ST.

ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph
In SAC, we
care!

APC 302
AUDITING AND ASSURANCE:
CONCEPTS AND APPLICATION 1
(WEEK 1 HANDOUT)

Student Name: ___________________________________________

Student No: _____________________________________________

Program and Section: _____________________________________

 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

WEEK 1: OVERVIEW OF THE CORE CONCEPTS OF FINANCIAL STATEMENTS AUDIT: CORE CONCEPTS OF A RISK-BASED APPROACH
TO CONDUCTING A QUALITY AUDIT

NATURE OF INDEPENDENT FINANCIAL STATEMENTS AUDIT

Auditing
- is a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the
results to interested users.

OVERALL OBJECTIVES OF THE INDEPENDENT AUDITOR AND THE CONDUCT OF AN AUDIT IN ACCORDANCE WITH PHILIPPINE
STANDARDS ON AUDITING (PSR200)
-The Philippine Standard on Auditing (PSA) establishes the independent auditor's overall responsibilities when conducting an audit of financial
statements. Specifically, it sets out the overall objectives of the independent auditor, and explains the nature and scope of an audit designed to
enable the independent auditor to meet those objectives. It also explains the scope, authority and structure of the PSAs, and includes requirements
establishing the general responsibilities of the independent auditor applicable in all audits, including the obligation to comply with the PSAs.

OBJECTIVES OF AN AUDIT
-In conducting an audit of financial statements, the overall objectives of the auditor are:
1. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to
fraud or error, them by enabling the auditor to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework; and
2. To report on the financial statements, and communicate as required by the PSAs, in accordance with the auditor's findings.

*The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of
an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial
reporting framework. In the case of most general-purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all
material respects, in accordance with the framework. An audit conducted in accordance with PSAs and relevant ethical requirements enables the
auditor to form that opinion.
*An audit of financial statements is an assurance engagement, as defined in the Philippine Framework for Assurance Engagements. The Framework
defines and describes the elements and objectives of an assurance engagement. The PSAs apply the Framework in the context of an audit of
financial statements and contain the basic principles and essential procedures, together with related guidance, to be applied in such an audit.

ETHICAL REQUIREMENTS RELATING TO AN AUDIT OF FINANCIAL STATEMENTS

-The auditor should comply with relevant ethical requirements relating to audit engagements.
-As discussed in PSA 220, "Quality Control for an Audits of Financial Statements," ethical requirements relating to audits of financial statements
ordinarily comprise Parts A and B of the Code of Ethics for Professional Accountants in the Philippines (Ethics Code)' effective April 6, 2018 adopted
and promulgated by the Board of Accountancy. PSA 220 (Revised) identifies the fundamental principles of professional ethics established by Parts A
and B of the Ethics Code and sets out the engagement partner's responsibilities with respect to ethical requirements.
-PSA 220 recognizes that the engagement team is entitled to rely on a firm's systems in meeting its responsibilities with respect to quality control
procedures applicable to the individual audit engagement (for example, in relation to capabilities and competence of personnel through their
recruitment and formal training; independence through the accumulation and communication of relevant independence information; maintenance of
client relationships through acceptance and continuance systems; and adherence to regulatory and legal requirements through the monitoring
process), unless information provided by the firm or other parties suggests otherwise. Accordingly, Philippine Standard on Quality Control (PSQC) 1,
"Quality Control for Firms that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related Services Engagements,"
requires the firm to establish policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with
relevant ethical requirements.

CONDUCT OF AN AUDIT OF FINANCIAL STATEMENTS

-The auditor should conduct an audit in accordance with Philippine Standards on Auditing.
-PSAs contain basic principles and essential procedures together with related guidance in the form of explanatory and other material, including
appendices. The basic principles and essential procedures are to be understood and applied in the context of explanatory and other materials that
provide guidance for their application. The text of a whole Standard is considered in order to understand and apply the basic principles and essential
procedures.
-In conducting an audit in accordance with PSAs, the auditor is also aware of and considers Philippine Auditing Practice Statements (PAPSs)
applicable to the audit engagement. PAPSs provide interpretative guidance and practical assistance to auditors in implementing PSAs. An auditor
who does not apply the guidance included in a relevant PAPS needs to be prepared to explain how the basic principles and essential procedures in
the Standard addressed by the PAPS have been complied with.
-The auditor may also conduct the audit in accordance with both ISAs and PSAs. However, there are currently no fundamental differences between
the IAASB pronouncements and corresponding requirements issued by the AASC and no such differences are expected in the future.

1
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

SCOPE OF AN AUDIT OF FINANCIAL STATEMENTS

-The term "scope of an audit" refers to the audit procedures deemed necessary in the circumstances to achieve the objective of the audit. In
determining the audit procedures to be performed in conducting an audit in accordance with Philippine Standards on Auditing, the auditor should
comply with each of the Philippine Standards on Auditing relevant to the audit.

-The auditor should not represent compliance with Philippine Standards on Auditing unless the auditor has complied fully with all of the Philippine
Standards on Auditing relevant to the audit. The auditor may, in exceptional circumstances, judge it necessary to depart from a basic principle or an
essential procedure that is relevant in the circumstances of the audit, in order to achieve the objective of the audit. In such a case, the auditor is not
precluded from representing compliance with PSAs, provided the departure is appropriately documented as required by PSA 230 (Clarified), "Audit
Documentation."

PROFESSIONAL SKEPTICISM
-The auditor should plan and perform an audit with an attitude of professional skepticism recognizing that circumstances may exist that cause the
financial statements to be materially misstated.
-An attitude of professional skepticism means the auditor makes a critical assessment, with a questioning mind, of the validity of audit evidence
obtained and is alert to audit evidence that contradicts or brings into question the reliability of documents and responses to inquiries and other
information obtained from management and those charged with governance. For example, an attitude of professional skepticism is necessary
throughout the audit process for the auditor to reduce the risk of overlooking unusual circumstances, of over generalizing when drawing conclusions
from audit observations, and of using faulty assumptions in determining the nature, timing and extent of the audit procedures and evaluating the
results thereof. When making inquiries and performing other audit procedures, the auditor is not satisfied with less-than persuasive audit evidence
based on a belief that management and those charged with governance are honest and have integrity. Accordingly, representations from
management are not a substitute for obtaining sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base the
auditor's opinion.

REASONABLE ASSURANCE
-An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the financial statements taken as a whole are free from
material misstatement, whether due to fraud or error. Reasonable assurance is a concept relating to the accumulation of the audit evidence
necessary for the auditor to conclude that there are no material misstatements in the financial statements taken as a whole. Reasonable assurance
relates to the whole audit process.

*An auditor cannot obtain absolute assurance because there are inherent limitations in an audit that affect the auditor's ability to detect material
misstatements. These limitations result from factors such as the following:
1. The use of testing.
2. The inherent limitations of internal control (for example, the possibility of management override or collusion).
3. The fact that most audit evidence is persuasive rather than conclusive.

*Also, the work undertaken by the auditor to form an opinion is permeated by judgment, in particular regarding:
1. The gathering of audit evidence, for example, in deciding the nature, timing and extent of audit procedure; and
2. The drawing of conclusions based on the audit evidence gathered, for example, assessing the reasonableness of the estimates made by
management in preparing the financial statements.

*Further, other limitations may affect the persuasiveness of evidence available to draw conclusions on particular assertions (for example,
transactions between related parties). In these cases, certain PSAs identify specified audit procedures which will, because of the nature of the
particular assertions, provide sufficient appropriate audit evidence in the absence of:
a. Unusual circumstances which increase the risk of material misstatement beyond that which would ordinarily be expected; or
b. Any indication that a material misstatement has occurred.

*Accordingly, because of the factors described above, an audit is not a guarantee that the financial statements are free from material misstatement,
because absolute assurance is not attainable. Further, an audit opinion does not assure the future viability of the entity nor the efficiency or
effectiveness with which management as conducted the affairs of the entity.

AUDIT RISK AND MATERIALITY

-The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the financial statements give a true and fair view or
are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. The concept of reasonable assurance
acknowledges that there is a risk the audit opinion is inappropriate. The risk that the auditor expresses an inappropriate audit opinion when the
financial statements are materially misstated is known as "audit risk".
-The auditor should plan and perform the audit to reduce audit risk to an acceptably low level that is consistent with the objective of an audit. The
auditor reduces audit risk by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base an audit opinion. Reasonable assurance is obtained when the auditor has reduced audit risk to an acceptably low
level.

RESPONSIBILITY FOR THE FINANCIAL STATEMENTS

-While the auditor is responsible for forming and expressing an opinion on the financial statements, the responsibility for the preparation and
presentation of the financial statements in accordance with the applicable financial reporting framework is that of the management of the entity, with
2
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

oversight from those charged with governance. The audit of the financial statements does not relieve management or those charged with
governance of their responsibilities.

THE RISK-BASED AUDIT PROCESS

Risk-based audit approach

-is an audit approach that begins with an assessment of the types and likelihood of misstatements in account balance and then adjusts the amount
and type of audit work, to the likelihood of material misstatements occurring in account balances.
-In risk-based audit, the audit team views all activities in the organization first in terms of risks to strategies and objectives, and then in terms of
management's plans and processes to mitigate the risk. The auditors obtain an understanding of the client's objectives. The risks are identified and
the auditors determine how management plans to mitigate the risk and whether those plans are in place and operating effectively.

Account-based audit
-is an approach wherein the auditor obtains an understanding of control and assesses control risk for particular types of errors and frauds in specific
accounts and cycle.

STAGES OF THE RISK-BASED AUDIT PROCESS

-Under the PSAs which are risk-based, specific audit procedures vary from one engagement to the next. The following stages are, however, involved
in every engagement.

 Phase I. Risk Assessment

This phase involves the following activities:
1. Performance of preliminary engagement activities to decide whether to accept / continue an audit engagement.
2. Planning the audit to develop an overall audit strategy and audit plan.
3. Performance of risk assessment procedures to identify / assess risk of material misstatement through understanding the entity.

 Phase II. I Risk Response

This phase covers the following activities:
1. Designing overall responses and further audit procedures to develop appropriate responses to the assessed risk of material misstatement.
2. Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level.

 Phase III. Reporting

This phase involves the following activities:
1. Evaluating the audit evidence obtained to determine what additional audit work (if any) is required.
2. Forming an opinion based on audit findings and preparing the auditor's report.

A simpler way of describing the three elements is illustrated below.

*An "event" is simply a business or fraud risk factor that, if it actually occurred, would adversely affect the entity's ability to achieve its objective of
preparing financial statements that do not contain material misstatements resulting from error and fraud. This would also include risks resulting from
the absence of internal control to mitigate the potential for material misstatements in the financial statements.

Figure 1-2 shows the schematic risk-based audit process in accordance with the guidelines provided by the International Federation of Accountants.

3
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

4
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

Figure 1-3 presents the Relevant Philippine Standards in Auditing (PSAS) to be used in the Risk-Based Audit Process

5
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

6
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

UNDERSTANDING THE AUDIT RISK MODEL

Nature of Risk

Risk
-is a concept used to express uncertainty about events and/or their outcomes that could have a material effect on the organization

The four critical components of risk that are may relevant give to conducting the audit are:
1. Audit Risk - The risk that an auditor may give unqualified opinion on financial statements that are materially misstated.

7
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

2. Engagement Risk - The economic risk that a CPA firm is exposed to because it is associated with a particular client including loss of
reputation, inability of the client to pay the auditor, or financial loss because management is not honest and inhibits the audit process.
Engagement risk is controlled by careful selection and retention of client.
3. Financial Reporting Risk- Those risks that relate directly to the recording of transactions and the presentation of financial data in an
organization's financial statements.
4. Business Risk- Those risks that affect the operations and potential outcomes of organizational activities.

The following considerations are important in integrating the concepts of materiality and risk in the conduct of a risk-based audit:

1. Risky areas of a business must be identified by the auditors to determine which account balances are more prone to material
misstatements, how the misstatements might occur and how a client might be able to cover them up.
2. Auditors need to develop approaches and methodologies to allocate overall assessments of materiality to individual account balances
because some account balances may be more important to users.
3. Audits involve testing or sampling and thus cannot provide absolute (100%) assurance that the financial statements are free of material
misstatements without inordinately driving up the cost of audits.
4. Not all clients are worth accepting. Since audits rely on testing and to some extent on the integrity of management, there are some clients
that an audit firm should not accept because the engagement risk is too high.
5. Competition for clients among audit firms is high. Clients choose auditors based on a number of factors including fees, service, industry
knowledge, personal rapport and ability to assist the client.
6. Auditors should understand society's expectations of financial reporting to reduce audit risk to an acceptably low level and therefore
minimize lawsuits that the users may possibly bring forth.

*Although audit risk is a concept, it is often illustrated using quantitative examples. For instance, the relationship between engagement risk and audit
risk may be presented as follows:

 Setting audit risk at 1% is equivalent to performing a statistical test using 99% confidence level. Audit risk set at 1% implies that the auditor
is willing to take a 1% chance of issuing an unqualified opinion on materially misstated financial statements.
 Audit risk set at 5%, implies that the auditor is willing to take a 5% chance of issuing an unqualified opinion on materially misstated
financial statements.
 High levels of audit risk are appropriate for client with lower levels of engagement risk.

*Based on the assessment of engagement risk, the auditor sets the desired audit risk. Audit risk oftentimes illustrated using numeric or quantitative
examples. In fact, many audit firms use the measures associated with statistical sampling to set audit risk, e.g., setting audit risk at a 1% level for
high-risk clients and 5% for lower-risk clients. Other auditing firms use a broader description of audit risk as high, moderate or low and adjust the
nature of their audit procedures accordingly.

The following general observations are considered to have influenced the implementation of the audit risk model:
 The better the company's internal controls, the lower the likelihood of material misstatement.
 Unusual or complex transactions are more likely to be erroneously recorded than a recurring or routine transactions
 The amount and persuasiveness of audit evidence gathered should vary inversely with audit risk; i.e., lower audit risk requires gathering
more persuasive evidence.

COMPONENTS OF AUDIT-RISK MODEL

-These general premises have been incorporated into an audit risk (AR) model with three components:
1. inherent risk (IR)
2. control risk (CR)
3. detection risk (DR)

AR = IR x CR x DR

Where:

 Inherent risk (IR) is the initial susceptibility of a transaction or accounting adjustment to be recorded in error, or for the transaction not to be
recorded in the absence of internal controls.

 Control risk (CR) is the risk that the client's internal control system will fail to prevent or detect a misstatement.
8
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

 Detection risk (DR) is the risk that the audit procedures will fail to detect a material misstatement.

*Stated differently, audit risk is the risk that the auditor may give an unqualified opinion on materially misstated financial statements. It is influenced
by:
 (IR) the likelihood that a transaction, estimate, or adjustment might be recorded incorrectly;
 (CR) the likelihood that the client's internal control processes would fail to prevent or detect the misstatement and
 (DR) the likelihood that, if a misstatement occurred, the auditor's procedures would fail to detect the misstatement.

*The audit risk model may also be illustrated using a quantitative approach with probability assessments applied to each of the model's component.

Illustrative Case I: Quantitative Example of Audit Risk: High Risk of Material Misstatement

XYZ Mining Corporation, an audit client of Aquino and Marcos CPAs, has many complex transactions and weak internal control. The auditors assess
both inherent risk and control risk at their maximum. This implies that the client does not have effective control (CR) and there is a high risk that the
transaction would be recorded incorrectly (IR).

The auditors believe that engagement risk is high and have set audit risk at the 0.01 level. This means that the auditors do not want to take much of
a risk that the misstatement goes undetected in the financial statements.

The effect on the extent of audit procedures and thus, detection risk is as follows:

 In this particular case, detection risk and audit risk are the same because the auditor cannot rely on internal control to prevent or detect
misstatements.
 This illustration therefore yields the instinctive result:
"Poor controls and a high likelihood of misstatement would lead to extended audit work to maintain audit risk at an acceptable level."

Illustrative Case II: Quantitative Example of Audit Risk: Low Risk of Material Misstatement

Zoren Trading Corporation is an audit client of Cayetano and Loren CPAs. Zoren has simple transactions, well-trained accounting personnel
effective control and no incentive to misstate the financial statements.

The auditor's previous audit experience with the client; an understanding of the client's internal controls and the results of preliminary testing this
year indicate a low risk of material misstatement existing in the accounting records. The auditor assesses inherent risk as low as 50% and control
risk of 20%.

Audit risk is consistent with it low engagement risk of 0.05.

The detection risk for this engagement is determined as follows:

*The auditor could therefore design tests of the accounting records with a lower detection risk, in this situation 50%, because only minimal
substantive tests of account balances are needed to provide corroborating evidence on the expectations that the accounts are not materially
misstated. The auditor, however would have had to test whether the controls are operating effectively in order to support a control risk assessment
below 100%.

9
 ST. ANTHONY’S COLLEGE
Business Education Department
San Jose de Buenavista, 5700 Antique
Tel. No. (036) 5409238; 5400898; 5409971 Tel. No.: (036) 5409196
Website: www.sac.edu.ph Email: info@sac.edu.ph; bused@sac.edu.ph

In SAC, we
APC 302 – AUDITING AND ASSURANCE: CONCEPTS AND APPLICATION 1 care!
PRELIM

FACTORS TO CONSIDER IN IMPLEMENTING THEAUDIT RISK MODEL

The following general observations on an audit client influence the implementation of the audit risk model:

1. High-risk activities
-This includes operations or events where a material misstatement could easily occur. For example, an inventory of high-value diamonds
or gold bars held by a jeweler, or a new / complex accounting system being introduced.
2. Existence of large non-routine transactions
 Identified significant related party transactions outside the entity's normal course of business are to be treated as giving rise to
significant risks. This includes infrequent and large transactions.

For example:
 Unusual volume of routine transactions with a related party;
 A major sales or supply contract;
 The purchase or sale of major business assets or business segments; and
 Sale of the business to a third party.

 Routine non-complex transactions that are subject to systematic processing are less likely to give rise to significant risks.

3. Matters requiring judgment or management intervention

Examples would include:

 The assumptions and calculations used by management in developing major estimates;
 Complex calculations or accounting principles;
 Revenue recognition (presumed to be a significant risk) that is subject to differing interpretation;
 Where management intervention is required to specify the accounting treatment to be used.

4. Potential for fraud

 The risk of not detecting a material misstatement resulting from fraud (which is intentional and deliberately concealed) is higher
than the risk of not detecting one resulting from error.
 In evaluating whether significant risk could result from the identified fraud risk factors and the possible scenarios and schemes
identified in team discussions, consider the following:
 Skillfulness of the potential perpetrator;
 Relative size of individual amount manipulated;
 Level of authority of management or employee to:
directly or indirectly manipulate accounting records, and
override control procedures;
 Significant fraud risks may be identified at any stage in the audit as a result of new information being obtained.

LIMITATIONS OF THE AUDIT RISK MODEL

-Audit risk is a concept that drives the auditor's thinking about planning the audit and then executing an audit. The illustrations are designed to
provide guidance, but should not be applied remotely to any audit client.

CPA firms in determining their approach to implementing the audit risk model should consider the following limitations:
1. Inherent risk is difficult to formally assess. Some transactions because of their complexity are more susceptible to error but it is quite
difficult to assess that level of risk independent of the client's accounting system.
2. The model treats each risk component as separate and independent when in fact the components are not independent. It is also quite
difficult to separate a client’s material controls and inherent risk
3. Audit risk is judgmentally determined.
4. Audit technology is not fully developed that each component of the model can be accurately assessed. Auditing is based on testing, and
precise estimates of the model’s components are not possible. Auditors can however, make subjective assessments and use the audit risk
model as guide.

10