Professional Documents
Culture Documents
SUFFICIENT APPROPRIATE
▪ AMOUNT or QUANTITY of evidence ▪ Measures the QUALITY of evidence
▪ Related terms:
o PSA 550 Quantity
o PSA 530 Size RELEVANCE
o PSA 330 Extent ▪ BEARING on objective
▪ Relationships and considerations: RELIABILITY ▪ Consistent with objective
o More competent, less evidence 1. NATURE of evidence ▪ Timeliness of evidence
o More material, more evidence ✓ Type of procedures
o Riskier, more evidence (HOW?) R&O – records and
o Experience ✓ DIRECT VS. INDIRECT documents (direction of
test)
▪ GENERALIZATIONS: 2. SOURCE of evidence
o Quality, Sufficiency ✓ External vs. Internal EXISTENCE – actual asset
o Poor quality cannot be compensated itself
by the amount of evidence
G DIRECT INDIRECT
E ▪ First-hand ▪ Inquiry (internal)
o Inspection, Observation, ✓ Valid
N
Recalculation, Reperformance ✓ Frequently used
E
R EXTERNAL INTERNAL
A
EFFECTIVE INTERNAL CONTROLS INEFFECTIVE
L
I DOCUMENTED ORAL
Z
A Do we accept records and documents as GENUINE? YES
T ▪ With reasonable doubt --- investigate further
Do we authenticate documents? NO
I
▪ Unless there is reasonable doubt
O Do we make legal determination of fraud? NO
N
S ORIGINAL PHOTOCOPIES
ASSERTIONS
C Completeness V Valuation and C Classification and
O Occurrence A Allocation Understandability
C Classification C Completeness O Occurrence & R&O
A Accuracy E Existence C Completeness
C Cut-Off R Rights and Obligations A Accuracy and V&A
TRANSACTIONS BALANCES PRESENTATION & DISCLOSURE
AUDIT PROCEDURES
INQUIRY Seeking information from knowledgeable persons
✓ VALID
✓ INDIRECT
✓ INTERNAL
INSPECTION Of Asset (Existence) – first to address
Of Records and Documents (R&O)
Inventory
Sales Credit Shipping Billing Accounting
control or
Department Deparrtment Department Department Department
warehouse
AUDITOR’S CONCERN:
Approved
Shipping Doc. Sales Invoice ISSUE
Sales Order
CASE 1 R&O
CASE 2 VALUATION
CASE 3 ACCURACY
OTHER ISSUES
CASH SALES No participation of CREDIT DEP’T SMALL INHERENT: No Segregation of Duties
Lower Segregation of Duties ENTITY
TO OFFSET: Active participation of
owner-manager or strict monitoring
known as the COMPENSATING CONTROL.
COLLECTION CYCLE
MAILROOM
MAILROOM ACTIVITIES:
▪ Receives remittance advice (date of payment and balance) and customer
check
▪ Restrictively endorse the check
▪ Prepares list of remittances (if NO remittance advice)
PREVENTIVE CONTROL:
▪ Minimum of two (2) receptionists (JOINT CUSTODY)
ACCOUNTING DEPARTMENT ▪ Remittance advice vs. cash summaries (from treasury)
▪ Updates accounting records
TREASURY DEPARTMENT ▪ Updates cash records, prepares deposit slips, prepares cash summaries,
deposits cash collections
RULES ON DEPOSIT:
✓ At the end of the day OR
✓ Next business day
AUDITOR’S CONCERN
Detection of Prompt Deposits and Lapping Compare RADS. (Remittance Advice; Deposit slips)
Prevent Lapping Direct deposit to bank by customer. (LOCKBOX) This is only
accessible by the bank employees.
CONCEALMENT OF LAPPING THROUGH:
Write-off Scan the journal entries near year-end.
PURCHASING DEPARTMENT ▪ Upon consultation with the Budget, approves the request
Obj: To meet the needs of user ▪ Communication with the vendors; Checks quantity and quality
departments at least possible cost ▪ Prepares list of authorized suppliers
▪ Prepares the PURCHASE ORDER
--- supplier, receiving department, accounting, user department
AUDITOR’S CONCERN:
“Side Agreements” and/or Kickbacks and Bribe
Preventive Control: Competitive Bidding to promote transparency
RECEIVING DEPARTMENT (Warehouse) ▪ Accept incoming deliveries per Approved Purchase Order (should
Obj: Received goods are based on be a BLIND COPY specifically the quantity)
approved purchase order ▪ Counts and checks the goods for BOTH quantity and condition
DSIBURSEMENT CYCLE
ACCOUNTING DEPARTMENT (VOUCHERS) ▪ Receives Statement of Accounts and prepares the VOUCHER
Obj: Payments will be made ONLY to ▪ Prepares VOUCHER PACKAGE (PR, PO, RR, Vendor’s Invoice,
shipments received monthly statements) and daily summary
▪ Prepares CHECKS *
TREASURY DEPARTMENT ▪ Signs the check
✓ General check – 1 signatory (CONTROL: at least two)
✓ Specific check – 2 or more signatories (Higher officer
signs first)
▪ Mails the check (the last who signed mails the check)
▪ Cancels the supporting documents when payment is delivered:
✓ Stamp “PAID”
✓ Write Check No. on Voucher
TIME TICKET
▪ Breakdown of service hours and assignment to specific
jobs
▪ VALUATION
AUDITOR’S CONCERN:
✓ Observe the distribution process. (EXISTENCE)
✓ Overpayment (EXISTENCE)
✓ ABSENT EMPLOYEES --- ask the HR department if the employee
is not a ghost employee
PRODUCTION CYCLE (Materials)
PRODUCTION DEPARTMENT ▪ Prepares MATERIAL REQUISITION SLIP --- document of issuance of raw
materials
▪ Prepares MATERIAL USAGE REPORT --- summarizes the use of materials
FINANCE INVESTMENT
CUSTODY UNISSUED EQUITY AND DEBT ▪ Negotiable certificates --- brokerage account
CERTIFICATES --- Appropriate Internal ▪ Titles to real estates --- safe with entity OR
Official (Secretary) OR independent bank safe deposit box
external custodian
GENERAL CONSIDERATIONS
RULES ON COMMUNICATION
✓ Ask permission from management.
✓ Predecessor agreed yet management refused --- Predecessor
shall inform the successor regarding such refusal.
✓ WHAT TO ASK?
1. Reasons for change of auditors
2. Material disagreements with management
3. Facts that may affect integrity of management
IMPORTANCE:
1. Avoid misunderstanding
2. Document and confirm the auditor’s acceptance of engagement
RECURRING AUDIT:
NO NEED to send new EL UNLESS:
✓ Client misunderstands the objective and scope of audit
✓ Revised or special terms of engagement
✓ Recent change of senior management, BOD, or ownership
✓ Significant change in NATURE or SIZE of client
✓ Legal requirements & pronouncements
AUDIT OF COMPONENTS:
Factors affecting decision to send a SEPARATE LETTER (CLOSIE):
Component Auditor (Who appoints the CA?)
Legal requirements
Ownership by the parent
Separate Audit report is to be issued on component
Independence of component management
Extent of any worked performed by other auditor
LETTERS
REQUIRED? PREPARER SIGNATORY STAGE
ENGAGEMENT Mutual understanding between
AUDITOR
LETTER the auditor and the client YES AUDITOR EARLY
AND CLIENT
MANAGEMENT ▪ Summary of Findings and
LETTER recommendations
▪ Can be used to add requirements NO AUDITOR AUDITOR LATE
but not to remove
DETECTION RISK
AUDIT RISK
RISK OF ➢ It is a function of both the inherent risk and the control risk.
MATERIAL ➢ RMM from fraud is considered as SIGNIFICANT RISK (a risk that requires special
MISSTATEMENTS considerations).
DETECTION RISK ➢ PROCEDURES performed by auditor to reduce audit risk to an acceptable low level
will NOT DETECT misstatement that exists and that could be material.
➢ Generally controlled by auditor
AUDIT RISK ➢ Auditor EXPRESSES an INAPPROPRIATE audit opinion when FS are materially
misstated.
➢ AR = (IR * CR) * DR
➢ Complement of Level of Assurance (user’s confidence) obtained and conveyed
➢ INVERSELY related to Materiality
RISK ➢ Performed to obtain an understanding of entity, its environment, and internal control
ASSESSMENT AND to determine the NET of FAPs
PROCEDURES ➢ On compliance with laws and regulations, auditor shall obtain an understanding of:
▪ Legal and regulatory framework applicable to entity
▪ How the entity is complying with that framework
➢ The depth of overall understanding required by auditor is LESS THAN that possessed
by the management.
➢ To Achieve Efficiency, RAP may be performed concurrently with FAP.
➢ MINIMUM PROCEDURES: Inquiry (of management and others within the entity;
Analytical procedures, Observation, Inspection (of assets and of documents).
Inquiry with TCWG; Internal Audit personnel; Employees; In-house legal counsel
others
UNDERSTANDING ✓ Measurement and review of financial performance
OF ENTITY AND ✓ Nature of incentives
ENVIRONMENT ✓ Objectives and strategies, including related business risks
✓ Selection and application of accounting policies, and reasons for change
✓ External factors (demand competition, etc.)
[
▪ Sets the Scope, Timing, and Direction of audit ▪ MORE DETAILED because it includes the NTE of
(STD) procedures to be performed by ET members
o DIRECTION --- risk based i.e., we only focus on ✓ RAPs
risky areas *Understanding of internal control has a
▪ Guides the development of the audit plan LARGE, HUGE IMPACT on audit program
✓ FAPs
▪ INVOLVED: Key management and key personnel ✓ Other Procedures
▪ DOCUMENTATION: Memorandum
▪ MATERIALITY: Overall materiality (a.k.a. ▪ INVOLVED: All
Preliminary materiality, FS materiality) ▪ DOCUMENTATION: Checklist and Standard Audit
✓ MAXIMUM misstatement that an auditor can Program
tolerate and still conclude that the FS is fairly
presented. (ACCEPTABILITY) Standard Audit Program – list of audit procedures
▪ BASIS: to be performed and contains:
✓ Prior year FS Procedures
✓ Interim FS Objectives
✓ Budgeted FS/ Forecasted FS Assertions
Difference? NOTE: If CR is low, include TOC. But if CR is high,
▪ BENCHMARK – depends on the need of the user. EXCLUDE TOC.
It is usually one of the ff. :
✓ NIBT “common” (for profit-oriented users) ▪ MATERIALITY: Performance materiality which
✓ Total Revenue addresses specific accounts
✓ Total Asset ✓ SMALLEST amount of misstatement that has
✓ Gross Profit an impact on FS. (AUDITABILITY)
✓ Total Current Assets
▪ In some circumstances, auditor may evaluate misstatement as material EVEN BELOW THE
MATERIALITY if it concerns:
a. Misstatement that changes a loss into income (to avoid negative perception)
b. Misstatement that changes income to loss (to avoid taxes or takeover)
c. Misstatement that involves concealment of unlawful transaction
NOTES:
✓ Auditors usually allocate preliminary levels of materiality to BS items rather than the IS items
because BS has fewer items.
✓ A percentage applied to NIBT from continuing operations will normally be higher than that
applied to total revenue.
✓ Auditor shall consider stability of selected base for benchmarks so that materiality would not
fluctuate significantly between annual audits.
✓ Materiality levels maybe revised as audit progresses considering circumstances.
OBJECTIVES OF ENTITY:
1. Prepare RELIABLE financial reports.
2. Have effective and efficient internal controls.
3. Compliance with laws and regulations
4. Safeguarding of entity’s asset
▪ IC systems are designed, maintained, and implemented by: TCWG (oversight), Management (day-to-day
operations), and other personnel (execution).
▪ Auditor is concerned ONLY to matters that are RELEVANT to the FS assertions. (Primary)
INHERENT LIMITATIONS:
a. Cost should not exceed benefits
b. Most IC are directed to routine transactions.
c. Inadequacy of procedures and compliance deterioration.
d. ACCHuCo
Anticipated Transactions
Changes in conditions
Cost-Benefit
Human error / Limitation
Collusion
Override of management
CRIME
CONTROL ACTIVITIES They help ensure that management directives are carried out.
▪ AUTHORIZATION
▪ PERFORMANCE REVIEWS
Relating different sets of date to one another, analyzes the relationships,
investigating, and taking corrective actions.
▪ INFROMATION PROCESSING
Controls are performed to check accuracy, completeness, and
authorization of transactions
▪ PHYSICAL CONTROLS
Encompasses physical security of assets, including adequate safeguards;
authorization for access to computer programs and data files; periodic
counting and comparison with amounts shown on control records.
▪ SEGREGATION OF DUTIES
RISK ASSESSMENT PROCESS It describes management’s actions towards the risks around the entity.
Identify
Assess (significance of risk and likelihood of occurrence)
Manage
CONTROL ENVIRONMENT ✓ Sets the tone of organization, influencing the control consciousness of
people
✓ Includes management’s attitude, awareness, and actions
✓ Strengthened when management maintains culture of honesty and ethical
behavior
ELEMENTS: (CHAMPOI)
Commitment to competence
Human resource policies and practices
Assignment of authority and responsibility
Management’s philosophy and operating style
Participation by TCWG
Organizational structure
Integrity and ethical values
Obtain an understanding of
internal control.
Perform TOC.
▪ Evaluates the effectiveness of the entity’s controls ▪ Detect material misstatements at the assertion
in preventing, detecting, and correcting material level.
misstatements at assertion level.
▪ Regardless of effectiveness of controls, these ARE
▪ NOT REQUIRED especially when controls are ALWAYS PERFORMED.
INEFFECTIVE.
▪ NATURE (MOST IMPORTANT)
▪ Controls that appear to function in the past years ✓ Test of details of balances
and on which auditor wishes to rely in current --- Most effective; Most expensive
year can be tested AT LEAST EVERY THIRD YEAR. ✓ Test of details of transaction
✓ Substantive Analytical procedures
▪ RELIANCE APPROACH --- auditor tests ONLY the --- This is required as RAP but not as FAP.
controls he plans to rely upon --- Least Effective
▪ HOW? Observe the process or people doing the ▪ EXTENT – AMOUNT of evidence needed
process ✓ As RMM increases, the extent increases
IC CR TOC RMM DR ST
IC CR TOC RMM DR ST
▪ US GAAS
✓ Significant deficiency = Reportable Condition
✓ If reportable condition results into a material misstatement in FS, Material Weakness in Internal
Control, should communicate as well regarding such fact.
▪ INDICATORS
a. Ineffective aspects of control environment
b. Absence or ineffectiveness of entity’s risk assessment process
c. Misstatements not prevented, detected, and corrected as discovered by auditor
d. Management’s inability to foresee the preparation of FS
e. Restatement of previously issued FS to reflect correction of MM
AUDIT SAMPLING
100% EXAMINATION SELECTIVE TESTING
ISSUE:
▪ VOIDED DOCUMENTS – the document is present, but audit procedures cannot be applied to the document.
✓ PROPERLY VOIDED – do not automatically consider as error, but replace the sample
✓ NOT PROPERLY VOIDED – considered as ERROR and should not be replaced
▪ MISSING DOCUMENTS – the document cannot be audited simply because of its absence; ERROR
GENERAL APPROACHES
STATISTICAL NON-STATISTICAL
✓ Relies on judgment and mathematics ✓ Relies on PURE JUDGMENT
✓ Gives REASONABLE ASSURANCE ✓ No regard to specific technique
✓ Probability Theory ✓ SUBJECTIVE
✓ “KNOWN CHANCE” of selection ✓ Best Example: HAPHAZARD
✓ OBJECTIVE
✓ Quantified, sufficient, measurable
SPECIFIC APPROACHES
RANDOM TECHNIQUE ▪ Each item has an EQUAL CHANCE of selection
▪ Pre-number Items --- Random Number Generator
ADVANTAGE: Unpredictability
DISADVANTAGE: Costly and time-consuming
STRATIFICATION ▪ STATISTICAL
▪ Can only be applied in substantive tests
▪ Decreases the effect of variance of population; decreases the sample size
▪ More emphasis is given to those items with higher monetary value
▪ Population is divided into groups or strata.
▪ NO INTER-STRATUM projections
DETECTION RISK
✓ Conclusions reached using the sample may ✓ This is about the AUDITOR not the audited.
not be the conclusion that would have been (Fatigue, Error in judgment, Wrong procedure,
reached if the entire population was audited Failure to recognize error)
✓ ONLY risk that can be eliminated ✓ Can be REDUCED through Proper Planning and
Adequate direction, review, and supervision.
POPULATION IC TOC CR DR ST
FS
SAMPLE
POPULATION IC TOC CR DR ST
FS
SAMPLE
Substantive Sampling --- “amounts” ALPHA RISK
VARIABLE SAMPLING
ERROR: Misstatement; Pesos (₱); PROJECTED
POPULATION IC TOC CR DR ST
FS
SAMPLE
POPULATION IC TOC CR DR ST
FS
SAMPLE
✓ Maximum rate of deviations the auditor is willing to accept, without modifying the planned degree of
reliance on internal control.
✓ Rate of deviations the auditor expects to find in the population before testing begins.
✓ Developed from the prior year’s results or through pilot sample
✓ If UNREASONABLY HIGH (exceeding the tolerable deviation rate), OMIT TOC.
STEPS
1. Develop EDR and TDR and usually, TDR > EDR.
NOTE: The difference between the TDR and EDR is the Margin of error (a.k.a. Precision level,
or Allowance for sampling risk).
3. Compare the sample deviation rate (adjusted to margin of error) and the tolerable rate.
ANOMALOUS ERROR
▪ Errors arising from an ISOLATED EVENT that has not recurred other than the specifically identifiable
occasions.
▪ Must be considered together with projected errors to determine the combined effect on balances or
transactions
BLOCK SELECTION
▪ LEAST desirable method because samples may not be representative of the population.
COMPLETING THE AUDIT
SUBSEQUENT EVENTS
ISSUE
MANAGEMENT DID NOT AMEND despite the KNOWN EVENT to auditor.
1. Ask the management to amend the FS.
AGREE
DISAGREE
▪ AUDITOR’S CONCERN:
✓ Obtain SAAE about the appropriateness of management’s use of going concern assumption.
✓ Obtain SAAE about the presence of material uncertainty
▪ Cover the same period as that used by the ▪ Review management’s plans for future actions
management. based on its going concern assessment.
▪ Inquire (ONLY) of management of events beyond
the period assessed. ▪ Gather SAAE TO CONFIRM OR DISPEL whether a
▪ Request management to extend to AT LEAST 12 material uncertainty exists.
MONTHS if management’s assessment covers
less than 12 months ▪ Seek written representations from management
▪ QUALIFY or DISCLAIM AN OPINION if regarding its plans for future action
management refuses to extend its assessment.
▪ MANAGEMENT is the primary source of information about litigation, claims, and assessment.
▪ Auditor CORROBORATES such information through a Letter of Audit Inquiry.
CASES:
✓ Management refuses to give permission --- Q or DO
✓ Lawyer refuses to reply --- Q or DO
✓ Lawyer is unable to estimate the likelihood of unfavorable outcome --- EOM
RELATED PARTIES
▪ MANAGEMENT’S RESPONSIBILITY: Identification and disclosure of related parties and related transactions
▪ AUDITOR’S CONCERN: Obtain SAAE about the identification and proper disclosure by management of
✓ Related parties
✓ Effects of related transactions material to the FS
Auditor shall:
1. Be aware of related parties and transactions because,
✓ Required by GAAP to be disclosed.
✓ May affect the FS
✓ Source of audit evidence affects auditor’s assessment of reliability
✓ Related party transaction may be motivated by other than ordinary business considerations.
2. Check completeness of client-provided information about related parties
3. Consider the adequacy of control procedures over authorization and recording of related party
transactions
4. Be alert for unusual transactions which may indicate the existence of previously unidentified related party
transactions.
5. Carry out procedures which may identify the existence of related party transactions.
Given the nature of RPT, evidence may be limited. Thus, the following procedures may be performed:
✓ Confirming the terms and amount of transaction with RELATED PARTY
✓ Inspecting evidence in the possession of RELATED PARTY
✓ Confirming or discussing information with PERSONS ASSOCIATED with the transaction (e.g., banks)
OMITTED PROCEDURES
▪ Auditor shall assess the importance of omitted procedure.
WRAP-UP PROCEDURES
3. Overall review of the audit engagement and formation of the audit opinion
TITLE
T
▪ INDEPENDENT AUDITOR’S REPORT
a. Emphasizes ethics compliance
b. Distinction from reports issued by others
ADDRESSEE
A
▪ Party for whom the report is prepared
EXTERNAL USERS:
❖ Either BOD or shareholders, or both
❖ Shareholders – ULTIMATE
O
OPINION PARAGRAPH
1. Opening Paragraph
2. Opinion Proper
What to include?
GOING CONCERN
Go ✓ Uncertainty paragraph
✓ May or May Not be present
✓ NOTE: Presence of uncertainty DOES NOT NEGATE the use of going concern, but
such fact shall be DISCLOSED.
Under the OLD standard, this section is addressed under the EOM paragraph.
K
KEY AUDIT MATTER (KAM) PARAGRAPH
✓ Matters of MOST SIGNIFICANCE in the FS.
✓ Selected from matters communicated with TCWG
WHEN? WHY?
1. Required by Law 1. To understand the entity
2. For matters of most significance 2. REQUIRED for Listed Entities
3. Entity’s choice
RESPONSIBILITY PARAGRAPHS
M
MANAGEMENT’S RESPONSIBILITY
EXPLICIT
Under the OLD standard, this section is addressed under the EOM paragraph.
1. FS is in accordance with PFRS
2. Internal Control relevant to FS
3. Going concern ASSESSMENT
A
AUDITOR’S RESPONSIBILITY
Scope paragraph
P Policies and Estimates
O Overall presentation of the FS (IAM RMM; Obtaining SAAE to support opinion)
G Going concern EVALUATION for appropriateness
I Internal Control (required TO CONSIDER NOT TO EXPRESS AN OPINION ON)
S
SIGNATURE
✓ Signature of the CERTIFYING PARTNER
✓ Name of audit firm OR personal name of auditor (SEC requirement) OR BOTH
CERTIFYING PARTNER
▪ ULTIMATELY responsible for the opinion
▪ Should have a COMPREHENSIVE KNOWLEDGE of entity
RULES
▪ Manual
▪ Include:
a. BOA Accreditation No.
b. SEC Accreditation No.
c. TIN No.
d. Privilege Tax Receipt No.
e. License, including secondary licenses
DA
ADDRESS OF THE AUDITOR --- jurisdiction where the auditor practices
✓ SAME SECTION as related report elements – responsibilities address same topics as presented
ADDITIONAL NOTES
DETERMINATION OF KAMs
ABSENCE OF KAMs
✓ The auditor shall include a statement of such fact under the KAM section.
INCONSISTENCY (Other Information Paragraph)
CONTENTS:
a. Identify other information
b. Describe the responsibility for other information: TO READ
▪ LISTED: Read OI obtained and expected to be obtained
▪ NON-LISTED: Only those OBTAINED
TAO
Ba --- OI EOM OM
GoK
MA
ESDA
SUPPLEMENTARY INFORMATION
RULES:
▪ Integral to FS --- covered by auditor’s opinion
▪ Not integral to FS --- shall be presented in a way that sufficiently and clearly differentiates from FS.
Otherwise, ask management to change presentation.
MODIFICATIONS
AND ADDITIONAL COMMUNICATIONS
REASON: PFRS Departure (detected misstatement in FS with knowledge and evidence of auditor)
Material disagreements with the management
QUALIFIED ADVERSE
▪ SILENT ▪ Material AND PERVASIVE
▪ Material ONLY ▪ “So material”
▪ “EXCEPTION OPINION” ▪ “Highly material”
▪ FS, as a whole, is fairly stated
Explanatory paragraph
a. AMOUNT --- Quantify the effects.
b. DISCLOSURE --- Explain how misstated.
c. OMISSION --- present the missing information
in the report and description of the nature of
the information as well.
3. Auditor’s responsibility
REMOVE ARRAMM POGI
REPLACE with ICE
REQUIREMENTS:
1. Would NOT MODIFY the opinion
2. NOT key audit matter (KAM)
EXAMPLES:
1. A note that discloses uncertainty
2. A note for the change in accounting policy
3. A note explanation justifying departure
OTHER MATTER PARAGRAPH ▪ Refers to matter other than those presented or disclosed in the FS
REQUIREMENTS:
1. NOT PROHIBITED by the law or regulation
2. NOT key audit matter (KAM)
EXAMPLES:
1. Prior year FS were not audited.
2. PYFS were audited by other auditor whose report is not presented.
3. PYFS opinion was changes
4. Planned scope
5. Application of materiality
6. Reason of inability to withdraw from a scope-limited engagement.
7. Report is intended to specific users
8. Another set of FS has been prepared in accordance with another GP
framework and auditor has also issued report.
TAO
Ba --- EOM OM
GoK --- OI
MA
ESDA
ADDITIONAL COMMUNICATIONS
CORRESPONDING ▪ Integral part of current FS and are intended to be READ in relation to current period.
FIGURES ▪ Audit report refers ONLY to the CURRENT FS.
AUDITOR’S RESPONSIBILITIES:
1. Obtain SAAE regarding GAAP compliance of the figures.
2. Assess whether:
a. Accounting policies used are consistent
b. Appropriate adjustments and/or disclosures have been made
c. Corresponding figures agree with amounts and other disclosures in prior
period.
RULES ON REPORTING:
1. Comparatives SHOULD NOT be specifically IDENTIFIED.
INCOMING AUDITOR:
1. Indicate:
a. PYFS were audited by another auditor.
b. Type of report issued by predecessor auditor and if modified, the reasons
c. Date of the REPORT
2. If PYFS were not audited, state in the report that THE FIGURES WERE UNAUDITED.
RULES ON REPORTING:
1. Comparatives are SPECIFICALLY IDENTIFIED.
3. PYFS were NOT AUDITED --- incoming auditor shall state such fact in the report
AUDIT PROCEDURES:
✓ Prior period balances were CORRECTLY BROUGHT FORWARD or properly restated,
if appropriate
✓ Appropriate accounting policies were PROPERLY APPLIED
✓ One or more of the following:
a. Review of predecessor’s working paper
b. Evaluation of whether audit procedures performed currently provide evidence
relevant to opening balances
c. Specific audit procedures to obtain evidence regarding opening balances
CONCLUSIONS:
a. Unable to obtain SAAE regarding opening balances --- Q or DO
b. Opening balances contain material misstatement --- Q or A
c. Accounting policies were not consistently applied --- Q or A
d. Modification in PYFS remains relevant and material to current --- modify
accordingly
ISSUE
▪ Expert’s findings result to modification --- NO REFERENCE to expert name but REFER
to the expert’s findings
▪ Expert’s work does not provide SAAE or not consistent with other evidence
a. Discuss with the entity and the expert
b. Apply additional procedures, including possible engagement of another expert
c. Modify auditor’s report
▪ OWNERSHIP:
✓ Personal property of auditor.
✓ Client may use it as reference but should NOT be a substitute for client’s records.
▪ AUDIT FILE/ARCHIVE: Collection of documentation shall be assembled within 60 DAYS after the date of the
report
▪ RETENTION: for PSA purposes --- 5 YEARS; For SEC ---- 7 YEARS
▪ CLASSIFICATION:
o Permanent file – has CONTINUING significance in recurring audits [EXAMPLES: Sticky Notes]
o Current file – significant ONLY for a particular year [EXAMPLES: Sticky Notes]
AUDITOR’S RESPONSIBILITIES:
1. Obtain SAAE that accounting estimate is PROPERLY ACCOUNTED AND DISCLOSED.
2. Obtain SAAE that accounting estimate is REASONABLE
MISSTATEMENT
FRAUD (irregularity)
✓ Intentional act and concealed
✓ Auditor is concerned with those fraudulent acts causing MM to the FS.
TYPES OF FRAUD
1. Misappropriation of Assets (MOA) FRAUDSTERS
▪ Theft of entity’s actual assets or information 1. Employee
▪ Employee fraud 2. Management
3. BOD
2. Fraudulent Financial Reporting (FFR) 4. Third parties
▪ Related to the FS intended to deceive the users
▪ Management fraud
RULES
1. Responsibility to for detection of fraud and error are essentially the same.
2. Chance of detection
▪ Error > Fraud
▪ Employee fraud > Management fraud
3. COMMUNICATION
✓ Material or immaterial DETECTED fraud.
✓ To an officer ONE LEVEL HIGHER than the one who commit the fraud
4. OPINION
✓ Material fraud ONLY
✓ If corrected, do not include such fact in the report.
FRAUD RISK FACTORS – red flags; present in times of fraud but their presence DOES NOT automatically mean
fraud exists.
1. Pressure/ Incentives
✓ “force” or “benefit”
2. Opportunity
✓ “chance” because of position or inadequacies of controls
3. Attitude or Rationalization of Act
✓ Related to the control environment and/or culture
ISSUE
❖ Too personal fraud risk factors such as financial stress of employees and/or adverse relationship
between management and employee.
o RULE: Auditor DOES NOT PLAN audit to discover them but when encountered, CONSIDER!
RULES
▪ Regardless of materiality, it SHALL BE COMMUNICATED.
▪ After communication, is there an action?
o YES – edi wow
o NO – Management’s integrity and its representations become QUESTIONABLE. Thus, WITHDRAW.
ADDITIONAL NOTES
CODE OF ETHICS
According to R.A. 9298, a CPA is an individual who holds
Valid Certificate of Registration (COR) ▪ Issued by BOA
▪ Admission to profession
▪ Lifetime
PROFESSION
International Ethics
IFAC IESBA Standards Board for
Accountants
SECTORS
▪ ACPAE – academe
▪ ACPACI – commerce and industry
o OLD: Employed professional accountants
o NEW: Professional accountants in business
▪ ACPAPP – public practice
▪ GACPA – Government association of CPAs
CODE OF ETHICS?
A set of concepts and principles that guide us in determining what behavior helps or harms an individual
and/or the society.
PURPOSE: A purpose of reflecting the accountancy profession’s recognition of its public interest responsibility.
FUNDAMENTAL 1. Professional Behavior – Avoid discreditable acts to the profession
PRINCIPLES PICPO ▪ Engagement-related issue
▪ Referral is allowed but referral with a fee (commission) is not allowed.
▪ Publicity refers to communication of FACTS to the public.
✓ Anniversaries --- every 5 years
▪ Advertising is a communication of SERVICES to the public and is allowed if:
✓ Tasteful, Truthful, Substantiated (with proof), Not disparaging to
others, Not involved in solicitation (personal offer of service)
3. Confidentiality
✓Applies to SENSITIVE information
▪ Information gathered from prior work experience are allowed to be
disclosed.
✓FOREVER
✓Applies to social environment
ALLOWED DISCLOSURES
1. with management’s permission
▪ communication with predecessor auditor
▪ use of predecessors’ working paper (permanent file)
RULES
1. Follow the entity’s internal policies. (HR department)
2. If not resolved, talk to immediate supervisor or the next level of
superior.
3. Seek independent legal advice on confidential basis – permitted to
disclose and there is NO NEED to ask for management’s permission
4. RESIGN
DUE CARE
✓Act diligently in accordance with applicable technical and professional
standards.
✓Exercise of caution in performance of engagement
5. Objectivity
– free from bias, conflict of interest or undue influence of others.
CONCEPTUAL The PA shall apply the framework to identify, evaluate and address threats to
FRAMEWORK compliance with the fundamental principles.
INTERNATIONAL Established for audit, reviews, and other assurance engagements regarding threats to
INDEPENDENCE independence specific to these engagements.
STANDARDS
STRUCTURE PART 1: Complying with the Code, Fundamental Principles & Conceptual Framework
PART 2: Professional Accounts in Business (PAIBs)
PART 3: Professional Accountants in Public Practice (PAPPs)
PART 4A: Independence for Audit and Review Engagements
PART 4B: Independence for Assurance Engagements other than Audit and Review
Engagements
THREATS TO INDEPENDENCE
SELF – INTEREST Deals with financial or other interest that affects a PA’s judgement or behavior.
THREAT a. Fees (Questionable)
b. Fear of disengagement
c. Possible employment
d. Close-business relationship
LOANS
GR: Not allowed
Safeguards
Non-financial
Financial institution
institution
Members of audit
Under normal
team (always Immaterial
lending conditions
material)
Under normal
lending conditions
Audit firm Immaterial
and the amount is
immaterial
INVESTMENT
Network
Client Service Members Firm
Firms
SELF – REVIEW Not appropriately evaluating the results of a previous judgment made or simply
THREAT re-evaluation of previous work.
ISSUES
1) Two or more services for one client
▪ GR: No threat
▪ Exception
Service 1 Assurance Audit Audit
Service 2 Subject matter of assurance FS Installation
FAMILIARITY THREAT Due to long or close relationship with the client, PA will be too sympathetic to
their interests.
A. Family
a. Immediate family member (Spouse and dependent child)
b. Close family member (Parents, sibling, non-dependent child)
B. Familiar
a. From the audit firm to the client (resigning employee)
b. Long association of client
▪ LIMIT: 5 YEARS
▪ MAY RETURN: AFTER 2 YEARS
c. Gifts and Hospitalities
Generally, it is NOT ALLOWED unless clearly trivial.
ADDITIONAL NOTES
ANALYTICAL PROCEDURES
PSA 520 requires the auditor the use of analytical procedures in planning and overall review stages of audit.
STEPS
1. PYFS
Develop expectations regarding the PAINT 2. Anticipated results (budgets)
financial statements. 3. Industry averages
4. Non-financial information
5. Typical relationships among
Compare the expectattions with the FS balances
financial statements under audit.
Overall Review ▪ To identify unusual fluctuations that were not identified in planning and testing
phases
▪ To confirm conclusions reached
INDEPENDENCE
▪ Maintenance of independence
✓ Communicate the independence requirements
✓ Identify threats and take appropriate actions to eliminate or reduce them
to acceptable level through safeguards OR if appropriate, withdraw
Requires:
o Engagement partners to provide relevant information regarding client
engagements
o Personnel to promptly notify firm of threats to independence
o Accumulation and communication of relevant information
To determine whether independence requirements is satisfied
To maintain and update independence records
To take appropriate actions against identified threats
INTEGRITY
Consider:
✓ Identity and business reputation of PO-KM-RP-TCWG
✓ Nature of operations and business practices
✓ Aggressive interpretation of accounting standards and IC environment
✓ Aggressive maintenance of firm’s fee as low as possible
✓ Indications of inappropriate limitations
✓ Indications of money laundering or other criminal activities
✓ Reasons for appointment of firm and non-reappointment of previous firm
Obtained from:
✓ Communications with existing or previous providers of professional
accountancy services and other third parties
✓ Inquiry of other firm personnel or third parties
✓ Background searches of relevant databases
COMPETENCE
✓ Review specific requirements of engagement and existing partner and staff at
all relevant levels
Consider:
✓ Knowledge of relevant industries or subject matters
✓ Experience with relevant regulatory or reporting requirements; ability to
gain necessary skills and knowledge effectively
✓ Sufficient personnel with necessary capabilities and competence
✓ Experts’ availability
✓ Engagement Quality Control Reviewer is available
✓ Ability to complete the engagement within a deadline
HUMAN RESOURCES ▪ Sufficient personnel with necessary capabilities, competence, and commitment
to ethical principles
▪ The firm shall emphasize the need for continuous training and provide the
necessary resources and assistance for such trainings.
▪ External persons may be used to provide the necessary resources if not
available or for other reasons.
PERFORMANCE EVALUATION
1. The firm shall:
o Make personnel aware of firm’s expectations
o Provide evaluation and counseling to personnel
o Promotion and disciplinary actions depend on quality of performance and
compliance to ethical principles
ENGAGEMENT ▪ Engagements are performed in line with professional standards and regulatory
PERFORMANCE and legal requirements.
▪ Appropriate reports are issued
▪ Establish consistency in quality of engagement performance through guidance
materials
▪ All members of the team understand the objectives of their work.
Review
More experienced members including the engagement partner review
the work of the less experienced members
DIFFERENCES OF OPINION
▪ Conclusions reached should be documented and implemented.
▪ The report should not be issued until the matter is resolved.
▪ Consulting with another practitioner or firm or professional or regulatory
body
EQCR
▪ Provides an objective evaluation of significant judgments made by the
engagement team and conclusions reached
Require EQCR for all audits of listed entities
Set out criteria for others whether to subject them to EQCR
➢ Require EQCR for all engagements meeting such criteria
▪ Set out:
NTE of EQCR
Criteria for eligibility of EQCR
Documentation requirements for EQCR
MONITORING ▪ SQC are relevant, adequate, operating effectively and complied with in practice.
*refer to REO Handouts 14 ▪ Performed by competent individuals and covers both the appropriateness of
for specific details design and effectiveness of the operation of the system quality control.
▪ Ongoing consideration and evaluation of SQC (see REO Handouts 14)
ADDITIONAL NOTES
A deficiency in the firm’s SQC does not indicate that a particular audit engagement was not performed
accordingly, nor the report was inappropriate.
SPECIAL REPORTING
PSA 800: Special Considerations – Audit of FS prepared in accordance with SPECIAL PURPOSE FRAMEWORKS
Special purpose framework – designed to meet the needs of SPECIFIC users and
can either be a fair presentation or a compliance framework.
SPECIAL PURPOSE Tax basis of accounting; cash receipts and disbursements basis of accounting;
FRAMEWORKS financial reporting established by regulator (SEC, IC, BSP); financial reporting of
a contract
DESCRIPTION OF ✓ Describe the purpose and if necessary, the intended users OR refer to the notes
APPLICABLE FINANCIAL for such information.
REPORTING FRAMEWORK
(auditor’s report) ✓ If management has a choice of FRF, management steps in determining that the
financial reporting framework is acceptable in the circumstance
PSA 805: Special Considerations – Audit of Single FS and Specific Elements, Accounts, or Items of an FS
FORMING AN OPINION ▪ Apply PSA 700 and when applicable apply PSA 800 as necessary in the
AND REPORTING circumstance.
CONSIDERATIONS
RULES
a. Audit of a single FS or a specific element MAY BE PUBLISHED TOGETHER
with entity’s complete set of FS.
ENGAGEMENT Accept ONLY if the same auditor has audited the FS from which the summary is
ACCEPTANCE derived.
ELEMENTS TITLE: Need to be appropriately titled and to be read in conjunction with the
most recent audited FS
STATEMENT: Summary FS do not contain all the disclosures required and the
auditor’s report thereon is not a substitute for reading the audited FS and
auditor’s report thereon.
NOTE: Engagement conducted in accordance with such law DOES NOT COMPLY with ISA. Thus, the
auditor’s report SHALL NOT INDICATE that it was in accordance with the ISA.
REFERENCE TO
i. Qualified Opinion (ISA 705) ✓ State in the auditor’s report the inclusion of
AUDITOR’S REPORT ON
ii. EOM or OM (ISA 706) such matter.
AUDITED FS
iii. Material Uncertainty on GC ✓ Describe:
(ISA 570) o The basis of qualified opinion on audited
iv. Communication of KAM FS and effect on summary FS
(ISA 701) o The matter referred to EOM, OM, OR MUGC
v. Statement of uncorrected and effect on summary FS
material misstatement and o Uncorrected MM of other information and
others (ISA 720) effects on the summary FS
RESTRICTION ON When there is restriction or that the report on audited FS alerts the users, include
DISTRIBUTION OR USE similar restriction or alert in the report on summary FS.
OR ALERTING READERS
ADDITIONAL NOTES
AUDITING IN CIS
CHARACTERISTICS OF CIS
✓ LACK OF VISIBLE TRANSACTION TRAILS – Data can be entered into the computer system without
supporting documents.
✓ CONSISTENCY OF PERFORMANCE – Clerical errors are eliminated. However, an incorrect program could
be very devastating because of consistent erroneous data processing.
✓ EASE OF ACCESS TO DATA AND COMPUTER PROGRAMS – Can be accessed and altered by unauthorized
persons with no visible evidence.
✓ SYSTEM GENERATED TRANSACTIONS – Initiated by the CIS itself without input document. (Interest
computation)
✓ VULNERABILITY OF DATA AND PROGRAM STORAGE MEDIA – Can be easily changed having no trace of
original content. This may happen inadvertently and ma result into loss of huge amount of information.
SEGREGATION OF DUTIES
a. CIS department vs. User department
✓ CIS department shall be independent BOTH from the provider of
input data and user of output data
✓ Function of CIS department: To process transactions
✓ All changes in computer files must be initiated and authorized by the
USER DEPARTMENT
ACCESS CONTROLS To ensure that access is limited only to authorized personnel. (passwords)
HARDWARE CONTROL
a. Diagnostic routines
b. Boundary protection
c. Periodic maintenance
DATA RECOVERY AND Maintenance of back-up files and off-site storage procedures.
PROCEDURAL CONTROLS
PROCESSING CONTROLS
a. Written manual of systems and procedures for all computer operation
b. Back-up and recovery
✓ Grandfather-father-son principle on file retention – three generations
of master files and transaction files
✓ Snapshots – daily picture (copy) of data files and retained until weekly
file is prepared, until monthly file is created, until annual file is created.
Audit software routines are embedded at different points in the
processing logic.
c. Contingency processing
✓ Reciprocal agreement / Mutual aid impact
✓ Internal site
✓ Hot site --- already installed with equipment (not in the premises)
✓ Cold site --- ready for equipment to be brought in
d. File Protection Rings – this controls operator error by writing data on tapes
containing critical information
e. Internal and External Labels – identification of files
APPLICATION CONTROLS
(Related to the specific use of the system)
CONTROLS OVER INPUT Designed to provide reasonable assurance that:
▪ Transactions are properly authorized before processed by computer
▪ Transactions are accurately converted into machine readable form and
recorded in the computer data files
▪ Transactions are not lost, added, duplicated, or improperly changed
COMMON CONTROLS
a. Key verification – data are entered twice (by different operators)
b. Limit check – uses predetermined upper and lower limit
c. Validity test – comparison of data against a master file or table of accuracy
d. Self-checking digit – used to detect transpositional error; contains
redundant information permitting accuracy check
e. Completeness check (Missing data check) – processing will not continue
unless all data required are supplied
f. Menu driven input – contains a set of menu or Q&A that guides the user
g. Field check – proper character is supplied in each field (Numeric only, etc.)
h. Field size check – data supplied is within the number of digits or string of
characters required
i. Logic tests – rejects illogical or inconsistent data
j. Control totals
Record Count (item count) – number of items being input in a given
batch
Financial total – total of the amount of all items in a batch
Hash total – total of one field of information of all items in a batch that
has no intrinsic meaning (e.g., total of voucher numbers)
✓ The effectiveness of the general CIS is essential to the effectiveness of CIS application controls.
✓ It is MORE EFFICIENT to review general controls first before the application controls.
AUDITING WITH THE COMPUTER The auditor uses the computer as an audit tool.
AUDITING THROUGH THE COMPUTER ▪ Examines DIRECTLY the computer and its system and application
software using CAATs
▪ WHITE BOX APPROACH
PROGRAM ANALYSIS
CODE REVIEW Actual analysis of logic of program’s processing routines
FLOWCHARTING SOFTWARE Produce flowcharts that may be used in both the mainframe and
microcomputer environments
PROGRAM TRACING AND Allow auditor to recognize logic sequence or dormant section of code that may
MAPPING be a potential source of abuse
PROGRAM MAPPING – identifies sections of code that can be entered and thus
are executable
PROGRAM TESTING
TEST DATA ▪ Conducted on a surprise basis
▪ Utilizing client’s software to process both valid and invalid transactions
▪ Client’s software should detect all exceptions planted in auditor’s test
data to conclude that controls are effective
INTEGRATED TEST FACILITY (ITF) ▪ Dummy transactions are built into the system during the original design
Integrated Test Data ▪ Integrates fictitious and actual data without management’s knowledge
Minicompany Approach ▪ Incorporates a simulated or subsidiary into accounting system for the
sole purpose of running test data through it
NOTE: Test each control only once. Problems that may be encountered:
➢ Ascertaining that test data is not included in client’s accounting records
➢ Determining if program tested is actually used by client
➢ Adequately developing test data for every possible control
➢ Developing adequate data to test key controls may be extremely time-
consuming
LIMITATIONS
✓ Time-consuming for creating auditor’s software
✓ Incompatibility of audit and client’s software
✓ Tracing differences between two set of outputs to differences in
programs may be difficult
✓ Time involved in processing large quantities of data
CONTROLLED REPROCESSING ▪ A variation of parallel simulation that instead of using generalized audit
software, the auditor uses a copy of client’s application program
LIMITATIONS
✓ Copy of the program is identical to the currently used by client
✓ Keeping current with changes in program
✓ Time involved in processing large quantities of data
CONTINUOUS (CONCURRENT) TESTING
Utilizes EDI which sometimes do not retain permanent audit trails thus requiring capture of audit data
EMBEDDED AUDIT MODULES ▪ Program routines incorporated into an application program
designed to perform audit function (calculations) or logging activity
▪ Used to select client data for subsequent testing and analysis
SYSTEM CONTROL AUDIT REVIEW FILES ▪ Created by embedded audit module used to collect information into
(SCARF) a special computer file for subsequent review and analysis
▪ Selects type of transactions
EXTENDED RECORDS ▪ Attaches additional data that would not otherwise be saved to
regular historic records and thereby helps to provide a more
.
complicated trail
LIBRARY MANAGEMENT SOFTWARE Logs changes in programs, program modules, job control
language, and other processing activities
ACCESS CONTROL AND SECURITY SOFTWARE ▪ Supplements physical and control measures related to
computer
▪ Helpful in online environments or in systems with data
communications
.
AUTOMATED WORKING SOFTWARE ▪ Generate trial balances, lead schedule, or other workpapers useful to
audit
ADDITIONAL NOTES
ADDITIONAL CONCEPTS
EXTERNAL CONFIRMATIONS
✓ Direct written response from the third party to the auditor in paper form (electronic or other medium)
✓ May be used in: PIABALITA
Property title deeds held by lawyers or Loans from lenders
financiers for safe custody
Investments purchased from stockbrokers Inventories held by third parties at bonded
but not delivered at reporting date warehouses
Absence of certain conditions (side Terms of agreements or transactions with
agreements) third parties and details of modifications
Bank balances and other information from AP balances
banks
AR balances
As to availability of sources
Available ONLY to outside entity Available within and outside the entity
ADDITIONAL NOTES
PSA TITLE
200 Overall Objective of the Independent Auditor and the Conduct of an Audit in
accordance with PSA
210 Agreeing the terms of Audit Engagements
220 Quality control for an Audit of FS
230 Audit Documentation
240 Auditor’s Responsibilities relating to Fraud in an Audit of FS
250 Consideration of Laws and regulations in an Audit of FS
260 Communication with TCWG
265 Communicating Deficiencies in Internal Control to TCWG and Management
600 Special Considerations – Audit of Group FS, including the Work of Component
Auditors
610 Using the Work of Internal Auditors
620 Using the Work of an Auditor’s Expert