AUDITING THEORY

Module 1: FUNDAMENTALS OF ASSURANCE SERVICES

Daniel G. Calaor

Overview
Assurance Engagement means an engagement in which an independent
professional accountant (PRACTITIONER) expresses a CONCLUSION designed to
enhance the degree of confidence that INTENDED USERS can have about the
evaluation or measurement of a SUBJECT MATTER that is responsibility of a PARTY,
other than the intended users or the practitioner, against CRITERIA.
a. Independent financial statement audit
b. Reviews
c. Other assurance services (e.g. CPA Web Trust, Business Performance
Measurement Service)

Non-assurance Engagement means an engagement rendered by professional

accountant (REGARDLESS OF INDEPENDENCE) that uses their expertise in
accounting, consultancy, taxation and other related skills.
a. Agreed-upon procedures
b. Compilation
c. Tax
d. Management Consultancy/Advisory Services
e. Accounting and data processing
f. Other non-assurance services

Objective of an Assurance Engagement

The objective of an assurance engagement is for a professional accountant to evaluate
or measure a subject matter that is the responsibility of another party against identified
suitable criteria, and to express about the subject matter. Assurance engagements
performed by independent professional accountants are intended to ENHANCE the
CREDIBILITY of INFORMATION about the subject matter by evaluating whether the
subject matter conforms IN ALL MATERIAL RESPECTS with suitable criteria, thereby
improving the likelihood that the information will meet the needs of an intended user. In
this regard, the level of assurance provided by the professional accountant’s conclusion
conveys the DEGREE OF CONFIDENCE that the intended user may place in the
CREDIBILITY of the subject matter.

ASSURANCE IS A BROAD CONCEPT. Assurance services are designed to improve

the quality of decision making by improving confidence in the information on which
decisions are made; the process by which that information is developed, and the
context in which the information is presented to users. The field of assurance services is
MUCH BROADER than the traditional audits of financial statements.
Classification of Assurance Engagements
According to LEVEL of Assurance
1. REASONABLE ASSURANCE ENGAGEMENT – reduction in assurance
engagement risk to an ACCEPTABLY LOW level in the circumstances of the
engagement as the basis for a POSITIVE form of expression of the practitioner’s
conclusion.
2. LIMITED ASSURANCE ENGAGEMENT – reduction in assurance engagement
risk to a level that is ACCEPTABLE in the circumstances of the engagement, but
where risk is greater than for a reasonable assurance engagement, as the basis
for a NEGATIVE form of expression of the practitioner’s conclusion.

According to AVAILABILITY to intended users

1. ASSERTION-BASED ENGAGEMENT (Attestation) – evaluation or measurement
of the subject matter information is in the form of assertion by the responsible
party that is made AVAILABLE to the intended users.
2. DIRECT REPORTING ENGAGEMENT – practitioner directly performs the
evaluation or measurement of the subject matter, obtains a written representation
from the responsible party that has performed the evaluation or measurement
that is NOT AVAILABLE to the intended users.

Engagements provided by Practitioners

Assurance Engagements
1. Independent Financial Statement Audit (External audit) – provide a HIGH LEVEL
of assurance that the financial statements are free from material misstatements.
The objective of an audit of financial statements is to enable the auditor to
express an opinion whether the financial statements are prepared, in all material
respects, in accordance with an identified financial reporting framework.

2. Review of Financial Statements – provide a MODERATE LEVEL of assurance

that the information subject to review is free from material misstatement. It also
provides a limited investigation of much narrower scope than the audit and
undertaken for the purpose of providing limited (NEGATIVE) assurance that the
statements are presented in accordance with Financial Reporting Standards. For
example, a financial institution may require debtor to engage CPAs to provide
assurance about the debtor’s compliance with certain covenant provisions stated
in the loan agreement. It DOES NOT INVOLVES ASSESSMENT of
ACCOUNTING and INTERNAL SYSTEMS.

Only INQUIRY and ANALYTICAL procedures are conducted by the practitioner.

INQUIRY as to:
a. Accounting principles and practices
b. Procedures of recording, classifying and summarizing transactions and
accumulating information for disclosures
c. Actions taken during meetings of stockholders, BOD and Committees.
 ANALYTICAL PROCEDURES:
a. Prior year financial statements
b. Anticipated Results and
c. Typical relationship among accounts with predictable patterns
No assessment of accounting and internal control, tests of records and of
responses to inquiries by obtaining corroborating evidence through
INSPECTION, OBSERVATION, CONFIRMATION, and COMPUTATION which
are procedures done during the audit. Provides MODERATE level of assurance
(less than given in an audit).
3. Other assurance services
• CPA Web Trust – provides assurance to users of WEB SITES in the
INTERNET. The CPA’s electronic Web Trust Seal affixed to the website.
The seal assures that user that the website owner has met established
criteria related to business practices, transaction integrity and information
processes.
• SysTrust – provide assurance on any DEFINED ELCTRONIC SYSTEM.
The system components include its infrastructure, software, personnel,
procedures, and data. In a SysTrust engagement, the CPA is engaged to
examine ONLY that a client maintained effective controls over the system
based on the Trust Services Principles and Criteria.

Note: Both WebTrust and SysTrust are designed to incorporate a seal management
process by which a seal(logo) may be included on a client’s Web sites as an electronic
representation of the practitioner’s unqualified WebTrust report. If a client wishes to use
the seal(logo), the engagement must be updated ATLEAST ANNUALLY. Also, the initial
reporting period mush include ATLEAST 2(TWO) MONTHS.

• Eldercare Plus – focuses on the needs of the ELDERLY and whether

caregivers are providing services that meet the specified objectives or at
an ACCEPTABLE LEVEL.
• Business Performance Measurement Services – provide assurance about
whether FINANCIAL and NON-FINANCIAL INFORMATION being
reported from the entity’s performance measurement system (e.g. balance
scorecard) is reliable and whether the performance measures being used
are accurately leading the entity toward meeting its strategic goals and
objectives.
• Corporate Sustainability Reporting – also known as TRIPLE-BOTTOM
LINE REPORTING involves reporting of non-financial and financial
information to a broader set of stakeholders than just shareholders. The
reports inform stakeholder groups of the reporting organization’s ABILITY
to MANAGE KEY RISKS.
• Information Reliability Services – provide assurance that INFORMATION
SYSTEM has been designed and operated to produce reliable data
 including tests of the system to determine whether the system protects
against potential causes of data defects.
• Risk Assessment Services – involves the study of the LINK BETWEEN
RISKS and organization’s vision, mission, objectives and strategies and
development of new and relevant measures to address these risks.
• CPA Performance View – This service is intended to demonstrate that the
public accountants can aide client firms in developing an integrated set of
FINANCIAL and NON-FINANCIAL PERFORMANCE and measures to
employ in managing the client’s business. It also identifies and measures
key activities that are critical to the entity.
• Health Care Performance Measurement – involves the evaluation of the
qualify HEALTH CARE, MEDICAL SERVICES and OUTCOME.

Elements of an Assurance Engagements

a. Three Party Relationship
(i) Practitioner (broader than the term “Auditor”) responsible for the
determining Nature, Timing and Extent (NTE) of procedures to be
performed.
Note: A practitioner is associated with financial information when the
practitioner ATTACHES a REPORT to that information OR CONSENTS to
the USE of HIS/HER NAME in a professional connection.

(ii) Responsible Party (a private company, a government entity, etc.)

responsible for the subject matter and/or subject matter information.
(iii) Intended Users (often members of the public or investors or regulatory
bodies)
- Are person, persons, or a class of persons for whom the practitioner
prepares the assurance report.
- Can be any one of the intended users, bot not the only one.

b. Appropriate Subject Matter

Criteria: (ICC)
1. IDENTIFIABLE,
2. CAPABLE of CONSISTENT EVALUATION/MEASUREMENT against the
identifiable criteria, and,
3. CAPABLE of being SUBJECTED TO PROCEDURES for gathering sufficient
appropriate evidence to support a reasonable assurance or limited assurance
conclusion, as appropriate

SUBJECT MATTER SUBJECT MATTER INFORMATION

Financial Performance/Condition (e.g.
historical or prospective financial
position, financial performance, and
cash flows)
Non-Financial Performance/Condition
(e.g. performance of an entity)
Recognition, Measurement,
Procedures and Disclosures
represented in Financial Statement
(FS)
Key indicators of efficiency and
effectiveness
 Physical Characteristics (e.g. capacity Specification document
of a facility)
Systems and Processes (e.g. an Assertion about effectiveness
entity’s internal control or IT system)
Behavior (e.g. corporate governance, Statement of Compliance or
compliance with regulation, human Effectiveness
resources practices)

c. Suitable Criteria
- are the benchmarks used to evaluate or measure the subject matter
including, where relevant benchmarks for presentation and
disclosures.
- are required for reasonably consistent evaluation or measurement of a
matter within the context of professional judgment.
NOTE: Formal – PFRS
Less Formal – Code of Conduct

Types of Suitable Criteria:

1. ESTABLISHED CRITERIA – those that are embodied in LAWS
& REGULATION or issued by the AUTHORIZED or
RECOGNIZED BODIES.
2. SPECIFICALLY DEVELOPED CRITERIA – designed for the
PURPOSE of ENGAGEMENT.

Characteristics of Suitable for Criteria: (CRRUN)

a. Completeness – no omissions of relevant factors that could affect the
conclusions in the context engagement circumstances.
b. Relevance – contribute to conclusions that assist decision-making by
the intended users.
c. Reliability – (independence of the source of evidence) allow
reasonably consistent evaluation or measurement of the subject
matter.
d. Understandability – contribute to conclusions that are clear,
comprehensive, and not subject to significantly different interpretations.
e. Neutrality – contribute to conclusions that are free form bias.

NOTE: Criteria are made available to the intended users in one or more of
the following ways:
a. Publicly
b. Through inclusion in the presentation of the subject matter
information
c. Through inclusion in the assurance report
d. By general understanding
 Criteria may also be available to specific intended users, for example, the
terms of a contract or criteria issued by an industry association that are
available only those in the industry. When identified criteria are available
only to specific intended users, or a relevant only to a specific purpose,
use of the assurance report is RESTRICTED to those users for that
purpose.

d. Sufficient Appropriate Evidence

- The practitioner plans and performs an assurance engagement with an
attitude of PROFESSIONAL SKEPTICISM to obtain sufficient
appropriate evidence about whether the subject matter information is
free from material misstatement.
NOTE: Professional Skepticism is the state of having both:
a. Questioning Mind
b. Critical Assessment
of the validity of evidence obtained and is alert to evidence that
contradicts or brings into question the reliability of documents
or representations by the responsible party.

Factors to consider when determining the NTE of evidence-gathering

procedures:
a. Sufficiency & Appropriateness
Sufficiency – is the measure of the QUANTITY of evidence.
Appropriateness – is the measure QUALITY of evidence. That is
RELEVANCE and its RELIABILITY.

Generalization about the reliability of evidence (Order of Priority):

1. From independent sources outside the entity
2. Generated internally when the related controls are EFFECTIVE.
3. Obtained DIRECTLY by the practitioner (Observation) than
evidence obtained INDIRECTLY/INFERENCE (Inquiry).
4. Exists in DOCUMENTARY FORM.
5. Provided by ORIGINAL DOCUMENTS than provided by
PHOTOCOPIES/FACSIMILES.

b. Materiality
- Viewed as the THRESHOLD that practitioners determine in
order to focus their attention on the matters that have a
SIGNIFICANT IMPACT on Financial Statements as a whole.

c. Assurance Engagement Risk

- Is the risk that the practitioner expresses an INAPPROPRIATE
CONCLUSION when the subject matter information is
MATERIALLY MISSTATED.
 In a reasonable assurance engagement, the practitioner REDUCES
assurance engagement risk to an ACCEPTABLY LOW LEVEL in
the circumstances of the engagement to obtain reasonable
assurance as the basis for a POSITIVE form of expression of the
practitioner’s conclusion. The level of assurance engagement risk is
HIGHER in a LIMITED assurance engagement than in a
REASONABLE assurance engagement because of different NTE of
evidence-gathering procedures. However, in a LIMITED assurance
engagement, the combination of the NTE of evidence gathering
procedures is ATLEAST sufficient for the practitioner to obtain a
meaningful level of assurance as the basis for a NEGATIVE form of
expression. To be meaningful, the level of assurance obtained by
the practitioner is likely to enhance users’ CONFIDENCE about the
subject matter information to a degree that is clearly more then
inconsequential.

Components of Assurance Engagement Risk:

In general, the below can be components but not all of these will
necessarily be present or significant for all assurance
engagements:

1. Combined Risk Assessment – risk that the subject matter

information is materially misstated which consists of:
a. INHERENT RISK – susceptibility of the subject matter
information to a material misstatement in the ABSENCE of
INTERNAL CONTROL.
b. CONTROL RISK – risk that a material misstatement could
occur will NOT be PREVENTED, DETECTED and
CORRECTED, on a timely basis by related INTERNAL
CONTROLS.

2. Detection Risk - risk that the PRACTITIONER will NOT detect a

material misstatement that exists.

e. Assurance Report
- The practitioner provides a WRITTEN report containing a conclusion
that conveys the assurance obtained about the subject matter
information.

Forms of WRITTEN ASSURANCE REPORT:

1. REASONABLE Assurance Engagement – practitioner expresses the
conclusion in the POSITIVE form (normally in External Audit).
Example: “In our opinion internal control is effective, in all material
respects, based on ABC criteria”
 2. LIMITED Assurance Engagement – practitioner expresses the
conclusion in the NEGATIVE form (normally in Reviews).
Example: “Based on our work described in this report, NOTHING has
come to our attention that causes us to believe that the internal control
is NOT effective, in all material respects, based on ABC criteria”

STANDARD APPLICATION PRACTICE

Philippine Standards on
Auditing (PSAs)
Philippine Standards on
Review Engagement
(PSREs)
Philippine Standards on
Assurance Engagements
(PSAEs)
Philippine Standards on
Related Services (PSRS)
Audit of Historical Financial
Philippine Audit Practice
Information Statements (PAPs)
Review of Historical Philippine Review
Financial Information Engagement Practice
Statements (PREPs)
Other assurance services Philippine Assurance
OTHER THAN dealing with Engagement Practice
Historical Financial Statements (PAEPs)
Information
Non-Assurance Services Philippine Related
(i.e. Compilation, Agreed- Services Practice
upon procedures, etc.) Statements (PRSPs)

Note: Practice Statements provide interpretative and practical assistance to

professional accountants in implementing Philippine standards and promote good
practice. A professional accountant who does not apply the guidance of practice
statements should prepared to explain how the basic principles and essential
procedures in the AASC’s Engagement Standards are addressed. Philippine
Framework for Assurance Engagement is NOT a standard and DOES NOT provide
procedural requirements for the performance of assurance engagements. In ANY
assurance engagements, a practitioner is REQUIRED to abode to the CODE OF
ETHICS for Professional Accountants and Philippine Standard on Quality Control.

Limitations of Assurance Engagements:

1. Sampling Risk – the use of selective testing. It consists of Alpha (Efficiency)
and Beta (Effectiveness).
2. Non-Sampling Risks
a. Inherent limitation of accounting and internal controls
b. Nature of evidence (Persuasive rather than conclusive)
c. Use of Judgment
d. Human weakness
e. Misapplication of procedures
f. Reliance on Management representations (which may be erroneous)
Non-Assurance Engagements

1. Agreed-upon procedures
- The party engaging the professional accountant, or the intended user
determines the procedures to be performed as the client takes full
responsibility for the adequacy of the procedures to be performed.

- Recipients form their OWN conclusion. Thus, NO CONCLUSION

accountant only issues CONFIDENTIAL REPORT which is based on
FACTUAL FINDINGS. Report is restricted to those parties that have
agreed to the procedures performed.

- If the accountant can’t discuss the procedure to be applied to all

parties who will receive the report. He or She may:
(i) Discuss it to the representatives of the parties involved.
(ii) Reviewing relevant correspondence from the parties
involved.
(iii) Distribute a draft of the type of report that will be issued.

- Normally, procedures done were:

a. Inquiry and Analysis
b. Recalculation, comparisons, and other clerical accuracy checks
c. Observation
d. Inspection
e. Confirmations

2. Compilation of financial or other information

- An engagement in which the accountant is engaged to use his
accounting expertise to COLLECT, CLASSIFY and SUMMARIZE
financial information.
- NO CONCLUSION accountant only issues COMPILATION REPORT.
- The practitioner shall propose appropriate amendments to
management if he/she becomes aware of the following:
a. Compiled financial information does not adequately refer to or
describe the Applicable Financial Reporting Framework (AFRF).
b. Amendments to the compiled financial information are REQUIRED
for the financial information NOT to be MATERIALLY MISSTATED.
c. Compiled financial information is MISLEADING.
- In the following circumstances practitioner may WITHDRAW the
engagement:
(i) Management failed to furnish the requested documents.
(ii) Management declines the proposed amendments due to
material misstatements or misleading information.
(iii) Management refuses to provide additional information
where the information supplied by management is
incorrect, incomplete, or unsatisfactory.
 - Normally, procedures done were:
a. Inquiry to assess the reliability and completeness of the information
provided
b. Assess internal controls
c. Verify matters
d. Verify explanations
- Management and Those Charged with Governance (TCWG) is
responsible for the FINAL VERSION of the compiled financial
information.

3. Preparation of tax returns where no conclusion is expressed and tax consulting

- Prepare corporations and individuals tax returns for BOTH audit and
non-audit clients.

4. Management consulting and other advisory services

- Employs the practitioner’s technical skills, education, observation,
experience and knowledge of the analytical approach and procedures
used in consulting engagement.
- May be WRITTEN or ORAL.
- 2-party arrangements that focuses on providing advice on how to use
the information for better outcomes.
- Management consulting and other advisory services:
a. Design and installation of accounting system
b. Computer risk management
c. Corporate finance
d. Tax Services
e. E-businesses
f. Disaster recovery planning

5. IT System Services

NOTE: Changes in the NATURE of ENGAGEMENT.

If Non-Assurance to Assurance – ALLOWED
Assurance to Non-Assurance – NOT ALLOWED

If Reasonable Assurance to Limited Assurance – NOT ALLOWED

XPN: There is reasonable basis.
a. No need to refer to previous engagement
b. No need to refer to procedures done before the engagement
was changed

If change is NOT REASONABLE, insist to continue the engagement; if the

management does not permit, WITHDRAW.