AUDITING THEORY

 PSQC1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF HISTORICAL FINANCIAL
INFORMATION, AND OTHER ASSURANCE AND RELATED SERVICES
 PSA 220 (REVISED)
QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL INFORMATION
 PSA 210 [AMENDED BY PSA 700(REVISED)]
TERMS OF AUDIT ENGAGEMENTS

PSQC 1
1. The firm should establish a System of Quality Control to provide it with reasonable assurance that:
a. The firm and its personnel comply with professional standards and regulatory and legal
requirements; and
b. The reports issued by the firm or engagement partners are appropriate in the circumstances.
2. Elements of a System of Quality Control
a. Leadership responsibility for quality within the firm
b. Ethical requirements
c. Acceptance and continuance of client relationships and specific engagements.
d. Human resources
e. Engagement performance
f. Monitoring

PSA 220 (Revised)

1. The engagement team should implement quality control procedures that are applicable to the individual audit
engagement.
2. The engagement partner should
a. Take responsibility for the overall quality on each audit engagement to which that partner is
assigned.
b. Consider whether members of the engagement team have complied with ethical requirements.
c. Be satisfied that appropriate procedures regarding the acceptance and continuance of client
relationships and specific audit engagements have been followed, and that conclusions reached in
this regard are appropriate and have been documented.
d. Be satisfied that the engagement team collectively has the appropriate capabilities, competence and
time to perform the audit engagement in accordance with professional standards and regulatory
and legal requirements, and to enable an auditor’s report that is appropriate in the circumstances to
be issued.
e. Take responsibility for the direction, supervision and performance of the audit engagement in
compliance with professional standards and regulatory and legal requirements, and for the auditor’s
report that is issued to be appropriate n he circumstances.
f. Be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions
reached and for the auditor’s report to be issued.

PSA 210 [AMENDED BY THE PSA 700 (REVISED)]

1. The purpose of this standard is to establish standards and provide guidelines on:
a. Agreeing the terms of the engagement with the client; and
b. The auditor’s response to a request by a client to change the terms of an engagement to one that
provides a lower level of assurance.
2. Audit Engagement Letters

 It is in the interest of both client and auditor that the auditor sends an engagement letter, preferably before the
commencement of the engagement, to help in avoiding misunderstandings with respect to the engagement.
  Principal Contents
An engagement letter would generally include reference to:
 The objective of the audit of financial statements.
 Management’s responsibility for the financial statements.
 The financial reporting framework adopted by management in preparing the
financial statements.
 The scope of the audit, including reference to applicable legislation, regulations
or pronouncements of professional bodies to which the auditor adheres.
 The form of any reports or other communication of results of the engagement.
 The fact that because of the test nature and other inherent limitations of an
audit, together with the inherent limitations of any accounting and internal
controls system, there is an unavoidable risk that even some material
misstatement may remain undiscovered.
 Unrestricted access to whatever records, documentation and other information
requested in connection with the audit.
3. Acceptance of a Change in Engagement
1. An auditor who, before the completion of the engagement, is requested to change the engagement
tone which provides a lower level of assurance, should consider the appropriateness of doing so.
2. A request from the client for the auditor to change the engagement may result from:
a. A change in circumstances affecting the need for the service;
b. A misunderstanding as to the nature of an audit or related service originally requested; or
c. A restriction on the scope of the engagement, whether imposed by management or caused
by circumstances.
(NOTE: A or B would ordinarily be a reasonable basis for requesting a change in the
engagement)
3. A change would not be considered reasonable if it appeared that the change relates to information
that is incorrect, incomplete or otherwise unsatisfactory.
4. Before agreeing to change an audit engagement to a related service, an auditor would also consider
any legal or contractual implications of the change.
5. If the auditor concludes that there is reasonable justification to change the engagement and if the
audit work performed complies with the PSAs applicable to the change engagement, the report
issued would be that appropriate for the revised terms of the engagement.
6. In order to avoid confusing the reader, the report would not include reference to:
a. The original engagement; or
b. Any procedures that may have been performed by the original engagement, except where
the engagement is changed to undertake agreed-upon procedures.
7. Where the terms of the engagement are changed, the auditor and the client should agree in the
new terms.
8. The auditor should not agree to a change of engagement where there is no reasonable justification
for doing so.
9. If the auditor is unable to agree to a change of engagement and is not permitted to continue the
original engagement, the auditor should withdraw and consider whether there is any obligation,
contractual or otherwise, to report to other parties, such as the board of directors or shareholders,
the circumstances necessitating the withdrawal.

AUDITING THEORY
  PSA 300 (Rev.) PLANNING AN AUDIT OF FINANCIAL STATEMENTS
 PSA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF
MATERIAL MISTATEMENT
PSA 300 (Rev.)
PLANNING AN AUDIT OF FINANCIAL STATEMENTS

1. Planning an audit involves:

 establishing the overall audit strategy for the engagement and
 developing an audit plan,
 in order to reduce audit risk to an acceptably low level.

Preliminary Engagement Activities

2. The auditor should perform the following activities at the beginning of the current audit engagement:
 Perform procedures regarding the continuance of the client relationship and the specific audit engagement.
 Evaluate compliance with ethical requirements, including independence.
 Establish an understanding of the terms of the engagement.

Planning Activities

3. The auditor should establish the overall audit strategy for the audit. The overall audit strategy sets the scope,
timing and direction of the audit, and guides the development of the more detailed audit plan

4. The establishment of the overall audit strategy involves:

a.) Determining the characteristics of the engagement that define its scope;
b.) Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the
communication required; and
c.) Considering the important factors that will determine the focus of the engagement team’s efforts.

5. The auditor should develop an audit plan for the audit in order to reduce audit risk to an acceptably low level.
6. The audit plan is more detailed than the overall audit strategy and includes the nature, timing and extent of audit
procedures to be performed by engagement team members in order to obtain sufficient appropriate audit
evidence to reduce audit risk to an acceptably low level.

7. The audit plan includes:

 A description of the nature, timing and extent of planned risk assessment procedures sufficient to assess the
risks of material misstatement as determined under PSA 315, “Understanding the Entity and its Environment
and Assessing the Risks of Material Misstatement.”;
 A description of the nature, timing and extent of planned further audit procedures at the assertion level for
each material class of transactions, account balance, and disclosure, as determined under PSA 330, “The
Auditor’s Procedures in Response to Assessed Risks,”; and
 Such other procedures required to be carried out for the engagement in order to comply with PSAs

Changes to Planning Decisions during the Course of the Audit

The overall audit strategy and the audit plan should be updated and changed as necessary during the course of the
audit.

Direction, Supervision and Review

1. The auditor should plan the nature, timing and extent of direction and supervision of engagement team members
and review their work.

2. The nature, timing and extent of the direction and supervision of engagement team members and review of their
work vary depending on many factors, including:

 The size and complexity of the entity;

 The area of audit;
 The risks of material misstatement; and
 The capabilities and competence of personnel performing the audit work.

3. The auditor plans the nature, timing and extent of direction and supervision of engagement team members based
on the assessed risk of material misstatement.

Documentation

The auditor should document the overall audit strategy and the audit plan, including any significant changes made
during the audit engagement.

Communications with Those Charged with Governance and Management

1. The auditor may discuss elements of planning with those charged with governance and the entity’s management.

2. Discussions with those charged with governance ordinarily include the overall audit strategy and timing of the
audit, including any limitations thereon, or any additional requirements.

3. When discussion of matters included in the overall audit strategy or audit plan occur, care is required in order not
to compromise the effectiveness of the audit.

Additional Considerations in Initial Audit Engagements

The auditor should perform the following activities prior to starting an initial audit:

1. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement.

2. Communicate with the previous auditor, where there has been a change of auditors, in compliance with relevant
ethical requirements.

PSA 315
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL MISSTATEMENT

1. The auditor should obtain an understanding of the entity and its environment, including its internal control,
sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud
or error, and sufficient to design and perform further audit procedures.

2. The auditor should perform the following risk assessment procedures to obtain an understanding of the entity and
its environment, including its internal control:

a.) Industry, regulatory, and other external factors, including the applicable financial reporting framework.
b.) Nature of the entity, including the entity’s selection and application of accounting policies.
c.) Objectives and strategies and the related business risks that may result in a material misstatement of the
financial statements.
d.) Measurement and review of the entity’s financial performance.
 e.) Internal control.

INTERNAL CONTROL

1. Internal control is the process designed and effected by those charged with governance, management, and other
personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to:
 Reliability of financial reporting;
 Effectiveness and efficiency of operations; and
 Compliance with applicable laws and regulations.

2. The auditor uses the understanding of internal control to:

 Identify types of potential misstatements;
 Consider factors that affect the risks of material misstatement; and
 Design the nature, timing and extent of further audit procedures.

3. Internal control consists of the following components:

1.) The control environment.

2.) The entity’s risk assessment process.
3.) The information system, including the related business processes, relevant to financial reporting, and
communication.
4.) Control activities.
5.) Monitoring of controls.

The control environment includes the governance and management functions and the attitudes, awareness, and
actions of those charged with governance and management concerning the entity’s internal control and its
importance in the entity.

Elements of control environment:

a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Management’s philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.

The auditor should obtain an understanding of the entity’s risk assessment process, i.e., the entity’ process for
identifying business risks relevant to financial reporting objectives and deciding about actions to address those
risks, and the results thereof.

The auditor should obtain an understanding of the information system, including the related business processes,
relevant to financial reporting, including the following areas:

 The classes of transactions in the entity’s operations that is significant to the financial statements.

 The procedures, within both IT and manual systems, by which those transactions are initiated, recorded,
processed and reported in the financial statements.

 The related accounting records, whether electronic or manual, supporting information, and specific
accounts in the financial statements, in respect of initiating, recording, processing and reporting
transactions.
  How the information system captures events and conditions, other than classes of transactions that are
significant to the financial statements.

 The financial reporting process used to prepare the entity’s financial statements, including significant
accounting estimates and disclosures.

Control activities are the policies and procedures to help ensure that management directives are carried out.
Examples of control activities include those relating to the following:
 Authorization
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.

Monitoring of controls involves assessing the design and operation of controls on a timely basis and taking the
necessary corrective actions modified for changes in conditions.

4. Obtaining an understanding of internal control involves:

a) Evaluating the design of a control; and

b) Determining whether it has been implemented.

ASSESSING THE RISKS OF MAERIAL MISSTATEMENT

1. The auditor should identify and assess the risks of material misstatement at the financial statements level, and at
the assertion level for classes of transactions, account balances, and disclosures.

2. The auditor:
 Identifies risks throughout the process of obtaining an understanding of the entity and its environment,
including relevant controls that relate to the risks, and by considering the classes of transactions, account
balances, and disclosures in the financial statements;
 Relates the identified risks to what can go wrong at the assertion level;
 Considers whether the risks are of a magnitude that could result in a material misstatement of the financial
statements; and
 Considers the likelihood that the risks could result in a material misstatement of the financial statements.