that PFI are
reasonable, properly prepared and presented, and on consistent basis.
When reporting on the reasonableness of mgmt. assumptions, the auditor normally provides only moderate
level of assurance.
(d) Familiarity threat – occurs when, by virtue of close relationship with a client, its directors, etc. becomes too
sympathetic to the client’s interests.
(e) Intimidation threat – is the threat that a professional accountant will be deterred from acting objectively
because of actual or perceived pressures, including attempts to exercise undue influence over the professional
accountant.
Safeguards
(a) Safeguards created by the profession, legislation or regulation; and
(b) Safeguards in the work environment.
• Firm-wide safeguards
• Engagement specific safeguards
• Safeguards within the client’s systems and procedures
Due professional care encompasses the responsibility to perform professional services in accordance with
technical and professional standards.
• Section 140 Confidentiality – he/she should not use or disclose any such information w/o proper and specific
authority or unless: permitted by the client or employer, required by law, there is a professional duty to
disclose information
• Section 150 Professional Behavior – he/she should comply with relevant laws and regulations
the Board of Assurance Clients does not participate in the mgmt. on the board of an assurance client
or operations of the client
Long association with assurance Lead engagement partners must
clients be rotated at least once every 5
years (for listed companies)
Provision of accounting and Provision of services to an audit
bookkeeping services to assurance client hat is a public interest entity
clients
Provision of taxation services to
assurance clients
Provision of legal services to Advisory services Advocacy services
assurance clients Corporate finance services
Recruiting Senior Management Recruited for ultimate hiring Recruited for consulting services
decision
Fees – overdue At the time of issuing the
assurance report , the PY
professional fees due from client is
unpaid
Contingent Fees Fees that are fixed by court or
other public authority, fees
determined based on the results of
judicial or gov’t agency
proceedings
Gifts and Hospitality
Actual or threatened litigation
1. Article I | Rule I
- Act shall govern & provide for:
o Regulation of education
o Examination for CPA
o Supervision, control and regulation of practice
- Scope of practice:
o Public accountancy o Education
o Commerce & industry o Government
- Definition of terms
2. Article II | Rule II
Professional Regulatory Board
- Chairman & 6 members
- APO should submit its nominees not later than 60 days
- Qualifications:
o Natural born Filipino o Of good moral character
o Registered CPA w/ 10 years o Not have any pecuniary interest
experience o Not a director or officer of APO
- Term: 3 years ; no person shall serve in the Board for more than 12 years
- Receive compensation & allowances
- Powers & functions:
o Monitor conditions o Adopt official seal
o Supervise registration, licensure & o Investigate violations
practice o Punish for contempt
o Prescribe & adopt rules o Prepare/Amend syllabi for
o Conduct oversight into quality examinations
o Issue, suspend, revoke or reinstate o Exercise other powers provided by
the registration law
- Submit a report @ close of each year
- FRSC composed of 15 members with a chairman and 14 representatives
- AASC composed of 15 members with a chairman and 14 representatives
- Educational Technical Council (ETC) composed of 7 members with a chairman and 6 representatives wi th the
functions of:
o Determine a min standard curriculum
o Establish teaching standards
o Monitor progress of program
o Evaluate performance of educational institutions
- Board is under supervision of the Commission
- May remove/suspend members of the board when:
o Neglect of duty
o Violation of the Act
o Final judgment of crimes involving moral turpitude
o Manipulation