Professional Documents
Culture Documents
INTER NA L CONTROL – the process designed, implemented and maintained by those charged with gover nance,
management and other personnel to provide reasonable assurance abou t the achieve ment of an entity’s
objectives
1. According to objectives:
a. Financial report ing controls – controls to achieve reliability of financial reporting objective
b. Operational effectiveness controls – controls to achieve operational effectiveness objective
c. Compliance controls – controls to achieve compliance objective
Obtaining understanding of internal control means obtaining understanding of the five interrelated and
essential components or aspects of internal control as follows:
1. Control env ironment – it includes the gover nance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
internal control and its impor tance in the entity
It sets the tone of an organization, influencing the control consciousness of its people.
It is a set of characteristics that defined good control wor king relationships in an entity.
It is the foundation for effective internal control for it provides an appropriate foundation for other
components of inter nal control.
2. Entity’s risk assessment process – entity’s own process of identification, analysis, and management
of risks relevant to the preparation and fair presentation of financial statements
3. Infor mation system (including the related business processes, relevant financial reporting
and communicat ion) – information and communication systems support the identification, capture,
and exchange of information in a timely and useful manner
The information system relevant to financial reporting objectives, w hich includes the accounting
system, consists of the methods and records established to record, process, summarize, and report
entity transactions (as well as events and conditions) and to maintain accountability for the related
assets, liabilities, and equity.
Communication involves providing an understanding of individual roles and responsibilities pertaining
to internal control over financial reporting. Communication may take such forms as policy manuals
and financial reporting manuals. Open communication channels help ensure that exceptions are
reported and acted on.
4. Control act iv ities – the policies and procedures that help ensure management’s directives are carried
out and that necessary steps to address risks are taken. Control activities address risks that if not
mitigated would threaten the achievement of the entity’s objectives.
An audit does not require an understanding of all the control activities. In understanding the entity’s
control activities, the auditor shall obtain understanding of how the entity has responded to risks arising
from IT.
Examples of s pecific control act ivit ies that may be relevant to an audit:
1. Prenumbering of documents – helps to assure that:
a. All transactions are recorded (completeness).
b. No transactions are recorded more than once (existence).
2. Authorization of transact ions – authorization should occur before commitment of resources
3. Independent checks to maintain asset accountability – independent checks involve the
verification of wor k previously performed by others, such as:
Review of bank reconciliations
Comparison of subsidiar y records to control accounts
Comparison of physical counts of inventory to perpetual records
4. Documentation – provides evidence of the underlying transactions and is a basis for
establishing responsibility for the execution and recor ding of transactions
5. Perfor mance reviews – includes review and analyses of the following:
a. Actual performance versus budgets, forecasts, and prior period performance
b. Relationship between different sets of data to one another, together with analyses of the
relationships and investigative and corrective actions (for example, the management of a
sports team might use attendance data to ascertain the reasonableness of ticket sales).
c. Comparison between internal data and exter nal sources of information, and
d. Functional or activity performance (for example, sales repor ts, receivable reports, etc., may
be used to analyze performance and to identify errors).
6. Infor mation processing controls – ensure that transactions are valid, properly authorized,
and completely and accurately recor ded
a. Applicat ion controls – controls which apply to the processing of individual applications
Examples of application controls:
Checking the arithmetical accuracy of records
Maintaining and reviewing accounts and trial balance
Automated controls such as edit checks of input data and numerical sequence checks
Manual follow-up of exception reports
Controls surrounding receivables
5. Monitoring – the process to assess the effectiveness (or quality) of internal control performance over
time
Management’s monitoring of controls includes:
Assessing the effectiveness of controls on a timely basis and ta king necessar y corrective actions
Monitoring of controls through ongoing activities
Using information from communications from exter nal parties such as customer complaints and
regulator comments that may indicate problems, highlight areas in need of impr ovement
Internal control is relevant to the entire entity and each of the five components of internal control may affect
any of the three entity objectives, but not all of an entity's objectives and related controls are relevant to the
audit.
The auditor shall obtain an understanding of internal control relevant to the audit. Generally, those controls
that pertain to financial reporting objective are most relevant to the audit. Thus, the auditor shall consider and
understand financial reporting controls. The auditor need not assess all controls related to financial reporting, but
rather applies professional judgment in determining which controls to assess.
b. Deter mine whether the controls have been implemented – involves determining w hether the
control is placed in operation; implementation of a control means that the control exists and is being
used by the entity
Risk assessment procedures to obtain audit evidence about the design and implementation of
relevant controls:
Inquir y of entity personnel (inquiry alone is not sufficient obtain audit evidence about the
design and implementation of relevant controls)
Observing the application of specific controls
Inspecting documents and records
Performing a “walk-through” test – tracing a transaction through the information system
relevant to financial reporting, from initial recording to presentation in the financial
statements
2. Perfor m preliminary assessment of control r isk – assessing the level of control risk (such as high,
medium or low) based on understanding of internal control (the design of controls and w hether they have
been implemented)
The ultimate purpose of assessing control risk at the assertion level for each material account
balance or class of transactions is to contribute to the auditor's evaluation of the risk that material
misstatements exist in the financial statements.
The assessment of control risk is the process of evaluating the effectiveness of an entity’s internal
control in preventing or detecting and correcting material misstatements.
Control risk is assess in terms of financial statement assertions.
b. Less than high/ maximum level: Control risk is assessed at less than high/maximum level if
controls are properly designed and have been implemented; the auditor should perform tests of
operating effectiveness of relevant controls.
The PSA requires the auditor to document the basis or the evidence to justify the assessment of
control risk at less than high/maximum level.
3. Perfor m tests of controls if preliminary assessment of control r isk is below high/ maximum
level (performed when the auditor intends to rely on the internal control)
Tests of controls are audit procedures designed to evaluate the operating effectiveness of internal
controls that are likely to detect or prevent material misstatements in support of a reduced assessed
level of control risk. In other words, tests of controls are performed to confirm that the controls
tested are w orking effectively in order to substantiate the reduced assessed level of control risk.
When to perfor m tests of controls:
a. When the auditor intends to rely on the operating effectiveness of relevant controls in
determining the nature, timing and extent of substantive procedures; or
Tests of controls are performed only on those controls that the auditor has determined
are suitably designed to prevent, or detect and correct, a material misstatement in an
assertion.
b. When substantive procedures alone cannot provide sufficient appropriate evidence at the
assertion level
Unlike substantive tests of details, tests of controls are not required audit procedure.
The greater the reliance the auditor plans to place on internal control, the more extensive the
tests of those controls that need to be performed.
Tests of controls generally consist of one (or combination of the following evidence gathering
techniques:
a. Inquir y
b. Observation
c. Inspection
d. Reperformance of a control by the auditor
Required Documentation:
1. Document the understanding of account ing and internal co ntrol systems
Form of documentation may var y
One form or a combination of forms of documentation may be used at the same time
Forms of documentation:
1. Internal control questionnaire – consists of a list of questions on inter nal control be answered
by "Yes" or "No" response. A negative response is designed to draw attention to a possible
weakness in internal contr ol. Written explanations are required for "No" answers.
2. Flowcharts – pictorial/symbolic diagram depicting the operation of a program/system or the
sequential flow of authority, processes, transactions and documents. T he use of standard
symbols makes flowcharts easy to understand.
a. Systems flowcharts – used to evaluate internal control because it shows the origin of each
document in the system, its subsequent processing, and its final disposition
b. IT flowcharts – used in evaluating the inter nal control in an automated/computerized
accounting environment. The auditor can use these flowcharts to evaluate both the flow of
the pr ogram and the internal controls related to the IT function in general.
3. Internal control checklists – a detailed listing of ideal control measures (the auditor tickmar ks
Nature of Assertions:
Financial statements are not statements of facts. They are a collection of claims and assertions, made
implicitly or explicitly by the entity’s management, about the recognition, measurement, presentation, and
disclosure of information in the financial statements.
Levels of Assertions:
1. Financial statement level – entity’s management representation that the financial statements as a
whole are presented fairly, in all material respects, in accordance with the applicable financial reporting
framework
For example, management asserts the financial statements are free from material misstatements.
2. Account balance or class of transactions level – entity’s management representation that the
underlying account balances and class of transactions, including related disclosures, are free of material
misstatements
For example, w hen considering the sales balance, management is asserting that sales revenue is
complete (completeness assertion), the transactions occurred (occurrence asser tion), and transactions
have been appropriately recorded in the accounting records (accuracy asser tion).
AUDIT PROCEDURES
Based on audit objectives, the auditor should plan and perform audit procedures. Audit procedures are
the means for obtaining sufficient appropriate audit evidence to satisfy financial statement assertions and to
1. Risk assessment procedures – procedures to obtain an understanding of the entity and its
environment, including its internal control, in order to identify and assess the risks of material
misstatement (RMM)
Risk assessment procedures include:
a. Inquir y of management and other personnel
b. Analytical procedures (as a planning tool)
c. Observation and inspection
Risk assessment procedures alone do not provide audit evidence sufficient to support an audit
opinion. Risk assessment procedures must be supplemented by tests of controls, when necessar y,
and substantive procedures.
2. Further audit procedures – The auditor shall design and perform audit procedures whose nature,
timing, and extent are based on and are responsive to the assessed RMM at the asser tion level.
Further audit procedures are actually audit procedures classified accor ding to purpose
In designing the further audit procedures to be performed, the auditor shall:
(1) Consider the assessed RMM
(2) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk by:
a. Increasing the quantity of evidence; or
b. Obtain evidence that is more relevant or reliable (such a obtaining third party evidence or by
obtaining corroborating evidence from a number of independent sources)
(2) Substant ive procedures – audit procedures designed to detect material misstatements at the
assertion level
Other best descript ions: Substantive procedures may also be described as audit procedures
that are designed to:
Detect material peso/monetar y errors or fraud
Substantiate the validity of management's assertions regarding the financial statements.
Thus, substantive procedures are sometimes called validation procedures because they
provide evidence about the existence of misstatement.
Gather evidence in respect to all material classes of transactions, account balances, and
disclosures.
Be performed in response to the assessment of the risks of material misstatement at the
assertion level, which includes the results of tests of contr ols, if any. In other wor ds,
substantive procedures are performed in response to the planned level of detection risk.
a) Test of details of transactions – testing of transactions w hich give rise to the ending
balance of a given account; these involve examining authorization, recording and posting
of transactions (such as examining receipts or disbursements of Cash account)
Applicability of test of details of transactions: It is used w hen the account
being substantiated has relatively few or smaller volume of transactions of relatively
material amounts occurring during the year (for example, PPE, intangibles, bonds
payable and stockholders’ equity accounts)
Test of transactions are often performed several months prior to the balance sheet
date.
Tests of details of transactions primarily involve tracing and vouching.
2. Substant ive analytical procedures – these are analytical procedures performed during
testing phase to substantiate predictable relationships among both financial and non-financial
data
Analytical procedures are evaluations of financial information made by a study of
plausible relationships among both financial and nonfinancial data. Analytical procedures
generally involve comparisons of recorded amounts to independent expectations
developed by the auditor.
The application of planned analytical procedures is based on the expectation that
relationships among data exist and continue in the absence of known conditions to the
contrar y.
Audit Techniques:
The auditor applies audit techniques (methods) to gather corroborative evidence and uses his professional
judgment to determine which audit techniques would best result to the audit evidence he needs.
AUDIT PROGRA M
An audit program is a detailed listing of the nature, timi ng and extent of planned audit procedures (tests
of controls and/or substantive tests) that the auditor will perform to gather sufficient appropriate evidenced.
It is a set of instructions to assistants involved in the audit and as a means to control and recor d the proper
execution of wor k.
AUDIT EVIDENCE
The auditor shall design and perform audit procedures that are appropriate in the circumstances for the
purpose of obtaining reasonable assurance or sufficient appropriate audit evidence to reduce audit risk at
acceptably low level thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s
opinion.
Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit
evidence. The auditor shall conclude whether sufficient appropriate audit evidence has been obtained based
on his professional judgment.
1. Accounting records (Under lying data) – accounting records/data prepared by the client’s
personnel and from w hich financial statements are prepared
a. Records of initial accounting entries
b. Supporting recor ds, such as checks and records of electronic fund transfers, invoices and contracts
c. General and subsidiary ledgers
d. Journal entries and other adjustments to the financial statements that are not reflected in formal
journal entries
e. Records such as w orksheets and spreadsheets supporting cost allocations, computations,
reconciliation and disclosures
2. Corroborating evidence – corroborating information that are used by the auditor to verify the
fairness of the accounting records
a. Documents (such as checks, bank statements, contracts and minutes of meetings)
b. Information/evidence from other sources such as:
Previous audits
Quality control procedures for client acceptance and continuance
Confirmations from third parties
Industry analysts’ reports
Comparable data about competitors ( benchmarking)
Client written representation
c. Information obtained by the auditor from audit procedures such as inquiry, obser vation, inspection
and computation
d. Other information developed by, or available to, the auditor that permits the auditor to reach
conclusions through valid reasoning
1. Sufficiency – the measure of the quantity or amount of audit evidence that the auditor shall
accumulate
Sufficiency is determined based on the auditor’s professional judgment.
Audit evidence is sufficient if there is enough of it to affor d a reasonable basis for an audit opinion
on the financial statements.
Factors affecting sufficiency of audit evidence:
Auditor’s judgment as to the quantity of audit evidence is influenced by:
a. Auditor’s assessment of the risks of misstatement – the higher the assessed risks, the more
audit evidence is likely to be required
For example, as risk of material misstatement increases in Accounts Receivable, audit
evidence required also increases.
b. Quality or competence of audit evidence – the higher the quality, the less may be required.
Obtaining more audit evidence, however, may not compensate for its poor quality.
c. Materiality of item being examined – more material amounts, more evidence to suppor t its
validity
d. Experience gained during previous audit may indicate the amount of evidence taken before
and whether such evidence was enough
e. Type of information available
Merely obtaining more audit evidence may not compensate for audit evidence of lower quality. The
auditor should exercise professional judgment and professional skepticism in evaluating the
sufficiency and appropriateness of audit evidence to support the audit opinion.
2. Appropriateness – measures the quality of audit evidence, that is, its relevance and its reliability in
providing support for the conclusions on which the auditor's opinion is based
a. Relevance – deals with the logical connection with, or bearing upon, the purpose of audit
procedures and the asser tion under consideration
Audit evidence is considered relevant if it pertains to the assertions being evaluated or to
the specific audit objective being tested. For example:
Obtaining audit evidence relating to the physical existence of inventor y is not relevant
in obtaining audit evidence relating to the valuation of inventor y.
Accounts receivable confirmations are relevant to the existence of receivables, but not
to their valuation (i.e., a customer can confirm that a receivable exists, but this does
not necessarily imply that the customer has the intent or the ability to pay).
The relevance of information to be used as audit evidence may be affected by the direction
of testing.
A given set of audit procedures may provide audit evidence that is relevant to certain
assertions, but not to others.
Obtaining audit evidence regarding a particular assertion, for example, the existence of
inventor y, is not a substitute for obtaining audit evidence regarding another assertion.
Audit evidence from different sources or of a different nature may often be relevant to the
same assertion.
Generalizations about reliability are subject to important exceptions, for example, even when
the information to be used as audit evidence is obtained from sources external to the entity,
circumstances may exist that could affect its reliability (such as if the source is not
knowledgeable or a management’s expert may lack objectivity).
More assurance is ordinarily obtained from consistent audit evidence obtained from different
sources or of a different nature than from items of audit evidence considered individually.
Persuasive Evidence:
Audit evidence is persuasive if it is sufficient both in quantity and quality to suppor t audit opinion. Thus,
sufficiency and appropriateness of audit evidence are the determinants of persuasiveness of audit evidence.
The auditor may need to rely on audit evidence that is persuasive rather than conclusive. Ho wever, to obtain
reasonable assurance, the auditor must not be satisfied with audit evidence that is less than persuasive.
Cost-benefit considerations:
The auditor should consider the relationship between the cost of obtaining audit evidence and the
usefulness of the information obtained.
The valid bases for omitting an audit test/procedure for which there is no alternative are:
a. Relative risk (or inherent risk) involved
b. Relationship between the cost of obtaining audit evidence and the usefulness of the information
obtained
Difficulty and expense involved in testing a par ticular item is not a valid basis for an auditor of deciding
to omit an audit pr ocedure.
When information to be used as audit evidence has been prepared using the wor k of a management’s
expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s wor k for
the auditor’s purposes:
1. Evaluate the competence, capabilit ies and objectiv ity of that expert
a. Competence – relates to the nature and level of expertise of the management’s exper t
b. Capability – relates to the ability of the management’s expert to exercise that competence in the
circumstances
c. Objectivity – relates to the possible effects that bias, conflict of interest or the influence of others
may have on the professional or business j udgment of the management expert
Sources of information regarding competence, capabilities and objectivity of a management’s
expert:
Personal experience with previous w ork of that exper t
Discussions with that expert
Discussions with others who are familiar with that exper t’s work
Knowledge of that exper t’s qualifications, membership of a professional body or industr y
association, license to practice, or other forms of exter nal recognition
Published papers or books written by that expert
An auditor’s exper t, if any, who assists the auditor regarding the information pr oduced by
the management exper t
2. Obtain an understanding of the wor k or field of expert ise of that management’s expert
Aspects of the management’s expert’s field relevant to the auditor’s understanding may include:
Whether that expert’s field has areas of specialty within it that are relevant to the audit.
Whether any professional or other standards, and regulatory or legal requirements apply.
What assumptions and methods are used by the management’s expert, and w hether they are
generally accepted within that exper t’s filed and appropriate for financial reporting purposes.
The nature of inter nal and external data or information the auditor’s exper t uses
3. Evaluate the appropr iateness of that expert’s work as audit evidence for relevant
assertion
The auditor shall consider:
a. The relevance and reasonableness of that expert’s findings or conclusions, their consistency with
other audit evidence, and whether they have been appropriately reflected in the financial
statements;
b. If the expert’s wor k involves use of significant assumptions and methods, the relevance and
reasonableness of those assumptions and methods; and
c. If that expert’s work involves significant use of source data the relevance, completeness, and
accuracy of that source data
Audit Documentation represents the record of audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached
Audit documentation is sometimes called “ working papers ” or “ work papers ”.
The audit documentation for a specific audit engagement is assembled in an audit file.
Audit file means one or more folders or other storage media, in physical or electronic form,
containing the records tha t comprise the audit documentation for a specific engagement
Pr imary purposes:
To provide suppor t/basis for auditor’s opinion/repor t
To provide a basis for determining the appropriate audit report
To support the auditor's representation that the audit was conducted in accordance with PSA
To provide evidence of the audit wor k performed
To assist the auditor in the planning, performance, review, supervision and coordination of the
engagement and in preparation of the audit report
To show that the accounting records agree or reconcile with the financial statements
Provide supervisor y personnel the oppor tunity to assess the sufficiency of evidence obtained
during the audit
1. Timely preparation of audit documentat ion – Audit documentation prepared by the auditor on a
timely basis will help to:
a. Enhance the quality of the audit; and
b. Facilitates the effective review and evaluati on of the audit evidence obtained and conclusions reached
before the auditor's report is finalized
2. Documentation of the audit procedures perfor med and audit evidence obtained – This includes:
a. Documentation of compliance with PSAs:
(1) Compliance with PSA 230 (Redrafted) – Audit Documentation
(2) Compliance with other PSAs (other PSAs contain specific documentation requirements that are
intended to clarify the application of PSA 230)
b. Documentation of the nature, t iming and extent of audit procedures: The auditor shall
record:
g. Documentation of how departure from a relevant PSA requirement has been addressed
If, in exceptional circumstances, the auditor judges it necessary to depart from a relevant
requirement in a PSA, the auditor shall document:
1) How the alternative audit procedures performed achieve the aim of that requirement, and
2) The reasons for the depar ture
Allowed departure from a relevant PSA requirement:
a. The PSA is not relevant (for example, in a continuing audit engagement, nothing in Initial
Audit Engagements – Opening Balances under PSA 510 (Redrafted) is relevant; or
b. The circumstances envisioned do not apply because the requirement is conditional and the
condition does not exist (for example, the requirement to modify the auditor's opinion where
there is an inability to obtain sufficient appropriate audit evidence, and there is no such
inability).
h. Documentation of how matters arising after the date of the auditor's report have been
addressed
In exceptional circumstances where the auditor performs new or additional audit procedures or
draws new conclusions after the date of the auditor's repor t, the auditor shall document:
a. The circumstances encountered
b. The new or additional audit pr ocedures performed, audit evidence obtained, and conclusions
reached, and their effect on the auditor's report, and
c. When and by w hom the resulting changes to audit documentation were made and reviewed
Matters arising after the date of the auditor's report:
Examples of exceptional circumstances include facts which become know n to the auditor
after the date of the auditor's report but which existed at that date and w hich, if known at that
date, might have caused the financial statements to be amended or the auditor to modify the
opinion in the auditor's report.
3. Complet ion of assembly of final audit file on a t imely basis, ordinar ily not more than 60 days
An example of a circumstance in w hich the auditor may find it necessary to modify existing
audit documentation or add new audit documentation after file assembly has been completed is
the need to clarify existing audit documentation arising from comments received during
monitoring inspections performed by internal or external parties.
a. Auditor’s judgment: The form, content and extent of audit documentation are based on the
auditor’s decision/judgment since it is neither necessary nor practical for the auditor to document every
matter he/she has considered or professional judgment he has made in an audit.
The audit documentation shall be designed to meet the circumstances and the auditor's needs for
each individual audit.
b. Use of “Exper ienced auditor ” concept: The auditor shall prepare audit documentation that is
sufficient to enable an experienced auditor, having no previous connection with the audit, to
understand:
a. The nature, timing, and extent of the audit procedures performed to comply with the PSAs (and
applicable legal and regulatory requirements)
b. The results of the audit procedures performed, and the audit evidence obtained, and
c. Significant matters arising during the audit, the conclusions reached thereon, and significant
professional judgments made in reaching those conclusions
Experienced auditor – means an individual (whether internal or exter nal to the firm) who has
practical audit experience, and a reasonable understanding of:
Audit processes
PSAs and applicable legal and regulatory requirements
The business environment in w hich the entity operates, and
Auditing and financial repor ting issues relevant to the entity's industry
c. For m of audit documentat ion: Audit documentation may be recorded on paper or on electronic or
other media.
Oral for m: Oral explanations by the auditor, on their ow n, do not represent adequate
suppor t for the work the auditor performed or conclusions the auditor reached, but may be
used to explain or clarify information contained in the audit documentation.
d. Factors to consider in deciding the for m, content and extent of audit documentation:
(1) The size and complexity of the entity.
(2) The nature of the audit procedures to be perfor med.
(3) The identified (and assessed) risks of material misstatement – this w ould include audit risk (or its
components), materiality levels, and existence of material fraud and errors
(4) The significance of the audit evidence obtained.
(5) The nature and extent of exceptions identified.
(6) The need to document a conclusion or the basis for a conclusion not readily determinable from the
documentation of the w ork performed or audit evidence obtained.
(7) The audit methodology and tools used.
1. Per manent files – contain information of historical or continuing or long- term significance/interest to
the auditor in performing current audit. Permanent files are simply updated with new information of
continuing importance to the auditor.
Permanent files include:
a. Information such as:
Organizational chart and excerpts from job manuals that indicate responsibilities
Analysis of business and industry
Chart of accounts and accounting procedures manuals
Carryforward schedules – continuing analyses of long-term accounts (such as PPE,
intangible assets, long-term liabilities and stockholders' equity accounts) whose balances are
carried forward in the permanent file
Analyses of internal control or information to understanding of internal control and assessment
of control risk (include flowcharts, narrative descriptions, questionnaires, etc.) from previous
year audit
Information regar ding related parties
b. Copies, extracts or excerpts of entity’s important legal documents and agreements such as:
Corporate charter or Articles of Incor poration (or ar ticles of co-partnership) and By-laws
Major contracts (such as lease contracts and bond and note indentures) that affect future
periods
Pension plans, stock option plans, profit-sharing plans and employee bonus
Terms of share capital and bond issues
Engagement letter
2. Current audit file – contains evidence gathered, descriptions of auditing procedures performed and
conclusions reached relevant to the audit of a par ticular year or single period. Current audit file is
designed to support management assertions in the financial statements.
Current audit file includes all wor king papers accumulated during the current year’s audit:
Copy of the financial statements and audit report
Audit documentation or wor king papers are the personal property of the auditor/audit firm and
the client has no right to the wor king papers prepared by the auditor. However, they cannot
be shown to third parties under the rule on confidentiality, unless specific client authority has
been given to disclose information, or there is a legal or professional duty to do so.
Although certain wor king papers may sometimes ser ve as a useful reference source for his
client, auditor’s working papers should not be regarded as part or substitute for the client's
accounting records.
AUDIT SAMPLING
(And Other Means of Test ing)
Selecting specific items for examination does not constitute audit sampling and therefore, not
subject to sampling risk.
The results of audit procedures applied to selected specific items cannot be projected to the entire
population; accordingly, selective examination of specific items does not provide audit evidence
concerning the remainder of the population.
Audit Sampling:
Audit sampling (sampling) – the application of audit procedures to less than 100% of the items within a
population of audit relevance (account balance or class of transactions) such that all sampling units have a
chance of selection in order to provide the auditor with a reasonable basis on whi ch to draw conclusions about
the entire population
Audit sampling is the means that enable the auditor to draw conclusions about the population on
the basis of testing a sample draw n from it.
Sampling is essential throughout audits as auditors attempt to gather sufficient appropriate
evidence in a cost efficient manner.
Audit sampling is not required part of any audit procedure because when designing audit
procedures, the auditor should determine appropriate means of selecting items for testing.
Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of
transactions and balances ( variables sampling). In both attributes sampling and variables sampling,
the plans may be either non-statistical or statistical.
Inapplicability of audit sampling: Situations w here audit sampling generally do not apply:
a. Risk assessment procedures performed to obtain an understanding of internal control.
b. Tests of automated application controls when effective general controls are present. (Generally,
such contr ols would only be tested once or a few times.)
c. Analyses of security and access contr ols, or other controls that do not provide documentar y
evidence of performance (e.g., controls related to segregation of duties).
d. Some tests related to the operation of the control environment or the accounting system (e.g.,
examination of the effectiveness of activities performed by those charged with governance).
2. Non-statistical sampling – a sampling approach that does not have both characteristics of statistical
sampling
Non-statistical sampling (or judgment sampling) is based solely on the auditor’s judgment. The sample
size is not determined mathematically. Auditors rely exclusively on subjective judgment to determine
sample size and to evaluate sample results.
A properly designed non-statistical sampling application can be as effective as statistical sampling
application.
One disadvantage is that it can misdirect an auditor to unreliable sampling units.
Sampling Risk:
Sampling risk – the possibility that the auditor’s conclusion, based on a sample may be different from the
conclusion reached if the entire population were subjected to the same audit procedure.
The risk that the sample is not representative of the population and that the auditor's conclusion will
be different from the conclusion had the audi tor examined 100% of the population.
The possibility that even though a sample is properly chosen, it may not be representative of the
population.
Sampling risk can be reduced by increasing the sample size.
Sampling risk is an inherent part of sampling tha t results from testing less than the entire population.
2. Non-sampling risk – the risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk
Examples of non-sampling risk:
The auditor might use/select inappropriate audit procedures (audit procedures that are not
appropriate to achieve a specific objective)
The auditor might misinterpret evidence or the results of audit tests
The auditor may fail to recognize an error (for example, failure by the auditor to recognize a
misstatement or deviation in documents examined)
Non-sampling risk pertains to all aspects of audit risk that are not due to sampling. It refers to
the possibility that auditors will arrive at an erroneous conclusion not because of the chosen
sample but due to other factors.
Non-sampling risk is always present and cannot be measured.
Non-sampling risk can be controlled by adequate planning and super vision of audit wor k and
proper adherence to quality control standards.
Sampling r isk and non-sampling risk can affect the components of audit r isk. For
example, when performing tests of control, the auditor may find no errors in a sample and conclude
that control risk is low, whe n the rate of error in the population is, in fact, unacceptably high
(sampling risk). Or there may be errors in the sample which the auditor fails to recognize (non-
sampling risk).
Summary of relationships between the above factors and the sample size:
Increases in Effect on Explanat ion
sample size
Risk of incorrect Decrease This is a sampling risk and sampling risk is reduced by
acceptance increasing the sample size.
Risk of incorrect Decrease This is a sampling risk and sampling risk is reduced by
rejection increasing the sample size.
Tolerable Decrease The lower the total error that the auditor is willing to
misstatement (error) accept, the larger the sample size needs to be.
Expected Increase The greater the expected amount of error in the
misstatement (error) population, the larger the sample size needs to be in
order to make a reasonable estimate of the actual
amount of error in the population.
Variation in the Increase Increases in variation (standard deviation in classical
population (standar d sampling) result in increases in sample size.
deviation)
Increase in auditor’s Increase The higher the auditor’s assessment of inherent risk
assessment of control and control risk, the lar ger the sample size needs to be.
risk or inherent risk
Reliance on other Decrease The more the auditor intends to rely on other
substantive substantive procedures to reduce to an acceptable level
procedures the detection risk, the less assurance the auditor will
require from sampling and, therefore, the smaller the
sample size can be.
Number of items in Negligible effect The number of items in the population virtually has no
the population effect on sample size unless the population is very
small. In other wor ds, population size is not an issue
provided the population is large.
Summary of relationships between the above factors and the sample size:
Increases in Effect on Explanat ion
sample size
Risk of assessing Decrease The more assurance the auditor intends to obtain
control risk too low from internal controls, the lower the auditor’s
assessment of control risk will be, and the larger the
sample size will need to be.
This is a sampling risk and sampling risk is reduced by
increasing the sample size.
Tolerable deviation Decrease The lower the rate of deviation that the auditor is
rate willing to accept, the lar ger the sample size needs to
be.
Expected population Increase The higher the rate of deviation that the auditor
deviation rate expects, the larger the sample size needs to be so as
to be in a position to make a reasonable estimate of
the actual rate of deviation.
Number of items in Negligible The number of items in the population virtually has no
the population effect effect on sample size unless the population is ver y
small. In other words, population size is not an issue
provided the population is large.
2. Review related party transactions (to ensure that they have been properly identified, recorded
and disclosed in the financial statements)
Audit procedures to determine completeness of related party infor mation prov ided by
those charged with governance and management:
1. Reviewing prior year’s working papers for names of know n related parties
2. Review the entity’s procedures for identification of related parties
3. Inquire as to the affiliation of those charged with governance and officers with other entities
4. Review shareholder recor ds to determine the names of principal shareholders or, if
appropriate, obtain a listing of principal shareholders from the share registrar
5. Review minutes of meetings of shareholders and those char ged with governance and other
relevant statutory recor ds such as the register of director’s interest
6. Inquire of other auditors currently involved in the audit, or predecessor auditors, as to their
knowledge of additional related par ties
7. Review the entity’s income tax returns and other information supplied to regulator y agencies
(such as SEC filings)
3. Ident ify and evaluate contingencies (arising from litigation, claims, and assessments) and
commit ments
Contingency – an existing condition/situation/circumstances involving a possible gain or loss to an
entity the ultimate outcome of which depends on the occurrence or non-occurrence of one or more
uncertain future events
Examples of loss contingencies:
1. Pending or threatened lawsuit/litigation
2. BIR assessment of prior years’ taxes
3. Guarantees of obligation of others
Commit ment – represent future cash flow requirements (such as a purchase commitment)
Management should adopt policies and procedures to identify, evaluate, and account for
litigations, claims, and assessments as a basis for the preparation of financial statements in
accordance with applicable financial reporting framewor k. Thus, the auditor’s primary source of
information about litigation, claims, and assessments is the client’s management.
b. Seek direct communication with the entity’s external legal counsel (through a letter of inquiry )
when litigation or claims have been identified or when the auditor believes they may exist
The auditor should corroborate the information furnished by client’s management by sending
a letter of inquiry to lawyers with w hom the client has consulted regar ding litigation,
claims, and assessments.
Direct communication with the entity’s legal counsel assists the auditor in obtaining sufficient
appropriate audit evidence as to whether potent ially material lit igat ion and claims
are known and management’s estimates of the financ ial implications, including
costs, are reasonable.
The letter of inquir y should be prepared by management and sent by the auditor, requesting
the entity’s external legal counsel to communicate directly with the auditor.
Management’s refusal to permit the a uditor to communicate with the entity’s lawyer or the
lawyer’s refusal to reply to the letter of inquiry w ould be considered a scope limitation that
would or dinarily lead to either qualified or disclaimer of opinion.
(1) Letter of specific inquiry – this letter of inquir y would ordinarily include:
(a) A list of litigation and claims
(b) Management’s assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved; and
(c) A request that the entity’s legal counsel confirm the reasonableness of management’s
assessments and provide the auditor with further information if the list is considered by the
entity’s legal counsel to be incomplete or incorrect.
(2) Letter of general inquiry – requests the entity’s external legal counsel to inform the auditor
of:
(a) Any lit igat ion and claims that the counsel is aware of
(b) Assessment of the outcome of the litigation and claims, and
(c) An estimate of the financial implications, including costs
c. Discuss with the entity’s external legal counsel the likely outcome of litigation and claims where:
Ordinarily, such meetings with enti ty’s exter nal legal counsel require management’s
per mission and are held with a representative of management in attendance.
4. Review subsequent events that may require adjust ment of, or disclosure in the financial
statements
Subsequent events (post-balance sheet events ) refer to events occurring between
period end (balance sheet date) and the date of the auditor’s report that may affect the
financial statements and the auditor’s report.
Subsequent events may also refer to facts discovered after the date of the auditor’s repor t.
Subsequent period is the period between the date of the financial statements (balance
sheet date) and the date of the auditor's report. During this period, the auditor should
investigate subsequent events that would require adjustment or disclosure in the financial
statements because his responsibility to search for subsequent events is up to the date of the
auditor’s report.
5. Assess the appropr iateness of management’s use of the going concer n assumpt ion in the
preparation of the financial statements
Going concern assumption is a fundamental principle in the preparation of financial statements.
Going concern means an entity is ordinarily viewed as continuing in business for the
Audit procedures to ident ify conditions and events that may cast doubt about an ent ity’s
ability to cont inue as a going concern:
Analytical procedures
Subsequent events review
Review of compliance with debt and loan agreements
Reading minutes of meetings
Inquir y of legal counsel
Confirmation with related and third parties of arrangements for financial support
The auditor has no responsibility to predict future events or conditions that may cause an entity to
cease to continue as a going concern. Thus, auditors are not required to design audit procedures
solely to detect going concer n problems.
Events or conditions that may give rise to business risks, that individually or collectively, may cast
doubt about the entity’s ability to continue as a going concern:
There are factors that can mitigate the adverse effects of identified material going concern
uncertainty. The auditor should consider whether management has plans for and the ability to
implement alternat ive means of maintaining adequate cash flows to mitigate events and
conditions that may cast doubt about the entity’s ability to continue as a going concern.
Disclosure requirements if the financial statements are not prepared on a going concern
basis:
a. The fact that financial statements are not prepared on a going concer n basis
b. The basis on which the financial statements are prepared, and
c. The reasons why the entity is not regarded as a going concern
6. Obtain written representations from management (on matters material to the financial
statements)
Management representation letter is a letter from the management confirming its
responsibility and its oral representations.
The auditor’s responsibility is to obtain written representation, whereas the management’s
responsibility is to provide written representations (this responsibility is included in the engagement
letter that sets out the terms of an audit engagement).
The auditor’s responsibility on representations relating to matters that are material to the financial
statements:
a. Seek corroborative audit evidence from sources inside or outside the entity;
b. Evaluate whether the representations made by management appear reasonable and consistent
with other audit evidence obtained, including other representations; and
c. Consider whether the individuals making the representations can be expected to be well
informed on the particular matters.
This representation letter is provided in connection with your audit of the financial statements of
ABC Company for the year ended December 31, 19X1 for the purpose of expressing an opinion as to
whether the financial statements present fairly, in all material respects, the financial position of ABC
Company as of December 31, 19X1 and of the results of its operations and its cash flows for the
year then ended in accordance with (indicate applicable financial repor ting framework).
We acknowledge our responsibility for the fair presentat ion of the financial statements
in accordance with (indicate applicable financial reporting framewor k).
We confirm, to the best of our knowledge and belief, the following representations:
There have been no irregularities involving management or employees who have a significant
role in internal control or that could have a material effect on the financial statements.
We have made available to you all books of account and suppor ting documentation and all
minutes of meetings of shareholders and the board of directors (namely those held on March
15, 19X1 and September 30, 19X1, respectively).
We confirm the completeness of the information provided regarding the identification of related
parties.
If required, add “On behalf of the boar d of directors (or similar body).”
The financial statements are free of material misstatements, including omissions.
The Company has complied with all aspects of contractual agreements that could have a
material effect on the financial statements in the event of noncompliance.
There has been no noncompliance with requirements of regulatory authorities that could have a
material effect on the financial statements in the event of noncompliance.
The following have been properly recorded and, w hen appropriate, adequately disclosed in the
financial statements:
The identity of, and balances and transactions with, related par ties.
Losses arising from sale and purchase commitments.
Agreements and options to buy back assets previously sold.
Assets pledged as collateral.
We have no plans or intentions that may materially alter the carrying value or classification of
assets and liabilities reflected in the financial statements.
We have no plans to abandon lines of product or other plans or intentions that will result in any
excess or obsolete inventor y, and no inventory is stated at an amount in excess of net realizable
value.
The Company has satisfactory title to all assets and there are no liens or encumbra nces on the
company’s assets, except for those that are disclosed in Note X to the financial statements.
We have recor ded or disclosed, as appropriate, all liabilities, both actual and contingent, and
have disclosed in Note X to the financial statements all guarantees that we have given to third
parties.
Other than . . . described in Note X to the financial statements, there have been no events
subsequent to period end w hich require adjustment of or disclosure in the financial statements
or Notes thereto.
The . . . claim by XYZ Company has been settled for the total sum of XXX which has been
properly accrued in the financial statements. No other claims in connection with litigation have
been or are expected to be received.
There are no formal or informal compensating balance arrangements with any of our cash and
investment accounts. Except as disclosed in Note X to the financial statements, we have no
other line of credit arrangements.
We have properly recorded or disclosed in the financial statements the capital stock repurchase
options and agreements, and capital stock reserved for options, warrants, conversions and other
requirements.
Yours truly,
_____________________
(Senior Executive Officer)
_____________________
(Senior Financial Officer)
Analytical procedures involve analysis of significant ratios and trends including the resultant
investigation of fluctuations and relationships that are inconsistent with other relevant
information or expectation.
Analytical procedures are required to be performed during the planning and overall review
stages.
10. Obtain approval of the client regarding disclosures and adjust ments made to the financial
statements
12. Review of other infor mation or documents that contain the audited financial statements
and ascertain their consistency
13. Communicate with management and those charged with governance regarding the scope of
the audit and other matters of interest to the client
Reporting to audit committee
Report on internal control using a management letter
Such management letter contains:
a. Reportable conditions which refer to significant deficiencies in the design or operation of
the internal control structure that could adversely affect the financial statements
b. Recommendat ions for improvement in the existing internal control structure
Omitted audit procedures may be discovered (after the audit report has been submitted) during a
firm's internal inspection program or during peer review.
Auditor’s action:
a. The auditor should assess the impor tance of the omitted procedures to his ability to support the
audit opinion.
b. The auditor should determine whether other audit procedures that were applied tend to
compensate for the omitted audit procedures. If so, no further action is necessary.
c. If, on the other hand, the omitted audit pr ocedures impair the auditor's ability to support the
previously issued opinion, and there are people relying (or likely to rely) on the repor t, then the
auditor should promptly undertake to a pply the omitted procedures or the corresponding
alternative pr ocedures.
d. If, after applying the omitted procedures, the auditor determines that the financial statements are
materially misstated and that the auditor's repor t is inappropriate, the auditor should discuss the
matter with the management and take steps to prevent future reliance on the repor t.