Professional Documents
Culture Documents
Overview of Auditing and Audit Planning PDF
Overview of Auditing and Audit Planning PDF
Assurance Services/Engagements:
Assurance services – independent professional services in which a practitioner issues a written
communication that expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria
Assurance engagement – an engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria
a. To provide a high level of assurance that the subject matter conforms in all material respects
with identified suitable criteria; or
b. To provide a moderate level of assurance that the subject matter is plausible in the
circumstances.
1. Reasonable assurance engagements – engagements that provide high, but not absolute, level
of assurance
Also called high-level engagements
The objective of a reasonable assurance engagement is a reduction in assurance
engagement risk to an acceptably low level as the basis for a positive form of expression of
the practitioner’s conclusion.
1|Page
AUDITING
Reasonable assurance is achieved if assurance engagement risk is reduced to an
acceptably low level (close to zero).
For assurance engagements regarding historical financial information in particular,
reasonable assurance engagements are called audit engagements. An audit engagement
is an assurance engagement to provide a high level of assurance that the financial
statements are free of material misstatement. This high level of assurance is expressed
positively in the audit report as “reasonable assurance”.
Absolute assurance is not attainable:
In assurance engagements, absolute assurance is generally not attainable because of such
factors as:
Use of judgment
Use of testing
Inherent limitations of internal control
Most evidence available to the practitioner is persuasive rather than conclusive
In some cases, the characteristics of the subject matter
Assurance engagement risk is the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
Components of assurance engagement risk:
1. Risk of material misstatement – the risk that the subject matter is materially misstated
a. Inherent risk – the susceptibility of the subject matter information to a material
misstatement, assuming that there are no related controls
b. Control risk – the risk that a material misstatement that could occur will not be
prevented, or detected and corrected, on a timely basis by related internal controls
2. Detection risk – the risk that the practitioner will not detect a material misstatement that
exists
2|Page
AUDITING
1. Assertion based engagements – evaluation or measurement of the subject matter is performed by
the responsible party, and the subject matter information is in the form of an assertion by the
responsible party that is made available to the interested users
Assertion-based engagements are also known as attestation engagements
Examples of assertion-based engagements:
a. Audit engagements
b. Review engagements
“In our opinion the responsible party’s assertion that internal control is effective,
in all material respects, based on XYZ criteria, is fairly stated”
2. Direct reporting engagements – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that has
performed the evaluation or measurement that is not available to the intended users
“In our opinion internal control is effective, in all material respects, based on XYZ
criteria”
3|Page
AUDITING
Only where the practitioner’s knowledge of the engagement circumstances indicates that:
1. Three party relationship (involving a practitioner, a responsible party and intended users)
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report in the form appropriate to a reasonable assurance engagement or a
limited assurance engagement
The term practitioner is broader than the term “auditor” as used in professional standards,
which only refers to practitioner performing audit or review engagements with respect to
historical financial information.
b. Responsible party – person/s who is responsible for the subject matter or the assertion (subject
matter information)
For example, an entity’s management is responsible for the preparation and presentation of
financial statements or the establishment and implementation of internal control.
4|Page
AUDITING
c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the
assurance report; they are the users to whom the practitioner usually addresses the report
The responsible party and the intended users may be from different entities or the
same entity.
The practitioner may be engaged by the responsible party or the intended user.
The responsible party can be one of the intended users, but not the only one.
Whenever practical, the assurance report is addressed to all the intended users, but in
some cases there may be other intended users. In cases where the CPA may not be
able to identify all intended users, intended users may be limited to major
stockholders with significant and common interests.
In some circumstances, the intended user may be established by law.
The responsible party may also be one of the intended users.
The intended user may be established by agreement between the practitioner and
responsible party or those engaging or employing the practitioner.
Subject matter refers to the information to be evaluated or measured against the criteria. Subject
matter information means the outcome of the evaluation or measurement of a subject matter.
Subject matter includes the financial position, financial performance and cash flows of the
entity
Subject matter information is the set of financial statements
Responsible party is the client/entity management
a. Identifiable
b. Capable of consistent evaluation and measurement against suitable criteria
c. In the form that can be subjected to procedures for gathering evidence to support that
evaluation or measurement
5|Page
AUDITING
may be the recognition, measurement, presentation and disclosure represented in the
financial statements
2. Non-financial performance or conditions (for example, performance indicators of an
entity) for which the subject matter information may be key indicators of efficiency and
effectiveness
3. Physical characteristics (for example, capacity of a facility) for which the subject matter
information may be a specifications document
4. Systems and processes (for example, entity’s internal control or IT system) for which the
subject matter information may be an assertion about effectiveness
5. Behavior (for example, corporate governance, compliance with regulation, human resource
practices) for which the subject matter information may be a statement of compliance or a
statement of effectiveness
Suitable Criteria:
Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an
assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without
frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.
1. Established criteria – are those criteria that are embodied in laws or regulations or issued by
authorized or recognized bodies of experts that follow a transparent due process Examples:
2. Specifically developed criteria – those criteria specifically designed for the purpose of the
engagement
Whether criteria are established or specifically developed affects the work that the practitioner
carries out to assess their suitability for a particular engagement.
6|Page
AUDITING
Criteria need to be made available to the intended users in one or more of the following ways:
a. Publicly
b. Through inclusion in a clear manner in the presentation of the subject matter
information
c. Through inclusion in a clear manner in the assurance report
d. By general understanding, for example, the criterion for measuring time in hours and
minutes
The practitioner shall plan and perform the engagement with an attitude of professional skepticism
to obtain sufficient appropriate evidence that the assertions are free of material misstatements.
Professional skepticism – an attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud, and a critical assessment of
evidence
Evidence – refers to the information obtained by the practitioner in arriving at the conclusions
on which the conclusion is based
Sufficiency – refers to the measure of the quantity of evidence
Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its
reliability
A written assurance report should be in the form appropriate to a reasonable assurance engagement
or a limited assurance engagement.
The practitioner should provide a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. In addition, the practitioner considers other reporting
7|Page
AUDITING
responsibilities, including communicating with those charged with governance when it is appropriate to
do so.
Audit PSA 20 : An Audit is a systematic process of objectively and evaluating evidence regarding
assertions about economic actions and events to ascertain the degree of correspondence between these
assertions and established criteria and communicating the results to interested users.
1. Auditing is a systematic process – auditing proceeds by means of an ordered and structured series
of steps.
2. An Audit involves obtaining and evaluating evidence about assertions regarding economic
actions and events.
Assertions are representation made by an auditee about economic actions and events. The
auditor’s objective is to determine whether these assertions are valid. To satisfy this objective, the
auditor performs audit procedures and gathers evidence that corroborates or refutes the assertions.
The auditor should conduct the audit without bias. Impartial attitude must be maintained
by the auditor when evaluating evidence and formulating his conclusion.
4. Auditors ascertain the degree of correspondence between assertions and established criteria
5. Auditors communicate the audit results to various interested users.
8|Page
AUDITING
Type of audit:
Type of Auditors
1. External auditors – Theses are independent CPAs who offer their professional services to
different clients on a contractual basis. External auditors are the ones who generally conduct
financial statement audits.
2. Internal Auditors – Are entity’s own employee who investigate and appraise the effectiveness and
efficiency if operations and internal control
3. Government auditors – These are government whose main concern is to determine whether the
persons or entities comply with government laws and regulations.
Limitations:
1. The auditor should comply with relevant ethical requirements, including those relating to
independence, relating to financial statement audit engagements.
2. The auditor should conduct an audit in accordance with PSA.
3. The auditor should exercise professional judgement in planning and performing an audit of
financial statements.
4. The auditor should obtain sufficient appropriate audit evidence
5. The auditor should plan and perform the audit with attitude of professional skeptism
9|Page
AUDITING
1. Audit function operates on the assumption that all financial data are verifiable
2. The auditor should always maintain independence with respect to the financial statement under
audit.
3. There should be no long term conflict between the auditor and the client management
4. Effective internal control system reduces the possibility of errors and fraud affecting the financial
statement.
5. Consistent compliance with applicable financial reporting framework results in fair presentation
of financial statement.
6. What was held true in the past will continue to hold true in the future in the absence if known
conditions to contrary.
7. An audit benefits the public.
An audit financial statement generally begins with the financial statements prepared by the entity.
1. Assertions about classes of transactions and events for the period under audit.
a. Occurrence
b. Completeness
c. Accuracy
d. Cutoff
e. Classification
2. Assertions about account balance at the period end
a. Existence
b. Right and obligations
c. Completeness
d. Valuation and allocation
3. Assertions about presentation and disclosure
a. Occurrence and right and obligations
b. Completeness
c. Classification and understandability
10 | P a g e
AUDITING
d. Accuracy and valuation
1. Inspection
2. Observation
3. Inquiry
4. Confirmation
5. Computation
6. Analytical Procedures
Evidence: refers to the information obtained by the auditor in arriving at the conclusion on which the
audit opinion is based.
Engagement Letter – a contract between the auditor and the client to avoid misunderstanding with
respect with the engagement and document and confirm the auditor’s acceptance of the appointment
Audit planning involves establishing the overall audit strategy for the engagement and developing an
audit plan, in order to reduce audit risk to an acceptably low level
11 | P a g e
AUDITING
Objective of the auditor in planning the audit: So that the audit will be performed in an effective
manner
Who are involved in planning the audit: Engagement partner and other key members of the
engagement team (because of their experience and insight to enhance the effectiveness and efficiency
of the planning process)
PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment
including its internal control. Such understanding involves obtaining knowledge about the entity
Industry, regulatory, and other external factors, including financial reporting framework
Nature of the entity, including entity’s selection and application of accounting policies
Objective and strategies and the related business risks that may result in a material misstatement
of financial statement.
Measurement and review of the entity’s performance
Internal control
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative process that often
begins shortly after (or in connection with) the completion of the previous audit and continues until the
completion of the current audit engagement. In other words, planning is a continuous function that last
throughout the audit.
12 | P a g e
AUDITING
Factors that affect the nature and extent of audit planning:
The nature and extent of planning activities will vary according to the following factors:
a. The size and complexity of the entity – big companies and companies with more complex
operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement – for example, expansion
of operation because of diversification
c. The auditor’s previous experience with and understanding of the entity – more work is
required to obtain information regarding a new client than for an existing client
Initial audit requires more audit time because the auditor has no previous knowledge or is
unfamiliar with the client’s business, industry and internal control which need to be carefully
studied.
Recurring audit requires lesser audit time because of auditor’s previous knowledge of the
entity and its industry
Whether the audit is initial or recurring, the purpose and objective of audit planning are the
same. It is the nature and extent of audit planning that varies. For example, in case of
initial audit the auditor may need to expand the planning activities because he does not
ordinarily have the previous experience with the entity that is considered when planning
recurring audit engagements. Additional considerations in initial audit engagements are
necessary such as the need for the auditor to review the predecessor’s working papers and
to perform audit procedures regarding opening balances.
Planning stage of audit – the time before fieldwork starts, when the auditor is gathering information
about the client and its environment and designing overall audit strategy and audit plan
The earlier the auditor is appointed, the more efficient the audit plan and performance can be.
Thus, early appointment of the auditor allows the auditor to plan a more efficient audit.
It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the
auditor should consider whether late appointment will pose limitations on the audit that may lead
to a qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client.
In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall:
1. Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that
guides the development of the more detailed audit plan (Note 1)
2. Develop an audit plan that addresses the various matters identified in the overall audit strategy
13 | P a g e
AUDITING
Audit plan includes a description of:
a. The nature, timing and extent of planned risk assessment procedures (Note 2)
b. The nature, timing and extent of planned further audit procedures (at the assertion level) – to
be performed during testing stage
Further audit procedures include:
1. Modifying (updating) the overall audit strategy and the audit plan as necessary during the
course of the audit
Revision is necessary because of:
Unexpected events
Changes in conditions
Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete and or sequential processes, but are closely inter-related since changes in one may
result in consequential changes to the other.
2. Planning the nature, timing and extent of direction, supervision of the engagement team
members and the review of their work
The nature, timing and extent of direction, supervision of audit engagement team members and
review of their work depend on the following factors:
a. Size and complexity of the entity – Audits of small entities requires lesser (or even no)
direction, supervision, and review of the work of assistants
b. Area of audit – Difficult aspects of audit demand increased direction, supervision, and
a more detailed review of work of assistants.
c. Risks of material misstatement – As the assessed risk of material misstatement
increases, a given area of the audit, the auditor ordinarily increases the extent and
timeliness of direction, supervision and review
d. Capabilities and competence of personnel performing the audit work.
14 | P a g e
AUDITING
a. Considering the work of an expert – An expert is a person or firm possessing special
skill, knowledge and experience in a particular field or discipline other than accounting
and auditing.
Examples of work of experts include:
Valuation of certain assets (such as precious stones, works of arts, real estate,
plant and machinery)
Valuation of financial instruments
Actuarial valuation
Determination of quantities or physical condition of assets such as minerals
stored in stockpiles, underground mineral and petroleum reserves, and the
remaining useful life of plant and machinery
Measurement of % of completion on contracts in progress
Legal opinions concerning interpretations of statute and regulations and contracts
such as legal documents or legal title to property
When determining the need for an expert, the auditor would consider:
15 | P a g e
AUDITING
The susceptibility of the financial statements to material misstatements, including
fraud.
16 | P a g e
AUDITING
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has obtained an
understanding
c. Considering the factors that are significant in directing the engagement team’s efforts
17 | P a g e
AUDITING
Examples:
Results of previous audit regarding evaluation of internal control, identified weaknesses and
action taken to address them
The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform the engagement.
Examples:
Establishing the overall audit strategy assists the auditor in determining the following:
18 | P a g e
AUDITING
For example:
Number of team members assigned to observe the inventory count at material locations
Extent of review of other auditors’ work in the case of group audits
Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
When to hold team briefing and debriefing meetings
How engagement partner and manager reviews are expected to take place (for example, on-
site or off-site)
Whether to complete engagement quality control reviews
The external auditor should consider the work of internal auditing in order to minimize audit
costs.
The auditor should obtain a sufficient understanding of the internal audit function because the
work performed by internal auditors may be a factor in determining the nature, timing, and extent
of external auditor’s procedures.
Internal auditing can affect the scope of the external auditor’s audit of financial statements by
decreasing the auditor’s need to perform detailed tests.
The tasks that could be delegated to the internal audit staff include preparation of schedules. The
auditor has sole responsibility for the audit opinion expressed, and that responsibility is not
reduced by any use made of internal auditing.
The auditor shall determine materiality and performance materiality when planning the audit.
Concept of materiality:
19 | P a g e
AUDITING
Materiality is the amount (threshold or cut-off point) at which judgment of informed
decision makers based on the financial statement may be altered (changed or influenced).
An item or information is material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.
In determining appropriate level of materiality, the auditor uses professional judgment using
his perception of the needs of reasonable users of the financial statements.
1. Planning stage
a. To identify and assess risks of material misstatements
b. To determine the nature, timing and extent of further audit procedures
2. Testing stage (materiality levels set during audit planning are simply updated/revised if
necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the financial statements and
in forming the opinion in the auditor’s report
Documentation on materiality: Documentation should include the amounts and the factors
considered in their determination:
20 | P a g e
AUDITING
More evidence will be required for a low peso amount of materiality than for a high peso
amount.
The lower the tolerable misstatement, the more extensive the required audit procedures.
Materiality levels:
a. Materiality at financial statement as a whole – it is the smallest aggregate level that could
misstate/distort any of the financial statements
b. Materiality at assertion level – materiality level for individual or particular class of transactions,
account balance, or disclosure where appropriate; this is also known as tolerable misstatement
Tolerable misstatement refers to allocated materiality to affected accounts (usually
statement of financial position accounts because they are fewer)
Account balance – an individual line item in the financial statements, such as cash and
cash equivalents, loans and receivable, etc.
Class of transactions – type of transaction processed by the client’s accounting system,
such as sales transactions and purchasing transactions
Allocation may be done judgmentally or using formal quantitative approaches.
Materiality at this level are lesser than the overall materiality level but could reasonably be
expected to influence the economic decisions of financial statement users.
21 | P a g e
AUDITING
account balance or disclosure exceeds the materiality level for that particular class of
transactions, account balance or disclosure
Preliminary identification of areas where there may be higher risks of material misstatement
a. Risks of material misstatements may be greater for significant non-routine transactions which
involves:
Greater management intervention to specify the accounting treatment
Greater manual intervention for data collection and processing
Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental matters such as:
Accounting estimates
Revenue recognition may be subject to differing interpretation
Required judgment may be subjective or complex or require assumptions about the effects of
future events (for example, judgment about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessary, for example:
Existence of related parties and related party transactions
Related party transaction – a transfer of resources, services or obligations between related
parties, regardless of whether a price is charged
a. The identity of the entity’s related parties (relationships and transactions), including
changes from the prior period;
b. The nature of the relationships between the entity and these related parties; and
c. Whether the entity entered into any transactions with these related parties during the
period and, if so, the type and purpose of the transactions.
Management’s use of going concern assumption (financial statements are prepared based on
going concern assumption but there is a significant doubt as to the continued existence of the
entity) – the auditor shall assess the appropriateness of management’s use of going concern
assumption
a. To obtain understanding of the entity and its environment, including the entity’s internal control
b. To identify risks of material misstatements, whether due to fraud or error, at the financial
statement and assertion levels
c. To assess risks of material misstatement
d. To provide a basis for the identification and assessment of risks of material misstatements
e. To provide a basis for designing and implementing responses to the assessed risks of material
misstatement
22 | P a g e
AUDITING
1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Identify the risks of material misstatement:
Identify risks of material misstatement (inherent risk and control risk) based on understanding the
entity and its environment, including the entity’s relevant internal control. The auditor shall provide
reasonable assurance of detecting material misstatements, whether arising from errors or fraud.
Significant risk – an identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration
1. Inquires of management and others within the entity that is likely to assist the auditor in
identifying risk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal auditors,
in-house legal counsel, and other client personnel
23 | P a g e
AUDITING
2. Analytical procedures
Analytical procedures – evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data
The basic premise underlying the use of analytical procedures is that plausible relationships
among data may reasonably expected to exist and continue (predictable) in the absence of
known conditions to the contrary. The relationship among data should be both:
Income statements accounts are more predictable than balance sheet accounts.
Accounts that are not subject to management discretion are generally predictable.
Relationships in a stable environment are more predictable that those in a dynamic or
unstable environment.
24 | P a g e
AUDITING
a. Assess the risks of material misstatement (inherent and control risk); and
b. Limit detection risk. This may be achieved by performing procedures that respond to the
assessed risks of material misstatement at the financial statements, class of transactions, account
balance and assertion levels.
25 | P a g e
AUDITING
1. Set the desired level of Audit Risk
Audit risk – the risk that the auditor gives an inappropriate audit opinion when the financial
statements are materially misstated; it is the risk that the auditor may unknowingly fail to modify
appropriately the opinion on financial statements that are materially misstated
2. Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if
likelihood of misstatement is low
Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
Sources of assessment include knowledge of entity and its environment and preliminary
analytical procedures.
3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control
risk if internal control is effective, or high control risk if internal control is not effective
Control risk – the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be prevented or detected and
corrected on a timely basis by the entity’s internal control
Sources of assessment include knowledge of internal control and observation and
inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and control risk is high, the auditor should:
4. Determine the acceptable level of detection risk: The acceptable level of detection risk
depends on the assessed level of inherent and control risk (inverse relationship)
Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion
26 | P a g e
AUDITING
Detection risk can be increased or decreased by the auditor by performing substantive
tests but can never be reduced to zero because of the inherent limitations in the
procedures carried out, the human judgments required, and the nature of the evidence
examined.
The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
In summary, the auditor performs audit procedures to assess the risks of material misstatement
and seeks to limit detection risk by performing further audit procedures based on that
assessment.
The acceptable level of detection risk for a given level of audit risk bears an inverse
relationship to the risks of material misstatement at the assertion level. Therefore:
↑ Risk of material misstatement (inherent risk and control risk), ↓ detection risk that can
be accepted, and vice versa.
Audit risk and detection risk move in the same direction: ↑ Audit risk, ↑ detection risk,
and vice versa
The relationship between the risks can also be expressed mathematically in the following
formula:
27 | P a g e
AUDITING
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while detection risk is a
dependent variable.
All the components of audit risk cannot be eliminated by the auditor due to the
following reasons:
a. Inherent risk – some accounts are susceptible to a material misstatement or the risk
of such misstatement is greater for some accounts than for others
b. Control risk – due to inherent limitations of internal control system
c. Detection risk –
Use of testing/sampling
Use of auditor’s judgment
Even when the auditor conducts 100% examination because audit evidence is
persuasive rather than conclusive in nature
The components of audit risk that can or cannot be controlled by the auditor:
a. Inherent risk and control risk – cannot be controlled because these are entity’s risk
and exist independently of the audit
b. Detection risk – can be directly controlled (increased or decreased) by the auditor
because detection risk relates to the auditor’s procedures and can be altered by
adjusting the nature, timing, and extent of substantive procedures
There is an inverse relationship between materiality and the level of audit risk – ↑
materiality level, ↓ audit risk and vice versa.
Materiality is directly related to the acceptable level of detection risk.
It would lead to most audit work if both audit risk and materiality levels are low.
28 | P a g e