Professional Documents
Culture Documents
11)
1. The auditor should comply with relevant ethical requirements relating to audit engagement.
2. The auditor should conduct an audit in accordance with Philippine Standards on Auditing
(PSAs).
3. The auditor should plan and perform the audit with an attitude of professional skepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.
4. The auditor should plan and perform the audit to reduce audit risk to an acceptably low level
that is consistent with the objective of an audit.
Professional Skepticism
The auditor is critical, recognizing that there may be circumstances that will cause the financial
statements of the client to be materially misstated. Therefore, the auditor has to be doubtful
and he needs to validate whether those assertions or representations of the management are
true and correct.
The auditor has the responsibility to find evidence that may corroborate or contradict the claim
of the management.
The management prepares the financial statements. The auditor's responsibility is just to find out if
the financial statements conform to the acceptable financial reporting framework.
Sham Audit - auditors don't perform the process of audit and just follows what the management
says.
The moment the auditor submits his audited report to the board of the directors of his client, his
relationship with his client ends.
You must still maintain the confidentiality of the report even if relationship ends.
RA No. 9298
Philippine Accountancy Act of 2004
Includes Code of Ethics for CPAs
Audit Procedures:
1. Risk assessment procedure - for purposes of getting the level of risk (ex: inquire, observe,
inspect)
2. Test of Control - study the internal control system
3. Substantive Test Procedures - gathering pieces of evidence (ex: confirmation letters to banks,
to suppliers, conducting ocular inspection)
Substantive Test Procedure - indispensable. It must always be performed regardless of level of risk.
Test of Control - dispensable. Its purpose is to ascertain whether the initial assessment of low
control risk is valid or not.
Under what circumstance can the test of control not be performed by the auditor (or dispensable)?
When the assessment of level of risk is high. Because in audit there is economic constraints.
When is the test of control performed? If control risk is low. The auditor will perform test of control
procedures by performing a more in-depth study of the client's internal control system.
The higher the risk, the more evidences the auditor must gather to have strong conviction in
forming his opinion.
After performing the audit procedures, then the auditor will form his opinion.
PSA - serves as the guidance on how the auditor will conduct the audit.
Why the need for an audit? The level of credibility or reliability of information is enhanced when
the auditor affixes his signature.
Audited FS - there is already a signature of the auditor attesting the reliability of the information
presented.
Assurance Services
applies to all engagement performed by other professionals.
audit of financial statements is an example.
assurers report on the quality of information.
The auditors assure the intended users that the information presented in the client's FS is in
accordance with the acceptable financial reporting framework and are fairly presented.
Subject Matter:
Examples:
1. In a financial statement audit, the appropriate subject matter is the assertion of the
management that that is their actual financial position as of December 31 as embodied in
the financial statement position.
2. They claim that is their actual performance during the period as embodied in the statement
of comprehensive income.
3. They claim that it is their actual cash flows.
The appropriate subject matter is not the balance sheet itself. It’s the content. It’s the claim of
the management that it is their actual financial position, financial performance, or their actual
cash flows as manifested in their financial statements comprising the balance sheet, income
statement, the cash flow, the changes in equity and notes to financial statement.
Criteria:
standard that the auditor needs to use in determining whether the subject matter (FS) is in
accordance with the suitable criteria.
There must be a basis of comparison.
in the audit of financial statements, the criteria is the Philippine Financial Reporting Standards
(PFRS).
If the client company is large such as banks, pawnshop and insurance company, the criteria is Full
PFRS. Do not use the PFRS for SME (Small Medium Entities).
Company is small if total assets is between P3M to P100M. (PFRS for Small Entities)
Company is medium if total assets is more than P100M to P350M. (PFRS for SME)
Company is large if assets or total liabilities is more than P350M. (PFRS for Large Entities)
At what amount should inventory be presented at balance sheet date: @ lower of cost and net
realizable value. (If it is a small entity it is @ fair value)
Audit sampling:
most common method used in a risk-based audit.
the auditor will just make an estimate, based on his professional judgement, on what would be
the appropriate amount or percentage of the samples to be tested.
Examples:
1. In the course of your audit, you obtained inconsistent evidence (the claims of management
are different from the claims of external parties). You must rely from the outside of the
company [Audit & Assurance Principle, p. 11]
2. You performed bank reconciliation and the results differ from the management's ledger.
You must rely on your bank reconciliation result.
Non-Assurance Engagement:
If one or more elements of assurance engagement is lacking it is a non-assurance engagement.
Ex:
1. You are consulted by the client regarding the assessment from the BIR (Tax Consultancy - you
just give a piece of advice, there's no written assurance report).
2. You are asked by the client to assist them in the preparation of income tax return (There's no
written assurance report)
Other example of assurance engagement:
1. Review engagement
2. Compliance audit - you are engaged to determine if the client is complying with relevant laws
and regulations.
Cost-benefit consideration:
You consider this when obtaining evidence.
In financial statement audit, there are economic constraints (time and money)
Ex: When obtaining evidence, choose an alternative audit procedure that is cheaper.
If there is no alternative, the rule is that no matter how much it costs or difficult but the
information is very critical or material, the auditor has no recourse but to perform that
procedure. [Audit & Assurance Principle, p.12]
Materiality:
common concept all throughout the audit.
When is an item considered material? When it will affect the decision of the users of financial
information and the fairness of presentation.
If the evidence is very material or very critical, he needs to dig in pieces of evidence in support
of his opinion.
Audit risk and materiality are inversely proportionate. [Salosagcol, p.176]
Materiality is relevant when the practitioner determines the nature, timing, and extent of
evidence-gathering procedure and when assessing whether the subject matter information is
free of misstatement.
2. According to Structure
a. Attestation Engagement
b. Direct Engagement
Reasonable Assurance
Ex: Financial Statement Audit
Highest level of assurance that an auditor may render in financial statement audit: Reasonable
assurance
There's no guarantee (absolute assurance) that the client's financial statement is misstated
because of the limitations of audit.
Limited Assurance
Procedures performed is less than reasonable assurance.
Level of risk is higher than reasonable assurance.
Ex: Review engagement (inquiry, observation, reconciliation, vouching can be done)
Attestation Engagement
Ex: Financial Statement Audit
The responsible party (management) will measure and prepare the financial statement and the
auditor's responsibility is whether the claims by the management is true by digging pieces of
evidence.
Direct Engagement
The practitioner measures the information related to the assurance engagement and makes
the report.
A limitation because there is sampling risk. The results of the chosen samples is assumed to be
the same with the rest of the population.
Sampling risk - the risk that the results of the sample tested may not be representative to the
entire population.
To reduce sampling risk, the auditor must increase sample size.
Ex: Despite how well designed and properly implemented the client's internal control system
may be, when there is collusion or connivance among the employees or management or from
people outside the entity, the auditor may find difficulty in determining the risk regularity or
misstatements of information as reflected in the client's financial statement.
Ex: Management uses their overriding authority (Entity is granting line of credit to a client and
their policy is up to P500,000. But one client is a close friend to the president, the policy can be
overridden by the top management for that client.)
Ex: There may be information reflected in the financial statements not properly stated because
the subject matter is voluminous. Or some transactions are foreign.
CHAPTER 2: AUDITS OF FINANCIAL STATEMENTS INTRODUCTION
2. Assertion of Completeness
Asserting that all transactions are properly reflected in the financial statements during the
period.
4. Assertion of Valuation
Under what circumstance will disclaimer of opinion will be rendered? When in the auditor's
judgement, an item is considered so material that it is affecting the fairness of presentation of the
FS so that he was not able to gather sufficient appropriate evidence because of restrictions
imposed by the management.
Types of Audit:
1. Financial Statement Audit
2. Operational Audit
3. Compliance Audit
4. External Audit
5. Internal Audit
6. Government Audit
Internal auditor is still an employee of the audit client. His function is to ascertain whether there's
compliance with the policies and procedures imposed by the management.
Internal auditor directly reports to: the audit committee or the audit committee of board of
directors. He rarely communicates with the management to maintain independence.
Internal auditors talk to the management about administrative matters (ex: budget assigned).
Auditor in Government Audit: Commission on Audit
Objective of Financial Statement Audit: For the auditor to express an opinion whether the financial
statements are prepared in all material respects in accordance with the acceptable financial
reporting framework.
In issuing an unqualified opinion, the auditor guarantees there's no material misstatement, but
there are still misstatements but not material.
The user of financial statement cannot assume the opinion of the auditor is an assurance as to the
future viability of the entity nor the efficiency and effectiveness in which the management
conducted the affairs of the entity.
The preparation and presentation of financial statement in accordance with suitable criteria is the
responsibility of the management even if it is being audited.
1. Risk-based audit - commonly used; the auditor makes an initial assessment of level of risk
2. Top down approach - starts with identification of strategic issues affecting the audit and uses them
to determine the overall strategy for the audit.
3. Balance sheet approach - auditor audits the assets and liabilities of the entity, with little emphasis on
profit and loss account items.
4. Transaction approach - audits more on nominal accounts than real (balance sheet) account.
7. Financial risk approach - auditor considers financial risk and materiality in planning the audit work.
CHAPTER 3: THE PROFESSIONAL PRACTICE OF ACCOUNTING
CPA is now recognized to have equal footing with other professions like law and medicine because
it is possessing the attributes as required for a profession.
To become a CPA, you need to finish Bachelor of Science in Accountancy and pass the CPA
Licensure Exam.
Sectors of Accounting:
1. Public practice
you may be engaged in rendering assurance engagement
you may build your own accounting office
2. Private practice
in the private sector.
employed in one big corporation like San Miguel Corporation.
you can be the president, vice president for finance, controller, or an accountant.
If employer has capital of P5M above or annual revenue of at least P10M. It is a
requirement that the one supervising the recording of financial transactions,
preparation of financial statements, or even coordinating with external auditors, must
be a CPA.
3. Practice in Education or Academe
as an instructor, professor, dean or chair in the college of accountancy.
4. Practice in Government
employed in the government.
Financial Statement Audit - main service offered by CPAs that only CPAs can render because of the
knowledge CPAs possess.
Can a CPA practice his profession in more than one sector? Yes, as long as there's no conflict of
interest.
CPAs can engage in private and public practice at the same time as long as you should not be the
external auditor of your own employer because you will not maintain independence.
CPAs in the government sector CAN'T engage in public practice because there's conflict of interest.
The fundamental ethical principle of objectivity is compromised. For example, you are assigned as
an examiner of the financial statement you audited. You can engage in other sectors such as
private or academe.
Ethical principles:
1. Integrity
2. Objectivity
3. Confidentiality
4. Professional behavior
5. Professional competence and due care
5. Sanctions and penalties against violators of the laws, rules and regulations affecting the
accounting profession.
For example, you don't have the accreditation as required by the BOA and you keep
engaging in the audit of FS. That is a violation of RA 9298.
Following Grounds:
1. Neglect of duty or incompetence
2. Violation or toleration of any violation of RA 9298 and its IRR or the CPAs Code of Ethics
3. Final judgement of crimes involving moral turpitude
Supreme Court renders the final decision.
Examples of moral turpitude: murder, falsification of public documents, or bribery
If political crime like rebellion or sedition, it is not covered by RA 9298.
STANDARD-SETTING BODIES:
1. Financial Reporting Standards Council (FRSC)
2. Auditing and Assurance Standards Council (AASC)
body that develop the standards you follow in auditing financial statements.
those standards developed by an international body - the International Auditing and
Assurance Standards Board (IASB).
MRA:
is the product of a meeting among the ASEAN countries.
main objective is to allow cross border movement of professional accountants, providing external
auditing services and other accountancy related services that requires domestic licensing in ASEAN
member states and may continue to be facilitated through bilateral or multilateral MRAs between
or among ASEAN member countries.
In short, the main objective is to allow professional accountants in each countries to extend their
services to other ASEAN member countries.
Once you are an ASEAN chartered professional accountant, you can render or practice your
profession in any of the ASEAN member countries.
PROFESSIONAL ORGANIZATIONS:
Once you passed the CPA Licensure Exam you become a member of the Philippine Institute of
Certified Public Accountants (PICPA)
You need to pay annual dues. Your application for accreditation will not be renewed if you have
unpaid membership fees.
Main objective of PICPA: to protect and to provide the best interest for the members of the
organization.
SECTORAL ORGANIZATIONS:
1. Association of CPAs in Public Practice (ACPAPP)
2. Association of CPAs in Commerce and Industry (ACPACI)
3. National Association of CPAs in Education (NACPAE)
4. Government Association of CPAs (GACPA)
Once you passed the exam you will go to PRC to claim board certificate and you will be given a PRC
ID which will be renewed every three years. When you renew you have to ensure that you have
taken at least 120 CPD units.
Circumstance where a CPA passed the board exam, but the PRC refused to issue CPA Certificate
and PRC ID:
1. Was convicted by a court of competent jurisdiction of a criminal offense involving moral
turpitude.
2. Guilty of immoral and dishonorable conduct.
3. Has unsound mind.
4. Misrepresentation in the application for the CPA Examination.
Example, you cheated.
FOREIGN CPA:
Are foreign CPAs allowed to practice in the Philippines? Generally, no. Otherwise, there should
be treaties or agreements entered between the Philippine government and the country where
that foreign CPA resides, allowing the CPAs of either country to practice their profession in that
country.
Example, you go to Lebanon and want to practice your profession. Generally, you are not
allowed unless Lebanon and Philippines have an agreement that they allow the CPAs to
practice in either country.
Aside from mutual agreement, there should be compliance with other requirements the same
with Filipino CPAs.
Circumstance where foreign CPAs are issued with special and temporary permits:
1. Called for consultation or for a specific purpose essential for the development of the country,
provided that his/her practice is limited for the particular work that he/she is being engaged
and that there is no Filipino CPA qualified for such consultation or specific purpose.
2. Engaged as a professor, lecturer, or critic infield essential to accountancy education in the
Philippines, and his/her engagement is confined to teaching only.
3. Internationally recognized expert or with specialization in any branch of accountancy and
his/her service is essential for the advancement of accountancy in the Philippines.
PROFESSIONAL STANDARDS:
1. Philippine Standards on Auditing (PSAs)
for FS audit.
CPD Programs:
1. Seminars and Workshops
2. Academic track
3. Self-directed and/or Lifelong Learning
4. Other activities to be recommend by the CPD Council and approved by the BOA and the
Professional Regulation Commission.
CPD Units requirement: 120 units.
In setting up your own accounting firm, you need to secure the required permit and licenses. Then
secure the requirements needed to practice public accountancy.
If it is a partnership, you need to go first to SEC to have it registered. After securing the
registration, you’ll go to the city or municipality where the principal address your business is
located. After that, register at BIR and other government agencies like SSS and PhilHealth for your
employees.
If you are an Individual CPA, no need to secure the permit and license from the city or municipality.
Just have it registered at the BIR to file for necessary taxes.
If it is an individual firm you need to register it at DTI.
Under RA 9298, the form of business organization that is allowed to be formed for practice of
public accounting: sole proprietorship and partnership.
Corporation is not allowed under RA 9298 because the owners of a corporation are the investors
and shareholders. For instance, you want to put up an accounting office as a partnership. It is
necessary for the partners to be CPAs but in a corporation, it is not a requirement for all
shareholders to be CPAs. At the same time, the objective of a corporation is to earn profit which
could affect the quality of the services rendered by the CPAs (it becomes a commercial approach)
while in partnership or in an individual firm, the main objective is to render service to the public.
Earning profit is secondary objective only. This also applies to other professions like lawyers and
doctors.
Quality Review Committee (QRC) – one of the councils formed or created to assist the BOA in their
discharge of their duties and responsibilities.
It is indicated in the audit report all required accreditations of the auditor. SEC will not accept the
financial statements filed by the client without the required accreditation numbers by the external
auditor. It is also indicated the expiry date of BIR accreditation, BOA accreditation, SEC
accreditation, your CBA accreditation.
RULES ON NAMES:
As an individual practitioner, you can use your name.
As an individual firm or sole proprietorship, you can use the name registered in the DTI.
As a partnership, you can use the name registered in SEC.
Why is there a limitation imposed regarding the advertising and marketing of the services of any
profession? It’s because they are limiting the competition. Otherwise, if they allow competition, it
can affect the quality of services. And there will be unfair competition especially to individual CPAs.
ACCEPTABLE PUBLICITY:
1. Awards
But should not be used for personal professional advantage (ex: to invite more
clients)
2. Professional Accountants Seeking Employment or Professional Business
3. Directories
4. Books, Articles, Interviews, Lectures, Radio and Television Appearances
Can’t disclose services offered because when you’re in television, its scope is wide.
It will be commercialized, and quality of services will be compromised.
5. Training Courses, Seminars, etc.
6. Booklets and Documents Containing Technical Information
7. Staff Recruitment
8. Publicity on Behalf of Clients
9. Brochures and Firm Directories
10. Stationery and Nameplates
11. Announcements
12. Inclusion of the Name of the CPA in Public Practice in a Document Issued by a Client
13. Anniversaries
After every 5 years
14. Websites
The bottom line of the regulations on the marketing of the services offered by CPAs is so that the
quality of the services offered will not be compromised. To avoid undue competition among
members of the competition. Without the regulations, the very purpose of serving the public will
be defeated.
If the client is a bank, an insurance company, a publicly listed entity (shares of stocks are publicly
listed in the stock exchange), or the assets of the company is P500M perhaps, the acceptable
financial reporting framework is Full PFRS.
Assertions – claims or representations of the management regarding the financial statement that is
being subject to audit.
All financial information reflecting in the financial statement is good only for December 31. That’s
why the date is presented “As of December 31”. The day after December 31, the financial position
could be different.
What is the overall objective of the auditor in an audit of financial statements? For the auditor to
express an opinion whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework (PSA 200).
The auditor’s opinion enhances the credibility of the financial statements. The user cannot assume
that the opinion is an assurance to the future viability of the entity nor the efficiency or
effectiveness of which the management has conducted the affairs of the entity.
For instance, the auditor’s opinion is unqualified and after 6 months, the entity has closed its
operations. Do not blame the auditor because as of that moment, when he rendered the
unqualified opinion, it only enhances the credibility of the financial statements. On that date, there
is no indications substantially affecting the ability of the company to operate as a going concern.
Unfortunately, after the audit, there could be circumstances that have affected the operations of
the company.
What is the responsibility of the auditor? The auditor is responsible for expressing an opinion on
the financial statements from the management or those charged with governance whether it is
fairly presented.
Charged with governance – refers to the board of directors (the governing body of the entity).
It is the primary responsibility of the management or those charged with governance of the
identification of the appropriate financial reporting framework to be used. While the auditor will
determine whether such financial reporting framework is acceptable.
Responsibilities of the Management and those Charged with Governance on Financial Statement
Audit:
1. For the preparation and presentation of the financial statements in accordance with the
applicable financial reporting framework. Aside from that, the management also has the
responsibility to have an internal control system that is properly designed and
implemented to have their financial information considered as reliable.
2. They also need to be cooperative with the members of the engagement team. They should
provide the auditor:
All information, such as records and documentation, and other matters that are
relevant to the preparation and presentation of the financial statements.
Any additional information that the auditor may request from management and,
where appropriate, those charged with governance
Unrestricted access to those within the entity from whom the auditor determines it
necessary to obtain audit evidence.
If you are going to ask for information, records and documentation, there must be proper planning,
and you should know who to ask for the documents. It also has to be at a time when you will not
disrupt the operations of the entity. There has to be an arrangement.
If the management is uncooperative during the time of engagement, that is the time for the auditor
to withdraw from the engagement and perhaps issue a disclaimer of opinion. For instance, they are
not giving you the records or documents, and these are material, based on your professional
judgement.
If the auditor experiences restrictions imposed by the management and the auditor can’t conduct
the audit properly, the auditor must approach the management and discuss the issues or concerns.
If after discussing and it remains to be unresolved, auditor will withdraw from the engagement.
Audit Independence:
Being independent means that he is not influenced by anybody. He is independent in mind
and in appearance.
Being independent enhances the auditor’s integrity and objectivity.
If for instance, you are invited by the president of the entity which is subject of audit to a
party, there is impairment of independence in appearance because there is ongoing
engagement.
If you meet that president in accident and you’ve talked only, then there is no impairment
because it is only circumstantial.
Fundamental Ethical Principles:
1. Integrity – he needs to be honest
2. Objectivity
3. Confidentiality
4. Professional Competence and Due Care
5. Professional Behavior
Professional Skepticism:
Refers to being critical and doubtful, recognizing that there are circumstances that will
cause the financial statements to be materially misstated.
There is potential bias on the part of the management since they are the ones who
prepared the financial statement. There may be circumstances that the amounts are
manipulated or because of motives such as they want to attract investors.
Auditor needs to perform series of procedures or gather evidences to ascertain
whether the assertion is true or not.
Audit Materiality:
Under what circumstance is information considered as material? If it affects the fairness
of the presentation of the financial statement (in the auditor’s point of view) and if its
omission could influence the decision of the financial statement users.
Under PSA 320, there is inverse relationship between materiality level and audit risk.
The higher the materiality level, the lower the audit risk and vice versa.
As the auditor starts gathering evidence, he will set up the materiality level (it can be
quantified). For instance, if the aggregate of misstatements reaches the materiality
level of P500,000 then it is considered material. Therefore, the auditor has to gather
more pieces of evidence to support his opinion.
Materiality level is a relative concept, it depends on the circumstance. For instance, the
size or nature of the entity varies the materiality level. Another instance is cash. When
you audit cash and cash equivalent, it is not the amount that matters. It could be the
entity is large, but the amount of cash and cash equivalent is now minimal. The auditor
will devote more of his time in auditing the cash and cash equivalent because of the
high degree of inherent risk that it is prone to irregularity or misappropriation.
If the auditor considers the information is material, he will dig more pieces of evidence.
Audit Risk:
Audit Risk – risk that the auditor will issue an inappropriate opinion.
To minimize the level of audit risk, the auditor will perform audit planning first.
Factors or Components Affecting Audit Risk:
1. The risk of material misstatements of financial statements
2. Detection risk
Likelihood that the auditor will not detect a misstatement that exists in
an assertion that could be material, either individually or when
aggregated with other misstatements.
Function of the effectiveness of an audit procedure and of its
application by the auditor.
How to minimize detection risk? There must be proper planning and
supervision.
During the audit planning, detection risk is included in the activities
that the auditor, together with the engagement team, has to set up
and who is supposed to be monitoring the engagement team,
especially those who have lesser experience.
It affects audit risk.
If the level of inherent risk and control risk is high, the risk of material misstatement is also high.
(Direct Relationship)
Inherent risk and control risk are not imputable against the auditor because before the audit, these
risks are already here.
Detection risk is controllable by the auditor imputable against the auditor because it could be
perhaps his audit procedure is inappropriate.
Professional Judgement:
Professional Judgement – application of relevant knowledge and experience, within
the context provided by auditing, accounting and ethical standards, in reaching
decisions about the courses of action that are appropriate in the circumstances of the
audit engagement.
All throughout the audit, this will be used. For instance, in determining what is the
appropriate sample size, what is the appropriate audit procedure, determining the
amount of pieces of evidence, and evaluating the pieces of evidence.
It is an inherent limitation because it could be that the judgement would not be
correct.
4. Substantive Testing
Can’t be dispensed because it is the only way the auditor will gather pieces of
evidence.
Example: Conduct ocular inspection, vouching, preparation of bank
reconciliation, inquiry, observation, etc.
Test of the substance of the account balance.
5. Completing the Audit
Wrapping-up procedures and review of audit conclusions prior to issuance of
the audit report.
For instance, going over his working papers, the gathered pieces of evidence is
sufficient already.
For instance, identify related parties.
For instance, if there are subsequent events that happened after balance sheet
date. The auditor has to ascertain how it will affect the financial statement.
6. Issuance of the Audit Report
Preparation and issuance of the audit report.
Audit report – final output of the process.
7. Post-audit Responsibilities
Last stage of the process where the auditor, together with the engagement
team, will gather and try to recollect what happened in the previous
engagement.
Types of Opinion:
1. Unqualified opinion – if it is fairly presented (in consonance with the acceptable
financial reporting framework).
2. Qualified opinion – there are material misstatements, but the effect is not pervasive
(does not affect the financial statement as a whole. The effect is in confined in one
account only). The financial statement is still considered as fairly presented.
3. Adverse opinion – financial statement is not fairly presented. For instance, no
disclosure that the entity can’t operate on a going concern basis.
4. Disclaimer of Opinion – for instance, there are restrictions imposed so that the auditor
was not able to gather sufficient appropriate evidence.
Two Factors Affecting Audit Risk:
1. Risk of Material Misstatement
a. Inherent Risk
b. Control Risk
2. Detection Risk – auditor may not be able to detect material misstatements of an
account because of inappropriate auditing procedure.
If the assessment of inherent risk and control risk is high, what is the materiality level the
auditor should establish during the planning stage? Low so that there is a higher chance
that there would be misstatements that could be leading to a material misstatement of the
information as reflected in the client’s financial statement.
For instance, you set up P5M materiality level which is too high. Most likely, you won’t be
able to come up with misstatements approaching the P5M above. Even if you aggregate
the total misstatements of the individual accounts, the auditor will have a hard time to
come up with misstatements that could materially affect the fairness of the presentation of
the financial statement because the materiality level is so high.
During the planning stage, he has initial assessment, now he needs to set up what should
be the materiality level for him to be able to come up with the risk of material
misstatement.
There’s material misstatement if the amount exceeds the materiality level.
Materiality level could be quantified (ex: it could be P1M).
Materiality level depends on the circumstances.
How to minimize the effect of detection risk? Proper planning and supervision.
Audit Planning – establishing the overall audit strategy for the engagement and developing an
audit plan, in order to reduce the audit risk to an acceptably low level.
For instance, there is an information that the auditor considers critical and there are alternative
procedures they can perform to obtain that information. The audit procedure they will choose
must be the one that will result to a minimum cost.
Audit Program – final output of the audit planning activities. It contains the audit procedures to be
carried out, be it test of control or substantive test procedures.
Audit program must be prepared on both test of control procedures and substantive test
procedures.
In developing an audit program for the substantive test of different accounts, it must be done
separately.
Take note that before the audit planning, there is an initial procedure performed by the auditor to
get the level of risk involved in the client’s preparation and presentation of financial statement
Factors the Auditor should Consider in Developing the Overall Audit Strategy:
1. Identify the characteristics of the engagement that define its scope
The characteristics of the engagement being referred to is the nature of the
business of the potential client.
For instance, if it is a bank, pawnshop, or a mining industry.
For instance, it is a bank and it has branches, what is the scope of the engagement?
Will it cover only the main branch?
The bank is also subjected to the laws, rules and regulations of the central bank,
the auditor should take information if they are complying with these rules and
policies. If there is non-compliance, the entity will be exposed to significant risk and
will affect the entity’s ability to operate as going concern.
To know the acceptable financial reporting framework. For instance, if it is a bank,
the acceptable financial reporting framework is the Full PFRS.
2. Ascertain the reporting objectives of the engagement to plan the timing of the audit and
the nature of the communications required.
For instance, the entity’s timetable for reporting to the government, agencies, and
those charged with the governance should be known by the auditor because this
will affect the reporting objectives the auditor will need to produce because the
entity’s financial statements need to be audited which will be submitted to the BIR,
SEC, or other regulatory agencies the entity is subjected to.
3. Consider the factors that, in the auditor’s professional judgement, are significant in
directing the engagement team’s efforts.
There may be procedures already performed initially by the auditor through risk
assessment procedure such as inquiry, inspection, and observation.
4. Consider the results of the preliminary engagement activities and, where applicable,
whether knowledge gained on other engagements performed by the engagement partner
for the entity is relevant.
5. Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
Why is it important that you should know the characteristics of the audit? So that this will help the
auditor come up with appropriate audit procedures that they will solely undertake and to know the
acceptable financial reporting framework and to know the expected audit coverage including the
number and locations of the components to be included in the audit.
What do you call the audit procedures the auditor will perform during the audit planning to have
thorough understanding of the client and its environment together with the client’s internal control
system? Risk assessment procedures. For example: inquiry, inspect, and performing analytical
procedures.
If the client is recurring, audit can be performed during the interim period.
For instance, October 1 you started to audit and the end of the reporting period is December 31.
The intervening period is October 1 to December 31. If you perform substantive test procedures
during the interim period, you need to consider the incremental risk (the risk that may arise during
the intervening period). Auditor still has to perform procedures during the intervening period to
ensure that there are no transactions that could materially affect the fairness of presentation of the
financial statement.
During the intervening period, the procedures the auditor performs is not extensive. Auditor
merely reviews, inquire, inspects, performs vouching because his initial assessment of risk is low. If
risk is high, audit should be performed at year end.
Study and evaluation of internal control is simultaneous with obtaining an understanding and
knowledge about the entity and its environment.
There is a need for evaluation of internal control system for the auditor to identify and assess the
risk of material misstatements brought by the client’s internal control system.
Management is responsible for internal control procedures and ascertains that their internal
control system is properly designed and implemented (which is shown in the audit report).
If control risk is low, in terms of nature, perform less effective substantive test procedure (ex:
review, inquiry, observation, performing analytical procedures). In terms of extent, less extensive
audit procedure. In terms of timing, audit procedures can be performed during the interim period.
If control risk is high, the nature of substantive test procedure is more effective (even if it is costly
and if it is the only procedure). In terms of extent, it has to be more extensive. In terms of timing,
audit procedures should be performed at end of accounting period.
Primary consideration of the auditor in studying and evaluating internal control is to find out if the
internal control policies and procedures can prevent or detect or correct errors on a timely basis
because it can affect the client’s financial statements.
Internal Control – process designed and effected by those charged with governance, management,
and other personnel to provide reasonable assurance about the achievement of the entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations,
and compliance with laws and regulations.
The management, those charged with governance, and other personnel are the ones who develop
the internal control system.
Why is internal control a process? Because it is a means to an end, meaning, internal control is part
of the process of a certain transaction. A transaction can’t be completed without applying internal
control policies and procedures. For example, cash disbursement. Before a check is delivered to a
supplier as payment, it has to be signed by those authorized signatories as part of the internal
control policies. If there are no signatures, then the check can’t be issued, hence, transaction can’t
be completed.
What do you mean by internal control involves people? Internal control is developed by the people
within the organization such as the management, those charged with governance, and employees.
And to carry out the policies and procedures of the internal control system, these people
implements these policies and procedures to achieve the business’ objectives which are the
reliability of financial reporting, effectiveness and efficiency of their operations, and in complying
the laws, rules and regulations. In short, these people develop, implement and execute the internal
control policies and procedures.
Why internal control provides reasonable assurance only in attaining the entity’s objectives?
Because of inherent limitations of internal control.
Control Environment:
Sets the tone of an organization, influencing the control consciousness of its people. It is the
foundation for all other components of internal control, providing discipline and structure.
Reflection of the various control policies established.
Those charged with governance and the management are responsible for the detection and
prevention of fraud and error and also the establishing of a strong control environment.
Control environment is the first component that the auditor observes when touring the
client’s facility.
Elements of the Control Environment:
1. Communication and enforcement of integrity and ethical values
What control should the company has to ensure that people within the
organization have ethical behavior and integrity? Integrity and ethical
values are expressed through:
1. Existence and implementation of codes of conduct and other
policies regarding acceptable business practice, conflicts of
interest, or expected standards or ethical and moral behavior.
2. Dealings with employees, suppliers, customers, investors,
creditors, insurers, competitors, and auditors.
3. Pressure to meet unrealistic performance targets and extent to
which compensation is based on achieving those performance
targets.
Integrity is a prerequisite because if you are not honest and straight
forward, how will you be able to comply with ethical fundamental
principles.
2. Commitment to competence
To ensure high standard of best practice for the company, the entity should
install a process of selection in hiring.
Management should consider the competence levels for particular jobs.
It is important to conduct employee training.
3. Participation by those charged with governance
4. Management’s philosophy and operating style
In financial management, what is the ultimate objective of the
management in their operations? To maximize shareholders wealth.
If that is the case, does it mean only the interest of the shareholders are
taken into consideration? No. If the interest of the shareholders is the
primary consideration of the management, it doesn’t mean the interest of
the other stakeholders are not compromised because whatever amount
that is left after giving what is due to other stakeholders (employees,
customers, suppliers) is given to the shareholders in the form of dividends
and the growth in the value of the entity’s shares of stocks.
If management’s objective is to maximize profit, they will venture into
activities which will be characterize as highly risky investments. It will affect
the growth of the values of the shares of stocks because investors do not
like highly risky investments. Potential investors are not attracted.
5. Organizational structure
Provides overall framework of the planning, executing, controlling and
monitoring activities performed by the management.
Formal organizational structure is often denoted in organizational chart.
Important aspects of organizational structure:
1. Centralization of authority
2. Assigning of responsibility of a specific task
3. The way responsibility allocation affects management information
requirements
4. Organization of accounting and information system functions
6. Assignment of authority and responsibility
Management assign authority and responsibility within the organization
that are congruent to the management’s philosophy and operating style.
Authority and responsibility may be assigned through formal job
description, employee training and operating plans, schedules and
budgets.
7. Human resources policies and practices
Send messages to employees regarding expected levels of integrity, ethical
behavior and competence.
Human resources practices and policies suggest to the employees what the
entity expects in terms of integrity, ethical behavior and competence.
These policies describe how the organization hires, trains, evaluates,
promotes and compensates employees.
Control Activities:
Policies and procedures, which are the actions of people to implement the policies, to help
ensure that management directives identified as necessary to address risks are carried out.
Internal control policies and procedures implemented to address risks.
Example of control activities:
1. Performance Review
To minimize significant difference between actual and forecast or the
variance.
2. Information Processing
3. Physical controls
4. Segregation of duties
Information System and Communication:
Consists of infrastructure, software, people, procedures and data.
Provide relevant and timely information and communication.
The system should identify information requirements and create information system that
provides the needed data.
Monitoring of Control:
Why is there a need to monitor control? To ensure that the control activities are in place,
adequate, operating effectively and if they are still relevant.
Helps the management determine what modifications to the system are needed as
conditions change.
REVIEW:
What is the appropriate response if control risk is low? Test of control.
Is test of control dispensable? Yes, when the control risk is high.
REVIEW:
Audit Procedure According to Purpose:
1. Risk Assessment Procedure
2. Test of Control
3. Substantive Test Procedure
When is test of control done by the auditor? If control risk is low to validate if the initial assessment
is really low. It tests the operating effectiveness of the internal control system.
What is substantive test procedure? Audit procedures performed to detect material misstatements
at the assertion level.
In determining the sufficiency of the audit evidence needed for the auditor to draw a conclusion,
what normally does the auditor uses? Professional judgement.
Regardless of level of control risk, substantive test procedures must always be prepared because
this is the only way for the auditor to gather evidence.
Audit Evidence:
All the information used by the auditor in arriving at the conclusions on which the audit
opinion is based and includes the information contained in the accounting records
underlying the financial statements and other information.
Cumulative in nature and ordinarily obtained from audit procedures performed during the
course of the audit.
The sources of evidence mainly come from the results of the audit procedures performed
by the auditor such as inquiry, inspection, sending confirmation letters, reconciliation,
vouching, etc.
There are other pieces of evidence that the auditor will be using such as the accounting
records and documents. These may also corroborate the pieces of evidence that the
auditor obtained while performing substantive test procedures.
Corroborating Evidence – evidence which complements or supports an assertion which is
already supported by another type of evidence.
Mere inspection, inquiry and observation are not sufficient evidence.
Under what circumstance will risk assessment procedure be performed? Why is there a need for it
to be performed? To obtain an understanding of the entity and its environment and to assess the
level of risk involved in the internal control system.
The assessment of level of risk involved, whether high or low, will influence what the next
procedure the auditor will perform. So, if control risk is high, auditor will take into consideration
the nature, extent and timing of the substantive test procedure.
Another term for test of control is reliance approach. It is done if control risk is low. The auditor
will make a validation of his initial assessment by going through a more in-depth study of the
client’s internal control system
What is the relationship between audit evidence to management assertion? Audit evidence should
be relevant to the management assertion.
If audit evidence is relevant to the assertion, what is avoided? To minimize detection risk and
erroneous conclusions.
Cut-off Test – Auditor will select few transactions that happened few days before and after balance
sheet date to find out if there’s any window dressing.
Positive Confirmation – asks the respondent to reply to the auditor in all cases either by indicating
the respondent’s agreement with the given information, or by asking the respondent to fill in
information.
Negative Confirmation – asks the respondent to reply only in the event of disagreement with the
information provided in the request.
What is the difference between positive and negative confirmation? In positive confirmation there
is reply and it is more reliable. In negative confirmation, respondent will only reply if the
information presented is not correct. If there’s no reply, there’s an assumption that the respondent
acknowledges that the information is correct.
The risk in positive confirmation is that the respondent may reply without verifying the
information.
The risk in negative confirmation is that there’s no physical evidence if the confirmation is received
by the respondent.
Under what circumstance will a negative confirmation be sent? If risk of material misstatement is
low and a large number of errors is not expected.
Under what circumstance will the auditor send confirmation to management? Aside from being
additional evidence, auditor will send confirmation to management to confirm a certain item
especially if it is very critical and material. Take note, that confirmation is not sufficient and will not
constitute a sufficient appropriate evidence because it is unlikely that the management will give
information that will discredit their assertions.
What if the management did not accept the confirmation? What will the auditor do? If reason is
justifiable, auditor will think of alternative audit procedures. If not justifiable and prevented from
carrying out the confirmation, auditor should consider the possible impact on the auditor’s report.
It will constitute a limitation on the scope of the auditor’s work which he will take into
consideration whether to issue a qualified opinion, adverse or disclaimer of opinion. If client is a
bank and their reason is because of bank secrecy based on Banko Sentral ng Pilipinas, then their
reason is justifiable.
Means of Selecting Items for Testing Which are Available to the Auditor (PSA 500):
1. Selecting all items
2. Selecting specific items
3. Audit sampling
Audit Sampling
Most common method that auditors use.
All population have equal chance of being selected because it is done randomly.
How will the auditor evaluate the result of the sample tested? Will the results of the
sample tested be projected to the entire population? Yes. The result of the sample
tested is representative of the entire population.
Example, auditor chose 30% only, the result from that 30% applies to the remaining
70%.
Auditor will use his judgement on what could be the appropriate sample size. It
depends on the materiality of the item or the level of risk involved. The higher the
materiality (material information) or level of risk involved, the higher sample size the
auditor needs to test.
There is risk involved in using audit sampling called sampling risk.
Sampling Risk – the risk that the results of the sample tested may not be representative
of the entire population.
Sampling risk is one of the reasons why auditor can’t issue absolute assurance.
How will the auditor minimize the effect of sampling risk? Increase sample size.
Sampling risk is attributable to the auditor because he has control over this audit
sampling.
Non-sampling Risk – risk that is not associated with the use of sampling.
Example of non-sampling risk: Use of inappropriate substantive test procedures
performed by lesser experience members of the engagement team
How to minimize the effect of non-sampling risk? Proper monitoring, proper planning,
etc.
Factors that Affect the Risk of Material Misstatement:
1. Inherent Risk
A factor that the auditor can consider in assessing inherent risk is considering the
nature of the operations of the client. The client may be engaged in transactions
that are complex and the accountant doesn’t know the proper treatment to those
transactions.
There are rumors that the client is engaged in illegal activities. Their integrity is
questionable. It is possible that their financial statements are manipulated.
2. Control Risk
Management or those charged with governance overrides internal control policies
using their authority.
In selecting items for testing, this is applicable only to test of control and substantive test
procedure.
In relation to sampling risk, when the auditor makes use of audit sampling, what could be the effect
if the assessment is that control risk is too high but it turns out that control risk is actually low?
(Meaning, the auditor assessed that the result of the sample tested is negative or unfavorable, but
if he tested the rest of the population the result is favorable) The effect is over auditing. Because
the result of control risk is too high, the auditor will perform more extensive substantive test
procedures which will affect the audit efficiency and is more costly. And he may draw an
inappropriate conclusion.
What if control risk is low but it is actually high? The effect is under auditing. The auditor will
perform less effective audit procedures and will perform test of control.
What is Risk of Incorrect Rejection in relation to sampling risk? When there is risk of incorrect
rejection, the result of the sample tested is negative or unfavorable, but if the auditor tested the
remaining population, it is positive. The effect is over auditing. Auditor will perform more extensive
audit procedure and will affect audit efficiency.
What is Risk of Incorrect Acceptance? The result of the sample tested is positive or favorable, but in
reality, it is negative or unfavorable. The effect is under auditing. The auditor will issue unqualified
opinion and the public will be misled.
General Approaches to Audit Sampling:
1. Statistical Sampling
Auditor uses laws of probability to aid the auditor in designing an efficient sample,
in measuring the sufficiency of evidence obtained, and in evaluating the sample
results.
2. Non-Statistical Sampling
Auditor does not use laws of probability and uses professional judgement.
Stratification
It stratifies the population by subdividing the population into discrete sub-population which
have an identifying characteristic.
Its objective is to reduce the variability of items within each stratum.
Will the result of the sample tested in a particular stratum be projected to the other
stratums? No.
Projection of Errors
Anomalous errors are not included in projection of errors.
The projection of errors by the auditor is brought about by his assessment, for instance, his
test of control.
Auditor will compare his projected errors with the tolerable error or materiality level set
up.
What is the appropriate action of the auditor if the projected errors and anomalous errors
are approaching the materiality level? The auditor has to exercise the attitude of
professional skepticism by trying to think of other procedures to settle his doubts that it
could be possible that there may be misstatements that are not discovered. Had these
been discovered, it could exceed the materiality level.
CHAPTER 12: COMPLETING THE AUDIT
There are still procedures the auditor must perform before drawing his conclusion called
completing the audit procedures to ensure that he will form a correct opinion.
Audit Report – Final product of the audit process that communicates the auditor’s findings to
interested users. It expresses an opinion on the degree of correspondence between information
contained in the financial statements and the established criteria in the auditor’s procedures.
Audit report is covered by PSA 700 “Forming an Opinion and Reporting on Financial Statements”.
How did the auditor concluded the opinion he is about to render in the audit report? The auditor’s
basis on the type of opinion that he will render is the pieces of evidence obtained by him through
his performance of different audit procedures.
What is the responsibility of the auditor regarding the opening balances and it is an initial audit
engagement? To ascertain the correctness of the opening balances by performing procedures.
What if the auditor found out that there are misstatements in the prior year? What is his
responsibility? The auditor should communicate the misstatement with the appropriate level
of management and those charged with governance and request that the predecessor auditor
be performed.
What if the predecessor auditor is not amendable to make the revisions of his report? The
successor auditor will disclose it in the notes to FS about his findings.
Subsequent Events
What if there are subsequent events after the issuance of the audit report but prior to issuance
of the financial statements and these could materially affect the fairness of presentation of the
FS? What action will the auditor do? It is the initiative of the management to inform the
auditor of facts which may affect the financial statements during this period. The action of the
auditor depends if management will amend the financial statements or not.
If management amends the FS:
1. A new audit report is issued after performance of additional audit procedures.
2. The new report shall not be dated earlier than the date the amended financial
statements are signed or approved.
What is the difference between adjusting and non-adjusting event? Adjusting events are events
that provide evidence to a condition that is already existing as of the reporting period. Non-
adjusting events are events that happened after the reporting period but it did not exist as of
the reporting period.
Example: The entity is being sued for damages. They disclosed it in their notes to FS only since
the contingency is only possible. So as of December 31, there’s already a condition. Then after
December 31, there has been settlement. Therefore, this is an adjusting event.
Example: After reporting period the warehouse burned down including all the inventories. This
is a non-adjusting event.
If it is a non-adjusting event, the auditor needs to prepare a supplemental report stating
therein the circumstance related to the subsequent event.
The date of the supplemental report is the date where the transaction happened.