AUDITING

Assurance Services/Engagements:
 Assurance services – independent professional services in which a practitioner issues a written
communication that expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria
 Assurance engagement – an engagement in which a practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users other than the responsible
party about the outcome of the evaluation or measurement of a subject matter against criteria

 Assurance services improve the quality of information for decision-making.

 Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being
made by one party for use by another party; it is the degree of certainty the practitioner
has attained and wishes to convey to intended users
 Independence is required whenever a professional accountant performs assurance services.

Objective of an Assurance Engagement, In General:

Assurance engagements performed by professional accountants are intended to enhance the

credibility of information about the outcome of the evaluation or measurement of a subject matter
against criteria, thereby improving the likelihood that the information will meet the needs of an
intended user. Assurance engagements enhance the degree of confidence of the intended user because
the quality of information for decision making is improved.

Objective of Assurance Engagements:

According to the Philippine Framework for Assurance Engagements, an assurance engagement is

conducted:

a. To provide a high level of assurance that the subject matter conforms in all material respects
with identified suitable criteria; or
b. To provide a moderate level of assurance that the subject matter is plausible in the
circumstances.

Types of Assurance Engagements and their Objectives:

1. Reasonable assurance engagements – engagements that provide high, but not absolute, level
of assurance
 Also called high-level engagements
 The objective of a reasonable assurance engagement is a reduction in assurance
engagement risk to an acceptably low level as the basis for a positive form of expression of
the practitioner’s conclusion.

1|Page
 AUDITING
 Reasonable assurance is achieved if assurance engagement risk is reduced to an
acceptably low level (close to zero).
 For assurance engagements regarding historical financial information in particular,
reasonable assurance engagements are called audit engagements. An audit engagement
is an assurance engagement to provide a high level of assurance that the financial
statements are free of material misstatement. This high level of assurance is expressed
positively in the audit report as “reasonable assurance”.
 Absolute assurance is not attainable:
In assurance engagements, absolute assurance is generally not attainable because of such
factors as:

 Use of judgment
 Use of testing
 Inherent limitations of internal control
 Most evidence available to the practitioner is persuasive rather than conclusive
 In some cases, the characteristics of the subject matter

2. Limited assurance engagements – engagements that provide only a “moderate” or “limited”

level of assurance
 The objective of a limited assurance engagement is a reduction in assurance engagement
risk to an acceptable level as the basis for a negative form of expression of the
practitioner’s conclusion. Thus, the risk in limited assurance engagement is greater than
for a reasonable assurance engagement.

 Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable

level.
 For assurance engagements regarding historical financial information in particular,
limited assurance engagements are called review engagements.

Assurance Engagement Risk:

 Assurance engagement risk is the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
 Components of assurance engagement risk:
1. Risk of material misstatement – the risk that the subject matter is materially misstated
a. Inherent risk – the susceptibility of the subject matter information to a material
misstatement, assuming that there are no related controls
b. Control risk – the risk that a material misstatement that could occur will not be
prevented, or detected and corrected, on a timely basis by related internal controls
2. Detection risk – the risk that the practitioner will not detect a material misstatement that
exists

Assertion-based and Direct Reporting Engagements:

2|Page
 AUDITING
1. Assertion based engagements – evaluation or measurement of the subject matter is performed by
the responsible party, and the subject matter information is in the form of an assertion by the
responsible party that is made available to the interested users
 Assertion-based engagements are also known as attestation engagements
 Examples of assertion-based engagements:
a. Audit engagements
b. Review engagements

In an assertion-based engagement, the practitioner’s conclusion can be worded in terms of

the responsible party’s assertion. For example:

“In our opinion the responsible party’s assertion that internal control is effective,
in all material respects, based on XYZ criteria, is fairly stated”

2. Direct reporting engagements – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that has
performed the evaluation or measurement that is not available to the intended users

In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of

the subject matter and the criteria. For example:

“In our opinion internal control is effective, in all material respects, based on XYZ
criteria”

Range of Assurance Engagements:

a. Engagements to report on a broad range of subject matters covering financial and non-financial
information
b. Attest and direct reporting engagements
c. Engagements to report internally and externally, and
d. Engagements in the private and public sector

Examples of Assurance Engagements:

1. Audits of financial statements

2. Examination of prospective financial statements
3. Reporting on compliance with laws, rules and regulations
4. Other assurance services:
a. CPA risk advisory
b. Business performance measurement services
c. Health care performance measurement services
d. Elder Care Plus
e. Risk Assessment Services
f. CPA Web Trust Service
g. Information Systems Reliability

3|Page
 AUDITING

Requirements before a practitioner can accept an assurance engagement:

Only where the practitioner’s knowledge of the engagement circumstances indicates that:

1. Relevant ethical requirements, such as independence and professional competence will be

satisfied; and
2. The assurance engagement exhibits all of the following characteristics:
a. The subject matter is appropriate
b. The criteria to be used are suitable and are available to the intended users
c. The practitioner has access to sufficient appropriate evidence to support the practitioner’s
conclusion;
d. The practitioner’s conclusion, in the form appropriate to either a reasonable assurance
engagement or a limited assurance engagement, is to be contained in a written report, and
e. The practitioner is satisfied that there is a rational purpose for the engagement.

Elements of Assurance Engagements:

Not all engagements performed by practitioners are assurance engagements. An assurance

engagement must have the following elements:

1. Three party relationship (involving a practitioner, a responsible party and intended users)
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report in the form appropriate to a reasonable assurance engagement or a
limited assurance engagement

Three Party Relationship:

a. Practitioner – CPA in public practice who performs the assurance engagement

The term practitioner is broader than the term “auditor” as used in professional standards,
which only refers to practitioner performing audit or review engagements with respect to
historical financial information.

b. Responsible party – person/s who is responsible for the subject matter or the assertion (subject
matter information)

For example, an entity’s management is responsible for the preparation and presentation of
financial statements or the establishment and implementation of internal control.

4|Page
 AUDITING

c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the
assurance report; they are the users to whom the practitioner usually addresses the report

Responsible party and intended user:

 The responsible party and the intended users may be from different entities or the
same entity.
 The practitioner may be engaged by the responsible party or the intended user.
 The responsible party can be one of the intended users, but not the only one.
 Whenever practical, the assurance report is addressed to all the intended users, but in
some cases there may be other intended users. In cases where the CPA may not be
able to identify all intended users, intended users may be limited to major
stockholders with significant and common interests.
 In some circumstances, the intended user may be established by law.
 The responsible party may also be one of the intended users.
 The intended user may be established by agreement between the practitioner and
responsible party or those engaging or employing the practitioner.

Appropriate Subject Matter:

Subject matter refers to the information to be evaluated or measured against the criteria. Subject
matter information means the outcome of the evaluation or measurement of a subject matter.

Subject matter in an audit of financial statements:

 Subject matter includes the financial position, financial performance and cash flows of the
entity
 Subject matter information is the set of financial statements
 Responsible party is the client/entity management

Requirements for subject matter to be considered appropriate:

a. Identifiable
b. Capable of consistent evaluation and measurement against suitable criteria
c. In the form that can be subjected to procedures for gathering evidence to support that
evaluation or measurement

Forms of subject matter of an assurance engagement:

1. Financial performance or conditions (for example, historical or prospective financial

position, financial performance and cash flows) for which the subject matter information

5|Page
 AUDITING
may be the recognition, measurement, presentation and disclosure represented in the
financial statements
2. Non-financial performance or conditions (for example, performance indicators of an
entity) for which the subject matter information may be key indicators of efficiency and
effectiveness
3. Physical characteristics (for example, capacity of a facility) for which the subject matter
information may be a specifications document
4. Systems and processes (for example, entity’s internal control or IT system) for which the
subject matter information may be an assertion about effectiveness
5. Behavior (for example, corporate governance, compliance with regulation, human resource
practices) for which the subject matter information may be a statement of compliance or a
statement of effectiveness

Suitable Criteria:

Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an
assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without
frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.

Five characteristics of suitable criteria:

a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the

intended users
b. Completeness – criteria are sufficiently complete when relevant factors that could affect the
conclusions in the context of the engagement circumstances are not omitted. Complete
criteria include, where relevant, benchmarks for presentation and disclosure.
c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the
subject matter when used in similar circumstances by similarly qualified practitioners
d. Neutrality – neutral criteria contribute to conclusions that are free from bias
e. Understandability – understandable criteria contribute to conclusions that are clear,
comprehensive, and not subject to significantly different interpretations

Two types of criteria:

1. Established criteria – are those criteria that are embodied in laws or regulations or issued by
authorized or recognized bodies of experts that follow a transparent due process Examples:
2. Specifically developed criteria – those criteria specifically designed for the purpose of the
engagement

Whether criteria are established or specifically developed affects the work that the practitioner
carries out to assess their suitability for a particular engagement.

6|Page
 AUDITING

Examples of suitable criteria:

 Applicable financial reporting framework which is the Philippine Financial Reporting

Standards (PFRS) – in case of audit of financial statements
 Applicable law or regulation or contract – in case of compliance audit
 Established internal control framework or stated internal control criteria – in case of
report on internal control

Availability of criteria to intended users:

Criteria need to be made available to the intended users in one or more of the following ways:

a. Publicly
b. Through inclusion in a clear manner in the presentation of the subject matter
information
c. Through inclusion in a clear manner in the assurance report
d. By general understanding, for example, the criterion for measuring time in hours and
minutes

Sufficient Appropriate Evidence:

The practitioner shall plan and perform the engagement with an attitude of professional skepticism
to obtain sufficient appropriate evidence that the assertions are free of material misstatements.

 Professional skepticism – an attitude that includes a questioning mind, being alert to conditions
which may indicate possible misstatement due to error or fraud, and a critical assessment of
evidence
 Evidence – refers to the information obtained by the practitioner in arriving at the conclusions
on which the conclusion is based
 Sufficiency – refers to the measure of the quantity of evidence
 Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its
reliability

Written Assurance Report:

A written assurance report should be in the form appropriate to a reasonable assurance engagement
or a limited assurance engagement.

The practitioner should provide a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. In addition, the practitioner considers other reporting

7|Page
 AUDITING
responsibilities, including communicating with those charged with governance when it is appropriate to
do so.

Levels of assurance provided in the written report:

Type or level Form of conclusions Example

of assurance

Reasonable Positive form of “In our opinion internal control is effective,

assurance expression of the in all material respects, based on XYZ criteria.”
practitioner’s conclusion

Limited Negative form of “Based on our work described in this report,

assurance expression of the nothing has come to our attention that causes us
practitioner’s conclusion to believe that internal control is not effective, in
all material respects, based on XYZ criteria.”

Audit PSA 20 : An Audit is a systematic process of objectively and evaluating evidence regarding
assertions about economic actions and events to ascertain the degree of correspondence between these
assertions and established criteria and communicating the results to interested users.

1. Auditing is a systematic process – auditing proceeds by means of an ordered and structured series
of steps.
2. An Audit involves obtaining and evaluating evidence about assertions regarding economic
actions and events.

Assertions are representation made by an auditee about economic actions and events. The
auditor’s objective is to determine whether these assertions are valid. To satisfy this objective, the
auditor performs audit procedures and gathers evidence that corroborates or refutes the assertions.

3. An audit is conducted objectively

The auditor should conduct the audit without bias. Impartial attitude must be maintained
by the auditor when evaluating evidence and formulating his conclusion.

4. Auditors ascertain the degree of correspondence between assertions and established criteria
5. Auditors communicate the audit results to various interested users.

8|Page
 AUDITING
Type of audit:

1. Financial statement audit

2. Compliance audit
3. Operational audit

Type of Auditors

1. External auditors – Theses are independent CPAs who offer their professional services to
different clients on a contractual basis. External auditors are the ones who generally conduct
financial statement audits.
2. Internal Auditors – Are entity’s own employee who investigate and appraise the effectiveness and
efficiency if operations and internal control
3. Government auditors – These are government whose main concern is to determine whether the
persons or entities comply with government laws and regulations.

The independent Financial Statement Audit

- The purpose of an independent financial statement audit is to enhance the degree of

confidence of intended users in the financial statement.
- This is achieved by the expression of an opinion by the auditors on the fair presentation of the
financial statements.
- An Audit conducted in the accordance with PSAs and relevant ethical requirements enable
the auditor to form that opinion.
 Responsibility for the financial statements – Management

Assurance provided by the auditor – reasonable assurance only due to limitations

Limitations:

1. The use of testing/ Sampling risk

2. Error in application of judgement/ Non sampling risk
3. Reliance on management’s representation
4. Inherent limitation of the client’s accounting and internal control systems
5. Nature of evidence.

General principles governing the audit of financial statement

1. The auditor should comply with relevant ethical requirements, including those relating to
independence, relating to financial statement audit engagements.
2. The auditor should conduct an audit in accordance with PSA.
3. The auditor should exercise professional judgement in planning and performing an audit of
financial statements.
4. The auditor should obtain sufficient appropriate audit evidence
5. The auditor should plan and perform the audit with attitude of professional skeptism

9|Page
 AUDITING

Needs for independent financial statement audit,

1. Conflict of interest between management and users of financial statement.

2. Expertise
3. Remoteness
4. Financial consequences

Theoretical framework of auditing

1. Audit function operates on the assumption that all financial data are verifiable
2. The auditor should always maintain independence with respect to the financial statement under
audit.
3. There should be no long term conflict between the auditor and the client management
4. Effective internal control system reduces the possibility of errors and fraud affecting the financial
statement.
5. Consistent compliance with applicable financial reporting framework results in fair presentation
of financial statement.
6. What was held true in the past will continue to hold true in the future in the absence if known
conditions to contrary.
7. An audit benefits the public.

An audit financial statement generally begins with the financial statements prepared by the entity.

Financial Statement Assertions:

1. Assertions about classes of transactions and events for the period under audit.
a. Occurrence
b. Completeness
c. Accuracy
d. Cutoff
e. Classification
2. Assertions about account balance at the period end
a. Existence
b. Right and obligations
c. Completeness
d. Valuation and allocation
3. Assertions about presentation and disclosure
a. Occurrence and right and obligations
b. Completeness
c. Classification and understandability

10 | P a g e
 AUDITING
d. Accuracy and valuation

Audit Procedures : Selection of appropriate procedures to satisfy a particular assertion is affected by a

number of factors including the auditor’s assessment of materiality and risk.

Samples of Audit Procedures:

1. Inspection
2. Observation
3. Inquiry
4. Confirmation
5. Computation
6. Analytical Procedures

Evidence: refers to the information obtained by the auditor in arriving at the conclusion on which the
audit opinion is based.

The audit process:

1. Preliminary Engagement activities

- Are preformed to determine whether the auditor is qualified to handle the engagement and to
evaluate whether the clients financial statement are auditable or not. In making assessment,
the firm should consider
a. Competence
b. Independence
c. Ability to serve the client properly
d. Integrity of the management
e. Making inquiries if appropriate parties in the business community
f. Communicating with the predecessor auditor
2. Audit planning
3. Considering the Internal Control
4. Perform Substantive Test
5. Completing the audit
6. Issuing a report

Engagement Letter – a contract between the auditor and the client to avoid misunderstanding with
respect with the engagement and document and confirm the auditor’s acceptance of the appointment

Audit planning involves establishing the overall audit strategy for the engagement and developing an
audit plan, in order to reduce audit risk to an acceptably low level

11 | P a g e
 AUDITING

Objective of the auditor in planning the audit: So that the audit will be performed in an effective
manner

Who are involved in planning the audit: Engagement partner and other key members of the
engagement team (because of their experience and insight to enhance the effectiveness and efficiency
of the planning process)

Benefits/Importance of adequate audit planning:

 Appropriate attention is devoted to important areas of the audit

 Potential problems are identified and resolved on a timely basis
 The audit is performed in an effective and efficient manner
 The audit engagement is properly organized, staffed and managed
 The audit is completed expeditiously
 Assists in the selection of engagement team members with appropriate levels of capabilities and
competence to respond to anticipated risks
 Assists in the proper assignment of work or proper utilization of assistants
 Facilitates the direction and supervision and the review of work
 Assists in coordination of work done by auditors of components and experts
 Proper utilization of experience gained from previous years’ engagements and other assignments

PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment
including its internal control. Such understanding involves obtaining knowledge about the entity

 Industry, regulatory, and other external factors, including financial reporting framework
 Nature of the entity, including entity’s selection and application of accounting policies
 Objective and strategies and the related business risks that may result in a material misstatement
of financial statement.
 Measurement and review of the entity’s performance
 Internal control

Nature of Planning:

Planning is not a discrete phase of an audit, but rather a continual and iterative process that often
begins shortly after (or in connection with) the completion of the previous audit and continues until the
completion of the current audit engagement. In other words, planning is a continuous function that last
throughout the audit.

12 | P a g e
 AUDITING
Factors that affect the nature and extent of audit planning:

The nature and extent of planning activities will vary according to the following factors:

a. The size and complexity of the entity – big companies and companies with more complex
operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement – for example, expansion
of operation because of diversification
c. The auditor’s previous experience with and understanding of the entity – more work is
required to obtain information regarding a new client than for an existing client
 Initial audit requires more audit time because the auditor has no previous knowledge or is
unfamiliar with the client’s business, industry and internal control which need to be carefully
studied.
 Recurring audit requires lesser audit time because of auditor’s previous knowledge of the
entity and its industry
Whether the audit is initial or recurring, the purpose and objective of audit planning are the
same. It is the nature and extent of audit planning that varies. For example, in case of
initial audit the auditor may need to expand the planning activities because he does not
ordinarily have the previous experience with the entity that is considered when planning
recurring audit engagements. Additional considerations in initial audit engagements are
necessary such as the need for the auditor to review the predecessor’s working papers and
to perform audit procedures regarding opening balances.

d. The composition and size of the audit team

Planning stage of audit – the time before fieldwork starts, when the auditor is gathering information
about the client and its environment and designing overall audit strategy and audit plan

Effect of timing of appointment of auditor on audit planning:

 The earlier the auditor is appointed, the more efficient the audit plan and performance can be.
Thus, early appointment of the auditor allows the auditor to plan a more efficient audit.
 It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the
auditor should consider whether late appointment will pose limitations on the audit that may lead
to a qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client.

PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT:

In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall:

1. Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that
guides the development of the more detailed audit plan (Note 1)
2. Develop an audit plan that addresses the various matters identified in the overall audit strategy

13 | P a g e
 AUDITING
Audit plan includes a description of:

a. The nature, timing and extent of planned risk assessment procedures (Note 2)
b. The nature, timing and extent of planned further audit procedures (at the assertion level) – to
be performed during testing stage
Further audit procedures include:

(1) Tests of controls – tests of the operating effectiveness of internal control

(2) Substantive tests/procedures – include tests of details and analytical procedures
c. Other planned audit procedures (that are required to be carried out to comply with PSAs)

AUDIT PLANNING ALSO INVOLVES:

1. Modifying (updating) the overall audit strategy and the audit plan as necessary during the
course of the audit
Revision is necessary because of:

 Unexpected events
 Changes in conditions
 Audit evidence obtained from the results of audit procedures

The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete and or sequential processes, but are closely inter-related since changes in one may
result in consequential changes to the other.

2. Planning the nature, timing and extent of direction, supervision of the engagement team
members and the review of their work
The nature, timing and extent of direction, supervision of audit engagement team members and
review of their work depend on the following factors:

a. Size and complexity of the entity – Audits of small entities requires lesser (or even no)
direction, supervision, and review of the work of assistants
b. Area of audit – Difficult aspects of audit demand increased direction, supervision, and
a more detailed review of work of assistants.
c. Risks of material misstatement – As the assessed risk of material misstatement
increases, a given area of the audit, the auditor ordinarily increases the extent and
timeliness of direction, supervision and review
d. Capabilities and competence of personnel performing the audit work.

3. Other planning considerations:

 The auditor should consider the work of experts and other independent auditors

14 | P a g e
 AUDITING
a. Considering the work of an expert – An expert is a person or firm possessing special
skill, knowledge and experience in a particular field or discipline other than accounting
and auditing.
Examples of work of experts include:

 Valuation of certain assets (such as precious stones, works of arts, real estate,
plant and machinery)
 Valuation of financial instruments
 Actuarial valuation
 Determination of quantities or physical condition of assets such as minerals
stored in stockpiles, underground mineral and petroleum reserves, and the
remaining useful life of plant and machinery
 Measurement of % of completion on contracts in progress
 Legal opinions concerning interpretations of statute and regulations and contracts
such as legal documents or legal title to property
When determining the need for an expert, the auditor would consider:

a. The materiality of the financial statement item being considered

b. The risk of misstatement
c. The quality and quantity of other audit evidence available
b. Considering the work of other independent auditors – applicable when a component
of the entity is to be audited by other independent auditor
 Discussing planned audit procedures with client management:
 Discussion is allowed to facilitate the conduct and management of the audit engagement
(for example, to coordinate some of the planned audit procedures with the work of the
client’s personnel)
 Discussion should not compromise the effectiveness of the audit (audit procedures should
not be too predictable)
 Audit engagement team discussions :
 The members of the engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatements.
 Communication between audit team members is necessary at all stages of the
engagement to ensure all matters are appropriately considered.
 The objective of audit team discussions is to:
 Share insights based on their knowledge of the entity;
 Exchange information about business risks;
 Gain a better understanding of the potential for material misstatements (especially
for the audit areas assigned to them);
 Consider the susceptibility of the entity’s financial statements to material
misstatement due to fraud;
 Consider application of the applicable financial reporting framework to the entity’s
facts and circumstances; and
 Understand how the results of the audit procedures performed may affect other
aspects of the audit including the decisions about the nature, timing, and extent of
further audit procedures.
 Members of the engagement team have an ongoing responsibility to discuss:
 Their understanding of the entity to be audited;
 The business risks to which the entity is subject;
 Application of the applicable financial reporting framework; and

15 | P a g e
 AUDITING
 The susceptibility of the financial statements to material misstatements, including
fraud.

4. Developing the audit program:

The auditor should prepare an audit program.

 An audit program is a listing of audit procedures (tests of controls and/or

substantive tests) that the auditor will perform to gather sufficient appropriate
evidence.
 It sets out in detail the nature, timing and extent of planned audit procedures
required to implement the overall audit plan.
 It is a set of instructions to assistants involved in the audit and as a means to control
and record the proper execution of work
 It provides a proof that the audit was adequately planned
 It is a basic tool used by the auditor to control the audit work and review the
progress of the audit.
 The form and content of audit program may vary for each particular engagement.
 The auditor may use standard audit programs or audit completion checklists but
should appropriately tailor to suit the circumstances on particular engagement.
 An audit program at the beginning of the audit process is temporary because a
complete audit program for an engagement generally should be developed after
evaluation of internal control.
Time budget – an estimate of time that will be spent in executing audit procedures listed
in the audit program that provides a basis for estimating audit fees and assists the auditor in
assessing the efficiency of the assistants

5. The auditor should document the planning activities:

Documentation of the following serves as a record/evidence of the proper planning and
performance of the audit procedures:

a. The overall audit strategy – documentation or record of the key decisions

b. The audit plan (including the audit program) – documentation of the planned nature,
timing and extent of audit procedures
c. Record of:
 Any significant changes made to the overall audit strategy and the audit plan during
the audit
 Resulting changes to the planned nature, timing and extent of audit procedures
 Final overall audit strategy and audit plan
 Appropriate response to the significant changes occurring during the audit

The following shall also be documented:

a. Discussion among the engagement team

b. Key elements of the understanding of the entity, its environment, including internal control

16 | P a g e
 AUDITING
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has obtained an
understanding

Establishing the overall audit strategy involves:

a. Identifying the characteristics of the engagement that define its scope

Examples:

 Financial reporting framework (Ex. PFRS)

 Industry specific reporting requirements (Reports required by industry regulators)
 Expected coverage of the audit (Ex. Locations and number of components of the entity to
be included in the audit)
 Nature of the control relationships between a parent and its components (this affects how
the group is to consolidated)
 Extent to which components are audited by other auditors
 Nature of business segments to be audited (this may require the need for specialized
knowledge)
 Reporting currency to be used (may involve foreign currency translation)
 The need for a statutory audit of standalone financial statements in addition to an audit for
consolidation purposes
 Availability of the work of internal auditors and the extent of the auditor’s reliance on such
work
 The entity’s use of service organizations
 Expected use of audit evidence obtained in previous audits (in case of recurring audit), for
example, audit evidence related to risk assessment procedures and tests of controls
 The effect of information technology (IT) on the audit procedures
 Coordination of audit work with reviews of interim financial information
 Availability of client personnel and data
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communications required
Examples:

 Deadlines or timetable for interim and final reporting

 Organization of meeting with the management to discuss the nature, timing and extent of
the audit work
 Discussion with management regarding the expected type and timing of reports to be issued
and other communications, both oral and written, including the auditor’s report,
management letter and communications to those charged with governance
 Discussion with management regarding the expected communication and status of audit
work throughout the engagement
 Communication with auditors of components
 Expected nature and timing of communications among engagement tem members
 Any other expected communications with third parties

c. Considering the factors that are significant in directing the engagement team’s efforts

17 | P a g e
 AUDITING
Examples:

 Determining the appropriate materiality levels

 Preliminary identification of areas where there may be higher risks of material misstatement
 The impact of assessed risk of material misstatement at the overall financial statement level
on direction, supervision and review
 The manner in which professional skepticism is emphasized to engagement team members
 Management commitment to a sound internal control
 Volume of transactions, which may determine whether it is more efficient for the auditor to
rely on internal control
 Importance attached to internal control throughout the entity to the successful operation of
the business
 Significant business developments affecting the entity (such as changes in information
technology, changes in key management, acquisitions, mergers and divestments)
 Significant industry developments (such as changes in industry regulations and new
reporting requirements)
 Significant changes in financial reporting framework (such as changes in accounting
standards)
 Other significant relevant developments (such as changes in the legal environment affecting
the entity)
d. Considering the results of preliminary engagement activities and, where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the entity is
relevant, and
Examples:

 Results of previous audit regarding evaluation of internal control, identified weaknesses and
action taken to address them
 The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform the engagement.
Examples:

 Selection of the engagement team

 Assignment of audit work to team members (experienced team members are assigned to
areas where there may be higher risks of material misstatement
 Engagement budgeting (more audit time is set aside for areas where there may be higher
risks of material misstatement)

Benefits of developing the overall audit strategy:

Establishing the overall audit strategy assists the auditor in determining the following:

a. The resources to deploy for specific audit areas

For example:

 Use of experienced team members for high risk areas

 Involvement of experts on complex matters
b. The amount of resources to allocate to specific audit areas

18 | P a g e
 AUDITING
For example:

 Number of team members assigned to observe the inventory count at material locations
 Extent of review of other auditors’ work in the case of group audits
 Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
 Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
 When to hold team briefing and debriefing meetings
 How engagement partner and manager reviews are expected to take place (for example, on-
site or off-site)
 Whether to complete engagement quality control reviews

Considering the work of internal auditing/ auditors

 The external auditor should consider the work of internal auditing in order to minimize audit
costs.
 The auditor should obtain a sufficient understanding of the internal audit function because the
work performed by internal auditors may be a factor in determining the nature, timing, and extent
of external auditor’s procedures.
 Internal auditing can affect the scope of the external auditor’s audit of financial statements by
decreasing the auditor’s need to perform detailed tests.
 The tasks that could be delegated to the internal audit staff include preparation of schedules. The
auditor has sole responsibility for the audit opinion expressed, and that responsibility is not
reduced by any use made of internal auditing.

Considering the work of internal auditing involves two important phases:

1. Making a preliminary assessment of internal auditing – important criteria in assessment of

internal auditor’s:
a. Technical competence – personal qualifications and experience as internal auditors
b. Objectivity / organizational status – organizational level to which the internal auditor
report the results of his work
c. Due professional care – proper planning, supervision and documentation of internal
auditor’s work
d. Scope of function – nature and extent of internal auditing assignments performed
2. Evaluating and testing the work of internal auditing

Determining the appropriate materiality levels

The auditor shall determine materiality and performance materiality when planning the audit.

Concept of materiality:

19 | P a g e
 AUDITING
 Materiality is the amount (threshold or cut-off point) at which judgment of informed
decision makers based on the financial statement may be altered (changed or influenced).
 An item or information is material if its omission or misstatement could influence the
economic decisions of users taken on the basis of the financial statements.
 In determining appropriate level of materiality, the auditor uses professional judgment using
his perception of the needs of reasonable users of the financial statements.

Uses of materiality in planning the audit:

a. To determine the nature, timing and extent of risk assessment procedures

b. To identify and assess risk of material misstatement, and
c. To determine the nature, timing and extent of further audit procedures

Considering materiality throughout the audit:

1. Planning stage
a. To identify and assess risks of material misstatements
b. To determine the nature, timing and extent of further audit procedures
2. Testing stage (materiality levels set during audit planning are simply updated/revised if
necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the financial statements and
in forming the opinion in the auditor’s report

Documentation on materiality: Documentation should include the amounts and the factors
considered in their determination:

a. Materiality level for the financial statements as a whole

b. Materiality level or levels for a particular classes of transactions, account balances or
disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses

Qualitative and quantitative considerations:

Materiality should address qualitative and quantitative considerations. In some cases,

misstatements of relatively small amounts could have a material effect on the financial statements.
For example, an illegal payment of an otherwise immaterial amount or failure to comply with a
regulatory requirement may be material if there is a reasonable possibility of such payment or failure
leading to a material contingent liability, a material loss of assets, or a material loss of revenue.

Inverse relationship between materiality and audit procedures/evidence:

20 | P a g e
 AUDITING
 More evidence will be required for a low peso amount of materiality than for a high peso
amount.
 The lower the tolerable misstatement, the more extensive the required audit procedures.

Materiality levels:

a. Materiality at financial statement as a whole – it is the smallest aggregate level that could
misstate/distort any of the financial statements

 Also known as materiality threshold or planning materiality or overall materiality

 Overall materiality is usually expressed as a % of a chosen benchmark (such as profit
before tax, total revenues, gross profit, total expenses, total equity or net asset value).
 Profit from continuing operations is often used for profit-oriented entities except when the
profit from continuing operations is volatile.
 Relevant financial data as source of benchmarks:
 Prior periods’ financial statements
 Annualized interim financial statements
 Period-to-date financial statements
 Budgeted financial statements of the current year

b. Materiality at assertion level – materiality level for individual or particular class of transactions,
account balance, or disclosure where appropriate; this is also known as tolerable misstatement
 Tolerable misstatement refers to allocated materiality to affected accounts (usually
statement of financial position accounts because they are fewer)
 Account balance – an individual line item in the financial statements, such as cash and
cash equivalents, loans and receivable, etc.
 Class of transactions – type of transaction processed by the client’s accounting system,
such as sales transactions and purchasing transactions
 Allocation may be done judgmentally or using formal quantitative approaches.
 Materiality at this level are lesser than the overall materiality level but could reasonably be
expected to influence the economic decisions of financial statement users.

c. Performance materiality – amount or amounts set by the auditor:

 At less than materiality for the financial statements as a whole
 At less than materiality level or levels for particular classes of transactions, account balances
or disclosures
Purpose of performance materiality: It provides margin to reduce the possibility of
undetected misstatements because:

a. It reduces to an appropriately low level the probability that the aggregate of

uncorrected and undetected misstatements in the financial statements exceeds the
materiality level for the financial statements as a whole
b. It reduces to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements in the particular class of transactions,

21 | P a g e
 AUDITING
account balance or disclosure exceeds the materiality level for that particular class of
transactions, account balance or disclosure

Preliminary identification of areas where there may be higher risks of material misstatement

a. Risks of material misstatements may be greater for significant non-routine transactions which
involves:
 Greater management intervention to specify the accounting treatment
 Greater manual intervention for data collection and processing
 Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental matters such as:
 Accounting estimates
 Revenue recognition may be subject to differing interpretation
 Required judgment may be subjective or complex or require assumptions about the effects of
future events (for example, judgment about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessary, for example:
 Existence of related parties and related party transactions
Related party transaction – a transfer of resources, services or obligations between related
parties, regardless of whether a price is charged

The auditor shall inquire of management regarding:

a. The identity of the entity’s related parties (relationships and transactions), including
changes from the prior period;
b. The nature of the relationships between the entity and these related parties; and
c. Whether the entity entered into any transactions with these related parties during the
period and, if so, the type and purpose of the transactions.
 Management’s use of going concern assumption (financial statements are prepared based on
going concern assumption but there is a significant doubt as to the continued existence of the
entity) – the auditor shall assess the appropriateness of management’s use of going concern
assumption

Risk assessment procedures – are audit procedures whose purposes include:

a. To obtain understanding of the entity and its environment, including the entity’s internal control
b. To identify risks of material misstatements, whether due to fraud or error, at the financial
statement and assertion levels
c. To assess risks of material misstatement
d. To provide a basis for the identification and assessment of risks of material misstatements
e. To provide a basis for designing and implementing responses to the assessed risks of material
misstatement

Risk assessment procedures include

22 | P a g e
 AUDITING
1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Identify the risks of material misstatement:

 Identify risks of material misstatement (inherent risk and control risk) based on understanding the
entity and its environment, including the entity’s relevant internal control. The auditor shall provide
reasonable assurance of detecting material misstatements, whether arising from errors or fraud.

Note 2.3 – Assess the identified risks of material misstatement:

Factors to consider whether a risk is significant:

 Whether the risk is a risk of fraud

 Whether the risk is related to recent significant economic accounting or other developments
and, therefore, requires specific attention
 Complexity of transactions
 Whether the risk involves significant transactions with related parties
 The degree of subjectivity in the measurement of financial information related to the risk,
especially those involving uncertainty
 Whether the risk involves significant transactions that are outside the normal course of
business for the entity, or that otherwise appear to be unusual

Significant risk – an identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration

Significant risks often relate to:

a. Non-routine transactions – unusual (in size or nature) and infrequent transactions

b. Judgmental matters – such as those involving accounting estimates for which there is
significant measurement uncertainty

Note 2.4 – Risk assessment procedures include:

1. Inquires of management and others within the entity that is likely to assist the auditor in
identifying risk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal auditors,
in-house legal counsel, and other client personnel

23 | P a g e
 AUDITING

2. Analytical procedures
 Analytical procedures – evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data

 Purpose of preliminary analytical procedures:

a. To identify areas that may represent specific risks such as the existence of unusual
transactions or events, and amounts, ratios, and trends that may assist the auditor in
identifying risks of material misstatements that the auditor may need to investigate
further
b. To enhance the auditor’s understanding of the entity’s business and transactions to help
plan the nature, timing, and extent of substantive auditing procedures that will be used to
gather audit evidence
 Analytical procedures performed during audit planning is known as preliminary analytical
procedures
 Analytical procedures involve:
a. Analysis of significant ratios and trends or the study of plausible relationships among
both financial and non-financial data
b. Investigation of fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts by:
 Inquiries of management
 Corroboration of management responses, and
 Applying other appropriate audit procedures

Basic premise underlying the use of analytical procedures:

The basic premise underlying the use of analytical procedures is that plausible relationships
among data may reasonably expected to exist and continue (predictable) in the absence of
known conditions to the contrary. The relationship among data should be both:

a. Plausible – there is a clear cause and effect relationship among data

b. Predictable – reasonably expected to exist and continue in the absence of known
conditions to the contrary

Generalizations in assessing the predictability of the accounts:

 Income statements accounts are more predictable than balance sheet accounts.
 Accounts that are not subject to management discretion are generally predictable.
 Relationships in a stable environment are more predictable that those in a dynamic or
unstable environment.

Main purpose of analytical procedures: To assess the overall reasonableness of account

balances and transactions

24 | P a g e
 AUDITING

Specific purpose/focus/objective of analytical procedures in the three stages of audit:

1. In the planning stage – performed as risk assessment procedures (required/mandatory)

to obtain an understanding of the entity and its environment
Objective/purpose/focus during planning stage:

 To enhance the auditor’s understanding of the entity’s business and transactions to

help plan the nature, timing, and extent of substantive auditing procedures that will
be used to gather audit evidence.
 To identify areas that may represent specific risks (such as unusual transactions and
events or abnormal/significant fluctuations in amounts, ratios, or trends) that the
auditor may need to investigate further
2. In testing stage – as substantive procedures when their application is, based on the
auditors judgment, more effective and efficient than test of details (not required)
Objective/purpose/focus during testing stage:

 To obtain audit evidence to confirm individual account balances

3. In the overall review or completion stage – As an overall review of the financial
statements (required)
Objective/purpose/focus:

 To identify a previously unrecognized risk of material misstatement (unusual

fluctuations that were not identified in the planning and testing phases of the audit)
 To confirm conclusions reached with respect to the fairness of the financial
statements

3. Observation and inspection – these include:

 Observation of entity activities and operations
 Inspection of documents (such as business plans and strategies, records, and internal control
manuals)
 Inspection of reports prepared by management (such as quarterly management reports) and
those charged with governance (such as minutes of board of directors’ meetings)
 Visit or tour of entity’s premise/facilities

Note 3 – Reducing audit risk to an acceptably low level

To reduce audit risk to acceptably low level the auditor shall:

a. Assess the risks of material misstatement (inherent and control risk); and
b. Limit detection risk. This may be achieved by performing procedures that respond to the
assessed risks of material misstatement at the financial statements, class of transactions, account
balance and assertion levels.

Steps in assessing Audit Risk:

25 | P a g e
 AUDITING
1. Set the desired level of Audit Risk
Audit risk – the risk that the auditor gives an inappropriate audit opinion when the financial
statements are materially misstated; it is the risk that the auditor may unknowingly fail to modify
appropriately the opinion on financial statements that are materially misstated

2. Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if
likelihood of misstatement is low
 Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
 Sources of assessment include knowledge of entity and its environment and preliminary
analytical procedures.

3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control
risk if internal control is effective, or high control risk if internal control is not effective
 Control risk – the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be prevented or detected and
corrected on a timely basis by the entity’s internal control
 Sources of assessment include knowledge of internal control and observation and
inspection

Combined assessment:

The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and control risk is high, the auditor should:

 Place more emphasis on obtaining external evidence

 Reduce reliance on internal evidence
 Design more effective substantive procedures

4. Determine the acceptable level of detection risk: The acceptable level of detection risk
depends on the assessed level of inherent and control risk (inverse relationship)
 Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion

 Detection risk is a function of the effectiveness of an auditing procedure and its

application by the auditor
 Detection risk is significantly affected by the nature, timing, and extent of the auditor’s
substantive procedures
 Detection risk is a complement of assurance provided by substantive tests (for
example, a 10% detection risk means a 90% assurance of detecting material
misstatement)

26 | P a g e
 AUDITING
 Detection risk can be increased or decreased by the auditor by performing substantive
tests but can never be reduced to zero because of the inherent limitations in the
procedures carried out, the human judgments required, and the nature of the evidence
examined.
 The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk

Acceptable level of Audit risk

Detection risk = Inherent risk x

Control risk

5. Design audit substantive tests

 Auditor’s reaction to level of detection risk:
a. Lower acceptable level of detection risk – higher assurance are to be provided by
substantive tests by changing any or combination of the following:
 Nature – performing more effective substantive procedures
 Timing – performing substantive procedures at year-end rather than at interim
dates (decreases detection risk by reducing the risk for the period subsequent to the
performance of those tests)
 Extent – increasing the extent of substantive tests by using larger sample size
b. Higher acceptable level of detection risk – low assurance are to be provided by
substantive tests by changing any or combination of the following:
 Nature – performing less effective substantive procedures
 Timing – performing substantive procedures at interim dates
 Extent – decreasing the extent of substantive tests using smaller sample size

In summary, the auditor performs audit procedures to assess the risks of material misstatement
and seeks to limit detection risk by performing further audit procedures based on that
assessment.

Summary of relationships among audit risk components:

 The acceptable level of detection risk for a given level of audit risk bears an inverse
relationship to the risks of material misstatement at the assertion level. Therefore:
↑ Risk of material misstatement (inherent risk and control risk), ↓ detection risk that can
be accepted, and vice versa.

 Audit risk and detection risk move in the same direction: ↑ Audit risk, ↑ detection risk,
and vice versa
 The relationship between the risks can also be expressed mathematically in the following
formula:

27 | P a g e
 AUDITING
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk

Inherent risk and control risk are independent variables while detection risk is a
dependent variable.

 All the components of audit risk cannot be eliminated by the auditor due to the
following reasons:
a. Inherent risk – some accounts are susceptible to a material misstatement or the risk
of such misstatement is greater for some accounts than for others
b. Control risk – due to inherent limitations of internal control system
c. Detection risk –
 Use of testing/sampling
 Use of auditor’s judgment
 Even when the auditor conducts 100% examination because audit evidence is
persuasive rather than conclusive in nature
 The components of audit risk that can or cannot be controlled by the auditor:
a. Inherent risk and control risk – cannot be controlled because these are entity’s risk
and exist independently of the audit
b. Detection risk – can be directly controlled (increased or decreased) by the auditor
because detection risk relates to the auditor’s procedures and can be altered by
adjusting the nature, timing, and extent of substantive procedures

The relationship between materiality and audit risk:

 There is an inverse relationship between materiality and the level of audit risk – ↑
materiality level, ↓ audit risk and vice versa.
 Materiality is directly related to the acceptable level of detection risk.
 It would lead to most audit work if both audit risk and materiality levels are low.

28 | P a g e