AUDITING THEORY CPA REVIEW

PSA 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS

PSA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT
PSA 320 AUDIT MATERIALITY
PSA 330 THE AUDITOR’S PROCEDURES IN REPONSE TO ASSESSED RISKS

PSA 300 (Rev.) PLANNING AN AUDIT OF FINANCIAL STATEMENTS

1. Planning an audit involves:

• establishing the overall audit strategy for the engagement and
• developing an audit plan,
• in order to reduce audit risk to an acceptably low level.

Preliminary Engagement Activities

2. The auditor should perform the following activities at the beginning of the current audit
engagement:
• Perform procedures regarding the continuance of the client relationship and the specific
audit engagement.
• Evaluate compliance with ethical requirements, including independence.
• Establish an understanding of the terms of the engagement.

Planning Activities

3. The auditor should establish the overall audit strategy for the audit. The overall audit strategy sets
the scope, timing and direction of the audit, and guides the development of the more detailed
audit plan

4. The establishment of the overall audit strategy involves:

a.) Determining the characteristics of the engagement that define its scope;
b.) Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communication required; and
c.) Considering the important factors that will determine the focus of the engagement team’s
efforts.

5. The auditor should develop an audit plan for the audit in order to reduce audit risk to an
acceptably low level.
6. The audit plan is more detailed than the overall audit strategy and includes the nature, timing and
extent of audit procedures to be performed by engagement team members in order to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
7. The audit plan includes:
• A description of the nature, timing and extent of planned risk assessment procedures sufficient
to assess the risks of material misstatement as determined under PSA 315, “Understanding the
Entity and its Environment and Assessing the Risks of Material Misstatement.”;
• A description of the nature, timing and extent of planned further audit procedures at the
assertion level for each material class of transactions, account balance, and disclosure, as
determined under PSA 330, “The Auditor’s Procedures in Response to Assessed Risks,”; and
• Such other procedures required to be carried out for the engagement in order to comply with
PSAs

Changes to Planning Decisions during the Course of the Audit

The overall audit strategy and the audit plan should be updated and changed as necessary during the
course of the audit.

Direction, Supervision and Review

1. The auditor should plan the nature, timing and extent of direction and supervision of engagement
team members and review their work.

2. The nature, timing and extent of the direction and supervision of engagement team members and
review of their work vary depending on many factors, including:

• The size and complexity of the entity;

• The area of audit;
• The risks of material misstatement; and
• The capabilities and competence of personnel performing the audit work.

3. The auditor plans the nature, timing and extent of direction and supervision of engagement team
members based on the assessed risk of material misstatement.

Documentation

The auditor should document the overall audit strategy and the audit plan, including any significant
changes made during the audit engagement.

Communications with Those Charged with Governance and Management

1. The auditor may discuss elements of planning with those charged with governance and the entity’s
management.

2. Discussions with those charged with governance ordinarily include the overall audit strategy and
timing of the audit, including any limitations thereon, or any additional requirements.
3. When discussion of matters included in the overall audit strategy or audit plan occur, care is
required in order not to compromise the effectiveness of the audit.

Additional Considerations in Initial Audit Engagements

The auditor should perform the following activities prior to starting an initial audit:

1. Perform procedures regarding the acceptance of the client relationship and the specific audit
engagement.

2. Communicate with the previous auditor, where there has been a change of auditors, in compliance
with relevant ethical requirements.
 PSA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT

1. The auditor should obtain an understanding of the entity and its environment, including its internal
control, sufficient to identify and assess the risks of material misstatement of the financial
statements whether due to fraud or error, and sufficient to design and perform further audit
procedures.

2. The auditor should perform the following risk assessment procedures to obtain an understanding
of the entity and its environment, including its internal control:

a.) Industry, regulatory, and other external factors, including the applicable financial reporting
framework.
b.) Nature of the entity, including the entity’s selection and application of accounting policies.
c.) Objectives and strategies and the related business risks that may result in a material
misstatement of the financial statements.
d.) Measurement and review of the entity’s financial performance.
e.) Internal control.

INTERNAL CONTROL

1. Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of the
entity’s objectives with regard to:
• Reliability of financial reporting;
• Effectiveness and efficiency of operations; and • Compliance with
applicable laws and regulations.

2. The auditor uses the understanding of internal control to:

• Identify types of potential misstatements;
• Consider factors that affect the risks of material misstatement; and
• Design the nature, timing and extent of further audit procedures.

3. Internal control consists of the following components:

1.) The control environment.

2.) The entity’s risk assessment process.
3.) The information system, including the related business processes, relevant to financial
reporting, and communication.
4.) Control activities.
5.) Monitoring of controls.
The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the
entity’s internal control and its importance in the entity.

Elements of control environment:

a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Management’s philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.

The auditor should obtain an understanding of the entity’s risk assessment process, i.e., the entity’
process for identifying business risks relevant to financial reporting objectives and deciding about
actions to address those risks, and the results thereof.

The auditor should obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:

• The classes of transactions in the entity’s operations that is significant to the financial
statements.

• The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed and reported in the financial statements.

• The related accounting records, whether electronic or manual, supporting information, and
specific accounts in the financial statements, in respect of initiating, recording, processing
and reporting transactions.

• How the information system captures events and conditions, other than classes of
transactions that are significant to the financial statements.

• The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures.

Control activities are the policies and procedures to help ensure that management directives are
carried out. Examples of control activities include those relating to the following:
• Authorization
• Performance reviews.
• Information processing.
 • Physical controls.
• Segregation of duties.

Monitoring of controls involves assessing the design and operation of controls on a timely basis
and taking the necessary corrective actions modified for changes in conditions.

4. Obtaining an understanding of internal control involves:

a) Evaluating the design of a control; and

b) Determining whether it has been implemented.

ASSESSING THE RISKS OF MAERIAL MISSTATEMENT

1. The auditor should identify and assess the risks of material misstatement at the financial
statements level, and at the assertion level for classes of transactions, account balances,
and disclosures.

2. The auditor:
• Identifies risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the
classes of transactions, account balances, and disclosures in the financial statements;
• Relates the identified risks to what can go wrong at the assertion level;
• Considers whether the risks are of a magnitude that could result in a material misstatement
of the financial statements; and
• Considers the likelihood that the risks could result in a material misstatement of the
financial statements.

PSA 320 AUDIT MATERIALITY

1. Materiality should be considered by the auditor when:

• Determining the nature, timing and extent of audit procedures; and
• Evaluating the effect of misstatements
2. There is an inverse relationship between materiality and the level of audit risk
3. In evaluating whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework, the auditor should assess whether
the aggregate of uncorrected misstatements that have been identified during the audit is
material.
4. If the auditor concludes that the aggregate of uncorrected misstatements may be material, the
auditor needs to consider:
• Reducing audit risk by extending audit procedures; or
• requesting management to adjust the financial statements for the
misstatements identified
 5. If management refuses to adjust the financial statements and the results of extended audit
procedures do not enable the auditor to conclude that the aggregate of uncorrected
misstatements is not material, the auditor should consider the appropriate modification to the
auditor’s report.
6. If the auditor has identified a material misstatement resulting from error, the auditor should
communicate the misstatements to the appropriate level of management on a timely basis, and
consider the need to report it to those charged with governance.

PSA 330
THE AUDITOR’S PROCEDURES IN REPONSE TO ASSESSED RISKS

Overall responses
1. The auditor should determine overall responses to address the risks of material misstatement at
the financial statement level. Such responses may include:
• Emphasizing to the audit team the need to maintain professional skepticism n
gathering and evaluating audit evidence
• Assigning more experienced staff or those with special skills or using experts
• Providing more supervision
• Incorporating additional elements of unpredictability in the selection of further
audit procedures to be performed
• Making general changes to the nature, timing or extent of audit procedures

Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level 1.

In designing further audit procedures, the auditor considers the following:
• The significance of the risk
• The likelihood that the material misstatement will occur
• The characteristics of the class transactions, account balance, or disclosure
involved.
• The nature of the specific controls used by the entity and in particular whether
they are manual or automated
• Whether the auditor expects to obtain audit evidence to determine if the
entity’s controls are effective n preventing, or detecting and correcting, material
misstatements
2. Considering the nature, timing and extent of further audit procedures

The nature of further audit procedures refers to their:

a. Purpose- tests of controls or substantive procedures
b. Type - inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedures.

Timing refers to when audit procedures are performed or the period or date to which the audit
evidence applies.
 Extent includes the quantity of a specific audit procedure to be performed.

TESTS OF CONTROLS
1. The auditor is required to perform tests of controls when:
a. The auditor’s risk assessment includes an expectation of the operating effectiveness
of controls; or
b. When the substantive procedures alone do not provide sufficient appropriate audit
evidence at the assertion level

2. Tests of the operating effectiveness of controls are performed only on those controls that
the auditor has determined are suitably designed to prevent, or detect and correct, a
material misstatement in an assertion
3. Testing the operating effectiveness of controls includes obtaining evidence about:
a. How controls were applied at relevant times during the period under audit;
b. The consistency with which they were applied; and
c. By whom or by what means they were applied.

SUBSTANTIVE PROCEDURES
1. Substantive test procedures are performed in order to detect material misstatements at the
assertion level, and include:
• Tests of details of classes of transactions, account balances, and disclosures; and
• Substantive analytical procedures
2. The auditor’s substantive procedures should include the following audit procedures related to
the financial statement closing process:
• Agreeing or reconciling the financial statements with accounting records; and
• Examining material journal entries and other adjustments made during the
course of preparing the financial statements
3. The auditor should perform audit procedures to evaluate whether the overall presentation of
the financial statements, including the related disclosures, are in accordance with the applicable
financial reporting framework.

Evaluating the sufficiency and appropriateness of audit evidence obtained

1. Based on the audit procedures performed and the audit evidence obtained, the auditor should
evaluate whether the assessments of the risks of material misstatement at the assertion level
remain appropriate.
2. The auditor should conclude whether the assessments of the risks of material misstatement in
the financial statements.
3. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial
statement assertion, the auditor should attempt to obtain further audit evidence. If the auditor
is unable to obtain further audit evidence, the auditor should express a qualified opinion or a
disclaimer of opinion.

Documentation
1. The auditor should document:
 • The overall responses to address the assessed risks of material misstatement at
the financial statement level and the nature, timing, and extent of the further
audit procedures;
• The linkage of those procedures with the assessed risks at the assertion level;
and
• The results of the audit procedures
2. If the auditor plans to use audit evidence about the operating effectiveness of controls obtained
in prior audits, the auditor should document the conclusions reached with regard to relying on
such controls that were tested in a prior audit.
3. The auditor’s documentation should demonstrate that the financial statements agree or
reconcile with the underlying accounting records.