AUD 0 Finals Merged

AUDITING THEORY Red Sir ug
CONSIDERA TIONS OF ENTITY’S INTER NA L CONTROL
INTER NA L CONTROL – the process designed, implemented and maintained by those charged with gover nance,
management and other personnel to provide reasonable assurance abou t the achieve ment of an entity’s
objectives
Essent ial Concepts of Internal Control: Internal control is (a):

1. Process – a means of achieving the entity's objectives
2. Effected by:
a. Those char ged with governance: ensure the integrity of accounting and financial reporting
systems through oversight of management
b. Management: design, implement and maintain internal control
c. Staff personnel: perform their respective functions
3. Prov ides reasonable assurance about the achievement of an ent ity’s object ives – internal
control is be designed to prevent, or detect and correct problems to help in achieving entity’s objectives
 Inherent limitat ions of internal control system: Even a well designed and effective internal
control system cannot eliminate material misstatements, w hether due to fraud or error.
Examples of inherent limitations of internal control:
1. Management overriding the inter nal control.
2. Circumvention of internal controls through the collusion among employees.
3. Cost-benefit considerations (concept of reasonable assurance) – the costs of a control to be
established should not exceed its expected benefits
4. Most controls tend to be directed at routine transactions rather than non-routine transactions.
5. Human error (such as due to carelessness, distraction, mistakes of judgment, the
misunderstanding of instructions, errors in the design or use of automated controls
6. The possibility that procedures may become inadequate due to changes in conditions, and
compliance with procedures may deteriorate.
7. Segregation of duties may be difficult to achieve in a smaller entity.
4. Helps to achieve the entity's object ives
 Objectives represent what an entity strives to achieve.
 Categor ies of ent ity's objectives:
1. Financial report ing objective – this objective relates to reliability of financial repor ting
2. Operational objective – this objective is intended to enhance effectiveness and efficiency of
operations
3. Compliance objective – this objective relates to entity’s compliance with applicable laws and
regulations
Benefits of Strong Internal Control:

 Reliability of financial information for decision-making purposes
 Enhances the effectiveness and efficiency of operations
 Assurance of compliance with applicable laws and regulations
 Protection of assets and impor tant documents and recor ds
 Reduced cost of an external audit – because the auditor may rely on the effectiveness of internal control
Classification of Internal Control:
1. According to objectives:
a. Financial report ing controls – controls to achieve reliability of financial reporting objective
b. Operational effectiveness controls – controls to achieve operational effectiveness objective
c. Compliance controls – controls to achieve compliance objective
Relationship between the ent ity’s objectives and internal control:

There is a direct relationship between the entity’s objectives and the internal control it
implements to provide reasonable assurance about their achievement.
2. According to functions:
a. Preventive controls – controls that deter problems before they arise (for example, segregation of
incompatible employee functions/duties and control physical access to assets, facilities and
information)
b. Detective controls – controls that discover or detect problems as they arise (for example,
preparing bank reconciliation and preparing monthly trial balance)
c. Corrective controls – controls that remedy problems discovered with detective controls (for
example, maintaining backup copies of transactions and master files)
AT – Considering the Entity’s Internal Control Red Sirug Page 1

Components of Internal Control:
Obtaining understanding of internal control means obtaining understanding of the five interrelated and
essential components or aspects of internal control as follows:
1. Control env ironment – it includes the gover nance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
internal control and its impor tance in the entity
 It sets the tone of an organization, influencing the control consciousness of its people.
 It is a set of characteristics that defined good control wor king relationships in an entity.
 It is the foundation for effective internal control for it provides an appropriate foundation for other
components of inter nal control.
Elements of control environment:

1. Communication and enforcement of integr ity and ethical va lues – These influence the
effectiveness of the design, administration and monitoring of controls.
2. Commit ment to competence – Management’s consideration of the competence levels for
particular jobs and how those levels translate into requisite skills and k nowledge.
3. Participation by those char ged with governance (BOD and audit committee)
4. Management’s philosophy and operating style – Management’s approach to taking and
managing business risks, attitudes and actions toward financial reporting, and attitudes toward
information processing and accounting functions and personnel.
5. Organizat ional structure – The framework within which an entity’s activities for achieving
its objectives are planned, executed, controlled and reviewed.
6. Assignment of author ity and respo nsibility – How authority and responsibility for
operating activities are assigned and how reporting relationships and authorization hierarchies
are established. Appropriate methods of assigning responsibility must be implemented to
avoid incompatible functions and to minimize the possibility of errors because of too much
work load assigned to an employee.
7. Personnel or Human resource policies and procedures – Policies and practices that
relate to recruitment/hiring, orientation, training, evaluation, counseling, promotion,
compensation, and remedial actions.
Considering the control environment:

The auditor shall obtain understanding of control environment and evaluate:
a. Whether the management, with the oversight of those charged with governance, has create d and
maintained a culture of honesty and ethical behavior
b. Whether the strengths in the control environment provide foundation for the other components
of internal control
c. Whether other components of internal control are not undermined by control environme nt
weaknesses
2. Entity’s risk assessment process – entity’s own process of identification, analysis, and management
of risks relevant to the preparation and fair presentation of financial statements
Considering the entity’s risk assessment process:

The auditor shall obtain understanding of whether the entity has a process for:
a. Identifying business risks relevant to financial reporting objectives
b. Estimating the significance of the risks
c. Assessing the likelihood of their occurrence
d. Deciding about actions to address those risks
3. Infor mation system (including the related business processes, relevant financial reporting
and communicat ion) – information and communication systems support the identification, capture,
and exchange of information in a timely and useful manner
 The information system relevant to financial reporting objectives, w hich includes the accounting
system, consists of the methods and records established to record, process, summarize, and report
entity transactions (as well as events and conditions) and to maintain accountability for the related
assets, liabilities, and equity.
 Communication involves providing an understanding of individual roles and responsibilities pertaining
to internal control over financial reporting. Communication may take such forms as policy manuals
and financial reporting manuals. Open communication channels help ensure that exceptions are
reported and acted on.
Considering the information system:

The auditor shall obtain an understanding of the information system, including the related business
processes, relevant to financial reporting, including the following areas:
a. The classes of transactions in the entity’s operations that are significant to the financial
statements;
b. The procedures, within both information techno logy (IT) and manual systems, by which those
transactions are initiated, recorded, processed, corrected as necessary, transferred to the general
ledger and reported in the financial statements;
c. The related accounting records, supporting information and specific accounts in the financial
statements that are used to initiate, record, process and report transactions; this includes the
correction of incorrect information and how information is transferred to the general ledger.
d. The records may be in either manual or electronic form;
e. How the information system captures events and conditions, other than transactions, that are
significant to the financial statements;
f. The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures; and
g. Controls surrounding journal entries, including non-standard journal entries used to record non-
recurring, unusual transactions or adjustments.
4. Control act iv ities – the policies and procedures that help ensure management’s directives are carried
out and that necessary steps to address risks are taken. Control activities address risks that if not
mitigated would threaten the achievement of the entity’s objectives.
Examples of specific control activities include those relating to:

 Authorization
 Performance reviews
 Information processing
 Physical controls
 Segregation activities
Considering the control activities:

The auditor shall obtain understanding of control activities relevant to the audit. Control activ it ies
relevant to the audit are those that the auditor judges it necessary to understand i n order to:
a. Assess the risks of material misstatement at the assertion level and
b. Design further audit procedures responsive to the assessed risks.
An audit does not require an understanding of all the control activities. In understanding the entity’s
control activities, the auditor shall obtain understanding of how the entity has responded to risks arising
from IT.
Examples of s pecific control act ivit ies that may be relevant to an audit:
1. Prenumbering of documents – helps to assure that:
a. All transactions are recorded (completeness).
b. No transactions are recorded more than once (existence).
2. Authorization of transact ions – authorization should occur before commitment of resources
3. Independent checks to maintain asset accountability – independent checks involve the
verification of wor k previously performed by others, such as:
 Review of bank reconciliations
 Comparison of subsidiar y records to control accounts
 Comparison of physical counts of inventory to perpetual records
4. Documentation – provides evidence of the underlying transactions and is a basis for
establishing responsibility for the execution and recor ding of transactions
5. Perfor mance reviews – includes review and analyses of the following:
a. Actual performance versus budgets, forecasts, and prior period performance
b. Relationship between different sets of data to one another, together with analyses of the
relationships and investigative and corrective actions (for example, the management of a
sports team might use attendance data to ascertain the reasonableness of ticket sales).
c. Comparison between internal data and exter nal sources of information, and
d. Functional or activity performance (for example, sales repor ts, receivable reports, etc., may
be used to analyze performance and to identify errors).
6. Infor mation processing controls – ensure that transactions are valid, properly authorized,
and completely and accurately recor ded
a. Applicat ion controls – controls which apply to the processing of individual applications
Examples of application controls:
 Checking the arithmetical accuracy of records
 Maintaining and reviewing accounts and trial balance
 Automated controls such as edit checks of input data and numerical sequence checks
 Manual follow-up of exception reports
 Controls surrounding receivables

 Controls surrounding payroll
b. General controls – controls that relate to many applications and support the effective
functioning of application controls by helping to ensure the continued proper operation of
information systems. General controls apply to information processing throughout the
company.
Examples of general controls:
 Program change controls
 Controls that restrict access to pr ograms or data
 Controls over the implementation of new releases of packaged software applications
 Controls over system software that restrict access to or monitor the use of system
utilities that could change financial data or records without leaving an audit trail
 Controls over data center and networ k operations
7. Physical controls – physical controls for safeguarding assets involve security devices and
limited access to programs and to restricted areas, including computer facilities
a. Physical segregation and security of assets, including adequate safeguards such secured
facilities over access to assets and records.
Examples of physical controls:
 Protective or security devices
 Bonded or independent custodians
 Physical and security of assets:
 Cash – placed in cash boxes, vault or safe deposit boxes
 Cash – deposited in a bank
 Inventor y – placed in a warehouse
 PPE items – tagged with non-movable labels
b. Authorization for access to computer programs and data files (for example, requiring
password prior to access)
c. Authorized access to assets and records (such as through the use of computer access codes,
prenumbered forms, and required signatures on documents for the removal or disposition of
assets)
d. Required signatures on documents for the removal or disposition of assets
e. Periodic counting and comparison with amounts show n on control records
Examples:
 Comparing the results of cash, security and inventory counts with accounting records
 Reconciliations
f. The extent to which physical controls intended to prevent theft of assets are relevant to the
reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as w hen assets are highly susceptible to misappropriation.
8. Segregation of dut ies – involves ensuring that individuals do not perform incompatible duties.
 Duties should be segregated such that the work of one individual provides a crosscheck on
the wor k of another individual.
 A proper segregation of duties (or incompatible functions) requires that one person should
not be responsible for all phases of a transaction. This means that different employees
should be assigned to the following functions:
 Authorizing transactions
 Recording transactions – recordkeeping
 Maintaining custody of assets involved in the transactions
For example, the responsibilities of the treasury department include handling of cash and
custody of securities but do not include data processing.
 Segregation of duties is intended to reduce the opportunities to allow any person to be in a
position to both perpetrate and conceal errors or fraud in the normal course of the person’s
duties.
5. Monitoring – the process to assess the effectiveness (or quality) of internal control performance over
time
Management’s monitoring of controls includes:
 Assessing the effectiveness of controls on a timely basis and ta king necessar y corrective actions
 Monitoring of controls through ongoing activities
 Using information from communications from exter nal parties such as customer complaints and
regulator comments that may indicate problems, highlight areas in need of impr ovement
Considering the monitoring of controls:

The auditor shall obtain understanding of:
a. The major activities that the entity uses to monitor control over financial reporting, including
those related to those activities relevant to the audit
b. How the entity initiates corrective actions to its controls
c. Sources of the information used in the entity’s monitoring activities

d. The basis upon which management considers the information to be sufficiently reliable for the
purpose
CONSIDERING INTER NA L CONTROL
Internal control is relevant to the entire entity and each of the five components of internal control may affect
any of the three entity objectives, but not all of an entity's objectives and related controls are relevant to the
audit.
The auditor shall obtain an understanding of internal control relevant to the audit. Generally, those controls
that pertain to financial reporting objective are most relevant to the audit. Thus, the auditor shall consider and
understand financial reporting controls. The auditor need not assess all controls related to financial reporting, but
rather applies professional judgment in determining which controls to assess.
Purpose of Understanding of Internal Control:

 Pr imary purpose: To provide a basis for planning the audit to determine the nature, timing, and extent
of fur ther audit procedures
Specifically, such understanding is used by the auditor in:
1. Identifying types of potential misstatements
2. Identifying factors that affect the risks of material misstatements, and
3. Designing the nature, timing, and extent of further audit procedures
 Secondary purpose: To provide a basis for constr uctive suggestions to management about
improvements in internal control
Steps in Considering Internal Control:

1. The auditor shall obtain an understanding of interna l control relevant to the audit – involves
performing procedures to evaluate the design of relevant controls and determine whether they have been
implemented (placed in operation)
 This procedure includes understanding of the five interrelated components of inter nal control to
evaluate the design and determine if the control has been implemented.
a. Evaluate the design of relevant controls – involves determining whether those controls,
individually or in combination with other controls, is capa ble of effectively preventing or detecting and
correcting material misstatements
 The design refers to capability of a control to prevent or detect and correct material
misstatements
Major emphasis in the design of effective control:
a. Assets are properly protected
b. Incompatible duties are segregated
c. Transactions are authorized
An improperly designed control may represent a material weakness in the entity’s internal control.
b. Deter mine whether the controls have been implemented – involves determining w hether the
control is placed in operation; implementation of a control means that the control exists and is being
used by the entity
Risk assessment procedures to obtain audit evidence about the design and implementation of
relevant controls:
 Inquir y of entity personnel (inquiry alone is not sufficient obtain audit evidence about the
design and implementation of relevant controls)
 Observing the application of specific controls
 Inspecting documents and records
 Performing a “walk-through” test – tracing a transaction through the information system
relevant to financial reporting, from initial recording to presentation in the financial
statements
2. Perfor m preliminary assessment of control r isk – assessing the level of control risk (such as high,
medium or low) based on understanding of internal control (the design of controls and w hether they have
been implemented)
 The ultimate purpose of assessing control risk at the assertion level for each material account
balance or class of transactions is to contribute to the auditor's evaluation of the risk that material
misstatements exist in the financial statements.
 The assessment of control risk is the process of evaluating the effectiveness of an entity’s internal
control in preventing or detecting and correcting material misstatements.
 Control risk is assess in terms of financial statement assertions.
a. Maximum level: Control risk is assessed at high/maximum level if:

 Controls are poorly designed, or

 Properly designed controls have not been implemented, or
 It is inefficient to rely on internal control (inefficient to perform tests of controls) – for example, it
is inefficient to obtain evidence to justify the assessment of control risk at less than high level
Auditor’s response if control r isk is assessed at a high/ maximum level:
 Auditor will not per form tests of controls
 Auditor will primarily rely on substantive tests
b. Less than high/ maximum level: Control risk is assessed at less than high/maximum level if
controls are properly designed and have been implemented; the auditor should perform tests of
operating effectiveness of relevant controls.
The PSA requires the auditor to document the basis or the evidence to justify the assessment of
control risk at less than high/maximum level.
3. Perfor m tests of controls if preliminary assessment of control r isk is below high/ maximum
level (performed when the auditor intends to rely on the internal control)
 Tests of controls are audit procedures designed to evaluate the operating effectiveness of internal
controls that are likely to detect or prevent material misstatements in support of a reduced assessed
level of control risk. In other words, tests of controls are performed to confirm that the controls
tested are w orking effectively in order to substantiate the reduced assessed level of control risk.
 When to perfor m tests of controls:
a. When the auditor intends to rely on the operating effectiveness of relevant controls in
determining the nature, timing and extent of substantive procedures; or
Tests of controls are performed only on those controls that the auditor has determined
are suitably designed to prevent, or detect and correct, a material misstatement in an
assertion.
b. When substantive procedures alone cannot provide sufficient appropriate evidence at the
assertion level
 Unlike substantive tests of details, tests of controls are not required audit procedure.
 The greater the reliance the auditor plans to place on internal control, the more extensive the
tests of those controls that need to be performed.
 Tests of controls generally consist of one (or combination of the following evidence gathering
techniques:
a. Inquir y
b. Observation
c. Inspection
d. Reperformance of a control by the auditor
Results of tests of controls:

a. Results do not confirm effectiveness of controls – the auditor should revise the preliminar y risk
assessment of control risk from less than high to high level
In addition, the auditor shall also make the necessary revision on the overall audit strategy, audit
plan and preliminary audit pr ogram.
In this case, the auditor’s general approach to audit would be to use the substant ive approach
(an appr oach w hose emphasis is on substantive procedures).
b. Results confirm effectiveness of controls – the auditor relies on the entity’s internal control and
decrease substantive testing
In this case, the auditor’s general approach to audit would be the reliance or combined
approach (an approach that uses both tests of controls and substantive procedures).
Required Documentation:
1. Document the understanding of account ing and internal co ntrol systems
 Form of documentation may var y
 One form or a combination of forms of documentation may be used at the same time
 Forms of documentation:
1. Internal control questionnaire – consists of a list of questions on inter nal control be answered
by "Yes" or "No" response. A negative response is designed to draw attention to a possible
weakness in internal contr ol. Written explanations are required for "No" answers.
2. Flowcharts – pictorial/symbolic diagram depicting the operation of a program/system or the
sequential flow of authority, processes, transactions and documents. T he use of standard
symbols makes flowcharts easy to understand.
a. Systems flowcharts – used to evaluate internal control because it shows the origin of each
document in the system, its subsequent processing, and its final disposition
b. IT flowcharts – used in evaluating the inter nal control in an automated/computerized
accounting environment. The auditor can use these flowcharts to evaluate both the flow of
the pr ogram and the internal controls related to the IT function in general.
3. Internal control checklists – a detailed listing of ideal control measures (the auditor tickmar ks

the controls adopted by the client)
4. Narrative memoranda – a written version of a flowchar t. It is a description of the auditor's
understanding of the system of internal control. Note that flow charts are more appropriate for
documenting complex control structures, w hile written narratives are more appropriate for less
complex structures.
5. Decision trees or tables –
a. Decision trees – are graphic illustrations that depict the logic of an operation or process.
They generally employ questions with "Yes" or "No" answers, which direct the user to the
next relevant questions.
b. Decision tables – are graphic illustrations tha t depict the logical relationships of a system in
table form. Both approaches document the auditor's understanding of a process.
2. Document the assessed level of control r isk

 If the control risk is assessed at a high level, the auditor should document his conclusion that control risk
is at a high level.
 If the control risk is assessed at less than high level, the auditor should document:
a. His conclusion that control risk is at less than high level, and
b. The basis for that assessment – results of tests of controls confirming the assessment of control risk at
below high/maximum level
Effect of Infor mation Technology on Internal Control:

Effect on Internal Control
An entity's use of information technology may affect any of the five components of internal control :
a. Management's failure to appropriately address IT risks may negatively impact the control
environment.
b.The use of IT may enhance an entity's risk assessment by providing more timely information.
c.Many information and communication systems make extensive use of IT, and the way in which IT is
used often affects an entity's inter nal control.
d. Much of the information used in monitoring is provided by IT, and therefore, the accuracy of the IT
system is crucial.
e. The use of IT may affect the way in which existing control activities are implemented. Also, the
effectiveness of user controls may depend upon the accuracy of information provided to the user by
IT systems.
Manual vs. Automated Controls
a. Manual controls may be more appropriate than automated controls in sit uations w here judgment and
discretion is required, such as circumstances in which misstatements are difficult to define,
anticipate, or predict.
b. Manual controls, however, may pose additional risks because they can be more easily ignored or
overridden, they are subject to human error, and they are less consistent than automated controls.
Test ing Automated Controls

a. In testing automated controls, the auditor needs to identify and test not just specific application
controls but relevant general controls on whi ch the application controls depend. (Application controls
and general controls are covered further below.)
b. In a manual system, manual controls such as approvals, reviews, and reconciliations are used. In an
automated system using information technology, bo th manual and automated controls may be used;
however, even manual controls may be dependent to some extent on the effective functioning of IT.
IT Benefits
IT is used by an entity to improve the efficiency and effectiveness of its internal control. The a uditor
should consider the effect of such benefits as par t of assessing inter nal control. Benefits may include:
a. The ability to pr ocess large volumes of transactions and data accurately and consistently.
b. Improved timeliness and availability of information.
c. Facilitation of data analysis and performance monitoring.
d. Reduction in the risk that controls will be circumvented.
e. Enhanced segregation of duties thr ough effective implementation of security controls.
IT Risks
The use of IT may also create additional internal control risks. The auditor must evaluate the entity's use
of IT to determine whether and to what extent the following risks exist:
a. Potential reliance on inaccurate systems.
b. Unauthorized access to data, w hich may result in loss of data and/or data inaccuracies.
c. Unauthorized changes to data, systems, or programs.
d. Failure to make required changes or updates to systems or programs.

ASSERTIONS, A UDIT PROCEDURES A ND A UDIT EVIDENCE
ASSERTIONS A ND A UDIT OBJECTIVES
Nature of Assertions:
Financial statements are not statements of facts. They are a collection of claims and assertions, made
implicitly or explicitly by the entity’s management, about the recognition, measurement, presentation, and
disclosure of information in the financial statements.
Assertions (or management assertions ) are representations by management, explicit or otherwise,

that are embodied in the financial statements. These assertions relate to the fairness of presentation of the
financial statements, thus, they are directly related to applicable financial reporting framework.
Examples of assertions:
 All the assets exist. (Existence)
 All sales transactions have been recorded. (Completeness)
 Inventories are properly valued. (Valuation)
 All amounts are properly presented and disclosed in the financial statements. (Accuracy)
Levels of Assertions:
1. Financial statement level – entity’s management representation that the financial statements as a
whole are presented fairly, in all material respects, in accordance with the applicable financial reporting
framework
 For example, management asserts the financial statements are free from material misstatements.
2. Account balance or class of transactions level – entity’s management representation that the
underlying account balances and class of transactions, including related disclosures, are free of material
misstatements
 For example, w hen considering the sales balance, management is asserting that sales revenue is
complete (completeness assertion), the transactions occurred (occurrence asser tion), and transactions
have been appropriately recorded in the accounting records (accuracy asser tion).
Categor ies of A ssertions used by the Auditor:

1. Assertions about classes of transactions and events for the period under audit
a. Occurrence – recor ded transactions and events have occurred and pertain to the entity
b. Completeness – all transactions and events that should have been recorded have been recorded
c. Accuracy – amounts and other data relating to recorded transactions and events have been recorded
appropriately
d. Cutoff (proper period) – transactions and events have been recorded in the correct accounting
period
e. Classification – transactions have been recor ded in the proper accounts
2. Assertions about account balances at the period end
a. Existence – assets, liabilities, and equity interests exist
b. Rights and obligat ions – the entity holds or controls the rights to assets, and liabilities are the
obligations of the entity
c. Completeness – all assets, liabilities and equity interests that should have been recorded have been
recorded
d. Valuation and allocat ion – assets, liabilities, and equity interests are included in the FS at
appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded
3. Assertions about presentation and disclosure
a. Occurrence and rights and obligat ions – disclosed events, transactions, and other matters have
occurred and pertain to the entity
b. Completeness – all disclosures that should have been included in the financial statements have been
included
c. Classification and understandability – financial information is appropriately presented and
described, and disclosures are clearly expressed
d. Accuracy and valuat ion – financial and other information are disclosed fairly and at appropriate
amounts
The existence and completeness objectives emphasize opposite audit concerns. Existence deals with
overstatements and completeness deals with understatements (such as due to unrecor ded
transactions).
Auditor’s Use of Relevant A ssertions:

The auditor uses relevant assertions in developing audit objectives that will be the basis for designing
audit procedures. Relevant assertions are assertions that have a meaningful bearing on w hether an
account is fairly stated. For example:
AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 1

 Existence asser tion, not valuation, is typically relevant to the audit of cash account.
 The valuation asser tion would be relevant to assessing the inventory balance than assessing sales
balance.
The auditor should use relevant assertions to:

a. Consider the types of potential misstatements that may occur
Examples include:
 Does the asset exist? (Existence)
 Are all sales transactions recorded? (Completeness)
 Is inventor y properly valued? (Valuation)
 Did the transaction occur? (Occurrence)
 Are amounts properly presented and disclosed in the financial statements? (Accuracy)
b. Assess the risks of material misstatement – The auditor should identify what controls have
been implemented to address the relevant assertions.
Examples:
 How does management ensure transactions are recorded ? (Completeness)
 How does management ensure that significant estimates are based on reasonable
assumptions and properly recorde d in the financial statements? (Accuracy)
c. Design audit procedures that are responsive to the assessed risks
Examples:
 If the risk is high that receivables are being overstated, the audit procedures should be
designed to specifically address the valuation assertio n.
 When the auditor designs tests of controls, emphasis should be placed on testing controls over
the relevant assertions rather than just significant controls.
 An audit procedure may pr ovide evidence suppor ting more than one assertion. For
example, when an auditor obtains confirmation of inventories held at outside locations,
evidence is obtained not just about completeness, but also about the existence of
inventor y.
 More than one procedure may be required to fully support an assertion. For example, in
order to be reasonably certain that inventory quantities include all inventories on hand at
year-end, the auditor should also inspect receiving transactions near year -end for
recording in the proper period.
Audit Object ives:

The auditor develops audit objectives that relate to management assertions about the financial statement
components. To achieve audit objectives, the auditor shall design audit procedures and gather sufficient
appropriate audit evidence whether the asser tions are in accordance with the applicable financial reporting
framework.
Audit objectives are used to verify management assertions. Thus, there should be proper matching of
auditor’s objectives with management assertions.
Types of Audit Object ives:

1. Whether general or specific:
a. General audit objectives – are broad objectives of auditing an account balance or class of
transactions
 Examples of general audit objectives include existence, completeness, valuation, classification,
cut-off, accuracy, presentation and disclosure, validity, ownership, and overall reasonableness
b. Specific audit object ives – audit objectives stated in terms tailored to the specific audit
engagement
 The general audit objectives remain the same for ever y audit engagement, but the evidence
varies, depending on the circumstances. The general audit objectives are applicable to ever y
account balance on the financial statements.
 After the general objectives are understood, specific objectives for each account balance on
the financial statements can be developed. There should be one specific audit objective for
each relevant general objective.
2. Whether substantive or compliance
a. Substant ive audit object ives – objectives that relate to the determination of the validity of
assertions on account balances or class of transactions or disclosures found in the financial
statements
b. Compliance audit objectives – objectives that relate to the degree of entity’s compliance with
relevant controls
AUDIT PROCEDURES
Based on audit objectives, the auditor should plan and perform audit procedures. Audit procedures are
the means for obtaining sufficient appropriate audit evidence to satisfy financial statement assertions and to

suppor t audit opinion on the fairness of the financial statements. They are the detailed instr uctions for the
collection of a par ticular type of evidence that is to be obtained during the audit. Since audit procedures are
performed to verify management assertions, they would differ depending on the particular assertion or
account audited.
Pr imary Purpose of Audit Procedures:

Audit procedures are performed to gather necessar y (not all) corroborative evidence to achieve audit
objectives in order to result to sufficient appropriate audit evidence on the fairness of the presentation of the
entity’s financial statements.
Audit procedures distinguished from audit standards and audit techniques:

 Audit standar ds – measure of the quality of the audit performance; they are set by the AASC, thus,
they remain the same from one audit engagement to another
 Audit procedures – performed to meet the audit standards; determined by the auditor, thus, they
vary from audit to audit; although they vary fr om audit to audit, the auditor should perform relevant
essential audit procedures provided by the audit standards (PSAs)
 Audit techniques – methods used by the auditor or the details of the audit procedures; they also
vary from audit to audit
Nature, Timing and Extent of Audit Procedures:

a. Nature of an audit procedure – refers to:
(1) Its pur pose (i.e., test of controls or substantive procedure) and
(2) Its type (i.e., inspection, obser vation, inquiry, confirmation, recalculation, reperformance, or
analytical procedures)
When RMM is assessed at high level it affects the types of audit procedures to be performed and
their combination.
b. Timing of an audit procedure – refers to w hen to perform the audit procedure, or the period or
date to which the audit evidence applies
Audit procedures are normally performed:
a. Early in the accounting period being examined
b. Throughout the accounting period being examined, but with emphasis of the
transactions near the end
c. Within one to three months after the close of the accounting period
Audit procedures performed before period end are know n as interim work.
The nature and timing of the audit procedures to be used may be affected by the fact that some
of the accounting data and other information may be available only in electronic form or only at
certain points or periods in time.
c. Extent of an audit procedure – refers to the quantity to be performed or the extent of testing or
the number of items to be examined (for example, a sample size, or the number of observations of a
control activity)
Audit Procedures for Obtaining Audit Ev idence:
1. Risk assessment procedures – procedures to obtain an understanding of the entity and its
environment, including its internal control, in order to identify and assess the risks of material
misstatement (RMM)
Risk assessment procedures include:
a. Inquir y of management and other personnel
b. Analytical procedures (as a planning tool)
c. Observation and inspection
Risk assessment procedures alone do not provide audit evidence sufficient to support an audit
opinion. Risk assessment procedures must be supplemented by tests of controls, when necessar y,
and substantive procedures.
2. Further audit procedures – The auditor shall design and perform audit procedures whose nature,
timing, and extent are based on and are responsive to the assessed RMM at the asser tion level.
 Further audit procedures are actually audit procedures classified accor ding to purpose
 In designing the further audit procedures to be performed, the auditor shall:
(1) Consider the assessed RMM
(2) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk by:
a. Increasing the quantity of evidence; or
b. Obtain evidence that is more relevant or reliable (such a obtaining third party evidence or by
obtaining corroborating evidence from a number of independent sources)
Auditor’s responses to assessed risks of material misstatements (RMM) include both:

a. Overall responses – The auditor shall design and implement overall responses to address

the RMM at the financial statement level.
Overall responses may include:
 Emphasizing to the audit team the need to maintain professional skepticism
 Assigning more experienced staff or those with special skills or using experts
 Providing more supervision
 Incorporating additional elements of unpredictability in the selection of further audit
procedures to be perfor med
 Making general changes to the nature, timing, or extent of audit procedur es (such as
performing substantive procedures at the period end instead of at an interim date)
Overall responses affect auditor’s general approach:
 Substant ive approach – an approach whose emphasis is on substantive procedures
 Combined approach – an approach that uses both tests of controls and substantive
procedures
b. Further audit procedures
Further audit procedures include:

(1) Tests of controls (compliance tests ) – audit procedures designed to evaluate the operating
effectiveness of relevant controls in preventing, or detecting and correcting material
misstatements at the assertion level
 In designing and per forming tests of controls, the auditor shall obtain more persuasive audit
evidence the higher/greater reliance the auditor places on the effectiveness of a control.
 Test of contr ols, although not intended to detect material misstatements, may provide
evidence that a misstatement is likely to occur.
When to perfor m tests of controls:

a. When the auditor intends to rely on the operating effectiveness of rele vant controls in
determining the nature, timing and extent of substantive procedures; or
 Tests of controls are performed only on those controls that the auditor has
determined are suitably designed to prevent, or detect and correct, a material
misstatement in an assertion.
b. When substantive procedures alone cannot provide sufficient appropriate evidence at the
assertion level
 For example, an entity conducts its business using IT and no documentation of
transactions is produced or maintained, other than through the IT system.
Dual pur pose test:

 The auditor may design a test of controls to be performed concurrently with a test of
details on the same transaction. Although the purpose of a test of controls is different
from the purpose of a test of details, both may be accomplished concurrently by
performing test of controls and test of details on the same transaction, also known as a
dual-purpose test.
(2) Substant ive procedures – audit procedures designed to detect material misstatements at the
assertion level
Other best descript ions: Substantive procedures may also be described as audit procedures
that are designed to:
 Detect material peso/monetar y errors or fraud
 Substantiate the validity of management's assertions regarding the financial statements.
Thus, substantive procedures are sometimes called validation procedures because they
provide evidence about the existence of misstatement.
 Gather evidence in respect to all material classes of transactions, account balances, and
disclosures.
 Be performed in response to the assessment of the risks of material misstatement at the
assertion level, which includes the results of tests of contr ols, if any. In other wor ds,
substantive procedures are performed in response to the planned level of detection risk.
Substant ive procedures are mandatory:

Irrespective of the assessed risks of material misstatement, substantive procedures are
required for all relevant asser tions related to each material class of transactions, account
balance, and disclosure. T his requirement reflects the fact that:
a. The auditor’s assessment of risk is judgmental and so may not identify all risks of
material misstatement; and
b. There are inherent limitation to internal control
Substantive testing cannot be eliminated. However, it may be reduced by auditor’s
reliance on entity’s effective internal control.

Nature, t iming and extent of substantive tests:
When inter nal control is not reliable, the auditor will have to perform extensive substantive
tests. Thus, the result of test of controls is a major factor in determining the nature, timing
and extent of substantive tests.
1. Nature: relates the quality of audit evidence (performing more effective or less
effective audit procedures)
2. Timing: also relates to the quality of evidence (performing the audit procedures at
year-end or at interim date)
3. Extent: relates to the quantity of audit evidence (using larger sample size or smaller
sample size)
Reliance on substantive tests:

The reliance placed on substantive tests in relation to the reliance placed on i nternal
control has an inverse relationship.
Types of substant ive procedures:

Whether or not to use substantive analytical procedures or to perform tests of details of
transactions and balances, the auditor usually consider the relative effectiveness and efficiency of
the tests.
1. Tests of details – examining or obtaining audit evidence on the actual details of account
balance, class of transactions, and disclosure
 The objective of tests of details is to substantiate or identify misstatements in the
recorded amounts.
Directional testing – refers to the direction of an audit test
a. Tracing – if the auditor star ts from original source documents and traces forward to
the accounting records, this tests the assertion of completeness. This helps the
auditor identify understatement errors.
b. Vouching – If the auditor starts from the accounting recor ds and vouches backwards
to the original source documents, this tests the assertion of existence or
occurrence. This helps the auditor identify overstatement errors.
a) Test of details of transactions – testing of transactions w hich give rise to the ending
balance of a given account; these involve examining authorization, recording and posting
of transactions (such as examining receipts or disbursements of Cash account)
 Applicability of test of details of transactions: It is used w hen the account
being substantiated has relatively few or smaller volume of transactions of relatively
material amounts occurring during the year (for example, PPE, intangibles, bonds
payable and stockholders’ equity accounts)
 Test of transactions are often performed several months prior to the balance sheet
date.
 Tests of details of transactions primarily involve tracing and vouching.
b) Tests of details of balances – direct testing of accounts ending balance

 Tests of details of balances focus on obtaining evidence directly about an account
balance.
 More types of evidence are obtained using tests of details of balances than by using
any other type of test.
 Test details of balances is usually the most costly to perform.
 Applicability of test of details of balances:
 For accounts w hose balances are affected by lar ge volume transactions of
relatively immaterial amounts (such as cash, accounts receivable and inventories).
 If an account has a high turnover rate with many transactions occurring during
the year, the auditor generally will concentrate more on the ending balance total.
 It is used when the auditor is satisfied that inter nal control is strong.
2. Substant ive analytical procedures – these are analytical procedures performed during
testing phase to substantiate predictable relationships among both financial and non-financial
data
 Analytical procedures are evaluations of financial information made by a study of
plausible relationships among both financial and nonfinancial data. Analytical procedures
generally involve comparisons of recorded amounts to independent expectations
developed by the auditor.
 The application of planned analytical procedures is based on the expectation that
relationships among data exist and continue in the absence of known conditions to the
contrar y.

 Analytical procedures will result to circumstantial evidence rather than conclusive
evidence.
 Results of substantive analytical procedures would entail additional tests to be per formed.
 Analytical procedures are the audit tests that are usually the least costly to perform.
Applicability of substantive analyt ical procedures:

 Generally more applicable to large volume of transactions that tend to be
predictable over time
 Not required substantive procedures during testing phase (but are required
during audit planning and final or overall review stages)
 When appropriate, they are used on accounts that are predictable and plausible.
Limitat ions of analytical procedures: Since analytical procedures are based on

expected plausible relationships among data, differences do not necessarily indicate
errors or fraud, but simply indicate the need for further investigation. Changes in an
account, changes in accounting principle, and inherent differences between industr y
norms and the client all contribute to fluctuations in expected amounts.
Audit Procedures A ccording to Types:

The following procedures, individually or in combinations, may be used as risk assessment procedures,
test of controls, or substantive procedures, depending on the context in which they are applied by the auditor:
1. Inspect ion – consists of examining records or documents (whether inter nal or external, in paper
form, or other media), or a physical examination of an asset
 For example, an inspection of records or documents for evidence of authorization is a test of
controls.
2. Observation – consists of viewing/looking at a process or procedure being performed by others.
Examples:
 Observation of the counting of inventories by the entity’s personnel
 Observation of the performance of control activities that leave no audit trail
3. External confirmation – represents audit evidence obtained by the auditor as a direct written
response to the auditor from a third party (the confirmin g party) in paper form, or by electronic or
other medium
 Confirmation is a specific type of inquir y that involves the process of obtaining a
representation of information or of an existing condition about account balances and
transactions or events directly from independent third par ties.
 Confirmations are controlled by the auditor because the auditor:
a. Selects the parties to be contacted
b. Prepares and mails the confirmation requests, and
c. Receives the confirmation replies directly from the third parties
 External confirmations frequently are relevant when addressing assertions associated with
certain account balance and their elements. However, they are not restricted to account
balances only.
Examples of external confirmation:
 Confirmation of accounts recei vable balances:
a. Positive confirmat ion – customers should reply whether or not they agree with their
respective balances; it is considered more effective than negative confirmation
b. Negative confirmat ion – customers should reply if there are discrepancies
 Bank confirmation of account balances (including amount of loan outstanding)
 Suppliers’ confirmation of accounts payable
 Confirmation from lenders
 Inventor y confirmation w hen inventory is under custody and control of a thir d party
 Confirmation from law yers or financiers who have custody over client’s proper ty title deeds
 Confirmations of the terms of agreements or transactions an entity has with third par ties
 Confirmation about the absence of certain conditions, for example, the absence of a “side
agreement” that may influence revenue recognition
d. Recalculat ion (computation) – consists of checking the mathematical accuracy (manually or
electronically) of documents or records
Examples:
 Auditor’s recalculation of depreciation, interest expense or ear nings per share
e. Reperformance – involves the auditor’s independent execution of procedures or controls that were
originally performed (by the client’s staff) as par t of the entity’s inter nal control
f. Analytical procedures – consist of evaluations of financial information made by a study of plausible
relationships among both financial and non-financial data
Analytical procedures also encompass the investigation of identified fluctuations and relationships
that are inconsistent with other relevant information or deviate si gnificantly from predicted
amounts.

g. Inquiry – consists of seeking information of knowledgeable persons, both financial and non-financial,
within the entity or outside the entity.
 Inquir y is used extensively throughout the audit in addition to other audit procedures.
 Inquiries may be formal written inquiries or informal oral inquiries.
 Evaluating responses to inquiries is an integral part of the inquir y process.
 Evidence obtained from inquiry can be gathered with every type of audit test.
In respect of some matters, the auditor may consider it necessar y to obtain written representation
from management and, w here appropriate, those charged with gover nance to confirm responses
to oral inquiries.
Audit Techniques:
The auditor applies audit techniques (methods) to gather corroborative evidence and uses his professional
judgment to determine which audit techniques would best result to the audit evidence he needs.
Examples of audit techniques:

1. Confirm – to obtain information directly from an independent third party
2. Inspect – to obtain evidence through physical examination
3. Count – physical examination of assets (such as cash count or petty cash count)
4. Compare – technique used after count of assets; also used to compare current period balances with
those of prior periods
5. Inquire – asking questions, whether oral or written, directed to the client or to third par ties
6. Trace – to determine whether transactions supported by source documents are properly recorded and
posted
7. Vouch – examine and authenticate of underlying evidential papers
8. Verify – to prove the accuracy of extensions, footings, postings, ow nership and existence
9. Reconcile – to bring into agreement information obtained from two groups of related, but
independent, figures
Reconciliation involves comparing financial amounts from two independent sources for
agreement, such as:
 Reconciling the cash balance per the books with the balance per bank
 Reconciling the physical inventory count with the perpetual inventor y records
 Reconciling lead schedules to general ledger amounts
10. Analysis of accounts – to detail the composition of an account or to detail the individual debits and
credits in the account in a chronological sequence
11. Review – perform to obtain evidence of authoritative documentation to support certain transactions
12. Extend – to prove the accuracy of multiplications (on invoices, payroll records, etc.)
13. Foot – to prove the accuracy of vertical or horizontal additions
14. Scan – looking for evidence of unusual amounts/items, which, if found, would be further investigated
 Scanning may also be considered an analytical procedure, as the auditor uses professional
judgment to search for large, significant, or unusual items in the accounting records.
AUDIT PROGRA M
An audit program is a detailed listing of the nature, timi ng and extent of planned audit procedures (tests
of controls and/or substantive tests) that the auditor will perform to gather sufficient appropriate evidenced.
It is a set of instructions to assistants involved in the audit and as a means to control and recor d the proper
execution of wor k.
AUDIT EVIDENCE
The auditor shall design and perform audit procedures that are appropriate in the circumstances for the
purpose of obtaining reasonable assurance or sufficient appropriate audit evidence to reduce audit risk at
acceptably low level thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s
opinion.
Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit
evidence. The auditor shall conclude whether sufficient appropriate audit evidence has been obtained based
on his professional judgment.
Audit Evidence, Defined:

 Audit evidence refers to all the information used by the auditor in arriving at the conclusions on
which the audit opinion is based. Thus, audit evidence supports the opinion and the auditor's report.
 Sometimes called as ev idential matter , it is the main output/product of performing audit
procedures.
Audit Evidence Relationship with Assertions: Audit evidence comprises both:

a. Information that supports and corroborates management's assertions, and

b. Information that contradicts such assertions.
Nature of Audit Ev idence:

Audit evidence includes both information contained in the accounting records underlying the fina ncial
statements and other information:
1. Accounting records (Under lying data) – accounting records/data prepared by the client’s
personnel and from w hich financial statements are prepared
a. Records of initial accounting entries
b. Supporting recor ds, such as checks and records of electronic fund transfers, invoices and contracts
c. General and subsidiary ledgers
d. Journal entries and other adjustments to the financial statements that are not reflected in formal
journal entries
e. Records such as w orksheets and spreadsheets supporting cost allocations, computations,
reconciliation and disclosures
2. Corroborating evidence – corroborating information that are used by the auditor to verify the
fairness of the accounting records
a. Documents (such as checks, bank statements, contracts and minutes of meetings)
b. Information/evidence from other sources such as:
 Previous audits
 Quality control procedures for client acceptance and continuance
 Confirmations from third parties
 Industry analysts’ reports
 Comparable data about competitors ( benchmarking)
 Client written representation
c. Information obtained by the auditor from audit procedures such as inquiry, obser vation, inspection
and computation
d. Other information developed by, or available to, the auditor that permits the auditor to reach
conclusions through valid reasoning
Types of Audit Ev idence:

1. Physical evidence – obtained by physical examination of assets (such as count of stock certificates in
suppor t of stock investment account or observation of client’s processes or procedures)
2. Mathematical recomputations – auditor’s recomputation of the accuracy of client’s computations such
as depreciation, amortization, doubtful accounts, etc.
3. Documentation – examination of the suppor ting documents of recorded transactions and balances
appearing in the financial statements
4. Representation by third parties (or confirmation) – a document originating from independent outside
party and sent directly to the auditor
5. Representation by client personnel – statements from client personnel in response to queries posed by
the auditor
6. Results of analytical procedures
7. Internal control – existence of effective internal control may be regarded as a strong evidence of the
validity of the accounts and amounts found in the financial statements
8. Subsequent events – they provide additional evidence regarding conditions that already existing on
the balance sheet that affect accounting estimates
Sources of audit evidence:

 Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed
during the course of the audit. However, it may also include information obtained from other
sources such as:
 Previous audits (w here the auditor performs audit procedures to establish its continuing
relevance)
 Firm's quality control procedures for client acce ptance and continuance
 Audit evidence may come from:
a. Internal sources (inside the entity) – generated inter nally, such as evidence existing within
the accounting records, minutes of meetings, or a management representation
b. External or independent sources (outside the entity) – for example, confirmations from third
parties analysts’ reports, and comparable data about competitors (benchmar king data)
c. Direct knowledge of the auditor
 Audit evidence may also come from:
a. Information obtained from testing the accounting records (accounting records are an
important source of audit evidence) – for example, through analysis and review,
reperforming procedures followed in the financial repor ting process, and reconciling related
types and application s of the same informa tion

b. Non-financial original recor ds
 Audit evidence may include information prepared using the work of a management’s expert.
 In some cases the absence of information (for example, management's refusal to provide a
requested representation) is used by the auditor, and therefore, also constitutes audit evidence.
Infor mation to Be Used as Audit Ev idence

 When designing and performing audit procedures, the auditor shall consider the relevance and
reliability of the information to be used as audit evidence.
 When information to be used as audit evidence has been prepared using the work of a management's
expert, the auditor shall, to the extent necessar y, having regard to the significance of that exper t's
work for the auditor's pur poses:
a. Evaluate the competence, capabilities and objectivity of that expert;
b. Obtain an understanding of the work of that expert; and
c. Evaluate the appropriateness of that expert's work as audit evidence for the relevant assertion.
 When using information produced by the entity, the auditor shall evaluate w hether the information is
sufficiently reliable for the auditor's purposes, including as necessary in the circumstances:
a. Obtaining audit evidence about the accuracy and completeness of the information; and
b. Evaluating whether the information is sufficiently precise and detailed for the auditor's purposes.
Sufficient Appropriate Audit Ev idence:

The auditor shall design and perform audit procedures that are appropriate in the circumstances for the
purpose of obtaining sufficient appropriate audit evidence.
1. Sufficiency – the measure of the quantity or amount of audit evidence that the auditor shall
accumulate
 Sufficiency is determined based on the auditor’s professional judgment.
 Audit evidence is sufficient if there is enough of it to affor d a reasonable basis for an audit opinion
on the financial statements.
Factors affecting sufficiency of audit evidence:
Auditor’s judgment as to the quantity of audit evidence is influenced by:
a. Auditor’s assessment of the risks of misstatement – the higher the assessed risks, the more
audit evidence is likely to be required
 For example, as risk of material misstatement increases in Accounts Receivable, audit
evidence required also increases.
b. Quality or competence of audit evidence – the higher the quality, the less may be required.
Obtaining more audit evidence, however, may not compensate for its poor quality.
c. Materiality of item being examined – more material amounts, more evidence to suppor t its
validity
d. Experience gained during previous audit may indicate the amount of evidence taken before
and whether such evidence was enough
e. Type of information available
Merely obtaining more audit evidence may not compensate for audit evidence of lower quality. The
auditor should exercise professional judgment and professional skepticism in evaluating the
sufficiency and appropriateness of audit evidence to support the audit opinion.
The sufficiency and appropriateness of audit evidence are interrelated.
2. Appropriateness – measures the quality of audit evidence, that is, its relevance and its reliability in
providing support for the conclusions on which the auditor's opinion is based
a. Relevance – deals with the logical connection with, or bearing upon, the purpose of audit
procedures and the asser tion under consideration
 Audit evidence is considered relevant if it pertains to the assertions being evaluated or to
the specific audit objective being tested. For example:
 Obtaining audit evidence relating to the physical existence of inventor y is not relevant
in obtaining audit evidence relating to the valuation of inventor y.
 Accounts receivable confirmations are relevant to the existence of receivables, but not
to their valuation (i.e., a customer can confirm that a receivable exists, but this does
not necessarily imply that the customer has the intent or the ability to pay).
 The relevance of information to be used as audit evidence may be affected by the direction
of testing.
 A given set of audit procedures may provide audit evidence that is relevant to certain
assertions, but not to others.
 Obtaining audit evidence regarding a particular assertion, for example, the existence of
inventor y, is not a substitute for obtaining audit evidence regarding another assertion.
 Audit evidence from different sources or of a different nature may often be relevant to the
same assertion.

b. Reliability – objectivity of evidence
Reliability of evidence is influenced by:
 Its source (external or internal)
 Its nature (visual, documentary, or oral)
 The circumstances under which it is obtained
 Where relevant, the controls over its preparation and maintenance
Generalizat ions about the reliability of audit evidence:

1. The reliability of audit evidence is increased w hen it is obtained fr om knowledgeable
independent sources outside the entity.
 Examples of information from sources independent of the entity may include
confirmations from third parties, analysts' reports, and comparable data about
competitors (benchmarking data).
2. The reliability of audit evidence that is generated internally is increased when the related
controls, including controls over its preparation and maintenance, imposed by the entity
are effective. (Effective internal control provides more reliable audit evidence than
ineffective inter nal control.)
3. Audit evidence obtained directly by the auditor is more reliable than evidence obtained
indirectly or by inference.
 For example, obser vation of the application of a contr ol is more reliable than inquir y
about the application of a control).
4. Audit evidence in documentary form (w hether paper, electronic, or other medium) is
more reliable than evidence obtained orally.
 For example, a contemporaneously written recor d of a meeting is more reliable than
a subsequent oral representation of the matters discussed.
5. Evidence provided by original documents is more reliable than evidence provided by
photocopies or facsimiles.
The above generalizations should be considered in determining which evidence is persuasive

or least persuasive.
Generalizations about reliability are subject to important exceptions, for example, even when
the information to be used as audit evidence is obtained from sources external to the entity,
circumstances may exist that could affect its reliability (such as if the source is not
knowledgeable or a management’s expert may lack objectivity).
More assurance is ordinarily obtained from consistent audit evidence obtained from different
sources or of a different nature than from items of audit evidence considered individually.
Hierarchy of reliability of evidence: (from most reliable to least reliable)

1. Direct evidence or personal obser vation and knowledge (such as physical obser vation)
2. Externally generated evidence sent directly to the auditor (such as confirmations from banks
and customers and bank statements and cut-off bank statements received from banks)
3. Externally generated evidence kept by the client (such as vendor’s invoices, bank statements
received from the client)
4. Internally generated evidence circulated externally (such as sales invoices from sale to
customers and paid checks and cost allocations)
5. Internally generated evidence not circulated exter nally (such as purchase requisitions,
customer’s or der and cost allocations)
6. Oral evidence
Persuasive Evidence:
Audit evidence is persuasive if it is sufficient both in quantity and quality to suppor t audit opinion. Thus,
sufficiency and appropriateness of audit evidence are the determinants of persuasiveness of audit evidence.
The auditor may need to rely on audit evidence that is persuasive rather than conclusive. Ho wever, to obtain
reasonable assurance, the auditor must not be satisfied with audit evidence that is less than persuasive.
Cost-benefit considerations:
The auditor should consider the relationship between the cost of obtaining audit evidence and the
usefulness of the information obtained.
The valid bases for omitting an audit test/procedure for which there is no alternative are:
a. Relative risk (or inherent risk) involved
b. Relationship between the cost of obtaining audit evidence and the usefulness of the information
obtained

c. Degree of reliance on the relevant inter nal controls (or Assessment of control risk at a low level)
Difficulty and expense involved in testing a par ticular item is not a valid basis for an auditor of deciding
to omit an audit pr ocedure.
Infor mation produced by a management expert as audit evidence:

A management expert is an individual or organization possessing expertise in a field other than
accounting or auditing, whose w ork in that field is used by the entity to assist the entit y in preparing the
financial statements.
When information to be used as audit evidence has been prepared using the wor k of a management’s
expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s wor k for
the auditor’s purposes:
1. Evaluate the competence, capabilit ies and objectiv ity of that expert
a. Competence – relates to the nature and level of expertise of the management’s exper t
b. Capability – relates to the ability of the management’s expert to exercise that competence in the
circumstances
c. Objectivity – relates to the possible effects that bias, conflict of interest or the influence of others
may have on the professional or business j udgment of the management expert
Sources of information regarding competence, capabilities and objectivity of a management’s
expert:
 Personal experience with previous w ork of that exper t
 Discussions with that expert
 Discussions with others who are familiar with that exper t’s work
 Knowledge of that exper t’s qualifications, membership of a professional body or industr y
association, license to practice, or other forms of exter nal recognition
 Published papers or books written by that expert
 An auditor’s exper t, if any, who assists the auditor regarding the information pr oduced by
the management exper t
2. Obtain an understanding of the wor k or field of expert ise of that management’s expert
Aspects of the management’s expert’s field relevant to the auditor’s understanding may include:
 Whether that expert’s field has areas of specialty within it that are relevant to the audit.
 Whether any professional or other standards, and regulatory or legal requirements apply.
 What assumptions and methods are used by the management’s expert, and w hether they are
generally accepted within that exper t’s filed and appropriate for financial reporting purposes.
 The nature of inter nal and external data or information the auditor’s exper t uses
3. Evaluate the appropr iateness of that expert’s work as audit evidence for relevant
assertion
The auditor shall consider:
a. The relevance and reasonableness of that expert’s findings or conclusions, their consistency with
other audit evidence, and whether they have been appropriately reflected in the financial
statements;
b. If the expert’s wor k involves use of significant assumptions and methods, the relevance and
reasonableness of those assumptions and methods; and
c. If that expert’s work involves significant use of source data the relevance, completeness, and
accuracy of that source data
Evaluat ing the Sufficiency and Appropr iateness of Audit Evidence:

Based on the audit procedures performed and the audit evidence obtained, the auditor shall evaluate
before the conclusion of the audit whether the assessments of the RMM at the asser tion level remain
appropriate.
Factors affecting sufficient appropr iate audit evidence:

The auditor’s judgment as to w hat constitutes sufficient appropriate audit evidence is influenced by
such factors as the following:
 Significance of the potential misstatement in the assertion and the likelihood of its having a
material effect on the financial statements.
 Effectiveness of management’s responses and controls to address the risks.
 Experience gained during previous audits with respect to similar potential misstatements.
 Results of audit procedures performed, including whether such audit procedures identified specific
instances of fraud or error.
 Source and reliability of the available information.
 Persuasiveness of audit evidence.
 Understanding of the entity and its environment, including internal contr ol.

AUDITING THEORY Red Sirug
AUDIT DOCUMENTATION (AUDIT WORKING PAPERS)
Audit Documentation represents the record of audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached
 Audit documentation is sometimes called “ working papers ” or “ work papers ”.
 The audit documentation for a specific audit engagement is assembled in an audit file.
 Audit file means one or more folders or other storage media, in physical or electronic form,
containing the records tha t comprise the audit documentation for a specific engagement
Purposes of Audit Documentation:

Audit documentation provides:
a. A sufficient and appropriate record of the basis for the auditor’s report (or audit opinion)
b. Evidence that the audit was planned and performed in accordance with PSAs (and applicable legal and
regulator y requirements)
Pr imary purposes:
 To provide suppor t/basis for auditor’s opinion/repor t
 To provide a basis for determining the appropriate audit report
 To support the auditor's representation that the audit was conducted in accordance with PSA
 To provide evidence of the audit wor k performed
 To assist the auditor in the planning, performance, review, supervision and coordination of the
engagement and in preparation of the audit report
 To show that the accounting records agree or reconcile with the financial statements
 Provide supervisor y personnel the oppor tunity to assess the sufficiency of evidence obtained
during the audit
Addit ional purposes:

 To assist the engagement team to plan and per form the audit
 To assist members of the engagement team responsible for supervision to direct and super vise
the audit work, and to discharge their review responsibilities
 To enable the engagement team to be accountable for its work
 To retain a record of matters of continuing significance to future audits – this w ould assist the
auditor in planning future audits
 To enable the conduct of quality control reviews and inspections in accordance with quality
control standards
 To enable the conduct of external inspections in accordance with applicable legal, regulatory or
other requirements
 To provide information useful in rendering other services (MAS or tax consulting)
 To provide adequate defense in case of litigation
Audit documentation: (NOT)

 Does not suppor t the financial statements (the client's accounting records are considered the
primary suppor t for the financial state ments)
 Does not serve as basis for the preparation of the financial statements
 Does not replace or substitute the entity's accounti ng records.
Requirements on Audit Documentation:
1. Timely preparation of audit documentat ion – Audit documentation prepared by the auditor on a
timely basis will help to:
a. Enhance the quality of the audit; and
b. Facilitates the effective review and evaluati on of the audit evidence obtained and conclusions reached
before the auditor's report is finalized
2. Documentation of the audit procedures perfor med and audit evidence obtained – This includes:
a. Documentation of compliance with PSAs:
(1) Compliance with PSA 230 (Redrafted) – Audit Documentation
(2) Compliance with other PSAs (other PSAs contain specific documentation requirements that are
intended to clarify the application of PSA 230)
b. Documentation of the nature, t iming and extent of audit procedures: The auditor shall
record:
AT – Audit Documentation Red Sirug Page 1

(1) The identifying characteristics of the specific items or matters tested
(2) Who performed the audit work and the date such work was completed, and
(3) Who reviewed the audit w ork performed and the date and extent of such review
c. Documentation of significant matters:

Examples of significant matters include:
 Matters that give rise to significant risks
 Results of audit procedures indicating:
1) That the financial statements could be materially misstated, or
2) A need to revise the auditor's previous assessment of the risks of material
misstatement and the auditor's responses to those risks
 Circumstances that cause the auditor significant difficulty in applying necessary audit
procedures.
 Findings that could result in a modification to the audit opinion or the inclusion of an
Emphasis of Matter paragraph in the auditor's repor t
d. Documentation of significant professional judgments: This documentation serves to:

(1) Explain the auditor's conclusions and
(2) Reinforce the quality of the j udgment
The auditor may consider it helpful to prepare and retain as part of the audit documentation a
summary (sometimes known as a complet ion memorandum) that describes the significant
matters identified during the audit and how they were addressed, or that includes cross -references
to other relevant supporting audit documentation that provides such information.
e. Documentation of discussions of significant matters wit h management, those charged with

governance, and others (other personnel within the entity, and external part ies)
This documentation shall include:
(1) The nature of the significant matters discussed and
(2) When and with whom the discussions took place
 The documentation is not limited to records prepared by the auditor but may include other
appropriate records such as minutes o f meetings prepared by the entity's personnel and
agreed by the auditor.
f. Documentation of how inconsistencies have been addressed

If the auditor identified information that is inconsistent with the auditor's final conclusion regarding
a significant matter, the auditor shall document how the auditor addressed the inconsistency. The
auditor need not retain documentation that is incorrect or superseded.
g. Documentation of how departure from a relevant PSA requirement has been addressed
If, in exceptional circumstances, the auditor judges it necessary to depart from a relevant
requirement in a PSA, the auditor shall document:
1) How the alternative audit procedures performed achieve the aim of that requirement, and
2) The reasons for the depar ture
Allowed departure from a relevant PSA requirement:
a. The PSA is not relevant (for example, in a continuing audit engagement, nothing in Initial
Audit Engagements – Opening Balances under PSA 510 (Redrafted) is relevant; or
b. The circumstances envisioned do not apply because the requirement is conditional and the
condition does not exist (for example, the requirement to modify the auditor's opinion where
there is an inability to obtain sufficient appropriate audit evidence, and there is no such
inability).
h. Documentation of how matters arising after the date of the auditor's report have been
addressed
In exceptional circumstances where the auditor performs new or additional audit procedures or
draws new conclusions after the date of the auditor's repor t, the auditor shall document:
a. The circumstances encountered
b. The new or additional audit pr ocedures performed, audit evidence obtained, and conclusions
reached, and their effect on the auditor's report, and
c. When and by w hom the resulting changes to audit documentation were made and reviewed
Matters arising after the date of the auditor's report:
Examples of exceptional circumstances include facts which become know n to the auditor
after the date of the auditor's report but which existed at that date and w hich, if known at that
date, might have caused the financial statements to be amended or the auditor to modify the
opinion in the auditor's report.
3. Complet ion of assembly of final audit file on a t imely basis, ordinar ily not more than 60 days

after the date of the auditor's report
Changes to the audit documentat ion:

 During the final assembly process: Changes are allowed if the changes to be made are
administrative in nature , such as:
a. Deleting or discar ding superseded information.
b. Sorting, collating and cross-referencing w orking pa pers.
c. Signing off on completion checklist relating to the file assembly process.
d. Documenting audit evidence that the auditor has obtained, discussed and agreed with the
relevant members of the engagement team before the date of the auditor’s report.
 After the complet ion date of the assembly of the final audit file: Changes are not
allowed.
 The completion of the assembly of the final audit file after the date of the auditor’s report is
an administrative process that does not involve the performance of new procedures or the
drawing of new conclusions.
 After the assembly of the final audit file has been completed, the auditor shall not delete or
discard audit documentation of any nature before the end of its retention period.
 In circumstances where the auditor finds it necessar y to modify existing audit documentation
or add new audit documentation after the assembly of the final audit file has been completed,
the auditor shall, regardless of the nature of the modifications or additions, document:
a. The specific reasons for making them, and
b. When and by w hom they were made and reviewed
An example of a circumstance in w hich the auditor may find it necessary to modify existing
audit documentation or add new audit documentation after file assembly has been completed is
the need to clarify existing audit documentation arising from comments received during
monitoring inspections performed by internal or external parties.
4. Requirements as to for m, content and extent of audit documentation:
a. Auditor’s judgment: The form, content and extent of audit documentation are based on the
auditor’s decision/judgment since it is neither necessary nor practical for the auditor to document every
matter he/she has considered or professional judgment he has made in an audit.
The audit documentation shall be designed to meet the circumstances and the auditor's needs for
each individual audit.
b. Use of “Exper ienced auditor ” concept: The auditor shall prepare audit documentation that is
sufficient to enable an experienced auditor, having no previous connection with the audit, to
understand:
a. The nature, timing, and extent of the audit procedures performed to comply with the PSAs (and
applicable legal and regulatory requirements)
b. The results of the audit procedures performed, and the audit evidence obtained, and
c. Significant matters arising during the audit, the conclusions reached thereon, and significant
professional judgments made in reaching those conclusions
Experienced auditor – means an individual (whether internal or exter nal to the firm) who has
practical audit experience, and a reasonable understanding of:
 Audit processes
 PSAs and applicable legal and regulatory requirements
 The business environment in w hich the entity operates, and
 Auditing and financial repor ting issues relevant to the entity's industry
Other important qualities of good audit documentation:

 Concise but complete: Audit documentation should be concise but complete in itself
that it does not require oral explanation.
 Accurate: Audit documentation should be free from errors, clerical or computational.
 Proper ly organized: Audit documentation should be appropriately organized to provide
a clear link to the significant matters and to facilitate review of audit w ork.
Elements of audit documentation:

Working papers should be properly organized to facilitate their review. Working papers should
have the following elements:
1. Heading – used to properly identify each working paper; the heading would include:
a. Name of the client
b. Type/title of working paper
c. Description of its content, and

d. Date or period covered by the examination
2. Dates and initial of staff auditors who perfor med the audit procedures and
reviewers
3. Indexing – audit working papers are indexed by means of reference numbers to show
the relationship between findings, conclusions, and the related facts
Purposes of indexing:
 To better organize the working papers
 To aid in cross-referencing to other wor king papers
4. Cross-indexing / cross referencing – T he primar y purpose of cross-indexing audit
working papers is to:
a. Permit cross-referencing and
b. Simplify super visor y review by providing an audit trail of related items through the
working papers
For example, reported findings should be adequately cross-referenced to supporting
documentation.
5. Tickmar ks – symbols that indicate the audit procedures per formed
 Audit documentation should include explanations of any tickmarks used.
c. For m of audit documentat ion: Audit documentation may be recorded on paper or on electronic or
other media.
 Oral for m: Oral explanations by the auditor, on their ow n, do not represent adequate
suppor t for the work the auditor performed or conclusions the auditor reached, but may be
used to explain or clarify information contained in the audit documentation.
d. Factors to consider in deciding the for m, content and extent of audit documentation:
(1) The size and complexity of the entity.
(2) The nature of the audit procedures to be perfor med.
(3) The identified (and assessed) risks of material misstatement – this w ould include audit risk (or its
components), materiality levels, and existence of material fraud and errors
(4) The significance of the audit evidence obtained.
(5) The nature and extent of exceptions identified.
(6) The need to document a conclusion or the basis for a conclusion not readily determinable from the
documentation of the w ork performed or audit evidence obtained.
(7) The audit methodology and tools used.
Classification / Composit ion of Audit Documentation:

In the case of recurring audits, wor king paper files are classified:
1. Per manent files – contain information of historical or continuing or long- term significance/interest to
the auditor in performing current audit. Permanent files are simply updated with new information of
continuing importance to the auditor.
Permanent files include:
a. Information such as:
 Organizational chart and excerpts from job manuals that indicate responsibilities
 Analysis of business and industry
 Chart of accounts and accounting procedures manuals
 Carryforward schedules – continuing analyses of long-term accounts (such as PPE,
intangible assets, long-term liabilities and stockholders' equity accounts) whose balances are
carried forward in the permanent file
 Analyses of internal control or information to understanding of internal control and assessment
of control risk (include flowcharts, narrative descriptions, questionnaires, etc.) from previous
year audit
 Information regar ding related parties
b. Copies, extracts or excerpts of entity’s important legal documents and agreements such as:
 Corporate charter or Articles of Incor poration (or ar ticles of co-partnership) and By-laws
 Major contracts (such as lease contracts and bond and note indentures) that affect future
periods
 Pension plans, stock option plans, profit-sharing plans and employee bonus
 Terms of share capital and bond issues
 Engagement letter
2. Current audit file – contains evidence gathered, descriptions of auditing procedures performed and
conclusions reached relevant to the audit of a par ticular year or single period. Current audit file is
designed to support management assertions in the financial statements.
Current audit file includes all wor king papers accumulated during the current year’s audit:
 Copy of the financial statements and audit report

 Administrative working papers:
 Overall audit strategy and audit plan
 Audit programs – a detailed list of audit procedures (tests of controls and/or substantive
tests) that the auditor will perform to gather sufficient appropriate evidence
 Time budgets – an estimate of time that will be spent in executing audit procedures listed in
the audit program
 Working (top) trial balance – shows a list of unadjusted ending balances of accounts or line
items that are to be show n on the financial statements
A working trial balance resembles the financial statements without footnotes, but contains
columns for unadjusted year-end balances (per books), adjusting and reclassifying entries, and
adjusted year-end balances (per audit).
 Proposed adjusting and reclassify ing entries – proposed adjustments are intended to correct
material misstatement discovered by the auditor in the conduct of audit while reclassifications are
made to properly present information in the financial statements (even w hen the general ledger
balances are correct)
Reclassification entries are entries made for financial statement presentation pur poses.
They are recorded in the financial statements but not in the general ledger.
 Lead schedule or top schedule (assembly sheet) – shows the major components of an
amount repor ted as a line item on the face of the financial statements
The lead schedule supports each line item on the working trial balance by
combining/grouping/summarizing similar or related items contained on the supporting
schedules. In other words, it eliminates voluminous details from the auditor’s working trial
balance.
 Supporting schedules – schedules that suppor t specific amounts on the financial statements by
providing details of amounts aggregated in the lead schedule
An example of a suppor ting schedule is a bank reconciliation schedule to suppor t cash in bank.
Supporting schedules usually represent the largest portion of the auditor's working papers.
 Account analysis – shows the activity (transactions – both debits and credits) in a particular
balance sheet account during the period under audit, tying together the beginni ng and ending
balances
 Audit memoranda – include documentation on discussions of certain items such as internal
control, inventory obser vation, errors identified, and problems encountered
 Correspondence (including e- mail) concerning significant matters – includes
correspondence with other parties such as lawyers, customers, banks, and management
 Audit notes – used to record items of work to be done and questions concerning the audit
investigation
 Documentation of corroborating infor mat ion:
 Confirmation replies
 Letters of representation
 Abstract or copies of client’s agreements and minutes of board of directors’ meeting
 Summar ies of significant matters – include matters such as:
 Significant risks
 Possibility of risk of material misstatements
 Revision of previous assessment of the risks of material misstatement
 Circumstances that cause significant difficulty in applying necessary audit procedures
 Findings that could result in a modification to the audit opinion
3. Other types of files:

a. Tax files – contain files of information on client’s income taxes and other business taxes that may
be used as bases for:
 Preparing current year’s tax returns
 Preparing other tax-related ser vices
 Representing the client in tax assessment case
b. Correspondence file – contains all correspondence/letters to or from (or in behalf of) a client
c. Complet ion memorandum – a summary that describes the significant matters identified during
the audit and how they are addressed
Exclusions from Audit Documentation:

The auditor need not include in audit documentation the following:
a. Superseded drafts of working papers and financial statements
b. Notes that reflect incomplete or preliminary thinking
c. Previous copies of documents corrected for typographical or other errors, and
d. Duplicates of documents
Superv isory Rev iew of Audit Documentation:

 The auditor is required to review the audit wor k performed through review of the audit documentation.

 A supervisory review of audit documentation is conducted to determine if working papers adequately
suppor t audit findings, conclusions, and opinion/reports.
Auditor/CPA fir m’s Responsibility on Audit Documentation:

CPA firms shall adopt policies and procedures regarding the following:
1. Timely completion of assembly of final audit file – The appropriate time limit within which to
complete the assembly of the final audit file is ordinarily not more than 60 days after the date of the
auditor's report.
2. Confidentiality, safe custody, integrity, accessibility and retrievability of audit
documentation:
 Confidentiality: Firm’s personnel shall obser ve confidentiality of information at all times
contained in the audit documentation, unless specific client authority has been given to disclose
information, or there is a legal or professional duty to do so.
 Design and implementation of controls to avoid/prevent unauthorized alteration or lost
or damage of audit documentat ion (whether audit documentation is in paper, electronic or
other media)
For example, appropriate controls should protect the integrity of the information at all stages of
the engagement, especially w hen the information is shared within the engagement team or
transmitted to other parties via the Internet.
 Design and implementation of controls to maintain the confident iality, safe custody,
integrity, accessibility and retrievability:
Examples of these controls include:
 The use of a password to restrict access to electronic audit engagement documentation to
authorized users.
 Appropriate backup routines for electronic audit documentation at appropriate stages during
the engagement.
 Procedures for restricting access to hardcopy audit documentation
3. Retention of audit documentation: The CPA firm shall establish policies and procedures for the
retention of audit documentation for a period sufficient to meet the needs of the firm’s practice and to
satisfy any pertinent legal requirements of record retention.
 The retention period for audit engagements would ordinarily be no shorter than seven (7) years
from the date of the auditor’s report, or, if later, the date of the group auditor’s report. (based on
proposed PSQC 1)
The SEC requires a retention period of seven (7) years under its rules for accreditation of
external auditors.
 The auditor should not delete or discard audit documentation before the end of its retention peri od.
Ownership of Audit Documentation:

 Legal prov ision (Sec. 29 of RA 9298 – Ownership of Working Papers): All working papers,
schedules and memoranda made by a CPA and his staff in the course of an examination, including
those prepared and submitted by the client, incident to or in the course of an examination, by such
CPA, except reports submitted by a CPA to a client shall be treated confidential and privileged and
remain the pr operty of such CPA in the absence of a written agreement between the CPA and the
client, to the contrary, unless such documents are required to be produced through subpoena issued by
any court, tribunal, or government regulatory or administrative body.
 PSA prov ision on ownership of audit documentation: Unless otherwise specified by law or
regulation, engagement documentation is the pr operty of the firm (or auditor). The firm/auditor may,
at its discretion, make portions of, or extracts from, engagement documentation available to clients,
provided such disclosure does not undermi ne the validity of the wor k performed, or, in case of
assurance engagements, the independence of the firm or its personnel.
 Audit documentation or wor king papers are the personal property of the auditor/audit firm and
the client has no right to the wor king papers prepared by the auditor. However, they cannot
be shown to third parties under the rule on confidentiality, unless specific client authority has
been given to disclose information, or there is a legal or professional duty to do so.
 Although certain wor king papers may sometimes ser ve as a useful reference source for his
client, auditor’s working papers should not be regarded as part or substitute for the client's
accounting records.

AUDIT SAMPLING
(And Other Means of Test ing)
Means for Selecting Items for Testing to Obtain Audit Ev idence:

 When designing tests of controls and tests of details, the auditor shall determine the means of selecting
items for testing that are effective in meeting the purpose of the audit procedure.
 The means available to the auditor for selecting items for testing are (the auditor may use any one or
combination of these):
a. Selecting all items (100% examination);
b. Selecting specific items; and
c. Audit sampling
Select ing All Items (100% Examinat ion):

Select ing all items – involves examining the entire population of items that make up a class of
transactions or account balance
100% examination is:
 More common for tests of details
 Unlikely for tests of controls
 Appropriate when:
 The population constitutes a small number of large value items
 There is significant risk (high RMM) and other means do not provide sufficient appropriate
audit evidence, or
 Cost effective – the repetitive nature of a calculation or other process performed
automatically by an information system makes a 100% examination cost effective (for
example, using computer-assisted audit techniques (CAATs)
Select ing Specific Items:

Select ing specific items – judgmental selection of specific items from a population based on the following
factors:
 Auditor’s understanding of the entity
 Assessed risk of material misstatement
 Characteristics of the population being tested
Specific items that may be selected by the auditor include:

 High value or key items . The auditor may examine items of high value or items that exhibit some
other characteristic (for example, items that are suspicious, unusual, particularly risk-prone or that
have a history of error).
 All items over a certain amount. The auditor may decide to examine items whose values exceed a
certain amount so as to verify a lar ge proportion of the total amount of a class of transactions or an
account balance.
 Items to obtain information. The auditor may examine items to obtain information about matters
such as the nature of the entity or the nature of transactions.
 Items to test control activities . The auditor may use judgment to select and examine specific items
to determine w hether or not a particular control activity is being performed.
 Selecting specific items for examination does not constitute audit sampling and therefore, not
subject to sampling risk.
 The results of audit procedures applied to selected specific items cannot be projected to the entire
population; accordingly, selective examination of specific items does not provide audit evidence
concerning the remainder of the population.
Audit Sampling:
Audit sampling (sampling) – the application of audit procedures to less than 100% of the items within a
population of audit relevance (account balance or class of transactions) such that all sampling units have a
chance of selection in order to provide the auditor with a reasonable basis on whi ch to draw conclusions about
the entire population
 Audit sampling is the means that enable the auditor to draw conclusions about the population on
the basis of testing a sample draw n from it.
 Sampling is essential throughout audits as auditors attempt to gather sufficient appropriate
evidence in a cost efficient manner.
 Audit sampling is not required part of any audit procedure because when designing audit
procedures, the auditor should determine appropriate means of selecting items for testing.
 Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of
transactions and balances ( variables sampling). In both attributes sampling and variables sampling,
the plans may be either non-statistical or statistical.
AT – Audit Sampling Red Sirug Page 1

Audit Sampling Ter ms:
 Populat ion – the entire set of data from which a sample is selected and about which the auditor wishes
to draw conclusions
 Sample – the portion of the population that will be subjected to audit testing
 Sampling unit – the individual items constituting a population; also known as population item,
observation, or elementary unit
 Representative sample – a sample in which the characteristics of the sample are the same as those
of the population
 Sampling risk – The risk that the auditor's conclusion based on a sample may be different from the
conclusion if the entire population were subjected to the same audit procedure.
 Anomaly – a misstatement or deviation that is demonstrably not representative of misstatements or
deviations in a population
 Confidence level – the mathematical complements of sampling risks; also known as reliability or
confidence
 Stratificat ion – the process of dividing a population into sub-populations, each of which is a group of
sampling units which have similar characteristics (often monetary value)
 Tolerable misstatement (in substantive procedures) – a monetary amount set by the auditor in
respect of which the auditor seeks to obtain an appropriate level of assurance that the monetary amount
set by the auditor is not exceeded by the actual misstatement in the population; it is the maximum total
error in a population that the auditor is willing to accept
 Tolerable rate of deviat ion (in tests of controls) – a rate of deviation from prescribed inter nal control
procedures set by the auditor in respect of w hich the auditor seeks to obtain an appropriate level of
assurance that the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in
the population; it is the maximum rate of deviation from the prescribed control procedure the auditor is
willing to accept without changing control risk assessment or planned reliance on internal control
 Error – either contr ol deviations, when performing tests of contr ol, or misstatements, w hen performing
substantive procedures.
 Total error – either the rate of deviation (in case of tests of control) or total misstatement (in case of
substantive procedures)
 Anomalous error – means an error that arises from an isolated event that has not recurred other than
on specifically identifiable occasions and is therefore not representative of errors in the population
 Expected error –
a. Expected error amount – in substantive tests, it is the auditor's best estimate of the amount of
error the auditor expects to find in the population
b. Expected deviat ion rate – in tests of control, it is the auditor's best estimate of the rate of
deviation from a prescribed control procedure in the population
Applicability of Audit Sampling:

 Where an auditor has no special knowledge about likely misstatements contained in account balances and
transactions
 When the auditor believes that the sample is to be a good representative of the population
Inapplicability of audit sampling: Situations w here audit sampling generally do not apply:
a. Risk assessment procedures performed to obtain an understanding of internal control.
b. Tests of automated application controls when effective general controls are present. (Generally,
such contr ols would only be tested once or a few times.)
c. Analyses of security and access contr ols, or other controls that do not provide documentar y
evidence of performance (e.g., controls related to segregation of duties).
d. Some tests related to the operation of the control environment or the accounting system (e.g.,
examination of the effectiveness of activities performed by those charged with governance).
Lists procedures that do not involve sampling:

a. Inquir y and obser vation
b. Analytical procedures
c. Procedures applied to ever y item in a population
d. Tests of controls where application is not documented
e. Procedures from which the auditor does not intend to extend a conclusion to the remaining item
in the account (for example, tracing several transactions through accounting system to obtain
understanding)
f. Untested balances
General Approaches to Audit Sampling:

1. Statistical sampling – an approach to sampling that has the following characteristics:
a. Random selection of a sample; and
b. Use of probability theor y to evaluate sample results, including measurement of sampling risk

 Statistical sampling applies the law of probability theor y to aid the auditor in designing a sampling
plan and evaluating sample results.
 In statistical sampling, auditors specify the sampling risk they are willing to accept and then calculate
the sample size that provides that degree of reliability. Results are evaluated quantitatively.
 Statistical sampling measures quantitatively the sampling risk (the risk from testing only part of an
audit population).
 Advantages of statistical sampling: Conclusions may be drawn in more precise ways when
using statistical sampling because it enables the auditor to:
a. Measure the sufficiency of the audit evidence obtained.
b. Provide an objective basis for quantitatively evaluating sample results –more objective audit
evidence
c. Design an efficient sample.
d. Quantify/measure sampling risk so as to limit it to an acceptable level.
e. Measure reliability (confidence level), precision, and sampling error (sampling risk).
 Disadvantages of statistical sampling:
 Danger of accepting statistical evidence at face value without sufficient skepticism
 Its cost could exceed the benefits
 Inappropriate it some cases (for example, test of controls that depend on segregation fo duties
or otherwise provide no audit trail of documentary evidence)
 In statistical sampling, random sample selection methods should be used to give all items in the
population an equal chance to be included in the sample to be audited.
2. Non-statistical sampling – a sampling approach that does not have both characteristics of statistical
sampling
 Non-statistical sampling (or judgment sampling) is based solely on the auditor’s judgment. The sample
size is not determined mathematically. Auditors rely exclusively on subjective judgment to determine
sample size and to evaluate sample results.
 A properly designed non-statistical sampling application can be as effective as statistical sampling
application.
 One disadvantage is that it can misdirect an auditor to unreliable sampling units.
Additional notes on statistical and non-statistical sampling:

 Statistical sampling is a mathematical approach to inference, whereas non-statistical sampling is a
more subjective approach.
 Conclusions may be drawn in more precise ways when using statistical sampling methods.
 Both sampling approaches involve judgment in planning, executing the sampling plan, and evaluating
the results of the sample.
 It is acceptable for auditors to use either or combination of statistical and non-statistical sampling.
The choice is based primarily on the auditor’s assessment of the relative costs and benefits. Such
choice is independent of the selection of audit procedures because audit sampling is merely a means
for accomplishing audit procedures.
 Both sampling approaches can pr ovide sufficient appropriate evidence.
 Sampling methods are used by auditors in both control testing and substantive testing.
Auditor’s professional judgment:

 Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgment. In other wor ds, statistical sampling does not eliminate the need for the auditor’s professional
judgment.
 The auditor must exercise professional judgment in both statistical and non-statistical sampling to:
a. Define the population and the sampling unit;
b. Select the appropriate sampling method;
c. Evaluate the appropriateness of audit evidence;
d. Evaluate the nature of deviations or errors;
e. Consider sampling risk; and
f. Evaluate the results obtained from the sample and project those results to the population.
Types of Audit Sampling Plan:

Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of transactions
and balances (usually, variables sampling). In both attributes sampling and variables sampling, the plans may be
either non-statistical or statistical.
1. Attribute sampling – estimates the attribute or quality characteristic of a population
 Applicable to tests of controls because attribute sampling deals with estimating deviation rate
(also called rate of occurrence) from prescribed control procedures that the auditor plans to rely
upon
2. Variables sampling – estimates the numerical quantity of a population
 Applicable to substantive testing because variables sampling deals with peso or monetary
amount of misstatement in account balances

 Ordinarily, risk assessment procedures to obtaining understanding of the entity and its environme nt,
including internal control, do not involve the use of audit sampling.
 Audit sampling for substantive procedures applies to tests of details only.
Sampling Risk:
Sampling risk – the possibility that the auditor’s conclusion, based on a sample may be different from the
conclusion reached if the entire population were subjected to the same audit procedure.
 The risk that the sample is not representative of the population and that the auditor's conclusion will
be different from the conclusion had the audi tor examined 100% of the population.
 The possibility that even though a sample is properly chosen, it may not be representative of the
population.
 Sampling risk can be reduced by increasing the sample size.
 Sampling risk is an inherent part of sampling tha t results from testing less than the entire population.
Two Types of Sampling Risk:

1. Risk that affects audit effectiveness and may lead to an inappropr iate audit opinion (“Beta
risk” or “Type II error”) – the risk the auditor will conclude that:
a. Risk of assessing control risk too low – in case of a test of control, that the assessed control risk is
lower than it actually is
b. Risk of incorrect acceptance – in case of a substantive test, conclusion that a material error does not
exist w hen in fact it does
2. Ris k that affects audit efficiency as it would usually lead to addit ional wor k to establish that
initial conclusions were incorrect (“Alpha risk” or “Type I error”) – the risk the auditor will
conclude that:
a. Risk of assessing control risk too high – in case of a test of control, that the assessed control risk is
higher than it actually is
b. Risk of incorrect rejection – in case of a substantive test, conclusion that a material error exists
when in fact it does not
Aspects of Audit Risk(Aspect of detection r isk):

Audit risk is a combination of the risk that a material misstatement will occur (inherent risk and control
risk) and the risk that it will not be detected by the auditor (detection risk).
1. Sampling r isk – the risk or the possibility that, when a test of controls or a substantive test is restricted to
a sample, the auditor's conclusions base on a sample may be different from the conclusions which would
have been reached had the tests been applied to all items in the population
 Sampling risk is the aspect of audit risk and of detection risk that is due to sampling.
Aspects of sampling r isk:

a. Substant ive testing sampling r isks:
1) Risk of incorrect acceptance – the risk that the auditor will conclude that a material error in an
account balance (based on the sample) does not exist when in fact it does (i.e., sample results fail
to identify an existing material misstatement).
2) Risk of incorrect rejection – the risk that the auditor will conclude that a material error in an
account balance exists w hen in fact it does not (i.e., sample results mistakenly indicate a material
misstatement).
b. Tests of controls sampling risks:
a. Risk of assessing control risk too high or the risk of under reliance (Alpha risk or Type I
error) – the risk that the assessed level of contr ol risk (based on the sample) is greater than the
true level of control risk (i.e., sample results indicate a greater deviation rate than actually exists in
the population).
 This risk means that the auditor wrongly concludes that the control risk is higher than it actually
is.
 This risk relates to audit efficiency as it w ould lead o additional w ork. If the auditor assesses
control risk too high, substantive tests will consequently be expanded beyond the necessary
level, leading to audit inefficiency.
b. Risk of assessing control risk too low or the risk of over reliance (Beta risk or Type II
error) – the risk that the assessed level of control risk (based on the sample) is less than the
actual/true level of control risk (i.e., sample results indicate a lower deviation rate than actually
exists in the population).
 This risk means that the auditor wrongly concludes that the contr ol risk is lower than it actually
is.
 This risk relates to audit effectiveness. If the auditor assesses control risk too low,
substantive tes ts will not be expanded to the necessar y level to ensure an effective audit. This
would more likely lead to an inappropriate audit opinion.
Analysis of Sampling Risks:

Aspects of Auditor’s Effect on audit wor k
sampling r isks wrong because of wrong Sacrificed
conclusion conclusion
Risk of incorrect Not materially Performance of less Effect iveness of the audit
acceptance misstated when extensive substantive because it may lead to
in fact materially tests inappropriate opinion due
misstated to inappropriate less
extensive substantive tests
Risk of incorrect Materially Additional wor k Efficiency of the audit
rejection misstated when (performance of because of unnecessar y
in fact not unnecessary more additional wor k
materially extensive substantive
misstated tests)
Risk of assessing ↓CR than actual Performance of tests of Effect iveness of the audit
control risk too CR – internal controls and less because it may lead to
low (risk of over control is reliable extensive substantive inappropriate opinion due
reliance) tests to inappropriate less
extensive substantive tests
Risk of assessing ↑ CR than actual Additional wor k (because Efficiency of the audit
control risk too CR – internal non-performance of tests because of unnecessar y
high (risk of under control is not of controls would lead to additional wor k
reliance) reliable the per formance of
unnecessary more
extensive substantive
tests)
2. Non-sampling risk – the risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk
Examples of non-sampling risk:
 The auditor might use/select inappropriate audit procedures (audit procedures that are not
appropriate to achieve a specific objective)
 The auditor might misinterpret evidence or the results of audit tests
 The auditor may fail to recognize an error (for example, failure by the auditor to recognize a
misstatement or deviation in documents examined)
 Non-sampling risk pertains to all aspects of audit risk that are not due to sampling. It refers to
the possibility that auditors will arrive at an erroneous conclusion not because of the chosen
sample but due to other factors.
 Non-sampling risk is always present and cannot be measured.
 Non-sampling risk can be controlled by adequate planning and super vision of audit wor k and
proper adherence to quality control standards.
Sampling r isk and non-sampling risk can affect the components of audit r isk. For
example, when performing tests of control, the auditor may find no errors in a sample and conclude
that control risk is low, whe n the rate of error in the population is, in fact, unacceptably high
(sampling risk). Or there may be errors in the sample which the auditor fails to recognize (non-
sampling risk).
Types of Statistical Sampling Plans:

1. Attribute sampling – the method used to estimate the rate (%) of occurrence (or exception) of a specific
characteristic or attribute
 Attribute sampling used in tests of controls.
 In attribute sampling, samples taken to test the operating effectiveness of controls are intended to
provide a basis for the auditor to conclude w hether the controls are being applied as prescribed.
 Attribute sampling generally deals with yes/no questions. For example, "Are time cards properly
authorized (i.e., to assure recorded hours were worked)?", or "Are invoices properly voided (e.g.,
stamped "paid") to prevent duplicate payments?"
Commonly used attribute sampling techniques/ models:

a. Attribute estimat ion sampling – a statistical sampling plan that uses a fixed sampling plan
(for example, testing a single sample)
 It is used when the auditor wishes to estimate a true but unknow n population deviation
rate.
b. Discovery sampling – a special type of attribute sampling appropriate w hen the auditor
believes the expected population deviation rate is zero or near zero and when the auditor’s
objective is to find at least one deviation in the sample if actual population deviation rate

exceeds or equal a predetermined critical rate (tolerable deviation rate)
 Discover y sampling should be used to estimate w hether a population co ntains critical
deviations.
 It is used when the auditor is looking for a very critical characteristic or deviations (e.g.,
fraud). The auditor predeter mines the desired reliability (confidence) level (e.g., 95%) and
the maximum acceptable tolerable rate (e.g., 1%), and a table is then used to determine
sample size. If no deviations are found in the sample, the auditor can be 95% certain that
the rate of deviation in the population does not exceed 1%. If deviations are found, a
regular attribute sampling ta ble may be used to estimate the deviation rate in the
population, and audit procedures may need to be expanded.
c. Stop-or-go sampling (sequent ial sampling) – is designed to avoid oversampling for
attributes by allowing the auditor to stop an audit test before completing all steps
 It is used when the auditor expects zero or ver y few deviations in the population.
 It separates the sampling process into several states or steps. After a step, the auditor
decides whether to stop or to go on to the next step. In each step, the auditor
determines if it is warranted to accept or increase the preliminary level of contr ol risk.
2. Variables sampling – method used in reaching a conclusion in peso amounts

 Variables sampling is used in substantive tests.
a. Probability-proportional-to-size (PPS) sampling – sampling technique where the sampling unit is

defined as an individual peso in a population
 PS is a sampling plan that automatically stratifies the population.
 PPS uses a peso as a sampling unit. Once a peso is selected, the entire account (containing that
peso) is audited.
 PPS is only useful for tests of overstatements (for example, of assets). T hus, it is not appropriate
for testing liabilities because understatement is the primary audit consideration.
b. Classical variables sampling – a statistical sampling method used to estimate the numerical
measurement of a population, such as a peso value (e.g., accounts receivable balance)
 The objective of variables sampling is to obtain evidence about the reasonableness of monetar y
amounts. The auditor estimates the true value of the population by computing a point estimate of
the population and computing a precision inter val around this point estimate.
 Classical variables sampling measures sampling risk by using the variation of the underlying
characteristic of interest.
Three commonly used classical variables sampling:

1. Mean- per-unit estimation – a sampling plan that uses the average value of the items in the
sample to estimate the true population value by multiplying average sample value by the number of
items in population. MPU does not require the book value of the population to estimate true
population value.
2. Ratio est imat ion – a sampling plan that uses the ratio of the audited (correct) values/amount to
their book values to project the tr ue population value and an allowance for sampling risk
 Ratio estimation is a highly efficient technique when the calculated audit amounts are
approximately proportional to the client's book amounts.
3. Difference estimation – a sampling plan that uses the average difference between the audited
(correct) values of items and their book values to project the actual population value.
 Difference estimation is used instead of ratio estimation when the differences are not nearly
proportional to book values.
Compar ison of PPS sampling to classical var iables sampling
Advantages of PPS sampling Advantages of classical var iables sampling

1. Generally easier to use 1. May result in a smaller sample size if there are
2. Size of sample not based on variation of audited many differences between audited and book
amounts values
3. Automatically results in a stratified sample 2. Easier to expand sample size if that becomes
4. Individually significant items are automatically necessary
identified 3. Selection of zero balances does not require
5. Usually results in a smaller sample size if no special sample design considerations
misstatements are expected 4. Inclusion of negative balances does not
6. Can be easily designed and sample selection require special sample design considerations
can begin before the complete population is
available
Steps in Sampling for Substant ive Testing (Var iables sampling)
1. Deter mine the objective of the test

 The objective of the test must be to satisfy an audit objective pertaining to a particular account balanc e,
that is, to test the reasonableness of a recor ded account balance. For example, the auditor wishes to
estimate the value of the client's accounts receivable balance to satisfy valuation audit objective.
2. Define the populat ion and the sampling unit

 This is to provide assurance that the audit sample to be selected and examined will satisfy the objective
of the test. For example, the population might consist of 5,000 accounts with a recorded book value of
P4,500,000. The auditor would examine 100% of acc ounts for w hich potential errors could equal or
exceed the tolerable error and w ould exclude those accounts from the population to be sampled.
 The auditor should consider the completeness of the population in defining the sampling unit. For
example, each of the 5,000 accounts is a sampling unit.
3. Select an appropr iate audit sampling technique

 Select either non-statistical or statistical sampling. If statistical sampling is used, either probability-
proportional-to-size sampling (PPS) or classical variables techniques may be selected.
4. Deter mine the sample size

 Factors to consider in determining sample size for substantive tests of details:
a. Acceptable risk of incorrect acceptance
b. Acceptable risk of incorrect rejection
c. Tolerable error (tolerable misstatement) – maximum amount of errors (or monetar y misstatement)
that may exist without causing the account balance or class of transactions to be materially
misstated (or maximum amount of error that the auditor is willing to accept)
d. Expected error/misstatement (size, frequency, etc.)
e. Variation within the population (e.g., an estimate of the standard deviation, or variability, of the
population)
Summary of relationships between the above factors and the sample size:
Increases in Effect on Explanat ion
sample size
Risk of incorrect Decrease  This is a sampling risk and sampling risk is reduced by
acceptance increasing the sample size.
Risk of incorrect Decrease  This is a sampling risk and sampling risk is reduced by
rejection increasing the sample size.
Tolerable Decrease  The lower the total error that the auditor is willing to
misstatement (error) accept, the larger the sample size needs to be.
Expected Increase  The greater the expected amount of error in the
misstatement (error) population, the larger the sample size needs to be in
order to make a reasonable estimate of the actual
amount of error in the population.
Variation in the Increase  Increases in variation (standard deviation in classical
population (standar d sampling) result in increases in sample size.
deviation)
Increase in auditor’s Increase  The higher the auditor’s assessment of inherent risk
assessment of control and control risk, the lar ger the sample size needs to be.
risk or inherent risk
Reliance on other Decrease  The more the auditor intends to rely on other
substantive substantive procedures to reduce to an acceptable level
procedures the detection risk, the less assurance the auditor will
require from sampling and, therefore, the smaller the
sample size can be.
Number of items in Negligible effect  The number of items in the population virtually has no
the population effect on sample size unless the population is very
small. In other wor ds, population size is not an issue
provided the population is large.
5. Deter mine the sample selection method

 Generally random number or systematic sampling.
6. Perfor m the sampling plan

 Sample items should be selected in such a way that the sample can be expected to be representative of
the population (e.g., random sampling). In the same example, an appropriate s ample would consist of
individual account balances. Confirmations could then be used to determine the audited values for
sample items.
7. Evaluate the sample results: This includes the following procedure:

a. Projecting the sample error. The auditor projects the misstatements found in the sample to the
population using one of several methods (e.g., MPU, ratio, difference, etc.). The projected misstatement
is applied to the recorded balance to obtain a "point estimate" of the true balance.
b. Considering sampling risk. The auditor must then add an allowance for sampling risk (sometimes called
a "precision interval") to this estimate.
c. Considering qualitative information
d. Reaching an overall conclusion
 In deciding whether to accept the client's book value, the auditor determines whether the recorded
book value falls within the acceptable range (i.e., the point estimate +/- the allowance for sampling
risk). If so, the book value is fairly stated.
 The auditor's treatment of items selected for sampling that cannot be located (e.g., are "lost") will
depend on their effect on the auditor's evaluation of the sample.
 If the sample is representative of the population, the auditor generally will make a correct decision
regarding w hether the account balance is fairly stated.
 If the sample is not representative of the population, the auditor will make an incorrect decision,
either accepting a materially misstated balance, or rejecting a fairly stated balance.
8. Document the sampling procedure

The auditor must document each step in audit sampling as well as the basis for overall conclusions.
Steps in Sampling for Tests of Controls (Attribute sampling)
1. Define the objectives of the test

 Tests of controls are designed to test the operating effectiveness of controls. For example, the auditor
might test controls for billing systems.
2. Define the populat ion

 For tests of controls, the population is the class of transactions being tested. Conclusions based on
sample results can be projected only to the population from which the sample was selected.
3. Define the attribute and dev iation condit ions

 An attribute (or characteristic) would indicate operation of the inter nal control procedures.
 A deviation is a departure from the prescribed internal control policy or procedure. For example, i f the
prescribed procedure to be tested requires the cancellation of each paid voucher, a paid but uncanceled
voucher would constitute a deviation.
4. Deter mine the sample size

 The sample size is determined by considering the following factors:
a. Risk of assessing control risk too low – inverse relationship with the sample size
b. Tolerable deviation rate – inverse relationship with the sample size
c. Expected population deviation rate – direct relationship with the sample size
Summary of relationships between the above factors and the sample size:
Increases in Effect on Explanat ion
sample size
Risk of assessing Decrease  The more assurance the auditor intends to obtain
control risk too low from internal controls, the lower the auditor’s
assessment of control risk will be, and the larger the
sample size will need to be.
 This is a sampling risk and sampling risk is reduced by
increasing the sample size.
Tolerable deviation Decrease  The lower the rate of deviation that the auditor is
rate willing to accept, the lar ger the sample size needs to
be.
Expected population Increase  The higher the rate of deviation that the auditor
deviation rate expects, the larger the sample size needs to be so as
to be in a position to make a reasonable estimate of
the actual rate of deviation.
Number of items in Negligible  The number of items in the population virtually has no
the population effect effect on sample size unless the population is ver y
small. In other words, population size is not an issue
provided the population is large.
5. Deter mine the sample selection method

Pr incipal sample select ion methods: Appropriate sample selection methods could reduce sampling
risk.

a. Random- number sampling – this method uses of a computerized random number generator
or random number tables
 Each item in the population has an equal chance and nonzero probability of selection.
 It is appropriate both for statistical and non-statistical sampling.
b. Systemat ic select ion – the number of sampling units in the population is divided by the
sample size to give a sampling interval regar dless of the amount involved (for example 50, and
having determined a starting point within the first 50, each 50 th sampling unit thereafter is
selected)
 It involves selecting every nth item from a population of sequentially ordered items.
 The auditor need to determine that the sampling units within the population are not
structured in such a way that the sampling interval corresponds with a particular patter n in
the population.
 It is useful for non-statistical sampling, although it can also be useful for statistical plan if
the starting point is selected at random.
c. Haphazard select ion – the auditor selects the sample without following a str uctured
technique, but the method is intended to avoid or predictability (for example avoiding difficult to
locate items, or always choosing or avoiding the first or last entries on a page) and thus
attempt to ensure that all items in the population have a chance of selection
 Haphazard selection, although may be useful for non-statistical sampling, is not appropriate
when using statistical sampling.
d. Block select ion – involves selecting a block(s) of contiguous items from within the population
 Block selection cannot ordinarily be used in audit sampling because most populations are
structured such that items in a sequence can be expected to have similar characteristics to
each other, but different characteristics from items elsew here in the population.
 It often results to excessively high sampling risk.
e. Stratificat ion – grouping of items of similar size and each group is treated as a separate
population; it involves subdiving a population into subpopulations or strata
For example, assume 1,000 items are stratified into two groups: the 100 largest items will all be
examined individually, but sampling techniques will be applied to the remaining 900 items. In
this case, the population size for the sampling application would be 900, not 1,000.
 The primary objective of using stratification as a sampling method is to decrease the effect
of variance or variability of items in the total population.
 Stratification is used when there is a wide range (variability) in the monetary size of items
in the population.
 This method will enable the auditor to direct his efforts towards the items he considers he
would potentially contain the greater monetar y error.
f. Value-weighted selection – sets the high-value items as priority to be included in the sample
6. Perfor m the sampling plan

 The sampling units selected should be examined for the attributes or quality characteristics of interest
and deviations should be documented in the wor king papers.
7. Evaluate and document results: These include the following:

a. Determine the sample dev iat ion rate
= Number of deviations obser ved
Sample size
b. Determine the maximum population dev iation rate (achieved upper dev iation rate) and the
allowance for sampling risk (achieved precision)
 The maximum dev iation rate is based on the sample size and the number of deviations
discovered. The auditor uses standard tables that yield maximum population de viation rates at
specified risk of assessing control risk too low.
 Allowance for sampling risk = Maximum deviation rate – Sample deviation rate
 When the deviation in the sample is at the expected deviation rate or less, the auditor can
continue using his planned assessment of control risk. If it happens to be greater than
expected, reassessment of risk is necessar y. Usually, an increase in such should be made.
 The stronger the internal control, the lower the control risk, the lower the tolerable deviation
rate.
c. Consider qualitative consideration (such as the nature of each deviation, its importance, and probable
cause)
d. Reach an overall conclusion
 The overall conclusion relates to assessing control risk after considering all available quantitative and
qualitative information.

COMPLETING THE A UDIT
Character istics of the procedures perfor med in completing the audit:

a. The procedures are required to be performed
b. The procedures are performed near the end of the audit (on or near the last day of fieldwork)
c. The procedures do not per tain to specific transaction cycles or accounts
d. The procedures are usually performed by audit managers or other senior members of the audit team
who have extensive audit experience with the client
e. The procedures involve many subjective judgments by the auditor
AUDIT PROCEDURES IN COMPLETING THE A UDIT:
1. Search for unrecorded liabilities

 The auditor examines cash disbursements made subsequent to balance sheet date. The
purpose is to verify if those disbursements for purchases or expenses incurred as of the balance
sheet date were properly accrued and recorded as liabilities in the current year.
Search for unrecorded liabilities addresses the completeness assertion (to provide assurance
that amount owed to others are recor ded by the entity).
2. Review related party transactions (to ensure that they have been properly identified, recorded
and disclosed in the financial statements)
 Related party – a party related to an entity because of any of the following:

 Control, common control, significant influence, joint control – w hether direct or indirect
 Associate
 A fellow venturer
 A member of the key management personnel
 Close member of the family
 A post-employment benefit plan
 Related party transaction – transfer of resources, ser vices or obligations between related
parties, regardless of whether a price is changed
 Management responsibility: Management is responsible for identification and disclosure of
related par ties and related party transactions.
 Auditor’s responsibility:
a. To ensure that related par ties and related par ty transactions have been properly identified,
recorded and disclosed in the financial statements.
b. To review information provided by those char ged with governance and management
identifying the names of all know n related parties and transactions with such par ties.
c. To obtain a written representation from management concerning:
(1) Completeness of information on identification of related parties; and
(2) Adequacy of disclosure in the financial statements
 An audit cannot be expected to detect all related party transactions.
Audit procedures to identify related parties:

 Performing detailed tests of transactions and balances
 Reviewing minutes of meetings of shareholders and those charged with governance
 Reviewing accounting records for large or unusual transactions and balances, paying
particular attention to transactions recognized at or near the end of the reporting period.
 Reviewing confirmations of loans receivable and payable and confirmations from banks (such
review may indicate guarantor relationship and other related party transactions)
 Reviewing investment transactions (for example, purchase or sale of an equity interest in a
joint venture or other entity)
Audit procedures to determine completeness of related party infor mation prov ided by
those charged with governance and management:
1. Reviewing prior year’s working papers for names of know n related parties
2. Review the entity’s procedures for identification of related parties
3. Inquire as to the affiliation of those charged with governance and officers with other entities
4. Review shareholder recor ds to determine the names of principal shareholders or, if
appropriate, obtain a listing of principal shareholders from the share registrar
5. Review minutes of meetings of shareholders and those char ged with governance and other
relevant statutory recor ds such as the register of director’s interest
6. Inquire of other auditors currently involved in the audit, or predecessor auditors, as to their
knowledge of additional related par ties
7. Review the entity’s income tax returns and other information supplied to regulator y agencies
(such as SEC filings)
AT – Completing the Audit Red Sirug 1

Indicators of existence of related party transactions:
 Transactions w hich have abnormal terms of trade, such as unusual prices, inte rest rates,
guarantees, and repayment terms.
 Transactions w hich lack an apparent logical business reason for their occurrence.
 Transactions in which substance differs from form.
 Transactions processed in an unusual manner.
 High volume or significant transactions with certain customers or suppliers as compared
with others.
 Unrecor ded transactions such as the receipt or provision of management services at no
charge.
Minimum disclosures regarding related party transactions:
 Amount of the transaction
 Amount of outstanding balances, their terms and conditions, whether secured or unsecured,
and the nature of consideration to be provided in settlement
 Provision for doubtful accounts (related to the outstanding balances)
 Expense recognized during the period in respect of doubtful accounts due from related
parties
3. Ident ify and evaluate contingencies (arising from litigation, claims, and assessments) and
commit ments
Contingency – an existing condition/situation/circumstances involving a possible gain or loss to an
entity the ultimate outcome of which depends on the occurrence or non-occurrence of one or more
uncertain future events
Examples of loss contingencies:
1. Pending or threatened lawsuit/litigation
2. BIR assessment of prior years’ taxes
3. Guarantees of obligation of others
Commit ment – represent future cash flow requirements (such as a purchase commitment)
a. Procedures to identify litigation and claims:

 Inquir y of management (and, w here applicable, others within the entity, including in- house
legal counsel)
 Reviewing minutes of meetings of those char ged with governance (BOD and audit committee)
and correspondence between the entity and its external legal counsel
 Reviewing legal expense accounts (such as examining invoices for legal expenses)
 Using information obtained through risk assessment procedures
Management should adopt policies and procedures to identify, evaluate, and account for
litigations, claims, and assessments as a basis for the preparation of financial statements in
accordance with applicable financial reporting framewor k. Thus, the auditor’s primary source of
information about litigation, claims, and assessments is the client’s management.
b. Seek direct communication with the entity’s external legal counsel (through a letter of inquiry )
when litigation or claims have been identified or when the auditor believes they may exist
 The auditor should corroborate the information furnished by client’s management by sending
a letter of inquiry to lawyers with w hom the client has consulted regar ding litigation,
claims, and assessments.
 Direct communication with the entity’s legal counsel assists the auditor in obtaining sufficient
appropriate audit evidence as to whether potent ially material lit igat ion and claims
are known and management’s estimates of the financ ial implications, including
costs, are reasonable.
 The letter of inquir y should be prepared by management and sent by the auditor, requesting
the entity’s external legal counsel to communicate directly with the auditor.
 Management’s refusal to permit the a uditor to communicate with the entity’s lawyer or the
lawyer’s refusal to reply to the letter of inquiry w ould be considered a scope limitation that
would or dinarily lead to either qualified or disclaimer of opinion.
(1) Letter of specific inquiry – this letter of inquir y would ordinarily include:
(a) A list of litigation and claims
(b) Management’s assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved; and
(c) A request that the entity’s legal counsel confirm the reasonableness of management’s
assessments and provide the auditor with further information if the list is considered by the
entity’s legal counsel to be incomplete or incorrect.
(2) Letter of general inquiry – requests the entity’s external legal counsel to inform the auditor
of:
(a) Any lit igat ion and claims that the counsel is aware of
(b) Assessment of the outcome of the litigation and claims, and
(c) An estimate of the financial implications, including costs
c. Discuss with the entity’s external legal counsel the likely outcome of litigation and claims where:

(1) The auditor determines that the matter is a significant risk
(2) The matter is complex
(3) There is disagreement between management and the entity’s external legal counsel
Ordinarily, such meetings with enti ty’s exter nal legal counsel require management’s
per mission and are held with a representative of management in attendance.
4. Review subsequent events that may require adjust ment of, or disclosure in the financial
statements
 Subsequent events (post-balance sheet events ) refer to events occurring between
period end (balance sheet date) and the date of the auditor’s report that may affect the
financial statements and the auditor’s report.
 Subsequent events may also refer to facts discovered after the date of the auditor’s repor t.
 Subsequent period is the period between the date of the financial statements (balance
sheet date) and the date of the auditor's report. During this period, the auditor should
investigate subsequent events that would require adjustment or disclosure in the financial
statements because his responsibility to search for subsequent events is up to the date of the
auditor’s report.
Types of subsequent events:

1. Those requiring adjust ment – events that provide further evidence of conditions that
existed at the date of the financial statements
Examples:
 Settlement of litigation in excess of amount recorded
 Loss on uncollectible accounts resulting from customer’s continued deteriorating
financial condition leading to bankruptcy (declaration of bankruptcy is incidental to an
already existing insolvency of a debtor)
2. Those requiring disclosure – events that are indicative of conditions that arose after
the date of the financial statements
Examples:
 Issuance of bonds/stocks after the balance shee t date
 Major purchase of a business
 Loss on inventor y due to fire that occurred in the subsequent period
 Loss of plant due to flood
 Loss on uncollectible receivable because of a major catastrophe suffered by the
customer after the balance sheet date
a. Procedures to identify subsequent events

(1) Reviewing procedures established by entity’s management to ensure that subsequent events
are identified
(2) Inquiring of management as to w hether any subsequent events have occurred which might
affect the financial statements
Examples of inquiries of management on specific matters are:
1. Current status of items that were accounted for on the basis of preliminar y or
inconclusive data
2. New commitments, borrowings or guarantees
3. Sales or acquisition of assets that have occurred or are planned
4. Issue of new shares or debentures or an agreement to merge or liquidate that is made
or planned
5. Any assets that have been appropriated by government or destroyed, for example, by
fire or flood
6. Any developments regar ding risk areas and contingencies
7. Any unusual accounting adj ustments made or contemplated
8. Any events that have occurred or are likely to occur w hich will bring into question the
appropriateness of accounting policies used in the financial statements (such as going-
concern issues).
(3) Reading minutes of the meetings (of shareholders, those charged with governance, audit and
executive committees) including those held after period end and inquiring about matters
discussed at meetings for w hich minutes are not yet available.
(4) Reading the entity’s latest available interim financial statements as well as budgets and cash
flow forecasts and other related management reports; compare them with the financial
statements under audit.
(5) Obtaining representation letter from management regar ding w hether a ny events occurred
during the subsequent period that require adjustments to or disclosure in the financial
statements.
b. Consider whether material subsequent events are properly accounted for and adequately disclosed
in the financial statements
5. Assess the appropr iateness of management’s use of the going concer n assumpt ion in the
preparation of the financial statements
 Going concern assumption is a fundamental principle in the preparation of financial statements.
Going concern means an entity is ordinarily viewed as continuing in business for the

foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors pursuant to laws and regulations.
 Financial statements are ordinarily prepared based on going concern basis (contrary to the
quitting concern basis) in the absence of information to the contrary. This means that the
assets and liabilities are recorded on the basis that the entity will be able to realize its assets
and discharge its liabilities in the normal course of business.
 Management’s responsibility: Assessment. Management should assess the entity’s ability
to continue as a going concern by making a judgment about the future outcome of uncertain
events or conditions (for a period of one year from balance sheet date).
a. Disclosure. Management should disclose going concern problem, if any.
 Auditor’s responsibility:
a. Overall evaluation of the appropriateness of management’s use of the going concern
assumption in the preparation of the financial statements
b. Identifying material uncer tainties about the entity’s ability to continue as a going concern
that need to be disclosed in the financial statements
c. Whether such events or conditions are adequately disclosed in the financial statements
d. Consider report modification because of these events or conditions
e. If conditions or events such as those identified previously create substantial doubt as to the
ability of the entity to continue as a going concern, the auditor should consider whether
management has feasible plans (plans for and the ability to implement alternative means of
maintaining adequate cash flows)
Audit procedures to ident ify conditions and events that may cast doubt about an ent ity’s
ability to cont inue as a going concern:
 Analytical procedures
 Subsequent events review
 Review of compliance with debt and loan agreements
 Reading minutes of meetings
 Inquir y of legal counsel
 Confirmation with related and third parties of arrangements for financial support
The auditor has no responsibility to predict future events or conditions that may cause an entity to
cease to continue as a going concern. Thus, auditors are not required to design audit procedures
solely to detect going concer n problems.
Examples of event or condit ions that may s ignify existence

of a material going concer n uncertainty
Events or conditions that may give rise to business risks, that individually or collectively, may cast
doubt about the entity’s ability to continue as a going concern:
Financial events and condit ions:

 Net liability or net current liability position
 Maturing fixed-term borrowings without realistic prospects of renewal or repayment
 Indications of withdrawal of financial support by debtors and other creditors
 Negative operating cash flows
 Adverse key financial ratios
 Substantial operating losses
 Significant deterioration in value of assets used to generate cash flows
 Arrears or discontinuance of dividends
 Inability to pay creditors on due dates
 Inability to comply with the terms of loan agreements or o ther statutor y requirements
 Change from credit to cash-on-deliver y transactions with suppliers
 Inability to obtain financing for essential new product development or other essential
investments
Operating events and condit ions:

 Loss of key management without replacement
 Loss of a major mar ket, franchise, license, or principal supplier
 Labor difficulties or shor tages of important supplies
Other events and condit ions:

 Noncompliance with capital or statutory requirements
 Pending legal or regulatory proceedings against the entity that may, if successful, result in
claims that are unlikely to be satisfied
 Changes in legislation or gover nment policy expected to adversely affect the entity
Mit igating Factors
There are factors that can mitigate the adverse effects of identified material going concern
uncertainty. The auditor should consider whether management has plans for and the ability to
implement alternat ive means of maintaining adequate cash flows to mitigate events and
conditions that may cast doubt about the entity’s ability to continue as a going concern.

Examples of mit igat ing factors:
 When there is a history of profitable operations and a ready access to financial resources
 Management has plans and ability to maintain adequate cash flows by alternative means,
such as:
 Disposal of assets (including disposal of operations producing negative cash flows)
 Borrowing money or restructuring debt
 Leasing (instead of purchasing) of PPE items
 Renewal or, extension or rescheduling of loan repayments
 Reducing or delaying or postponing expenditures
 Obtaining additional capital
 Reducing or postponing dividend payments
 Availability of alternative source of supply in case of loss of a principal supplier
Disclosure requirements if the financial statements are not prepared on a going concern
basis:
a. The fact that financial statements are not prepared on a going concer n basis
b. The basis on which the financial statements are prepared, and
c. The reasons why the entity is not regarded as a going concern
6. Obtain written representations from management (on matters material to the financial
statements)
 Management representation letter is a letter from the management confirming its
responsibility and its oral representations.
 The auditor’s responsibility is to obtain written representation, whereas the management’s
responsibility is to provide written representations (this responsibility is included in the engagement
letter that sets out the terms of an audit engagement).
 The auditor’s responsibility on representations relating to matters that are material to the financial
statements:
a. Seek corroborative audit evidence from sources inside or outside the entity;
b. Evaluate whether the representations made by management appear reasonable and consistent
with other audit evidence obtained, including other representations; and
c. Consider whether the individuals making the representations can be expected to be well
informed on the particular matters.
Purposes of a management representation letter:

a. Main/ primary: To emphasize or impress upon management its ultimate responsibility for the
financial statements
b. Other purposes:
 To confirm oral representations made by management during the audit
 To reduce the possibility of misunderstanding between the auditor and the client concerning
the matters tha t are the subject of the representations
 To document management’s acceptance acknowledgment of its responsibility for fair
presentation of the financial statements
 To provide corroborative evidence when audit evidence may not be reasonably expected to
be available (for example, audit evidence to corroborate management’s intention to hold a
specific investment for long-term appreciation or to discontinue a line of business)
 To complement, but not replace or substitute, other audit procedures or other audit
evidence that the auditor could reasonably expect to be available
Basic elements of a management representation letter:

a. Addressee: Should be addressed to the auditor
b. Contents: Should contain the specified infor mat ion
c. Date: Should be appropriately date d (ordinarily coincides with date of the auditor’s
report)
d. Signatory: Should be appropriately signed by the members of management who have
primary or overall responsibility for financial and operating aspects of the entity
Appropriate signatory of a management representation letter:

 Owner-manager
 Chief/senior executive officer
 Chief/senior financial officer
 Other members of management
For ms of management representations:

Management representations may be verbal, w hether solicited or unsolicited, or wr itten,
whether explicitly such as contained in a management representation letter or implicitly such as
contained in financial information pr ovided. Written representations are better audit evidence than
oral representation. Written representations incl ude:
 A representation letter from management – known as the management representation
letter or client’s representation letter
 A letter from the auditor ( confirmatory letter ) – outlining the auditor’s understanding of

management’s representations, duly acknowledged and confirmed by management
 Relevant minutes of meetings (of the board of directors or similar body)
 Signed copy of the financial statements
 Matters communicated in discussions or electronically such as e-mails or telephone
messages.
 Schedules, analyses, and repor ts prepared by the entity, and management’s notations and
comments therein
Limitat ions of management representations:

Although management representations are considered part of evidential matter, they (are):
 Not a substitute for performing other audit procedures or a means to reduce the auditor’s
responsibility
 Not as the sole source of evidence on significant audit matters
 Cannot be substitute for other audit evidence that the auditor could reasonably expect to
be available
 Cannot reduce the auditor’s responsibility
Applicat ion of materiality:

1. Representations may be limited to matters that are considered either individually or
collectively material to the financial statements
2. Materiality limits would not apply when obtaining written client representation on:
a. Fraud or irregularities involving management
b. Availability of minutes of meetings
Effect if management refuses to provide the necessary wr itten representations:

Refusal by management to provide a written representation requested by the auditor that the
auditor deems necessary constitutes a scope limitation and would result in a qualified opinion or a
disclaimer of opinion. In such circumstances, also consider:
a. Any reliance placed on other representations made by management dur ing the audit; and
b. Any additional implications of the refusal on the auditor’s report.
When management representation is contradicted by other audit evidence: The auditor

should investigate the circumstances and, when necessary, reconsider the reliabi lity of other
representations made by management
Specific matters included in a management representation letter:

 Management’s acknowledgement of its responsibility for the fair presentation of the FS
 Management’s acknowledgement of its responsibility for the design and implementation of
internal control to prevent and detect error
 Availability of all financial records and related data and minutes of meetings (of shareholders,
board of directors, and committee of directors)
 Irregularities involving management or employees
 Confirmation on the completeness of the information pr ovided regarding the identification of
related par ties
 That the FS are free of material misstatements, including omissions
 Compliance or noncompliance with aspects of contractual agr eements or requirements of
regulator y that could have a material effect on the FS in the event of noncompliance.
 Plans or intentions that may materially alter the carrying value or classification of assets and
liabilities
 Plans to abandon lines of product or other plans or intentions that will result in any excess or
obsolete inventory, and no inventory is stated at an amount in excess of net realizable value
 Satisfactory title on assets and liens or encumbrances on the company’s assets
 Communications from regulatory agencies concerning noncompliance with/or deficiencies in
financial reporting practices
 Information or recording and/or disclosure of:
 The identity of, and balances and transactions with, related par ties
 Losses arising from sale and purchase commitments
 Agreements and options to buy back assets previously sold
 Assets pledged as collateral
 All liabilities, both actual and contingent
 Formal or informal compensating balance arrangements or other arrangements involving
restrictions on cash balances and credit line or similar arrangements
 Subsequent events requiring adjustment of or disclosure in the FS
 Claims and assessments in connection with litigation
 Capital stock repurchase options and agreements, and capital stock reserved for options,
warrants, conversions and other requirements
Example of a management representation letter:

The following letter is not intended to be a standard letter. Representations by management will
vary from one entity to another and from one period to the next.

(Entity Letter head)
(To Auditor) (Date)
This representation letter is provided in connection with your audit of the financial statements of
ABC Company for the year ended December 31, 19X1 for the purpose of expressing an opinion as to
whether the financial statements present fairly, in all material respects, the financial position of ABC
Company as of December 31, 19X1 and of the results of its operations and its cash flows for the
year then ended in accordance with (indicate applicable financial repor ting framework).
We acknowledge our responsibility for the fair presentat ion of the financial statements
in accordance with (indicate applicable financial reporting framewor k).
We confirm, to the best of our knowledge and belief, the following representations:
 There have been no irregularities involving management or employees who have a significant
role in internal control or that could have a material effect on the financial statements.
 We have made available to you all books of account and suppor ting documentation and all
minutes of meetings of shareholders and the board of directors (namely those held on March
15, 19X1 and September 30, 19X1, respectively).
 We confirm the completeness of the information provided regarding the identification of related
parties.
 If required, add “On behalf of the boar d of directors (or similar body).”
 The financial statements are free of material misstatements, including omissions.
 The Company has complied with all aspects of contractual agreements that could have a
material effect on the financial statements in the event of noncompliance.
 There has been no noncompliance with requirements of regulatory authorities that could have a
material effect on the financial statements in the event of noncompliance.
 The following have been properly recorded and, w hen appropriate, adequately disclosed in the
financial statements:
 The identity of, and balances and transactions with, related par ties.
 Losses arising from sale and purchase commitments.
 Agreements and options to buy back assets previously sold.
 Assets pledged as collateral.
 We have no plans or intentions that may materially alter the carrying value or classification of
assets and liabilities reflected in the financial statements.
 We have no plans to abandon lines of product or other plans or intentions that will result in any
excess or obsolete inventor y, and no inventory is stated at an amount in excess of net realizable
value.
 The Company has satisfactory title to all assets and there are no liens or encumbra nces on the
company’s assets, except for those that are disclosed in Note X to the financial statements.
 We have recor ded or disclosed, as appropriate, all liabilities, both actual and contingent, and
have disclosed in Note X to the financial statements all guarantees that we have given to third
parties.
 Other than . . . described in Note X to the financial statements, there have been no events
subsequent to period end w hich require adjustment of or disclosure in the financial statements
or Notes thereto.
 The . . . claim by XYZ Company has been settled for the total sum of XXX which has been
properly accrued in the financial statements. No other claims in connection with litigation have
been or are expected to be received.
 There are no formal or informal compensating balance arrangements with any of our cash and
investment accounts. Except as disclosed in Note X to the financial statements, we have no
other line of credit arrangements.
 We have properly recorded or disclosed in the financial statements the capital stock repurchase
options and agreements, and capital stock reserved for options, warrants, conversions and other
requirements.
Yours truly,
_____________________
(Senior Executive Officer)
_____________________
(Senior Financial Officer)
7. Perfor m final analyt ical procedures

 Purpose: The purpose of performing analytical procedures in the overall review stage of the audit
is to assist the auditor when forming an overall conclusion as to whether the financial statements
are consistent with the auditor’s understanding of the entity. Such procedures assist in arriving at
the overall conclusion as to the reasonableness of the financial statements.
 Audit focus: Auditor’s focus when performing analytical procedures in the overall review stage:

a. Identifying unusual fluctuations or transactions or unexpected account balances that were not
previously identified
 Once identified, they would require investigation, adequate explanation and appr opriate
corroborative evidence by per forming additional tests o f details.
b. Assessing the validity of the conclusions reached and evaluating the overall financial
statements presentation
 Analytical procedures involve analysis of significant ratios and trends including the resultant
investigation of fluctuations and relationships that are inconsistent with other relevant
information or expectation.
 Analytical procedures are required to be performed during the planning and overall review
stages.
8. Evaluate audit findings

 Throughout the course of the audit, the auditors will propose adj usting entries for all material
misstatements (whether caused by error or fraud) that are discovered in the client’s financial
records. Any material misstatement that the auditors have detected must be corrected; otherwise,
they cannot issue an unqualified opinion on the financial statements. Unrecorded misstatements
are combined as total likely misstatement in the financial statements and considered.
9. Review of audit wor king papers (audit documentation)

 The review is usually performed by manager, par tner, and possibly a second partner review
performed by a partner who is not otherwise involved in the engagement but to provide an
independent review of the wor k performed.
 The review process helps provide assurance that audit risk is an appropriately low level, working
paper documentation is adequate, and that the evidence suppor ts the opinion being rendered.
10. Obtain approval of the client regarding disclosures and adjust ments made to the financial
statements
11. Evaluate the overall financial statement presentation

 Review adequacy of disclosures using a disclosure checklist that lists all specific disclosures
required by GAAP and the SEC, if appropriate
12. Review of other infor mation or documents that contain the audited financial statements
and ascertain their consistency
13. Communicate with management and those charged with governance regarding the scope of
the audit and other matters of interest to the client
 Reporting to audit committee
 Report on internal control using a management letter
 Such management letter contains:
a. Reportable conditions which refer to significant deficiencies in the design or operation of
the internal control structure that could adversely affect the financial statements
b. Recommendat ions for improvement in the existing internal control structure
SUBSEQUENT DISCOVERY OF OMITTED PROCEDURES A FTER SUBMISSION OF THE A UDIT

REPORT:
 Omitted audit procedures may be discovered (after the audit report has been submitted) during a
firm's internal inspection program or during peer review.
 Auditor’s action:
a. The auditor should assess the impor tance of the omitted procedures to his ability to support the
audit opinion.
b. The auditor should determine whether other audit procedures that were applied tend to
compensate for the omitted audit procedures. If so, no further action is necessary.
c. If, on the other hand, the omitted audit pr ocedures impair the auditor's ability to support the
previously issued opinion, and there are people relying (or likely to rely) on the repor t, then the
auditor should promptly undertake to a pply the omitted procedures or the corresponding
alternative pr ocedures.
d. If, after applying the omitted procedures, the auditor determines that the financial statements are
materially misstated and that the auditor's repor t is inappropriate, the auditor should discuss the
matter with the management and take steps to prevent future reliance on the repor t.

AUD 0 Finals Merged

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AUD 0 Finals Merged

Uploaded by

Copyright:

Available Formats

AUDITING THEORY Red Sir ug

CONSIDERA TIONS OF ENTITY’S INTER NA L CONTROL

Essent ial Concepts of Internal Control: Internal control is (a):

Benefits of Strong Internal Control:

Classification of Internal Control:

Relationship between the ent ity’s objectives and internal control:

AT – Considering the Entity’s Internal Control Red Sirug Page 1

Elements of control environment:

Considering the control environment:

Considering the entity’s risk assessment process:

Considering the information system:

Examples of specific control activities include those relating to:

Considering the control activities:

AT – Considering the Entity’s Internal Control Red Sirug Page 3

Considering the monitoring of controls:

AT – Considering the Entity’s Internal Control Red Sirug Page 4

CONSIDERING INTER NA L CONTROL

Purpose of Understanding of Internal Control:

Steps in Considering Internal Control:

a. Maximum level: Control risk is assessed at high/maximum level if:

AT – Considering the Entity’s Internal Control Red Sirug Page 5

Results of tests of controls:

AT – Considering the Entity’s Internal Control Red Sirug Page 6

2. Document the assessed level of control r isk

Effect of Infor mation Technology on Internal Control:

Test ing Automated Controls

AT – Considering the Entity’s Internal Control Red Sirug Page 7

ASSERTIONS, A UDIT PROCEDURES A ND A UDIT EVIDENCE

ASSERTIONS A ND A UDIT OBJECTIVES

Assertions (or management assertions ) are representations by management, explicit or otherwise,

Categor ies of A ssertions used by the Auditor:

Auditor’s Use of Relevant A ssertions:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 1

The auditor should use relevant assertions to:

Audit Object ives:

Types of Audit Object ives:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 2

Pr imary Purpose of Audit Procedures:

Audit procedures distinguished from audit standards and audit techniques:

Nature, Timing and Extent of Audit Procedures:

Audit Procedures for Obtaining Audit Ev idence:

Auditor’s responses to assessed risks of material misstatements (RMM) include both:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 3

Further audit procedures include:

When to perfor m tests of controls:

Dual pur pose test:

Substant ive procedures are mandatory:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 4

Reliance on substantive tests:

Types of substant ive procedures:

b) Tests of details of balances – direct testing of accounts ending balance

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 5

Applicability of substantive analyt ical procedures:

Limitat ions of analytical procedures: Since analytical procedures are based on

Audit Procedures A ccording to Types:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 6

Examples of audit techniques:

Audit Evidence, Defined:

Audit Evidence Relationship with Assertions: Audit evidence comprises both:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 7

Nature of Audit Ev idence:

Types of Audit Ev idence:

Sources of audit evidence:

AT – Assertions, Audit Procedures and Audit Evidence Red Sirug Page 8