Professional Documents
Culture Documents
Auditing Theory Concepts
Auditing Theory Concepts
AND PROBLEM
CONCEPTS
May 23 2023
AUDITING THEORY CONCEPTS
INTRODUCTION TO ASSURANCE ENGAGEMENTS
Auditing and Assurance Standards Council (AASC). The body authorized to establish
generally accepted auditing standards (GAAS) in the Philippines. AASC pronouncements are
mainly adopted from the pronouncements by the International Auditing and Assurance
Standards Board (IAASB).
The following comprises the AASC’s engagement standards:
a. Philippine Standards in Auditing (PSAs) - are applied in the audit of historical
financial information.
b. Philippine Standards on Review Engagement (PSREs) - are applied in the review
of historical financial information.
c. Philippine Standards on Assurance Engagement (PSAEs) - are applied in assurance
engagement other than audits and reviews of historical financial information.
d. Philippine Standards on Related Services (PSRSs) -
Philippine Auditing Practice Notes (PAPNs). PAPN No. 001 was issued in 2020 to guide
audit practitioners in considering the impact of COVID-19 pandemic in their audits of
financial statements in accordance with PSAs.
Philippine Standards on Quality Control (PSQCs). Issued to be applied for all services
falling under the AASCs engagement standards.
ASSURANCE ENGAGEMENT
An engagement in which a practitioner aims to obtain sufficient appropriate evidence in
order to express a conclusion designed to enhance the degree of confidence of the
intended users.
The practitioner must maintain his independence.
Classified in two dimensions:
A. Either Reasonable assurance engagements or Limited assurance
a. Reasonable assurance engagement
the practitioner reduces assurance engagement risk to an acceptably low level
as a basis for the practitioner’s conclusion
conclusion is expressed in the positive form that conveys practitioner’s
opinion on the subject matter information
An AUDIT is a typical example of a reasonable assurance engagement.
The Philippine Framework for Assurance Engagements mentions the following elements
of an assurance engagement:
A. A three-party relationship involving a practitioner, a responsible party, and intended
users.
Practitioner - Auditor (firm)
Responsible party - Management and Those Charged with Governance (TCWG)
Intended users - Client Entity (Shareholders -listed and Partners/Proprietor-non
listed)
B. An appropriate underlying subject matter.
C. Suitable criteria
D. Sufficient appropriate evidence.
E. A written assurance report in the form appropriate to a reasonable assurance
engagement or a limited assurance engagement.
NON-ASSURANCE ENGAGEMENT
Engagement frequently performed by CPA’s that do not provide any assurance.
Independence is not required of a practitioner when performing non-assurance
engagements.
A. Related Services. Include agreed-upon procedures engagement and compilation of
financial or other information.
B. Preparing of tax returns where no assurance is expressed,
C. Consulting or advisory engagements. Two-party contracts designed to provide
advice to clients to achieve their goals.
Independence
Threats to Independence:
A. Self Review.
B. Self Interest.
C. Advocacy.
D. Familiarity.
E. Intimidation.
Assurance engagement risk. Is the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
Auditing.
Assertions (SMR&FS) - are representation which are inherent in management
representing that the financial statement are prepared in accordance with the
applicable financial reporting framework.
objectively obtains and evaluates evidence regarding assertions such as Financial
Statement (FS) and Statement of Management Responsibilities (SMR).
communicating results to intended users.
from the Latin word “AUDIRE” which means “to hear”.
Securities and Exchange Commission (SEC) - mandatory reportorial requirement.
Audit of FS - gross annual sales, earnings, receipts or output must exceed 3,000,000.
BIR Bureau of Internal Revenue may impose penalty upon failure.
ACCOUNTING VS. AUDITING
Prepare FS for decision making Make sure FS is reliable for intended users
General Principles governing an audit. According to PSA 200 (Revised and Redrafted), the
auditor should:
Comply with the ethical requirements of the International Code of Ethics for
Professional Accountants, including International Independence Standard
relating to audit engagement.
Conduct an audit in accordance with Philippine Standards on Auditing (PSAs).
Exercise professional judgement in planning and performing an audit of financial
statements.
Obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably
low level and to reach reasonable conclusion on which to base the auditor’s opinion.
Types of Audit
Nature of Assertion/Data
A. Financial Statement Audit
B. Operational Audit
C. Compliance Audit
Types of Auditor
A. Independent or External Audit
B. Internal Audit
C. Government Audit
Depending on particular circumstances
A. Forensic audit
B. Quality Audit
C. Social Audit
D. Tax Audit
E. Environment Audit
F. Information System Audit
G. Non-statutory Audit
H. Follow-up Audit
AUDIT PROCESS:
I. Pre-Engagement Procedures
Performed to assist the auditor in deciding whether to accept or reject an audit
engagement.
The auditor must consider his competence, independence, and ability to serve the
client properly, and the integrity of the prospective client’s management.
Client acceptance - meeting of minds of the practitioner and the client.
Preliminary Planning Activities involve:
A. Establishing whether the preconditions for an audit are present.
B. Confirming that there is a common understanding between the auditor and
management including TCWG of the terms of the audit engagement.
C. Performing procedures regarding the acceptance and continuance of the client
relationship and the specific audit engagements.
D. Evaluating compliance with relevant ethical requirements in accordance with
the International Code of Ethics for Professional Accountants, including
Independence Standard.
Preconditions for an Audit:
A. Determine whether the financial reporting framework to be applied in the
preparation of the financial statements is acceptable.
B. Obtain the agreement of management that it acknowledges and understands its
responsibility.
Predecessor Auditor. Refers to the auditor who was previously the auditor of an
entity and who has been replaced by an incoming auditor.
Successor Auditor. Is the auditor who is considering to accept an engagement to
audit financial statements or an auditor who has accepted such engagement.
Audit Engagement letter. Defines the legal relationship between a professional
firm (or auditor) and its client (s). It documents and confirms the auditor’s
acceptance of the appointment.
II. Audit Planning
The auditor should consider the following matters during the planning stage:
A. The analytical procedure to be applied as risk assessment procedures.
B. The legal and regulatory framework applicable to the entity and how the entity
is complying with that framework.
C. The determination of materiality
D. The involvement of experts and internal auditors.
E. The performance of other risk assessment procedures.
Overall Audit Strategy. Sets the scope, timing and direction of the audit and guides
the development of the audit plan.
Audit Plan. After the overall audit strategy has been established, the auditor should
develop and document an overall audit plan to describe the detailed scope and conduct
of the audit.
An auditor plan should be able to describe the following matters:
A. The nature, timing and extent of planned risk assessment procedures.
B. The nature, timing, and extent of planned further audit procedures (e.g., test of
controls and substantive procedures).
C. Other planned audit procedures that are required to be carried out so that the
engagement complies with PSAs.
Concept of Materiality. The auditor’s determination of materiality is a matter of
professional judgement. Information is Material if its omission or misstatement,
individually or in aggregate, could be reasonably be expected to influence the
economic decision of users.
A. Overall materiality (Materiality for the financial statements as a WHOLE.
B. Specific Materiality (Materiality applied to PARTICULAR classes of
transaction, account balances or disclosures.
C. Performance Materiality (LESS than the overall materiality)
Audit Risk (AR). Refers to the risk that the auditor expresses an inappropriate audit
opinion when the financial statements are materially misstated. Audit risk is a function
of the following components:
A. Risk of Material Misstatement (RMM)
Inherent Risk (IR) - susceptibility an assertion about a class of transaction,
account balances or disclosure to a misstatement that could be material,
either individual or aggregated, before considering of any related controls.
Control Risk (CR) - risk that misstatement that could occur in an assertion
about a class of transaction, account balances or disclosure to a
misstatement that could be material, either individual or aggregated, will be
prevented, or detected and corrected, on a timely basis by the entity’s
control.
B. Detection Risk (DR) - risk that a material misstatement that has occurred will
not be detected by the auditor.
So, Audit Risk Model:
AR = IR x CR x DR AR = RMM x DR
Audit Risk and Materiality - Inverse Relationship
Audit Risk Materiality
↓ ↑
↑ ↓
Substantive Procedure. Are procedures designed to detect material misstatements in
the financial statements. There is an inverse relationship between the acceptable level
of detection risk and the assurance provided from substantive procedures.
PSA 315 (Revised 2019) requires auditors to identify and assess the risks of material
misstatement in order to determine the nature, timing, and extent of further audit
procedures necessary to obtain sufficient appropriate audit evidence.
RMM exists when there is a reasonable possibility of:
A. A misstatement occurring (e.g., its likelihood)
B. Being material if it were to occur (e.g., its magnitude)
Identification of RMM is performed before consideration of any controls (e.g.,
inherent risk), and is based on the auditor’s preliminary consideration of
misstatements.
Significant class of transactions, account balance or disclosure - pertains to a
class of transactions, account balance or disclosure for which there is one or more
relevant assertions.
Assertions may fall into the following categories:
A. Assertions about classes of transaction and events, and related disclosures, for
the period under audit: Occurrence, Completeness, Accuracy, Cutoff,
Classification
B. Assertions about account balances, and related disclosures, at the period end:
Existence, Completeness, Rights and Obligation, Valuation and Allocation
C. Assertions about presentation and disclosure: Occurrence and Rights and
Obligation, Completeness, Classification and Understandability, Accuracy
and Valuation
Two level of RMM:
1. Financial Statement Level. RMM is pervasive to the FS as a whole and
potentially affect many assertions.
The auditor’s overall responses are designed to address the assessed
RMM at the FS level. It may include:
a. Emphasizing to the audit team the need to maintain professional
skepticism.
b. Assigning more experienced staff or those with special skills or
using experts.
c. Changes to the nature, timing and extent of direction and supervision
of members of the engagement team and the review of the work
performed.
d. Changes to the overall audit strategy or planned audit procedures,
and may include changes to:
The auditor’s determination of performance materiality.
The auditor’s plan to perform test of controls.
The nature, timing and extent of substantive procedures.
4. Assertion Level. RMM that do not relate pervasively to the FS. They are
risk that the FS assertions or amounts are materially misstated prior to
audit.
Auditor’s assessment of RMM at the assertion level consist of two
components: Inherent risk and Control risk.
The auditor may choose between using two general approaches to
address the assessed RMM at the Assertion level:
a. Substantive approach - emphasizes on substantive procedure.
b. Combined approach - uses test of controls as well as substantive
procedure.
Internal Control Preliminary Acceptable Level Auditor’s Response Approach
Assessment of of Detection Risk Perform Perform of
Control Risk Test of Substantive
controls procedure
Yes (at year
end, more
Bad High Low No effective & Substantive
more
extensive)
No (at
interim, less
Good Low High Yes effective & Combined
less
extensive)
Designing and performing further audit procedures whose nature, timing, extent
are based on and are responsive to the assessed risks of RMM at the assertion level
provides a clear linkage between the auditor’s further audit procedures and the risk
assessment.
Nature of further audit procedure. Refers to its purpose (test of controls or
substantive procedure) and its type (inspection, inquiry, observation, confirmation,
etc.).
Timing of further audit procedure. Refers to when such procedures is performed, or
the period or date to which the audit evidence applies. The higher the RMM , the
more likely the auditor may perform substantive procedures nearer to, or at, the
period rather than at an earlier date, or to perform audit procedure unannounced
basis.
Extent of further audit procedure. Refers to the quantity to be performed (number of
samples to be examined). The extent of an audit procedures judged necessary is
determined after consideration of materiality, the assessed risk, and the degree of
assurance the auditor plans to obtain.
Analytical Procedure at Completion stage of the audit. Assist the auditor informing
an overall conclusion as to whether the financial statements are consistent with the
auditor’s understanding of the entity.
Related parties. If one party has the ability to control the other party the ability to
exercise significant influence over the other party, or has a joint control over another
entity.
Related party transaction (RPTs). involves a transfer of obligation between related
parties, regardless of whether a price is charged.
Auditor’s responsibility to RPTs:
A. Perform audit procedures to identify, assess and respond to the RMM arising from
the entity’s failure to appropriately account for or disclose related party relationships,
transactions or balances.
B. Obtain an understanding of the entity’s related party relationships and transactions
sufficient to:
Be able to conclude whether the financial statements achieve fair presentation
or are not misleading.
Evaluate whether one or more easily committed through related parties.
Auditor’s responsibility to entity’s litigations and claims:
A. Making appropriate inquiries of management including obtaining representations.
B. Reviewing board minutes of meeting and correspondence with the entity’s external
lawyer.
C. Examining legal expense accounts.
D. Using any information obtained regarding the entity’s business including
information obtained from discussions with any in-house legal department.
Moreover, the auditor may seek direct communication with the entity’s
external lawyer through a letter of inquiry.
Letter of Inquiry. Corroborates the information furnished by management about
litigation, claims and assessment. It should be prepared by management but sent by the
auditor and request the client’s external lawyer to communicate directly with the auditor.
Subsequent Events. Are events occurring between the date of the financial statements
and the date of the auditor’s report, and facts that become known to the auditor after the
date of the auditor’s report. Two types:
A. Type 1 Subsequent Events. They relate to conditions existing at the end of the
reporting period that are inherent in the process of preparing financial statements.
These events require adjustments to the FS.
B. Type 2 Subsequent Events. They relate to conditions that do not exist at or before
the day of the financial statements, but are disclosed because they may be such
significance that the financial statements would be misleading if the events are not
disclosed.
Management Representation letter. Is a letter written by the management to the
auditor confirming all the representation made to him during the course of his audit.
The purpose of the management representation letter is to emphasize the the FS
are the management’s representation, and thus management has the primary
responsibility for its accuracy.
Auditor’s report. Is medium (in a form of letter) through which a independent auditor
expresses his own opinion or disclaim an opinion. Must be made in writing, or may be
issued in hard copy, or using an electronic medium.
Auditor’s opinion:
A. Unmodified or unqualified opinion
Concludes that the financial statements are prepared, in all material respect, in
accordance with the applicable financial reporting framework.
Concludes that, based on the audit evidence obtained, the financial statements
as a whole are free from material misstatement.
Is able to obtain sufficient appropriate audit evidence to conclude that the
financial statements as a whole are free from material misstatement.
B. Modified or qualified opinion
Auditors believe that “except for” some qualifications or exceptions, the FS
have been prepared, in all material respect, in accordance with the applicable
financial reporting framework.
The auditor, having obtained sufficient appropriate audit evidence concludes
that misstatement, individually or in aggregate, are material, but not pervasive,
to the financial statements.
The auditor is unable to obtain sufficient appropriate audit evidence on which
to base an opinion, but the auditor concludes that the possible effects on the FS
of undetected misstatements, if any, could be material but not pervasive.
C. Adverse opinion
The financial statements have not been prepared, in all material respect, in
accordance with the applicable financial reporting framework.
The auditor, having obtained sufficient appropriate audit evidence concludes
that misstatement, individually or in aggregate, are both material and pervasive
to the financial statements.
D. Disclaimer (not practically an opinion or no opinion)
The auditor is unable to obtain sufficient appropriate audit evidence on which
to base an opinion, but the auditor concludes that the possible effects on the FS
of undetected misstatements, if any, could be both material and pervasive.
Modification of opinion. Depends on the pervasiveness of misstatements on the
financial statements.
Auditor’s Judgement About the Pervasiveness of
the Effects or Possible Effects on FS
Nature of Matter Giving Rise to the Modification
Material but Not
Material and Pervasive
Pervasive
FS are materially misstated Qualified Adverse
Inability to obtain sufficient appropriate audit
Qualified Disclaimer
evidence
F. Key Audit Matters - most significant in the audit of FS of the current period.
K. Signature of the Auditor - signed in the name of the auditing firm registered with
the Board of Accountancy (BOA) and the Securities and Exchange Commission
(SEC), or in the personal name of the auditor, or both.
L. Auditor’s address - name of the location in the jurisdiction where the auditor
practices or where the auditor maintains the office.
M. Date of the Auditor’s Report - completion date of the audit or last day of field
work.
REVIEW ENGAGEMENT:
C. Introductory paragraph
State that the financial statement have been reviewed.
Identify the financial statement review.
Enumerate the title of each FS.
Refer to note, including summary of significant accounting policies.
Specify the date or period covered by each FS.
E. Practitioner’s Responsibility
Description of the practitioner’s responsibility to express a conclusion of
the FS, including reference to PSA 2400 (Revised) and, relevant, applicable
law and regulation.
State that review engagement is limited assurance engagement.
State that the practitioner performs procedures, primarily consist of making
inquiries of the management and other within the management, applying
analytical procedures, and evaluates evidence obtained.
State that procedures performed in the review is less than those performed
in an audit and the practitioner does not express an opinion on the FS.
I. Date of the Practitioner’s report - no earlier than the date on which the
practitioner sufficient appropriate evidence.
AUDIT SAMPLING