AAP- Module 1 - INTRODUCTION TO ASSURANCE
ENGAGEMENTS
3. Definition of an Assurance Engagement
“Assurance Engagement” means an engagement in which a
practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than
the responsible party about the outcome of the evaluation
or measurement of the subject matter against criteria.
3.1. Objectives of an Assurance Engagement
There are two types of assurance engagement
practitioner is permitted to perform: a reasonable assurance
engagement and a limited assurance engagement.
1. The objective of a reasonable assurance engagement
is a reduction in assurance engagement risk to an
acceptably low level in the circumstances of
engagement as the basis for a positive form of expression
of the practitioner’s conclusion.
2. The objective of a limited assurance engagement is a
reduction in assurance engagement risk to a level that is
acceptable in the circumstances of the engagement, but
where that risk is greater than for a reasonable assurance
engagement, as the basis for a negative form of expression
of the practitioner’s conclusion.
3.2. Elements of an Assurance Engagement
An assurance engagement has five elements consisting of
the following:
• A three party relationship involving a practitioner, a
responsible party, and intended users;
• An appropriate subject matter;
• Suitable criteria;
• Sufficient appropriate evidence;
• A written assurance report in the form appropriate
to a reasonable assurance engagement or a limited
assurance engagement.
1. Three Party Relationship
Assurance engagements involve three separate parties: a
practitioner, a responsible party and intended users.
• An independent and competent professional
accountant who adheres to the fundamental
principles required by the Code of Ethics.
• The party responsible for the subject matter of the
assurance engagement.
• The intended users to whom the professional
accountant usually addresses the report.
2. Subject Matter
The subject matter, and subject matter information, of an
assurance engagement can take many forms (e.g., data,
system and processes, behavior, physical characteristics).
Subject matters have different characteristics, including the
degree to which information about them is qualitative versus
quantitative, objective versus subjective, historical versus
prospective, and relates to a point in time or covers a
period.
a
Subject matter is considered appropriate if:
• Identifiable, and capable of consistent evaluation or
measurement against the identified criteria; and
• Such that the information about it can be subjected
the
to procedures for gathering sufficient appropriate
evidence to support a reasonable assurance or
limited assurance conclusion, as appropriate.
3. Criteria
Criteria are the benchmarks used to evaluate or measure
the subject matter including, where relevant, benchmarks
for presentation and disclosure.
Suitable criteria are required for reasonably consistent
evaluation or measurement of a subject matter within the
context of professional judgment. Without the frame of
reference provided by suitable criteria, any conclusion is
open to individual interpretation and misunderstanding.
Suitable criteria exhibit the following characteristics:
• Relevance – relevant criteria contribute to
conclusions that assist decision-making by the
intended users.
• Completeness – criteria are sufficiently complete
when relevant factors that could affect the
conclusions in the context of the engagement
circumstances are not omitted. Complete criteria
include, where relevant, benchmarks for
presentation and disclosure.
• Reliability – reliable criteria allow reasonably
consistent evaluation or measurement of the
subject matter including, where relevant,
presentation and disclosure, when used in similar
circumstances by similarly qualified practitioners.
 • Neutrality – neutral criteria contribute to conclusions Assurance engagement risk can be represented by the
that are free from bias. following components, although not all of these components
• Understandability – understandable criteria will necessarily be present or significant for all assurance
contribute to conclusions that are clear, engagements:
comprehensive, and not subject to significantly
• The risk that the subject matter information is
different interpretations. The evaluation or
materially misstated, which in turn consists of:
measurement of a subject matter on the basis of
the practitioner’s own expectations, judgments and o Inherent risk: the susceptibility of the subject matter
individual experience would not constitute suitable information to a material misstatement, assuming that there
criteria. are no related controls; and

o Control risk: the risk that a material misstatement that

could occur will not be prevented, or detected and
corrected, on a timely basis by related internal controls.
4. Evidence
When control risk is relevant to the subject matter, some
The practitioner plans and performs an assurance control risk will always exist because of the inherent
engagement with an attitude of professional skepticism to limitations of the design and operation of internal control
obtain sufficient appropriate evidence about whether the
• Detection risk: the risk that the practitioner will not
subject matter information is free of material misstatement.
detect a material misstatement that exists.
The practitioner considers materiality, assurance
engagement risk, and the quantity and quality of available e. Nature, Timing and Extent of Evidence-Gathering
evidence when planning and performing the engagement, in Procedures
particular when determining the nature, timing and extent of
The exact nature, timing and extent of evidence-gathering
evidence-gathering procedures.
procedures will vary from one engagement to the next. In
a. Professional Skepticism theory, infinite variations in evidence-gathering procedures
are possible. In practice, however, these are difficult to
An attitude of professional skepticism means the
communicate clearly and unambiguously. The practitioner
practitioner makes a critical assessment, with a questioning
attempts to communicate them clearly and unambiguously
mind, of the validity of evidence obtained and is alert to
and uses the form appropriate to a reasonable assurance
evidence that contradicts or brings into question the
engagement or a limited assurance engagement.
reliability of documents or representations by the
responsible party. f. Quantity and Quality of Available Evidence

b. Sufficiency and Appropriateness of Evidence The quantity or quality of available evidence is affected by:

Sufficiency is the measure of the quantity of evidence.
Appropriateness is the measure of the quality of evidence;
that is, its relevance and its reliability.
c. Materiality
Materiality is relevant when the practitioner determines the
nature, timing and extent of evidence-gathering procedures,
and when assessing whether the subject matter information
is free of misstatement. When considering materiality, the
practitioner understands and assesses what factors might
influence the decisions of the intended users.
d. Assurance Engagement Risk
• The characteristics of the subject matter and
subject matter information; and
• Circumstances of the engagement other than the
characteristics of the subject matter, when evidence
that could reasonably be expected to exist is not
available.
5. Assurance Report
The practitioner provides a written report containing a
conclusion that conveys the assurance obtained about the
subject matter information.

Assurance engagement risk is the risk that the practitioner
expresses an inappropriate conclusion when the subject
matter information is materially misstated.
• In a reasonable assurance engagement, the
practitioner expresses the conclusion in the positive
form.
• In a limited assurance engagement, the practitioner
expresses the conclusion in the negative form.

3.3. Types of Assurance Engagement

1. Reasonable Assurance Engagement (e.g,
engagements)
• Objective
A reduction in assurance engagement risk to an acceptably
low level in the circumstances of the engagement, as the
basis for a positive form of expression of the practitioner’s
conclusion.
• Evidence-gathering procedures
Sufficient appropriate evidence is obtained as part of a
systematic engagement process that includes:
o Obtaining an understanding of the engagement
circumstances;
o Assessing risks;
o Responding to assessed risks;
o Performing further procedures using a combination
of inspection, observation, confirmation,
recalculation, reperformance, analytical procedures
and inquiry. Such further procedures involve
substantive procedures, including , where
applicable, obtaining corroborating information, and
depending on the nature of the subject matter, tests
of the operating effectiveness of controls; and
o Evaluating the evidence obtained.
• The assurance report
Description of the engagement circumstances, and a
positive form of expression of the conclusion.
2. Limited assurance engagement (e.g., reviews of
financial statements)
• Objective
A reduction in assurance engagement risk to a level that is
acceptable in the circumstances of the engagement but
where that risk is greater than for a reasonable assurance
engagement, as the basis for a negative form of expression
of the practitioner’s conclusion.
• Evidence-gathering procedures
Sufficient appropriate evidence is obtained as part of a
systematic engagement process that includes obtaining an
understanding of the subject matter and other engagement
circumstances, but in which procedures are deliberately
limited relative to a reasonable assurance engagement.
• The assurance report
Description of the engagement circumstances, and a
negative form of expression of the conclusion.
audit 3.4. Audit and Related Services
1. Audit of Financial Statements
• Objective: To express an opinion on the financial
statements
• Level of assurance: High/reasonable assurance
• Type of report issued: Positive assurance (opinion)
• Basic procedures: Risk assessment procedures,
tests of controls and substantive procedures
• Independence requirement: Required
2. Review of Financial Statements
• Objective: To enable the practitioner to report
whether anything has come to their attention that
would indicate that the financial statements are not
presented fairly
• Level of assurance: Moderate/limited assurance
• Type of report issued: Negative assurance
• Basic procedures: Inquiry and analytical
procedures. It does not include assessing control
risk, test of records and of responses to inquiries by
obtaining corroborating evidence.
• Independence requirement: Required
3. Agreed-upon procedures
• Objective: To carry out audit procedures agreed on
with the client and any appropriate third parties
identified in the report
• Level of assurance: None
• Type of report issued: Description of procedures
performed and factual findings
• Basic procedures: As agreed
• Independence requirement: Not required
4. Compilation of Financial Statements
• Objective: To assist the client in the preparation of
financial statements
• Level of assurance: None
• Type of report issued: Identification of financial
information complied
• Basic procedures: Assemble financial statements
based on client’s data
• Independence requirement: Not required
AAP Module 2 - INTRODUCTION TO AUDITING
3. Definition of Auditing
An audit is a systematic process of objectively obtaining
and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of
correspondence between these assertions and established
criteria and communicating the results to interested users.
Key thoughts:
• Auditing is a systematic process.
• An audit involves obtaining and evaluating evidence
about assertions regarding economic actions and
events.
• An audit is conducted objectively.
• Auditors ascertain the degree of correspondence
between assertions and established criteria.
• Auditors communicate the audit results to various
interested users.
4. Types of Audit
Based on primary audit objectives, there are three major
types of audit – financial, compliance, and operational
audits.
A. Financial Statement Audit
An audit conducted to determine whether the financial
statements of an entity are fairly presented in accordance
with an identified financial reporting framework.
B. Compliance Audit
An audit that involves the review of an organization’s
procedures to determine whether the organization has
adhered to specific procedures, rules or regulations. The
performance of compliance audit is dependent upon the
existence of verifiable data and recognized criteria
established by an authoritative body.
C. Operational Audit
A study of a specific unit of an organization for the purpose
of measuring its performance. The main objective of this
type of audit is to assess entity’s performance, identify
areas for improvements and make recommendations to
improve performance.
5. Types of Auditors
Auditors can be classified according to their affiliation with
the entity being examined.
A. External auditors
These are independent Certified Public Accountants who
offer their professional services to different clients on a
contractual basis. External auditors are the ones who
generally perform financial statement audits.
B. Internal Auditors
Internal auditors are the entity’s own employees investigate
and appraise the effectiveness and efficiency of operations
and internal controls. The main function of internal auditors
is to assist the members of the organization in the effective
discharge of their responsibilities. Internal auditors usually
perform operational audits
C. Government auditors.
Government employees whose main concern is to
determine whether persons or entities comply with
government laws and regulations. Government auditors
usually conduct compliance audits.
6. The Independent Financial Statement Audit
The objective of an audit of financial statements is
to enable the auditor to express an opinion whether the
financial statements are prepared, in all material respects,
in accordance with an identified financial reporting
framework or acceptable financial reporting standards.
A. Responsibility for the financial statements
Management’s responsibility – preparing and presenting the
financial statements in accordance with the financial
reporting framework
Auditor’s responsibility – form and express an opinion on
the financial statements based on the audit.
B. Assurance provided by the auditor
The auditor's opinion on the financial statements is not a
guarantee that the financial statements are dependable. An
audit conducted in accordance with Philippine Standards on
Auditing (PSAs) is designed to provide only reasonable
assurance (not absolute assurance) that the financial
statements taken as a whole are free from material
misstatements. In every audit there are always inherent
limitations that affect the auditor’s ability to detect material
misstatements. These limitations result from such factors as
1. The use of testing / sampling risk
For practical reasons, auditors do not examine all evidence
available. Many audit conclusions are made by examining
only sample of evidence. Whenever a sample is taken,
there is always a possibility that the auditor’s conclusion,
based on the sample, may be different from the conclusion
that would have been used if the audit or examines the
entire population.
2. Error in application of judgment / non-sampling risk
The work undertaken by the auditor to form an opinion is
permeated by judgment. Human weaknesses can cause
auditors to commit mistakes in the application of audit
procedures and evaluation of evidence.
3. Reliance on management's representation
Some evidence supporting the financial statements must be
obtained by obtaining oral or written representations from
management. If the management lacks integrity,
management may provide the auditor with
representations causing the auditor to rely on unreliable
evidence.
4. Inherent limitations of the client's accounting and
internal control systems
Although the auditor performs procedures to detect material
misstatements when auditing financial statements, such
procedures may not be affected in detecting misstatements
resulting from collusion among employees
management’s circumvention of internal control.
5. Nature of evidence
Evidence obtained by the auditor does not consist of “hard
facts” which prove or disprove the accuracy of the financial
statements. Instead, it comprises pieces of information and
impressions which are gradually accumulated during the
course of an audit and which, when taken together,
persuade the auditor about the fairness of the financial
statements. Thus, audit evidence is generally persuasive
rather than conclusive in nature.
C. General principles governing the audit of financial
statements
The procedures required to conduct an audit in accordance
with PSAs should be determined by the auditor having
regard to the requirements of PSAs, relevant professional
bodies, legislations, regulations, and where appropriate, the
terms of the engagement and the reporting requirements.
PSA provides the following guidelines when auditing
financial statements:
1. The auditor should comply with the “Code of
Professional Ethics for Certified Public Accountants”
promulgated by the Board of Accountancy.
2. The auditor should conduct an audit in accordance
with Philippine Standards on Auditing.
3. The auditor should plan and perform the audit with an
attitude of professional skepticism recognizing
circumstances may exist which may cause the financial
statements to be materially misstated.
D. Need for an independent financial statement audit
The need of an independent audit of financial statements
stems from the following interrelated sources:
1. Conflict of interest between management and users of
financial statements
In a sense, financial statements may be viewed as the
report by management as to how the entity performed
under their direction and supervision. Managers are
frequently placed in positions where they can benefit by
false providing outside parties with overly optimistic are even
false financial information. Recognizing this inherent conflict
of interest, users of financial statements have become
skeptical of unaudited financial statements.
2. Expertise
The complexity of accounting and auditing requires
expertise in verifying the quality of the financial information.
Since most of the users of financial information are not
or equipped with the necessary skills and competence to
determine whether the financial statement are reliable, a
qualified person is hired by users to verify the reliability of
the financial statements on their behalf.
3. Remoteness
Users of financial information are usually prevented from
directly assessing the reliability of the information. Most of
the users do not have access to the entity's records to
personally verify the quality of the financial information.
Consequently, an independent auditor is needed to assess
them in verifying the reliability of the information.
4. Financial consequences
Misleading financial information could have substantial
economic consequences for a decision-maker. It is
therefore important that financial statements be audited first
before they are used for making important decisions.
E. Theoretical framework of Auditing
The audit function operates within a theoretical framework.
Below are selected postulates, assumptions or ideas that
support many auditing concepts and standards.
1. Audit function operates on the assumption that all
financial data are verifiable.
2. The auditor should always maintain independence
with respect to the financial statements under audit.
the
3. There should be no long-term conflict between the
auditor and the client management.
4. Effective internal control system reduces the 6. Evidential Matter
possibility of errors and fraud affecting the financial
statements Sufficient competent evidential matter is to be obtained
through inspection, observation, inquiries and confirmations
5. Consistent application of Generally Accepted
to afford a reasonable basis for an opinion regarding the
Accounting Principles (GAAP) or Philippine Financial
financial statements under examination.
Reporting Standards results in fair presentation of financial
statements. C. Standards of Reporting

6. What was held true in the past will continue to hold

7. Generally Accepted Accounting Principles
true in the future in the absence of known conditions to the
contrary.
The report shall state whether the financial statements are
7. An audit benefits the public. presented in accordance with generally accepted
accounting principles.

AAP Module 3 - THE PROFESSIONAL STANDARDS 8. Inconsistency

3. Generally Accepted Auditing Standards (GAAS)
GAAS represent the measures of the quality of the auditor’s
performance. These standards should be looked at as a
minimum standard of performance that auditors should
follow.
A. General Standards
The report shall identify those circumstances in which
principles have not been consistently observed in the
current period in relation to the preceding period.
9. Disclosure
Informative disclosures are to be regarded as reasonably
adequate unless otherwise stated in the report.

1. Technical Training and Proficiency 10. Opinion

The examination is to be performed by person or persons The report shall either contain an expression of opinion
having adequate technical training and proficiency as an regarding the financial statements, taken as a whole, or an
auditor. assertion to the effect that an opinion cannot be expressed.
When an overall opinion cannot be expressed, the reasons
2. Independence therefore should be stated. In all cases where an auditor’s
name is associated with the financial statements, the report
In all matters relating to an engagement, an independence
should contain a clear-cut indication of the character of the
in mental attitude is to be maintained by the auditor.
auditor's examination if any and the degree of responsibility
they are taking.
3. Professional Care

4. Philippine Standards on Auditing (PSAs)

Due professional care is to be exercised in the performance
of the audit and in the preparation of the report.
The Auditing and Assurance Standards Council (AASC) has
been given the task to promulgate auditing standards,
B. Standards of Fieldwork
practices and procedures which shall be generally accepted

4. Planning by the accounting profession in the Philippines.

The work is to be adequately planned and assistants, if any, To facilitate the preparation by the AASC of its

are to be properly supervised. pronouncements and to attain uniformity of

those announcements with international auditing standards,
5. Internal Control Consideration the AASC has approved the adoption of the following:

There is to be a properly study and evaluation of existing · International Standards on Auditing (ISAs)
internal control as a basis for reliance thereon and for the
determination of the resultant extent of the tests to which · International Standards on Assurance Engagements

auditing procedures are to be restricted. (ISAEs)

· International Standards on Review Engagements B. Ethical Requirements
(ISREs)
The firm should establish policies and procedures designed
· International Standards on Related Services to provide it with reasonable assurance that the form and its
personnel comply with ethical requirements, which include:
These standards were issued by the International Auditing
and Assurance Board (IAASB) created by the International · Integrity
Federation of Accountants (IFAC). In addition to these
standards, Practice Statements are also issued to provide · Objectivity

practical assistance to auditors in implementing the

· Professional competence and due care
standards and to promote good practices in the
accountancy profession.
· Confidentiality

5. System of Quality Control

· Professional behavior

Under Philippine Standards on Quality Control (PSQC), a

firm has an obligation to establish a system of quality
control designed to provide it with reasonable assurance The engagement partner should consider whether members
that the firm and its personnel comply with professional of the engagement team have complied with these ethical
standards and regulatory and legal requirements, and that principles. Any issues involving engagement team
the reports issued by the firm are appropriate in the member’s non-compliance must be properly resolved and
circumstances. In this regard, engagement teams: documented.

▪ Implement quality control procedures that are C. Independence

applicable to the audit engagement
▪ Provide the firm will relevant information to
enable the functioning of that part of the firm's
system of quality control relating
independence
▪ Are entitled to rely on the firm's systems unless
information provided by the firm other parties
suggest otherwise
PSA 220 states that audit firms should implement
policies and procedures designed to ensure that all audits
are conducted in accordance with PSAs. PSA 220 has
identified the following quality control policies that may
serve as a guide in establishing systems of internal control.
A. Leadership Responsibilities for Quality on Audits
The firm should establish policies and procedures designed
to promote an internal culture based on recognition that
quality is essential in the performance of the engagements.
The firm should establish policies and procedures designed
to provide it with reasonable assurance that the members of
to the engagement team, the form and, where applicable, the
network firms maintain independence when providing
assurance services.
The engagement partner should form a conclusion on
compliance with independence requirements that apply to
the audit engagement. The engagement partner should:
· Obtain relevant information to identify circumstances
and relationships that create threats to independence.
· Evaluate information on identified breaches of the
firm’s independence policies and procedures to determine
whether they create a threat to independence.
· Take appropriate safeguards to eliminate such threats
or reduce them to an acceptable level.

The engagement partner should take responsibility for the · Document conclusions on independence and the
overall quality of audit engagement to which the partner is basis for such conclusion.
assigned. The engagement partner should set an example
D. Acceptance and Continuance of Client Relationships
regarding the quality of audit by emphasizing the
importance of performing work that complies with
The firm should establish policies and procedures for the
professional standards, complying with the firm's quality
acceptance and continuance of client relationships and
control policies, and procedures and issuing appropriate
specific engagements, designed to provide it with
audit reports.
reasonable assurance that it will only undertake or continue
relationships and engagement where it:
· Has considered the integrity of the client
· Is competent to perform the engagement and has the
capabilities, time and resources to do so
· Can comply with ethical requirements
The engagement partner should be satisfied
appropriate procedures regarding the acceptance and
continuance of client relationships and specific audit
engagement have been followed, and that the conclusions
reached in this regard are appropriate and have been
documented.
The engagement partner should take responsibility for the
direction, supervision, review, and overall performance of
the audit engagement.
1. Direction
Assistants should be informed of their responsibilities, the
nature of the entity's business, potential problems that may
arise and the detailed approach to the performance of the
engagement.
that
2. Supervision
This involves monitoring the progress of the audit, resolving
accounting and audit issues, and considering the level of
consultation appropriate for the engagement.

E. Human Resources and Assignment 3. Review

The firm should establish policies and procedures designed Work performed by assistants should be reviewed to
to provide it with the reasonable assurance that it has consider whether the audit procedures, evidence and
sufficient personnel with the capabilities, competence, and documentation are appropriate to support the conclusion
commitment to ethical principles necessary to perform the reached.
engagement. Such policies and procedures should address
issues concerning personnel 4. Consultation

· Recruitment The firm should establish policies and procedures that

encourage firm personnel to seek assistance from
· Performance evaluation, compensation and promotion authoritative sources either within or outside the firm.

· Capabilities and competence The engagement partner should

· Career development · Be responsible for the engagement team undertaking

appropriate consultation on difficult and contentious
· Assignment of engagement teams matters.

The engagement partner should be satisfied that the · Be satisfied that members of the engagement team
engagement team collectively has appropriate capabilities, have undertaken appropriate consultation during the course
competence and time to perform the audit engagement in of the engagement, both within the engagement team and
accordance with professional standards, and regulatory and others at the appropriate level within or outside the firm.
legal requirements, and to enable an auditor's report that is
appropriate in the circumstances to be issued. · Be satisfied that the nature and scope of, and
conclusions resulting from such consultations are
F. Engagement Performance documented and agreed with the party consulted.

The firm should establish policies and procedures designed · Determine that conclusions resulting from
to provide it with reasonable assurance consultations have been implemented.

· That engagements are performed in accordance with
professional standards and other regulatory and legal
requirements
· That the audit report issued is appropriate in the
circumstances
5. Engagement Quality Control Review
The firm should establish policies and procedures requiring
an engagement quality control review that provides an
objective evaluation of the significant judgments made and
conclusions reached and formulating the auditor's report.
This requires the engagement partner

· To determine that an engagement quality control

reviewer has been appointed.

· To discuss significant matters arising during the audit

engagement, including those identified during the quality
control review, with the engagement quality control
reviewer.

· Not to issue the auditor's report until the completion of

the engagement quality control review.

The firm should establish policies and procedures setting

out the scope of quality control review, criteria for eligibility
of the reviewer, and documentation of the quality control
review.

6. Differences of Opinion

The engagement team should follow the firm's policies and

procedures for dealing with and resolving differences of
opinion that arise within the engagement team, with those
consulted and, where applicable, between the engagement
partner and the engagement quality control reviewer.

The engagement partner should inform the members of the

engagement team to bring to bring matters involving
differences of opinion to the attention of the engagement
partner or others within the firm as appropriate without fear
of reprisals. The audit report should not be issued until the
matter involving differences of opinion is resolved.

G. Monitoring

The continued adequacy and operational effectiveness of

quality control policies and procedures is to be monitored.
Policies and procedures must be adopted to provide
reasonable assurance that the systems of quality control
are relevant, adequate and operating effectively.