CH 1: FUNDAMENTALS OF ASSURANCE SERVICES
Relevance of Learning Auditing and Assurance
1. introduces students to the theories underlying
auditing services
- providing opportunities for them to
develop technical expertise
2. FS users will have an understanding of the
audit function
- allowing them to better appreciate
the assurance provided by an auditor
- also, to clarify the extent of
responsibilities to be assumed
3. auditing skills can be used in many non-audit
situations
- ex: verifying news and hearsay
- allows students in developing a
professionally skeptical attitude (an
attitude of a questioning mind)
4. students gain a deeper understanding of the
ethics underlying the practice of one’s
profession
- being familiar with situations that
they might encounter in the actual
practice
- learning about the safeguards they
must take in handling situations
The Concept of Assurance
- assurance in auditing sense: auditor’s
satisfaction as to the reliability of an
assertion made by one party for use by
another party
- in decision-making, one’s decisions will:
○ depend on what you know about
each of the available alternatives
○ be inüuenced by the information
made available
- <The relevance and reliability of information is
critical for making the best decision in a given
situation=
○ reliable information: fairly stated
○ reliability depends on the credibility
of the source of information and the
ability to verify its accuracy/fairness
- information age: upsurge in the amount of
data that a user can consume
○ access to, and manipulation of
information has never been easier
○ therefore, it should be recognized
that not all information is accurate
■ some are erroneous
■ some are fraudulent
- misleading information can lead to less
effective decisions
- these decisions depend on the information
that users see in the FS and the analysis of
ratios computed
- most of these decisions involve signiûcant
amounts of money; thus, information
provided to them must be reliable
- users generally don’t have expertise to verify
technical information
○ so they turn to CPAs to provide the
assurance that they need
○ assurance that the information
audited is indeed fairly stated
Assurance Services
- three-party contracts
○ practitioner
○ responsible party
○ intended users
- assurers (such as a CPA) reports on the
quality of information
- intends to enhance the credibility of
information about a subject matter by
evaluating whether it conforms in all material
respects with suitable criteria
Elements of Assurance Engagements
1. three-party relationship involving a
practitioner, a responsible party, and intended
users
2. an appropriate subject matter
3. suitable criteria
4. suýcient appropriate evidence
5. a written assurance report in the form
appropriate to a reasonable or limited
assurance engagement
** All of the 5 elements must be present in an
engagement for it to be classiûed as an assurance
engagement
Three-Party Relationship
1. Practitioner
- broader than the term <auditor=
- may be requested to perform
assurance engagements on a wide
range of subject matters
 ○ which may require - intended users may be identiûed by
specialized skills and agreement or by law
knowledge
- practitioner shouldn’t accept an ** responsible party and the intended users may be
engagement if preliminary from different entities or the same entity
knowledge indicates that ethical
requirements regarding professional
competence will not be satisûed
○ in some cases, work of
persons from other
professional disciplines
(experts) is used
○ persons carrying out the
engagement collectively
should possess the
requisite level of skills and Parties Involved in Determining Engagement
knowledge Requirements
○ practitioner should have an - whenever practical, intended users are
adequate level of involved with the practitioner and the
involvement responsible party in determining engagement
2. Responsible Party requirements
- person/s responsible for the subject - however, regardless of the involvement of the
matter or the subject matter other 2, the practitioner is solely responsible
information (assertion) for determining the nature, timing, and extent
- provides the practitioner with a of procedures to be performed
written representation that evaluates - the practitioner is required to pursue any
or measures the subject matter matter that may lead to a material
against the identiûed criteria adjustment/modiûcation to the subject
- may or may not be the party who matter information
engages with the practitioner
- The Philippine Framework for Assurance Engagements for a Speciûc Purpose
Assurance Engagements: - in some cases, intended users impose a
requirement on an assurance engagement to
be performed for a speciûc purpose
- practitioner considers including a restriction
in the assurance report that limits its use to
those users or that purpose

Subject Matter
- topic about which the assurance is conducted
- have different characteristics, including the
degree to which its related information is:
○ qualitative vs quantitative
○ objective vs subjective
○ historical vs prospective
○ relates to a point of time vs covers a
period
- such characteristics affect the precision with
which the subject matter can be
3. Intended Users
evaluated/measured
- person/s for whom the practitioner
- an appropriate subject matter is:
prepares the assurance report
○ identiûable
- there may be other intended users
○ capable of consistent evaluation or
○ practitioner may not be able
measurement against the identiûed
to identify all those who will
criteria
read the assurance report
 ○ capable of being subjected to
procedures for gathering suýcient
appropriate evidence

2. Less Formal Criteria

- ex: internally developed code of
conduct, an agreed level of
performance

Established Criteria vs Speciûcally Developed Criteria

1. Established Criteria
- embodied and laws or regulations or
issued by authorized or recognized
bodies of experts that follow a
transparent due process
Suitable Criteria
2. Speciûcally Developed Criteria
- are the benchmarks used to evaluate or
- designed for the purpose of the
measure the subject matter
engagement
- required for reasonably consistent evaluation
or measurement of a subject matter
** criteria need to be available to the intended users to
○ without the frame of reference, any
allow them to understand how the subject matter has
conclusion is open to individual
been evaluated or measured.
interpretation and misunderstanding
- criteria may also be available only to speciûc
○ evaluation merely on the basis of the
intended users (assurance report is restricted
practitioner’s own expectations,
to them)
judgements, and individual
experience wouldn’t constitute
** criteria are made available through:
suitable criteria
- publicly
- inclusion in a clear manner in the presentation
of the subject matter information
- inclusion in a clear manner in the assurance
report
- general understanding (ex: criterion for
measuring time in hours and minutes)

Suýcient Appropriate Evidence

- practitioner considers materiality, assurance
engagement risk, and the quantity and quality
of available evidence when planning and
performing the engagement

Professional Skepticism
- making a critical assessment, with a
- context-sensitive (different interpretations
questioning mind (of the validity of evidence)
when used in different contexts)
- recognizing that circumstances may exist
- for the same subject matter there can be
that cause the subject matter information to
different criteria
be materially misstated
- types of criteria:
- allows practitioners to obtain suýcient
appropriate evidence
Formal Criteria vs Less Formal Criteria
- necessary to reduce the risk of:
1. Formal Criteria
○ overlooking suspicious
circumstances
 ○ over generalizing when drawing
conclusions from observations
○ using faulty assumptions in
determining the nature, timing, and
extent of evidence gathering
procedures and evaluating the
results thereof
- an assurance engagement rarely involves the
authentication of documentation
- relationship between the cost of obtaining the
evidence and the usefulness of the
information obtained
- it is generally more diýcult to obtain
assurance about a subject matter information
covering a period than a point of time
- conclusions provided on processes ordinarily
are limited to the period covered by the
engagement
- diýculty or expense involved isn’t in itself a
valid basis for omitting an evidence-gathering
procedure (for which there is no alternative)

Materiality
- practitioner understands and assesses what
factors might inüuence the decisions of the
intended users
- relevant when determining the nature, timing
Suýciency and Appropriateness of Evidence
and extent of evidence-gathering procedures,
1. Suýciency
and when assessing
- measure of the quantity of evidence
2. Appropriateness
Assurance Engagement Risk
- measure of the quality of evidence
- risk that the practitioner expresses an
inappropriate conclusion when the subject
** Suýciency and appropriateness are interrelated.
matter information is materially misstated
However, merely obtaining more evidence may not
- more extensive evidence-gathering
compensate for its poor quality.
procedures = lower chances of an
inappropriate conclusion
** The reliability of evidence is inüuenced by its source
and by its nature, and is dependent on the individual
Assurance Report
circumstances under which it is obtained.
- written report containing a conclusion
conveying the assurance obtained
Generalizations about the Reliability of Evidence
- short form vs long form
- generalizations about reliability can be made;
○ short form: include only the basic
however, they are subject to important
elements
exceptions
○ long form: include other information
○ ex: evidence obtained from sources
and explanations that aren’t intended
external to the entity may still have
to affect the practitioner’s
circumstances that could affect its
conclusion (ex: criteria being used)
reliability
- 2 levels of assurance:
- useful generalizations - the evidence is more
reliable when:
1. Reasonable Level of Assurance
○ obtained from independent sources
- a.k.a high level of assurance
outside the entity
- assurance engagement risk -
○ related controls are effective
acceptably low level
○ obtained directly by the practitioner
- expresses a positive form of
○ exists in documentary form
conclusion
○ obtained original documents (rather
○ <users, the information is
than photocopies)
fairly stated=
- obtaining evidence from different sources or
○ users derive more comfort
of a different nature may identify an unreliable
in positive form
individual item from the evidence
- not absolute
2. Limited Level of Assurance
Cost-Beneût Considerations
- a.k.a moderate level of assurance
 - assurance engagement risk -
acceptable, but risk is greater than
that of a reasonable
- expresses a negative form of
conclusion
○ <users, i didn’t ûnd a
material error=
Classiûcation of Assurance Engagements
1. According to Level of Assurance
a. Reasonable Level
b. Limited Level
2. According to Structure
a. Attestation Engagement
- measurer (not the
practitioner) evaluates the
underlying subject matter,
the outcome of which is the
subject matter information
- role of practitioner - to
obtain suýcient
appropriate evidence to
evaluate the subject matter
information
b. Direct Engagement
- practitioner evaluates the
underlying subject matter
- presents the resulting
subject matter information
as part of the assurance
report
○ independent audit engagements
■ provides a reasonable level
of assurance that the
subject matter is free from
material misstatement
○ review engagement
■ limited investigation of
much narrower scope
■ for the purpose of providing
limited assurance
** audits require greater scrutiny, while reviews consists
of making inquiries and performing analytical
procedures on the statements (audits provide a higher
level of assurance)
Other Assurance Services
- AICPA has formed the Special Committee on
Assurance Services
○ to develop a strategic plan for the
profession’s further forays into the
assurance market

Attestation Engagements
- practitioner issues a written communication
○ written communication: expresses a
conclusion about the reliability of a
written assertion that is the
responsibility of another party
- 4 basic conditions of an attestation:
○ there is a written assertion made by
one party for the interest of another
■ assertion may be expressly
stated or implied
○ there must be agreed-upon and
objective criteria Limitations of Assurance Engagements
■ all parties must agree as to - the highest level of assurance that may be
how the assertion is to be provided is reasonable assurance
evaluated - risk to 0 is very rarely attainable or cost
○ assertion must be amenable to beneûcial as a result of factors such as the
veriûcation by an independent party following:
■ to be able to obtain
adequate evidence for it
○ written conclusion about the
reliability of the assertion
- examples of attestation engagements
Non-Assurance Services
- lack one or more of the elements of
assurance engagements
- examples are:

1. Agreed-upon Procedures
- engaged to carry out those
procedures of an audit nature
- recipients of the report must form
their own conclusions
- report is restricted to those parties
that have agreed
○ since others, unaware of
the reasons for the
procedures, may
misinterpret the results
2. Compilation of Financial or Other Information
- to collect, classify and summarize
ûnancial position
- reducing detailed data to a
manageable and understandable
form without a requirement to test
the assertions
- not designed and doesn’t enable
accountants to express any
assurance
- there is a derived beneût because of
the accountant’s involvement
○ the service has been
performed with due
professional skill and care
3. Tax Services (Preparation of Tax Returns
Where No Conclusion is Expressed and Tax
Consulting)
- advice on income tax and business
tax strategies
- helps to legally minimize their tax
liability
- assistance in preparing tax returns
- representation of clients to tax
authorities
4. Management Consulting and Other Advisory
Services
- helping organizations improve their
performance
- thorough analysis of existing
business problems and development
of plans for improvement
CH 2: AUDITS OF FINANCIAL STATEMENTS
Introduction
- reliable information is essential in making
economic decisions
○ wrong information will result in
less-effective decisions
- through the audit report, CPA’s can tell
decision-makers that the information they are
relying constitutes a fair picture of <what is
really happening=
Auditing
- it econompasses 2 processes
○ investigative process
■ systematic gathering and
evaluation of evidence
■ determining whether
assertions correspond with
the established ûnancial
reporting criteria (such as
GAAP)
○ reporting process
■ communicating an
evaluation or opinion
(through an audit report) to
intended users
- American Accounting Association (AAA):
Assurance Services and Audit Services Distinguished
<Auditing is a systematic process of objectively
obtaining and evaluating evidence regarding assertions
about economic actions and events to ascertain the
degree of correspondence between these assertions
and established criteria and communicating the results
to intended users=
Auditing and Accounting Distinguished
- auditing is not a branch of accounting
- <auditing begins where accounting ends=
1. Accounting
- provides ûnancial information which
is quantitative in nature
- to help management in decision
making
- accountants must have a thorough
understanding of the accounting
principles and rules
2. Auditing
- determination of whether the
recorded accounting information
properly reüects the economic
events that occurred during the
accounting period
- auditor must possess not only an
understanding of accounting rules,
but also an expertise in the
accumulation and interpretation of
audit evidence
○ this is the major
characteristic that
distinguishes an auditor
from an accountant
- all 3 follow the same process
○ evaluation of evidence
○ issuance of a report to indicate the
degree of correspondence
- difference between the 3 lies in the scope of
services
○ assurance service is the broadest
concept, while audit is the narrowest
Types of Audit ○ employee of the
- audits may be classiûed according to: organizations whose
○ subject matter activities they appraise
○ nature of data - <an independent appraisal function
○ assertions being audited established within an organization to
○ type of auditor examine and evaluate its activities as
a service to the organization=
1. Financial Statements Audits - reports to the audit committee of the
- gathering of evidence on the BOD and the President
assertions embodied in the FS - mainly performs operational and
- whether the assertions adhere to compliance audits
GAAP or other reporting framework 6. Government Audits
- requires a CPA - determination of whether
2. Operational Audits government funds are being handled
- review of an organization’s activities properly and in compliance with
for the purpose of: existing laws
○ assessing performance - whether government programs of a
○ identifying opportunities for particular agency are being
improvement conducted eýciently and
○ developing economically
recommendations for - Commission on Audit: Supreme
improvement or further Audit Institution in the Republic of
action the Philippines
3. Compliance Audits - classiûed into 3 main divisions:
- determine whether a person or entity ○ compliance audit
has adhered to laws and regulations ■ if in accordance
- results are generally reported to a with laws and
speciûc user within the organization regulations
○ ûnancial audit
■ ensures reliability
of recorded
ûnancial data
○ performance audit
■ examination of
ûnancial and
operational
performance
■ economy and
eýciency audit
(management
audit): cost point
of view
4. External Audits ■ effectiveness
- performed by independent auditors audit (program
○ a.k.a. external auditors results audit):
○ CPAs who are independent extent of
of the organizations whose achievement of
assertions are being previously set
audited goals and
- mainly performs FS audits objectives
○ but may also perform
compliance and operational Objective and Scope of a Financial Statement Audit
audits Objective
5. Internal Audits - expression of an opinion on the fairness of FS
- performed by internal auditors ○ auditor’s report: medium through
which he expresses his opinion
 - presents opinion in conformity with GAAP
○ required by Philippine Standards on
Auditing
Scope
- auditor determines scope in accordance with
the requirements of legislation, regulations or
relevant professional bodies
- auditor must exercise his judgement in
determining which auditing procedures are
necessary
○ to afford a reasonable basis for his
opinion
- audit should be organized to cover adequately
all aspects of the entity as far as they are
relevant to the FS being audited
Information Risk
- risk that information is misstated or
misleading
- factors contributing to the existence of
information risk:
○ remoteness of information users
from information provider
■ decision makers don’t get
ûrst hand knowledge about
the business enterprise
■ because in many cases,
owners are different from
management
○ potential bias and motives of
information provider
■ conüict of interest between
management and users
■ information may possibly
be biased in favor of the
provider
○ voluminous data
■ large number of exchange
transactions are processed
daily
■ increases the likelihood
that errors may occur in
recording
○ complex exchange transactions
■ new and complicated
business relationships and
transactions
■ may lead to innovative
accounting and reporting
problems
■ diýcult to record properly
Reducing Information Risk
1. allow users to verify information
- user may go to the business
establishment to examine records
and obtain information about its
reliability
- major problem - not all users of FS
are professionally competent to
verify information
2. users shares information risk with
management
- management has the primary
responsibility of providing reliable
information to users
- lawsuit may be brought against
management to recover part of such
loss
3. have the ûnancial statements audited
- most common option
- user can have an independent audit
performed
- helps to minimize biases
- also acts as a deterrent to
ineýciency and fraud
- preventive measure that aids in
keeping management honest and
motivated
The Audit Report
- means through which the auditor provides
reasonable assurance that ûnancial
statements are fairly stated
- report is uniform in format and suitably titled
○ to avoid confusion regarding the
level of assurance being provided
○ to differentiate it from other reports
Limitations of an Audit
- audit is not a guarantee of the exactness of
accuracy of assertions in the FS
○ not intended to provide a guarantee
or absolute assurance that the FS
are free from material misstatement
due to fraud or error
- it is performed only to enhance the degree of
conûdence of intended users
- cannot guarantee because of inherent
limitations of an audit arising from:
○ nature of ûnancial reporting
■ preparation of FS involves
judgement by management
● in applying the
applicable
framework
● in subjective
decisions or
assessments
 ■ involves a range of
acceptable interpretations
or judgements
○ nature of audit procedures
■ procedures will not detect
every misstatement
○ nature of audit procedures
■ evidence tends to be
pervasive in character
rather than conclusive
○ timeliness of ûnancial reporting
■ users expect that auditor
will form opinion within a
reasonable period of time
■ it is impracticable to
address all information that
may exist
History and Evolution of Auditing
Early Mesopotamian Civilizations (Egypt and
Babylonian)
- utilized elaborate internal control systems
○ preparation of transactions
summaries by scribes
■ didn’t provide the original
lists of receipts and
payments
- documents from this period have indications
of the audit function
○ such as check marks, ticks, dots,
and other symbols
- audit - latin term associated with hearing or
listening
○ centuries ago, most people lack
reading and writing skills
○ auditors listen to servants as they
describe the resources entrusted to
them
○ auditors note any error or
inconsistencies based on what they
hear (or didn’t hear)
Ancient Greece and Rome
- audit of public expenditure and ûnancial
management by an independent body
- greek philosophers (like Plato) considered
that those in government should report to the
people who elected them
- creation of an Audit Body
○ best way to safeguard the smooth
operation of the Athenian
Democracy
○ to avoid corruption and irregularities
of those in power
- roman oýcials also submit their accounts to
auditors when they leave oýce
Medieval and Renaissance Periods
- Manorialism: organization of rural economy
and society in the medieval western
- manors have some of the most sophisticated
and advanced record-keeping and auditing
techniques of the period
○ segregation of duties
○ auditor listens to the <reading of the
accounts=
- Auditor of the Exchequer in England in 1314
- Auditors of the Imprest
○ established under Queen Elizabeth I
in 1559
○ formal responsibility for auditing
Exchequer payments
The 17th - 19th Centuries
- Commissioners for Auditing the Public
Accounts
○ appointed by statute in 1780
○ commissioners worked together
with the comptroller of the
exchequer (who was charged with
controlling the issue of funds to the
government)
- William Ewart Gladstone: Chancellor of the
Exchequer)
○ initiated major reforms of public
ûnance and Parliamentary
accountability
- Exchequer and Audit Departments Act
required all departments to produce annual
accounts, known as appropriation accounts
- also established the positions of:
○ Comptroller and Auditor General
(C&AG)
■ authorizes the issue of
public money to
government from the bank
of England
■ audit the accounts of all
government departments
and report to parliament
○ Exchequer and Audit Department
(E&AD)
The Industrial Revolution
- great period of economic growth in England
○ English corporations registered with
the state
○ management functions passed from
owners to professional managers
■ increased the demand for
external auditors
 ■ independent auditor’s
report was born
- shareholder audits
○ performed by auditors who
possessed little or no independence
○ auditors were required to own stock
in the audited company
- audit sampling
○ auditors select a <few haphazard
cases= whenever it wasn't
economically feasible to examine all
transaction
Early 20th Century
- american audits and british audits began to
differ in terms of objective
○ american audits
■ actual ûnancial condition of
an entity
■ then started reporting as to
whether FS <present fairly=
the state of affairs
○ british audits
■ detection of fraud and error
■ more precise - <present a
true and fair view=
World War II up to the 80s
- internal checks (now called internal controls)
could reduce the extent of testing by external
auditors
- primary objective of an audit was the
provision of an opinion on the FS
- increase in complexity of business and
introduction of computerized information
systems
○ led to the search for more eýcient
and effective methods of auditing
- study and evaluation of internal control
system became a standard phase of the audit
process
- <the stronger the internal control, the less
testing of FS account balances required=
- systems-based auditing was extensively used
- statistical sampling methods were introduced
to further reduce sampling risk
- audit risk was recognized
Auditing Today
- risk-based approach
○ determining the nature, timing and
extent of audit procedures
- the major accounting organizations
sponsored the National Commission on
Fraudulent Financial Reporting
○ as a result of a number of instances
of fraudulent ûnancial reporting
○ tasked to study the causes of
fraudulent ûnancial reporting
○ and to make recommendations to
reduce its incidence
- last report made recommendations which led
to the development of Internal Control -
Integrated Framework
Enron and its Aftermath
- Enron: an American energy, commodities, and
services company
○ succeeded in hiding some important
facts such as off-book liabilities
○ eventually, they ûled bankruptcy and
is in the process of being dissolved
- Arthur Andersen (external auditor of Enron)
○ had its professional licenses revoked
- Post-Enron, auditing renewed focus on
internal control procedures and restricted
access to ûnancial systems
○ to ensure the completeness,
accuracy and validity of items in the
accounts
- internal control is now a mandatory part of
the audit of SEC-listed companies
○ under the auditing standards of the
Public Company Accounting
Oversight Board (PCAOB) set up by
the Sarbanes-Oxley Act
- Sarbanes-Oxley Act
○ US federal law passed in response to
a number of major corporate and
accounting scandals
CH 3: THE PROFESSIONAL PRACTICE OF ■ with matters
ACCOUNTING relating to acctg
such as tax
Profession ○ rendering professional
- has the following attributes: assistance
○ mastery of a particular intellectual ■ with matters
skill, acquired by training and relating to acctg
education procedures and
○ adherence by its members to a presentation of
common code of values and data
conduct established by its 2. Practice in Commerce and Industry
administrating body (Private Practice)
■ including maintaining an - shall constitute a person who is:
outlook (which is objective) ○ involved in decision-making
○ acceptance of a duty to society as a ○ skilled in the knowledge of
whole accounting, ûnance, and
taxation
■ as he represents
his employer
before gov’t
agencies
○ a CPA - only when such
employment or position
requires
- the <5 Million/10 Million Rule=
○ must apply to a company
with paid-up capital of at
least 5M and/or an annual
revenue of at least 10M
○ a duly registered CPA
Sectors of Accounting Practice
should occupy any position
1. Practice of Public Accountancy
which requires:
(Public Practice)
■ supervising the
- shall constitute a person who is:
recording and
○ skilled in the knowledge,
preparation of FS
science, and practice of
■ coordinating with
accounting
external auditors
○ a qualiûed person to render
■ other related
professional services (CPA)
functions
- offering services such as:
○ shall apply only to persons
○ audit or veriûcation of
to be employed after the
transaction and accounting
effectivity of the IRR
records
3. Practice in Education (or Academe)
○ preparation, signing, or
- shall constitute a person who is:
certiûcation of reports
○ in an educational institution
■ reports such as
○ involved in teaching of
audit reports
accounting and other
○ design, installation, review
related subjects
and revision of accounting
- it has been clariûed in the IRR that:
systems and controls
○ business law and taxation
○ preparation of income tax
subjects
returns
■ may be taught by
○ representation of clients
CPAs and by
before gov’t agencies
lawyers
○ the position of the dean or
the department chairman
 which supervises the BSA Organizations that Affect Accounting Profession
program
■ is deemed to be in
practice of
accountancy in the
academe
■ must be occupied
only by a CPA
4. Practice in Government
- shall constitute a person who is:
○ in a position in an acctg
professional group in the
gov’t or in a gov’t
owned/controlled corp
- CPAs need not to take the Civil
Service Examination given by the
Civil Service Commission
- CPAs are allowed to practice in more
than 1 sector
○ provided that there is no
impairment in the CPA’s
integrity, objectivity, or
independence

Regulation of the Accounting Profession

- the accounting profession is regulated by the:
The Professional Regulatory Board of Accountancy
(PRBOA)
1. The Philippine Accountancy Act of 2004
(Republic Act No. 9298)
Composition
- provides and govern:
- composed of a chairman and 6 members
○ the standardization and
○ appointed by the President of PH
regulation of accounting
○ the 4 sectors in the accounting
education
practice shall as much as possible
○ the examination for
be equitably represented in the BOA
registration of CPAs
○ chairman shall preside in all
○ the supervision, control,
meetings of the board
and regulation of the
- BOA shall elect a vice-chairman
practice of accountancy in
○ from among its members
the Philippines
○ for a term of 1 year
- the Implementing Rules and
○ in the event of a vacancy in the oýce
Regulations (IRR) to RA No. 9298
of the chairman, the vice-chairman
○ provides clariûcations and
shall assume such duties and
guidelines geared towards
responsibilities
the act’s implementation
■ until such time as a
2. Financial Reporting Standards and
chairman is appointed
Engagement Standards
- established by recognized
Nomination and Appointment Process
standard-setting bodies
1. The Accredited National Professional
3. Code of Ethics for CPAs in the Philippines
Organization (APO) of CPAs shall submit its
4. A System of Quality Control (Self-regulation)
nominations with complete documentation to
5. Sanctions/Penalties Against Violators
the PRC not later than 60 days prior to expiry
- violators of law, rules, and
of the term of an incumbent chairman or
regulations affecting the accounting
member
profession
- APO of CPAs - Philippine Institute of
Certiûed Public Accountants (PICPA)
 - nomination shall constitute of ûve - no person shall serve in the Board for more
nominees for each vacant position than 12 years
- there should be adequate
documentation to show the Powers and Functions
nominee’s:
○ qualiûcation
○ primary ûeld of
professional activity
○ competence
- if the APO fails to submit its own
nominee(s) to the PRC
○ the PRC in consultation
with the BOA shall submit
to the President of the PH a
list of 3 nominees for each
vacant position
2. PRC shall select 3 nominees (for each
position), rank them and endorse the list to
the President of the PH
3. The President of the PH shall appoint the
members

Qualiûcation of Members
1. must be a natural-born citizen and a resident
of the PH
2. must be a duly registered CPA with at least 10
years of work experience in accountancy
- shall be nominated to represent a
sector from which he has
considerable and meaningful
professional experience
3. must be of a good moral character
- must not have been convicted of
crimes involving moral turpitude
4. must not have any pecuniary interest (directly
or indirectly) in any educational institution
conferring an academic degree necessary for
admission to the practice of accountancy
- or where review classes in
preparation for the CPALE are being
offered
- nor shall he be a member of the
faculty or administration
5. must not be a Director or Oýcer of the APO

Terms of Oýce
- chairman and members
○ term of 3 years
- vacancy occurring within the term
○ shall be ûlled up for the unexpired
portion of the term only
○ not considered as a complete term
- no person who has served 2 successive
complete terms shall be eligible for
reappointment until the lapse of 1 year

Grounds for Removal or Suspension of Members
- the President of the PH (upon the
recommendation of the PRC), after giving the
concerned member an opportunity to defend
himself in a proper administrative
investigation by PRC may suspend or remove
any member of the BOA on the ff grounds:
1. neglect of duty or incompetence
2. violation or tolerance of violation of
a. RA No. 9298
b. IRR of RA No. 9298
c. CPA’s Code of Ethics
d. technical and professional standards
of practice for CPAs
3. ûnal judgement of crimes involving moral
turpitude
4. manipulation or rigging of the CPA licensure
examination results, disclosure of conûdential
information in the exam questions, tampering
of grades
The Commission on Audit (COA)
- the Supreme Audit Institution in the Republic
of the Philippines
- its jurisdiction and responsibility is deûned by
the Constitution (Article IX-D)
Principal Duties
1. examine, audit and settle all accounts of the
government
- accounts pertaining to revenue
receipts and expenditures or uses of
government funds and property
2. act as the central accounting oýce of the
government
- keep the general accounts
- preserve the vouchers pertaining
thereof
3. deûne the scope of its audit and examination
4. promulgate accounting and auditing rules and
regulations
- including those for the prevention or
irregular, unnecessary, excessive
expenditures or uses of funds and
property
5. submit to the President an annual ûnancial
report of the government
- including its subdivisions, agencies,
instrumentalities, GOCCs
- also, to recommend measures
necessary to improve their eýciency
and effectiveness
6. perform such other duties and functions as
may be prescribed by law
** COA is not the internal auditor of the government. It
is the sole external auditor of all government
departments and agencies including GOCCs
Standard Setting Bodies
- promulgate accounting and auditing
standards used by CPAs
International Federation of Accountants (IFAC)
<to serve the public interest, IFAC will continue to
strengthen the worldwide accountancy profession and
contribute to the development of strong international
economies by establishing and promoting adherence to
high quality international professional standards,
furthering the international convergence of such
standards and speaking out on public interest issues
where the profession’s expertise is most relevant=
- global organization for the acctg profession
- comprised of over 175 members and
associates in 130 countries and jurisdictions
○ representing nearly 3 million
accountants
 - membership is open to professional
accountancy organizations that:
○ have interest in the international
accountancy profession
○ meet the criteria set out in the IFAC
bylaws
- members and associates are required to:
○ support IFAC’s mission and
programs
○ participate in the IFAC Member Body
Compliance Program
○ make ûnancial contributions as
required by the IFAC Constitution
- supports and collaborates with member
bodies and organizations worldwide
○ to support the growth and
development of the accountancy
profession in emerging economies
- supports the ff. independent standard-setting
boards:
○ International Auditing and Assurance
Standards Board (IAASB)
○ International Accounting Education
Standards Board (IAESB)
○ International Ethics Standards Board
for Accountants (IESBA)
○ International Public Sector
Accounting Standards Board
(IPSASB)
The ASEAN Integration 2015
ASEAN Mutual Recognition Arrangement Framework on
Accountancy Services
- ASEAN member states:
○ Brunei, Cambodia, Indonesia, Laos,
Malaysia, Myanmar, Philippines,
Singapore, Thailand, Vietnam
- principles that guides ASEAN member states
in achieving the above objectives:
1. promoting eýciency and quality of standards
of the accountancy profession
2. enhancing cooperation in the accountancy
profession among member states
3. respecting and conforming with the Domestic
Regulations of the member states
- without lowering the standards and
requirements of the accountancy
profession in each member state
4. all negotiations between or among member
states for the conclusion of bilateral or
multilateral MRAs shall be based in
objectivity, fairness, and reciprocity
ASEAN Mutual Recognition Arrangement (MRA) on
Accountancy Services
- objectives:
○ to facilitate mobility of accountancy
services professionals
○ to enhance the current regime for
the provision of accountancy
services
○ to exchange information in order to
promote adoption of best practices
on standards and qualiûcations
- scope:
○ accountancy services covered under
Central Product Classiûcation 862 of
the Provisional CPC of the UN
■ except for signing off of the
independent auditor’s
report and other
accountancy services that
requires domestic licensing
in ASEAN member states
○ cross-border movement of
professional accountants providing
external services that requires
domestic licensing may continue to
be facilitated through bilateral
and/or multilateral MRAs
ASEAN Chartered Professional Accountant (ACPA)
- ûle an application to the Monitoring
Committee of country of origin
○ Monitoring Committee will submit
the application to the ASEAN
Chartered Professional Accountant
Coordinating Committee (ACPACC)
- Monitoring Committee shall:
○ assess the professional accountant
according to the Guidelines and
 Procedures stated in Appendix II of
the MRA
○ be guided by Appendix III of the MRA
in preparing the Assessment
Statement
- qualiûcations:
○ accredited accountancy degree or
any equivalent degree
■ or has completed a
professional accountancy
examination programme
○ current and valid professional
registration certiûcate (CPA license)
○ relevant practical experience of not
less than 3 years
■ within a 5 year period
following the degree
○ complied with the Continuing
Professional Development (CPD)
policy
○ certiûcation showing no record of
any serious violation of technical,
professional, or ethical standards
applicable to the practice of acctg
- upon acceptance, a professional accountant
shall be emplaced on the ASEAN Chartered
Professional Accountants Register (ACPAR)
and accorded the title of ACPA
Professional Organizations
- include:
○ Accredited National Professional
Organization of CPAs (APO)
■ PICPA in the PH (as
designated by the PRC)
○ organizations that address the
needs of CPAs in each of the 4
sectors
Philippine Institute of Certiûed Public Accountants
(PICPA)
- the national accredited and integrated
professional organization (AIPO) for
accountancy in the PH (globally-recognized)
- mission:
○ enhance the integrity of the
accountancy profession
○ serve the best interest of its
members and other stakeholders
○ contribute to the attainment of the
country’s national objectives
- aims to maintain a:
○ responsive organizational structure
○ committed leadership
○ effective professional development
programs abreast with
state-of-the-art technology
○ strict implementation of professional
ethics
○ high standards of accounting
education
○ advocacy of and participation in
relevant national issues
Sectoral Organizations 1. Financial Accounting and Reporting (FAR)
- provide seminars, programs and workshops 2. Advanced Financial Accounting and
that speciûcally serve the interests of CPAs Reporting (AFAR)
3. Management Advisory Services (MAS)
4. Regulatory Framework for Business
Transactions (RFBT)
5. Auditing
6. Taxation

- PRBOA (as provided in RA 9298) may revise,

exclude, and add subjects as the need arises

** PRBOA Resolution No. 262: those eligible to take the

Requirements to Obtain a CPA Certiûcate
removal examination shall be allowed within a period of
- no person shall practice accountancy or use
2 years from the effectivity of the resolution to take and
the title <CPA= unless such person have
pass the particular subject/s in which they have failed
received a certiûcate of registration or a
under the old scheme
professional license by the Board
- if an examinee fails to pass the removal
examinations within a period of 2 years,
Degree of Bachelor of Science in Accountancy (BSA)
he/she shall be considered as having failed in
- candidate must have completed the BSA
the entire examination
degree program (usually 4-5 years)
○ all graduates of BSA shall be allowed
to take the CPALE within 2 years Qualiûcations 1. ûlipino citizen
from the effectivity of RA No. 9298 of Applicants 2. good moral character
- Education Technical Council: to assist BOA in 3. degree of BSA
continually upgrading accounting education 4. not been convicted of any crime
involving moral turpitude
○ 7 members with a Chairman
■ all appointed by the PRC required documents:
■ term of 3 years 1. Certiûcate of Live Birth from NSO
■ chairman should be a 2. Marriage Contract for married
senior accounting female
practitioner in the academe 3. College Diploma
■ other 6 representatives are 4. Baccalaureate Transcript of
Records
from the following:
5. NBI Clearance
6. other documents that the Board
may require

Rating in the - to pass, the candidate must obtain

CPALE a general average of 75%, with no
grades lower than 65%

○ members shall be equally distributed - conditional credit for subjects

between private and public schools passed: 75% in at least a majority
○ functions: of subjects tested
○ shall take the remaining
subjects within 2 years from
the preceding exam
- any candidate who fails in 2 CPALE
shall be disqualiûed from taking
another
○ unless he submits an
evidence that he has
completed a refresher
CPA Board Examinations course of at least 24 units
- a 3-day examination covering 6 subjects,
including:
Oath of Membership to the Profession
 - all successful candidates in the CPALE shall
be required to take an oath of profession
- Certiûcate of Registration (CPA Certiûcate)
○ issued to examinees who passed
○ subject to payment of fees
○ shall bear the:
■ signature of the
chairperson of PRC and the
chairman and members of
BOA
■ oýcial seal of the PRC and
BOA
○ shall remain in full force and effect
until withdrawn, suspended or
revoked
- Professional Identiûcation Card (PRC ID)
○ shall bear the:
■ registration number
■ issuance date
■ expiry date
■ signature of the
chairperson of PRC
○ renewable every 3 years
- refusal to issue CPA Certiûcate and PRC ID to
examinee who:
○ was convicted of a criminal offense
involving moral turpitude
○ guilty of immoral and dishonorable
conduct
○ has an unsound mind
○ misrepresentation in the CPALE
application
Foreign Certiûed Public Accountants
- citizens of foreign countries may be allowed
to practice accountancy in the PH
○ in accordance with the provisions of
existing laws, international treaty
obligations, including mutual
recognition agreements
- reciprocity provision: foreigner shall prove
that the country of which he is a citizen
admits citizens of the PH to the practice of
the same profession without restriction
○ foreigner shall submit a letter or
document signed under oýcial seal
by the appropriate oýcial of his
country requesting the Chairman of
the BOA to allow the applicant to
practice accountancy in the PH, that
by express provision of law of his
country, Filipino CPAs are allowed to
practice in his country
○ attached in the document is an
authentic oýcial copy of the said
law (translated into English)
○ after approval, applicant shall ûle an
application for accreditation
- Special and Temporary Permits can be issued
to the following persons foreign CPAs:
○ called for consultation or for a
speciûc purpose that is essential for
the development of the country
■ his practice shall be limited
only for the particular work
■ provided that, no Filipino
CPA is qualiûed for such
work
○ engaged as professor, lecturer, or
critic inûelds essential to
accountancy education in the PH
■ his engagement is conûned
to teaching only
○ internationally recognized expert
with specialization in any branch of
accountancy and his service is
essential for the advancement of
accountancy in the PH
The CPA Seal
- shall be obtained by all licensed CPAs
- the design prescribed by BOA bears:
○ registrant’s name
○ registrant’s number
○ title
- a CPA shall indicate the ff. on the documents
he signs, uses, or issues in connection with
the practice of accountancy:
○ CPA Certiûcate and PRC ID numbers
○ CPA Certiûcate and PRC ID date of
issuance and duration of validity
○ PTR number
- aýxing the CPA’s seal and signature is an
indication of his compliance to the requisite
accounting and auditing standards and rules
Ethical Fundamental Principles
1. Integrity
2. Objectivity
3. Professional Competence and Due Care
4. Conûdentiality
5. Professional Behavior
Professional Standards
- for accountants to have a clear idea on what
a minimum standard is required of them
○ measure of the quality of service
○ clear deûnition of the responsibilities
of professional accountants
1. Philippine Standards on Auditing (PSAs)
 - for audits of historical ûnancial
information
2. Philippine Standards on Review Engagements
(PSREs)
- for the review of historical ûnancial
information
3. Philippine Standards on Assurance
Engagements (PSAEs)
- for assurance engagements that
deal with matters other than
historical ûnancial information
4. Philippine Standards on Related Services
(PSRSs)
- for compilation engagements,
engagements to apply agreed upon
Continuing Professional Development Act of 2016
procedures to information and other
related services engagements as
<It is hereby declared the policy of the State to promote
speciûed by the AASC
and upgrade the practice of professions in the country.
Towards this end, the State shall institute measures that
Authority Attaching to the Standards Issued by the
will continuously improve the competence of the
AASC
professionals in accordance with the international
- AASC’s standards contain:
standards of practice, thereby, ensuring their
○ basic principles
contribution in uplifting the general welfare, economic
○ essential procedures
growth and development of the nation.=
○ related guidance (explanatory form)
- the nature of AASC’s standards requires CPAs
- inculcation of advanced knowledge, skills,
to exercise professional judgement
and ethical values in:
○ a CPA may judge it necessary to
○ a post-licensure
depart from a basic principle or
○ an inter or multidisciplinary ûeld of
essential procedure
study, for assimilation into
○ CPA should be prepared to justify the
professional practice, self-directed
departure
research and/or lifelong learning
- any limitation of the applicability is made
clear in the standard
Nature and Rationale
- CDC program consists of properly planned
Philippine Auditing Practice Statements (PAPSs)
and structured activities
- provide interpretive guidance and practical
○ requires the participation of a
assistance to professional accountants
determinant group of professionals
○ promotes good practice
■ to meet the requirements of
- a CPA should be aware of and consider
voluntarily maintaining and
Practice Statements
improving professional
○ if not, he should be prepared to
standards and ethics
explain how the basic principles and
○ voluntary compliance is an effective
essential procedures in AASC have
and credible means of ensuring
been complied with
competence, integrity, and global
competitiveness of professionals

CPD Programs
- set of learning activities (accredited by the
CPD Council) which equips the professionals
with advanced knowledge, skills, and values
- major classiûcation of programs:
○ seminars and workshops
■ training offered by
accredited CPD providers
 ■ face to face or online
○ academic track
■ supporting documents and
units earned must be
submitted for CPD credit
■ within 5 years after
completion
○ self-directed and/or lifelong learning
■ training and seminars
offered by non-accredited
CPD providers
■ face to face or online
○ such other activities to be
recommended by the CPD Council
and approved by the BOA and PRC
Major Competency Areas of CPD Programs and
Activities
- CPD activities shall be divided into 3 major
competency areas:
CPD Credit Units
- CPAs are required to comply with 120 CPD
credit units in a compliance period of 3 years
○ minimum credit units under the
required competency areas is 40
○ remaining 80 credit units can be
earned under üexible CPD units
- any excess credit units earned shall not be
carried over to the next 3 year period
○ except units earned for doctorate
and master’s degrees or specialty
trainings
■ credited only once during
the compliance period
- credit units may be earned by professionals
who participate in programs that emanate
from the PRBOA for the development of the
profession
Exemption from CPD Requirements
1. Permanent Exemption
- upon reaching the age of 65 years
○ unless such professional
accountant is still active in
the profession
○ therefore, still required to
renew his Professional ID
with PRC
2. Temporary Exemption
- when working or furthering studies
abroad
○ exempted only during his
stay abroad
○ provided that he has been
out of the country for at
least 2 years immediately
prior to the date of renewal
- CPD units can still be earned by
CPAs abroad
○ submit documents to PRC
upon returning to the PH
○ under self-directed mode of
earning CPD units
** the maximum creditable units for self-directed and/or
lifelong learning is 48 units or 40% of 120 CPD credit
units within a compliance period of 3 years.

Sanctions
- CPAs who haven’t completed the CPD
requirements shall not be allowed to renew
their professional licenses
○ those who failed to renew for a
period of 5 continuous years from
initial registration or last renewal
date shall be declared delinquent
○ delinquent = dropped from the roster
of CPAs
PRC CPD Council
- to promote, ensure and implement the
continuous improvement of knowledge, skill,
and competencies of professionals
- consists of 1 chairperson and 2 members
○ chairperson is a member of PRBOA
■ chosen by the PRBOA
members themselves
○ ûrst member
■ president or oýcer chosen
by the BOD of PICPA
○ second member
■ president or oýcer of the
national organization of
deans or department heads
of colleges offering BSA
■ can also be appointed by
PRC from 3 recommendees
of the PRBOA
● shall be
well-known
academicians
Powers and Functions of the PRC CPD Council
1. accept, evaluate, and approve applications:
a. for accreditation of CPD providers
b. for accreditation of CPD programs,
activities, or sources
c. for exemptions from CPD
requirements
2. monitor the implementation by the CPD
providers of their programs, activities, or
sources
3. assess periodically and upgrade criteria for
accreditation of CPD providers and CPD
programs, activities or sources
4. perform such other related functions
Secretariat, Staff and Meetings
1. Secretary
- appointed by the PRC Chair
- from among individuals with a rank
no lower than Division Chief
- may participate in deliberations of
the PRC CPD Council
○ but shall not vote
2. PRC CPD Council
- selected by the PRC Chair
- from among the existing personnel
of the PRC
- tasked with:
○ maintenance of CPD
records
○ release of CPD
Certiûcations of credits
earned by CPAs
3. Regular Meetings
- shall be held once a month (on dates
to be ûxed by the council)
- Special Meetings
○ may be called by the CPD
Council Chair; or
○ by written request of a
member of the council
PICPA CPD Council
- if the need arises, the PRC CPD Council may
delegate to the PICPA the:
○ processing of application
○ keeping of all records for:
■ CPD providers and their
respective programs
■ credit units earned by each
CPA who avails of the CPD
program
- PICPA may create a counterpart CPD Council
which is the PICPA CPD Council
 ○ may ask of reasonable processing
fees directly from the applicants
■ apart from the
accreditation fee that
applicants pay to PRC

Penalties and Sanctions

- warranted in cases where the CPA has
violated the rules prescribed by law,
regulation, or the Code of Ethics

1. Suspension of CPA Certiûcate and PRC ID

- upon due notice and hearing
- suspending the CPA from the
practice of the profession
- for grounds of:
○ unprofessional or unethical
conduct
○ malpractice
○ violation of:
■ RA 9298
■ IRR of RA 9298
■ Code of Ethics
■ Technical and
Professional
Standards of
Practice for CPAs
2. Revocation of CPA Certiûcate
- loss is not temporary
- same grounds as indicated in no. 1
3. Cancellation of Temporary or Special Permit
- applies to foreign CPAs
- prevents the foreign CPA from
practicing accountancy in the PH
4. Payment of Fines and/or Imprisonment
- grounds of violation to:
○ RA 9298
○ IRR of RA 9298
- ûne not less than 50,000 pesos or by
imprisonment for a period not
exceeding 2 years or both
CH 4: SETTING UP AND MAINTAINING AN
ACCOUNTING PRACTICE
Introduction
- Republic Act No. 9298: forms of organization
allowed for the practice of public accounting:
○ Single Proprietorships
○ General Partnerships
○ Limited Liability Partnerships
- Firm: sole proprietorship/partnership of CPAs
○ vary in size (ex: individual CPAs and
multinational auditing ûrms)
○ most large ûrms adopt limited
liability partnership
■ for the protection of the
partners’ personal assets
○ territories: parts of the world where
large CPA ûrms operates
■ in the form of aýliations or
correspondent ûrms
Accreditation to Practice Public Accounting
1. PRBOA Accreditation
- Certiûcate of Accreditation: must be
obtained by ûrms before practicing
public accountancy
○ under seal, issued by PRC
- attests that ûrms (including staffs)
are duly accredited to practice public
accountancy in the PH
- requires a minimum of 3 years of
meaningful experience in any areas
of public practice, including taxation
2. BIR Accreditation
- CPAs must submit at least 18 CPD
units on taxation
○ obtained not more than 1
year prior to the application
of accreditation
3. SEC Accreditation
- must be obtained by CPAs in public
practice who have:
○ publicly listed clients
○ public interest entity clients
Mandatory Continuing Professional Development
Requirement
- PRBOA Resolution No. 59 Series of 2012:
clariûes the rules and regulations on
continuing professional education and
accreditation of CPAs in the academe and
public accountancy
○ used to conform to the provisions of
International Standards, including:
■ International Education
Standard No. 7
■ Framework for International
Education Standards for
Professional Accountants
- PRBOA after meetings with CPD committees
of PICPA and the 4 professional sectoral
organizations resolved to:
○ increased the required CPD credit
units from 60 to 120 within a
compliance period of 3 years
○ change the Thematic Areas to
Competence Areas which shall be
categorized into:
■ Technical Competence
■ Professional Skills
■ Professional Values, Ethics,
and Attitudes
Renewal of Accreditation
- for a period of 3 years
- failure to renew on the expiration date will
entail the payment of surcharges
○ at amount prescribed by the Board
- reckoning date of validity:
○ individual professionals: date of birth
of the individual
○ accounting ûrms and partnerships:
month of SEC registration date
 - quality review: condition to registration or
renewal for CPAs, Firms, or Partnerships
Quality Review Committee (QRC)
- assists BOA in performing a quality review on
applicants for registration to practice public
accountancy
○ conducts oversight into the quality
of audits of FS made by CPAs/ûrms
○ review of quality control measures
- composed of 7 members: a chairman and 6
representatives
○ term of 3 years, renewable for
another term
○ chairman should have been a senior
practitioner in public accountancy
Powers and Functions of QRC
1. conduct quality review on applicants for
registration to practice public accountancy
- also, to render report which shall be
attached to the application
2. recommend to the Board the revocation of the
Certiûcate of Registration and the PRC ID
- of CPAs or ûrms who:
○ haven’t observed the quality
control measures
○ haven’t complied with the
standards of quality for
public accountancy
** in case QRC cannot accomplish such functions, the
PRBOA may conduct the required quality review
Rules on Names
Limitations for Foreign CPAs
- practice of public accountancy in the PH is
limited to Filipino CPAs (under present laws)
○ foreigners who have memberships
or business dealings are still not
allowed to practice public
accountancy in the PH
- foreigners cannot be an owner, partner or
staff of a sole proprietorship, ûrm or
partnership of CPAs duly registered under IRR
○ unless qualiûed under:
■ Sections 34 and 35 of RA
No. 9298
■ other relevant laws
■ bilateral and/or multilateral
agreement or treaties
First Time Registrants
- application of registration shall be
accompanied with a sworn statement
○ stating that 3 meaningful years in
the public practice, including
taxation have already been obtained
○ includes an attachment containing
the details of such work experience
Authentication and Accreditations
1. PRBOA shall duly authenticate all applications
then recommend to the PRC the approval or
denial of applications
- not later than 60 days after the
receipt of application
2. PRC shall issue to the applicant the
corresponding Certiûcate of Accreditation
- Certiûcate of Accreditation shall be
valid 3 years (renewable)
Other Considerations
1. Location and Work Environment
- maintaining an oýce in centers of
PH business is an advantage
○ most large CPA ûrms are
centered in Makati
business district
- convenience: major factor in
deciding on location
○ accessibility to CPA, staff
and clients
2. Technology
- investing on information technology
to gain advantage over competitors
○ in areas of eýciency,
effectiveness, and risk
management
 - disaster recovery plans and backup
facilities would reduce concerns
about possible data loss
3. Hierarchy of Personnel
- 4 major positions:
○ Associate (or Junior
Associate)
○ Senior Associate
○ Manage
○ Sole Proprietor or Partner
Advertising and Promotion
- professionals in public practice should be
honest and truthful, and shouldn’t
○ make exaggerated claims for:
■ services offered
■ qualiûcations possessed
■ experience obtained
○ make disparaging references to
unsubstantiated comparisons to the
work of another

Sources of Clients
1. referrals from various parties
- parties such as civic and community
associations where the CPA actively
participates
2. existing clients
- who received satisfactory service
3. other CPAs
- by active involvement in professional
organizations such as PICPA
4. other sources
- ex: law ûrms

Advertising
- reasons why advertisements is traditionally
considered ethical in the profession:

1. it can lead to undue competition among

practitioners
- may decline the quality of service
2. it encourages a more commercial approach
- reducing clients’ trust in CPAs
- increasing the likelihood of CPAs
neglecting their ethical duties
3. costs of advertising would outweigh savings
4. small or new practitioners will unlikely match
4. Human Resources the advertising of larger practitioners
- good policy on: - because of ûnancial resources
○ hiring,
○ professional development Developments on Advertising
○ advancement of employees - PRC allowed advertising to the extent that
- employees’ competence and this provides the public with necessary
performance are essential information about the practitioners and their
○ combination of education services
and work experience
- training methods: BOA Resolution No. 126, Series of 2008
○ in-house training - BOA deemed it necessary to adopt rules and
■ workshops regulations covering advertising
○ on the job training ○ to protect the public interest
■ under the - generally, advertising and publicity in any
guidance of senior medium are acceptable, provided:
associates
○ external training programs
■ programs and
modules by PICPA
 ○ time necessarily occupied
○ degree of responsibility and urgency

Death, Disability, Dissolution, and Liquidation

- shall be reported to the BOA by any
designated staff member
○ not later than 30 days from the date
of such death, dissolution or
liquidation
- report shall be in the form of aýdavit, or
furnishing the BOA with a certiûed copy of the
dissolution or liquidation papers ûled with
SEC (in case of partnership)
Examples of Acceptable Publicity - failure to notify the board shall subject the
1. Awards designated staff member to the penalties
2. Accountants Seeking Employment or
Professional Business
3. Directories
4. Books, Articles, Interviews, Lectures, Radio,
and Television Appearances
5. Training Courses, Seminars, etc.
6. Booklets and Documents Containing
Technical Information
7. Staff Recruitment
8. Publicly on Behalf of Clients
9. Brochures and Firm Directories
10. Stationery and Nameplates
11. Announcements
12. Inclusions of the Name of the CPA in Public
Practice in a Document Issued by a Client
13. Anniversaries
14. Websites

Fees and Billing

- CPAs may quote whatever fee deemed to be
appropriate
○ it is not unethical to quote a fee
higher or lower than other CPAs
- fees charged should be a fair reüection of the
value of the work involved, taking into
account:
○ skill and knowledge required for the
type of work involved
○ level of training and experience of
persons engaged
CH 5: QUALITY CONTROLS
Introduction
- standards that cover quality control:
1. Philippine Standard on Quality Control No. 1:
- for ûrms that perform audit and
reviews of FS, and other assurance
and related services engagements
2. Philippine Standard on Auditing No. 220:
Quality Control for audit of FS
PHILIPPINE STANDARD ON QUALITY CONTROL NO. 1
- establishes standards for a ûrm’s system of
quality control
○ system of quality control: policies
designed to achieve:
■ objectives of compliance
with professional standards
■ issuance of appropriate
reports
■ procedures necessary to
implement and monitor
compliance with policies
○ nature of policies and procedures
depends on various factors such as:
■ size of the ûrm
■ its operating characteristics
■ whether it is part of a
network or not
- applies to all assurance services
- to be read in conjunction with the Code of
Ethics for Professional Accountants in the PH
Elements of a System of Quality Control
- the ûrm’s system of quality control should
address the following:
1. Leadership Responsibilities for Quality
2. Relevant Ethical Requirements
3. Acceptance and Continuance of Client
Relationships and Speciûc Engagements
4. Human Resources
5. Engagement Performance
6. Monitoring
** policies and procedures shall be documented and
communicated to the ûrm’s personnel, with a message:
- <each individual has a personal responsibility
for quality and is expected to comply with
these policies and procedures=
** feedback on the ûrm’s quality control is important
- ûrm personnel are encouraged to
communicate their views or concerns on
quality control matters
Leadership Responsibilities for Quality Within the Firm
- Managing Board of Partners: has the ultimate
responsibility for the ûrm’s quality control
- ûrm should promote a quality-oriented
internal culture recognizing that:
○ <quality is essential in engagements=
- promoting through clear and consistent
actions and messages from all levels of the
ûrm’s management
○ rewarding high quality work
○ may be communicated by:
■ training
■ seminars
■ meetings
■ mission statements
- ûrm’s business strategy is subject to the
overriding requirement for the ûrm to achieve
quality in all the engagements performed, so:
○ ûrm assigns its management
responsibilities
■ so that commercial
considerations do not
override the quality of work
○ policies and procedures (for its
employees) addressing :
■ performance evaluation
■ compensation
■ promotion
○ devoting suýcient resources
■ for the development,
documentation and support
of its quality control
- person/s assigned operational responsibility
for the ûrm’s quality control shall have
suýcient and appropriate experience and
ability, and the necessary authority, to assume
that responsibility, so as:
○ to identify and understand quality
control issues
○ to develop appropriate policies and
procedures
Ethical Requirements
- assurance that the ûrm and its personnel
comply with relevant ethical requirements
Independence Requirements
- enabling the ûrm to:
○ communicate its independence
requirements to those who are
subject these requirements
○ identify and evaluate circumstances
and relationships that create threats
to independence
○ to take appropriate action
 ○ be notiûed of breaches of
independence requirements
■ take appropriate actions to
resolve such situations
- ûrm should obtain written conûrmation of
compliance with its policies and procedures
on independence
○ at least annually
○ may be in paper or electronic form
Familiarity Threats
- by virtue of a close relationship with an
assurance client, practitioner becomes too
sympathetic to the clients’ interests
- PSQC No. 1: criteria for determining the need
for safeguards to reduce familiarity threats to
an acceptable level
Acceptance and Continuance Procedures
- reasonable assurance that it will only
undertake or continue relationships and
engagements where it:
○ has considered the integrity of client
■ doesn’t have information
that would conclude that
client lacks integrity
○ is competent to perform the
engagement
■ has capabilities, time, and
resources to do so
○ can comply with ethical
requirements
- where issues have been identiûed, and the
ûrm decides to accept/continue, it should
document how the issues were resolved
Client Integrity
- the knowledge that a ûrm will have on the
integrity of a client will grow within the
context of an ongoing relationship with client
- information on such may come from:
○ communications with existing or
previous providers of accounting
services to the client
■ in accordance with the
Code of Ethics
○ discussions with other 3rd parties
○ inquiry of other ûrm personnel or 3rd
parties such as bankers
○ background searches of relevant
databases
Firm Capability, Competence, Time and Resources
- ûrm reviews the:
○ speciûc requirements of the
engagement
○ existing partner and staff proûles
- when ûrm obtains info that would cause it to
decline the engagement if it had been
provided earlier, continuance of the
engagement and the client relationship
should include consideration of:
○ applicable professional and legal
responsibilities of the ûrm
■ whether to report to
regulatory authorities
○ possibility of withdrawing from the
engagement and/or relationship
Policies and Procedures on Auditor Withdrawal
1. discussing with the client’s management the
appropriate action that the ûrm might take
based on the relevant facts and
circumstances
2. if the ûrm determines that it is appropriate to
withdraw, it shall discuss with the client’s
management the reasons for withdrawal
3. report the withdrawal to regulatory authorities
(where there is a professional, regulatory or
legal requirement to do so)
4. documenting signiûcant issues,
consultations, conclusions and basis for
conclusions
Human Resources
- assurance regarding the suýciency of
personnel with:
 ○ capabilities 1. identity and role of engagement partner
○ competence should be communicated to key members of
○ commitment to applicable ethical client management
principles 2. engagement partner should have the
- addresses the following personnel issues: appropriate capabilities, competence,
○ recruitment authority, and time to perform the role
○ performance evaluation 3. responsibilities of engagement partner shall
○ capabilities be clearly deûned and communicated
○ competence 4. assign appropriate staff to enable the ûrm or
○ career development engagement partners to issue reports that are
○ promotion appropriate in the circumstances
○ compensation 5. capabilities and competence are considered
○ estimation of personnel needs when assigning engagement teams
- and in determining the level of
Recruitment supervision required
- selecting individuals of integrity with the
capacity to develop the capabilities and
competence necessary to perform through:
○ professional education
○ continuing professional
development, including training
○ work experience
○ coaching by more experienced staff
- developing and maintaining capabilities and
competence of personnel
○ continuing training for all levels of
ûrm personnel Engagement Performance
○ providing training resources and - assurance for the consistency in the quality of
assistance performance
- often accomplished through:
Performance Evaluation ○ written or electronic manuals
- recognition and reward to the development ○ software tools
and maintenance of competence and ○ other forms of standardized
commitment to ethical principles documentation
- the ûrm should: ○ industry or subject matter-speciûc
○ make personnel aware of the ûrm’s guidance materials
expectations regarding performance - addresses matters including:
and ethical principles ○ how engagement teams are briefed
○ evaluation and counseling on ■ to obtain understanding of
performance, progress, and career the objectives
development ○ processes for complying with
○ help personnel understand that applicable engagement standards
advancement to positions depends ○ processes of
on performance quality and ■ engagement supervision
adherence to ethical principles ■ staff training
■ failure to comply may result ■ coaching
in disciplinary action ○ methods of reviewing the work
- size and circumstances of the ûrm will performed
inüuence the structure of the ûrm’s ■ signiûcant judgements
performance evaluation process made and form of report
○ small ûrms = less formal methods
Supervision and Review
Assignment of Engagement Teams - includes:
- ûrm should assign responsibility for each ○ tracking the progress
engagement to an engagement partner ○ considering capabilities and
- PSQC 1 requires: competence of individual members
 ○ addressing signiûcant issues arising Documentation of Consultations
during the engagement - documentation is agreed by both:
○ identifying matters for consultation ○ the individual seeking consultation
or consideration ○ individual consulted
- more experienced engagement team - suýciently complete and detailed to enable
members review work performed by less an understanding of the:
experienced team members ○ issue
○ results
○ decisions taken
○ basis for decisions
○ how decisions are implemented

Differences of Opinion
- resolving differences of opinion within:
○ the engagement team
○ those consulted
○ engagement partner
○ engagement quality control reviewer
- conclusions reach shall be documented and
Consultation
implemented
- provide reasonable assurance that
○ <report shall not be issued until the
○ consultation takes place
matter is resolved=
■ on diýcult or contentious
- such procedures:
matters
○ encourage identiûcation of
■ encourages personnel to
differences of opinion at an early
consult
stage
○ suýcient resources
○ provide clear guidelines as to the
■ to enable appropriate
successive steps to be taken
consultation
○ require documentation regarding the
○ nature and scope of consultations
resolution of differences
are documented
○ implementation of conclusions
○ conclusions from consultations are
reached
documented and implemented
- includes discussion with those who have
Engagement Quality Control Review
specialized expertise
- provides an objective evaluation of:
○ having appropriate knowledge,
○ the signiûcant judgements made
seniority, and experience
○ conclusions reached
- uses appropriate research resources and
- <an engagement quality control review is
collective experience and technical expertise
required for all audits of FS of listed entities=
- promotes quality and improves the
- requires the completion of quality control
application of professional judgement
review checklist before issuance of report
- those consulted should be given all the
- setting out criteria against which
relevant facts
engagements should be evaluated
○ enables them to provide informed
○ to determine whether an
advice on technical, ethical or other
engagement quality control review
matters
should be performed
- policies and procedures setting out:
External Consultants
○ nature, timing and extent of an
- ûrm needing to consult externally (ex: ûrm
engagement quality control review
without suýcient internal resources) may use
○ criteria for eligibility of reviewers
advisory services provided by:
○ documentation requirements
○ other ûrms
○ professional and regulatory bodies
Considerations for which Non-Audit Engagement is
○ commercial organizations
Subject to Quality Control Review
- ûrm considers whether external provider is
1. nature of the engagement
suitably qualiûed for that purpose
 - extent to which it involves a matter
of public interest
2. identiûcation of unusual circumstances or
risks in an engagement
3. whether laws or regulations require quality
control review
Nature, Timing and Extent of the Quality Control Review
- Quality Control Review: review of subject
matter information and the report
○ in consideration whether the report
to be issued is appropriate
○ involves a review of selected
working papers
○ reviewer doesn’t reduce the
responsibility of engagement partner
- extent of review depends on:
○ complexity of engagement
○ risk that report might not be
appropriate in circumstances
- review is conducted in a timely manner at
appropriate stages
○ so that signiûcant matters may be
promptly resolved before the report
is issued
- where there is recommendations that the
engagement partner doesn’t accept, report
isn’t issued until matter isn’t resolved
Criteria for the Eligibility of Reviewers
- appointment of engagement quality control
reviewers based on:
○ technical qualiûcations
○ necessary experience
○ authority and degree to which
reviewer can be consulted
■ without compromising the
reviewer’s objectivity
Suýcient and Appropriate Technical Expertise
- depends on the circumstances of the
engagement
- for audit of FS of a listed entity
○ suýcient and appropriate
experience
○ authority to act as an audit
engagement partner
Objectivity of the Reviewer
- example of policies and procedures to be
taken by the engagement partner:
○ doesn’t select engagement quality
control reviewer
○ doesn’t participate in the
engagement during the period of
review
○ doesn’t make decisions for the
engagement team
○ isn’t subject to other considerations
that would threaten reviewer’s
objectivity
Consultation with the Engagement Reviewer
- engagement partner may consult with the
reviewer during the engagement
○ such consultation need not
compromise the reviewer’s eligibility
to perform the role
- when extent of consultation become
signiûcant, care is taken by both the
engagement team and reviewer
○ to maintain the reviewer’s objectivity
- ûrm’s policies provide for the replacement of
the engagement quality control reviewer when
the ability to perform an objective review may
be impaired
Suitably Qualiûed External Persons
- may be contracted where sole practitioners or
small ûrms identify engagements requiring
quality control reviews
- small ûrms may wish to use other ûrms to
facilitate quality control reviews
Documentation of the Review
- PSQC No. 1 requires documentation that:
○ procedures required on engagement
quality control review have been
performed
○ review has been completed before
the report is issued
○ reviewer isn’t aware of any
unresolved matters
■ that would cause
inappropriate conclusions
Completion of the Assembly of Final Engagement Files
- to complete the assembly of ûnal
engagement ûles on a timely basis
 - law or regulation may prescribe time limits
○ where no time limits prescribed, ûrm
establishes time limit that is
appropriate to the nature of
engagements
- in case of audit: not more than 60 days after
the date of the auditor’s report
- where 2 or more different reports are issued
in respect of the same subject matter
information of an entity
○ shall address each report as if it
were for a separate engagement
Conûdentiality, Safe Custody, Integrity, Accessibility and
Retrievability of Engagement Documentation
Original Paper Documentation
- may be electronically scanned
- requiring teams to:
○ generate scanned copies that reüect
the entire content of original paper
documentation
○ integrate the scanned copies into the
engagement ûles
○ enable the scanned copies to be
retrieved and printed
Retention of Engagement Documentation
- for a period suýcient to meet the needs of
the ûrm or as required by law or regulation
○ period will vary with the nature of the
engagement and the ûrm’s
circumstances
○ ex: for continuing signiûcance to
future engagements
- period may also depend on the ff factors:
○ whether local law or regulation
prescribes
○ whether there are speciûc legal or
regulatory requirements
- in case of audit: no shorter than 7 years from
the date of auditor’s report, or if later, the date
of the group auditor’s report
- procedures include:
○ enable the retrieval of and access to
engagement documentation during
the retention period
○ provide a record of changes made to
engagement documentation after
the engagement ûles have been
completed
○ enable authorized external parties to
access and review speciûc
engagement documentation
Ownership of Engagement Documentation
- engagement documentation is a property of
the ûrm
○ ûrm may make portions of (or
extracts from) engagement
documentation available to clients
■ provided that disclosure
doesn’t undermine the
validity of the work
- all working papers, schedules and
memoranda made by a CPA and his staff
shall be treated conûdential
○ remains the property of such CPA in
the absence of a written agreement
○ unless such documents are required
to be produced through subpoena
Monitoring of Quality Controls
- assurance that system of quality control are
relevant, adequate, operating effectively and
complied with in practice
- should include an ongoing consideration and
evaluation of the ûrm’s quality control
○ including a periodic inspection of a
selection of completed
engagements
- purpose of monitoring compliance is to
provide an evaluation of:
 ○ adherence to professional standards
and regulatory/legal requirements
○ quality control system has been
appropriately designed and
effectively implemented
○ whether quality control is
appropriate in the circumstances
- performed by competent individuals and
covers both the appropriateness of the design
and the effectiveness of the operation
- includes matters such as:
Inspections
- provide evidence of compliance with the
ûrm’s quality control (in relation to completed
engagements)
- inspection of a selection of completed
engagements
○ performed on a cyclical basis
○ include at least 1 engagement for
each engagement partner over an
inspection cycle
■ inspection cycle spans no
more than 3 years
○ individual engagements may be
selected without prior notiûcation
- those inspecting aren’t involved in performing
the engagement or the quality control review
- determining the scope of the inspection
○ ûrm may consider the scope or
conclusions of an independent
external inspection program
- small ûrms or sole practitioners may:
○ use a suitably qualiûed external
person or other ûrm
○ establish arrangements to share
resources with other appropriate
organizations
Disposition of Deûciencies Noted
- evaluating the effect of deûciencies,
determining whether they:
○ don’t necessarily indicate that the
ûrm’s quality control is insuýcient
○ are systemic, repetitive, or other
signiûcant deûciencies that require
prompt corrective action
- ûrm shall communicate to relevant
engagement partners and other personnel
○ for appropriate remedial action
- where results indicate that a report may be
inappropriate, the ûrm should determine what
further action is appropriate
○ should also consider obtaining legal
advice
Communication of the Results of Monitoring
- ûrm communicates results to engagement
partners and other appropriate individuals
○ at least annually
○ appropriate individuals including the
managing board of partners
- enables the ûrm to take prompt and
appropriate action
- information communicated shall include:
○ description of the monitoring
procedures performed
○ conclusions drawn
○ description of systemic, repetitive
deûciencies and of the actions taken
to resolve it
Network Firms
- some ûrms operate as part of a network and
may implement their monitoring procedures
on a network basis
- network communicates the overall scope,
extent and results of monitoring process
○ at least annually
 ○ to appropriate individuals within the
network ûrms
- engagement partners are entitled to rely on
the results of the monitoring process
implemented within the network
Documentation Relating to Monitoring
- appropriate documentation of:
1. monitoring procedures
- including the procedure for selecting
engagements to be inspected
2. evaluation of:
- adherence to professional
standards, regulatory and legal
requirements
- whether quality control system has
been appropriately designed and
effectively implemented
- whether the quality control policies
and procedures have been
appropriately applied
3. deûciencies noted, evaluation of their effect,
and further action to be taken
Complaints and Allegations
- assurance that it deals appropriately with:
○ complaints and allegations that the
work performed fails to comply with
■ professional standards
■ regulatory and legal
requirements
○ allegations of non-compliance with
the ûrm’s system of quality control
- complaints and allegations may:
○ originate from within or outside ûrm
○ received by engagement team
members or other ûrm personnel
- ûrm establishes clearly deûned channels for
ûrm personnel to raise any concerns
○ without fear of reprisals
- investigation of complaints and allegations
○ supervised by a partner
■ w/ suýcient & appropriate
experience, and authority
■ not involved in the
engagement
○ involves legal counsel as necessary
○ ûrm takes appropriate action when
investigation indicates deûciencies
or non compliance
- small ûrms and sole practitioners may use
the services of:
○ a suitably qualiûed external person
○ other ûrm
Documentation of System of Quality Control
- to provide evidence of the operation of each
element of its system of quality control
- it is the ûrm’s decision how such matters are
documented
○ small ûrms may use less formal
methods (ex: manual notes)
- factors to consider in determining form and
content of documentation:
○ size of the ûrm (number of oýces)
○ degree of authority (of both
personnel and oýces)
○ nature and complexity (of the ûrm’s
practice and organization)
- ûrm retains documentation for:
○ a period of time suýcient to permit
those performing monitoring
procedures to evaluate
○ a period required by law/regulation
PHILIPPINE STANDARD ON AUDITING NO. 220
- standards on speciûc responsibilities of ûrm
personnel regarding quality control
- the engagement team:
1. should implement quality control procedures
2. should provide the ûrm with relevant
information (for it to function independently)
3. are entitled to rely on the ûrm’s systems
Leadership Responsibilities
- engagement partner: responsible for the
overall quality on each audit engagement
○ sets an example regarding audit
quality to the other members
Ethical Requirements
- engagement partner: considers whether
members of the engagement team have
complied with ethical requirements
- in forming a conclusion on compliance with
independence requirements, the engagement
partner should:
1. obtain relevant information from the ûrm
- to identify and evaluate
circumstances and relationships
that create threats to independence
2. evaluate information on identiûed breaches of
independence policies and procedures
- to determine whether they create a
threat to independence
3. take appropriate action to eliminate such
threats or reduce them to an acceptable level
- by applying safeguards
 - engagement partner should
promptly report to the ûrm any
failure to resolve the matter
4. document conclusions on independence
- including discussions with the ûrm
that support conclusions
Acceptance and Continuance of Client Relationships
- appropriate information is gathered and
evaluated as a basis for deciding whether to
○ accept a new client
○ retain an existing client
- to avoid associating with clients whose
management lacks integrity
- engagement partner: should be satisûed that
1. appropriate procedures for client
relationships have been followed
2. conclusions reached are appropriate and
documented
** engagement partner may or may not initiate the
decision-making process, but he/she determines
whether the most recent decision remains appropriate
Rationale for Acceptance and Continuance Procedures
- public accountancy relies heavily on the trust
and conûdence of the public
○ ûrm must minimize the likelihood of
associating with a client whose
management lacks integrity
- in acceptance and continuance of client
relationships, audit ûrms must consider:
1. integrity of principal owners, key management
and those charged with governance
2. whether the engagement team is competent
to perform the audit engagement
- also, if it has the necessary time and
resources
3. whether ûrm and the engagement team can
comply with ethical requirements
** where issues arise out of these considerations, the
engagement team conducts the appropriate
consultations, and documents how issues were
resolved
Integrity of the Principal Owners, Key Management, and
those Charged with Governance of the Entity
- scrutinized through inquiries of
knowledgeable parties
○ from various sources, both internal
and external
- investigation procedures involve:
1. obtain and review available FS of the client
2. inquire of 3rd parties as to any information
about the client and its management
- ex: client’s bankers, legal advisers
3. communicate with the predecessor auditor
- successor auditor shall:
○ initiate the communication
○ request permission of the
prospective client
■ since auditors are
bound to follow
their duty of
conûdentiality
- predecessor shall respond fully
○ except when entangled in a
lawsuit in which he may
choose to remain silent
- inquiries may involve:
○ integrity of client
○ disagreements with client
○ reasons for the change in
auditors
- in case client refuses to permit,
successor shall consider the
reasons for refusal
○ may cause the successor
to reject the engagement
4. consider circumstances which would cause
the ûrm to regard the engagement as:
- requiring special attention; or
- presenting unusual risks
Competence to Perform the Audit Engagement and
Availability of Time and Resources
- CPA shouldn’t accept if he/she is not
competent to carry out
○ unless experts are available
- early appointment from client in order to:
○ adequately plan the engagement
○ allocate audit work more eýciently
- in some cases, auditor was appointed after
balance sheet date
○ some year-end substantive
procedures cannot be performed
○ auditor shall consider alternative
procedures to gather suýcient and
appropriate evidences
■ if not obtainable, auditor
determines the implications
of the scope limitation to
the audit report and
communicate the same to
the client
Accounting Policies, Practices, and Accounting Records
 - auditor should accept if the ûnancial reporting
framework adopted by the management is:
○ acceptable; or
○ required by law or regulation
- if law requires, auditor should accept only if:
○ deûciencies in the framework can be
adequately explained
- if differences with GAAP exist:
○ auditor communicates the same to
the client and assesses the client’s
willingness to accept adjustments
○ if not willing, auditor determines the Engagement Performance
possible effect on the audit opinion - engagement partner: responsible for the
and discusses the same to the client direction, supervision and performance of the
■ may be a basis for rejecting audit engagement
the audit engagement ○ engagement is in accordance with
- client’s accounting records is another factor ■ professional standards
in deciding whether to accept an engagement ■ legal and regulatory
- if disorganized, it might prevent the requirements
auditor from being able to express ○ audit report is appropriate in the
an unqualiûed opinion circumstances to be issued
- engagement partner informs the members of:
Evaluating Continuing Clients
- signiûcant matters that have arisen during the 1. their responsibilities
current or previous audit engagement - includes:
○ including their implications for ○ maintaining an objective
continuing the relationship state of mind
- where engagement partner obtains ○ maintaining an appropriate
information that would have caused the ûrm level of professional
to decline engagement (if provided earlier) skepticism
○ partner shall communicate promptly ○ performing the work
to the ûrm so they can take the delegated with due care
necessary action 2. nature of the entity’s business
3. risk-related issues
4. problems that may arise
5. detailed approach to the performance of the
engagement

** members of the team are encouraged to raise

questions to more experienced team members

Supervision and Review

- engagement partner before issuance of audit
report should:
Assignment of Engagement Teams
- engagement partner should be satisûed that 1. be satisûed that suýcient and appropriate
the team collectively has appropriate evidence has been obtained
○ capabilities 2. conduct timely reviews at appropriate stages
○ competence - allows signiûcant matters to be
○ time to perform resolved on a timely basis
- to enable an auditor’s report that is
appropriate in circumstances to be issued

** engagement partner need not to review all audit
documentation, but documents the extent and timing of
the reviews
** new engagement partner taking over an audit reviews
the work performed to the date of change
** where more than 1 partner is involved, it is important
that the responsibilities of each partners are clearly
deûned and understood by the team
Consultation
- engagement partner should:
1. be responsible for the engagement team
undertaking appropriate consultation
2. be satisûed that members of the engagement
team have undertake appropriate
consultation
3. be satisûed that the nature and scope of, and
conclusions are documented and agreed with
the party consulted
4. determine that conclusions resulting from the
consultations have been implemented
** it may be appropriate to consult outside the ûrm (ex:
when ûrm lacks appropriate internal resources)
** documentation of consultation is suýciently
complete and detailed to enable understanding of:
- issue on which consultation was sought
- results of consultation, including decisions
taken, basis for those decisions and how they
were implemented
Differences of Opinion
- engagement team should follow the ûrm’s
policies and procedures for dealing with and
resolving differences of opinion
- engagement partner informs members of the
team that they may bring matters involving
differences of opinion
○ without fear of reprisals
Engagement Quality Control Review
- engagement partner should:
1. determine that an engagement quality control
reviewer has been appointed
2. discuss signiûcant matters arising during the
audit engagement
3. not issue the auditor’s report until the
completion of the quality control review
** where at the start of the engagement, quality control
review isn’t necessary, the engagement partner should
be alert for changes in circumstances that would
require such a review
Monitoring
- reasonable assurance that system of quality
control are:
○ relevant
○ adequate
○ operating effectively
○ complied with in practice
- deûciencies in quality control doesn’t indicate
that audit engagement wasn’t:
○ in accordance with professional
standards and regulatory and legal
requirements
○ able to provide an appropriate
auditor’s report
- engagement partner considers:
 1. whether deûciencies noted in that
information may affect the audit engagement
2. whether the measures the ûrm took to rectify
the situation are suýcient in the context of
that audit
A FRAMEWORK OF AUDIT QUALITY
- maximizes the likelihood that quality audits
are performed on a consistent basis
- raising awareness of the key elements of
audit quality
○ auditors challenging themselves
whether there is more they can do to
increase audit quality
- it is not a substitute for such standards, nor
does it establish additional standards
- the framework isn’t suýcient for the purpose
of evaluating the quality of an individual audit
- quality audit is likely to be achieved by an
engagement team that:
○ was suýciently knowledgeable,
skilled, and experienced
○ had suýcient time allocated to
perform the audit work
○ applied a rigorous audit process and
quality control procedures that
complied with law, regulation, and
applicable standards
○ provided useful and timely reports
○ interacted appropriately with
relevant stakeholders
- responsibility for performing quality audits of
FS rests with auditors
○ but is best achieved where there is
support from participants in the
ûnancial reporting supply chain
Process
- rigor of the audit process and quality control
procedures impact audit quality
Outputs
- include reports and information that are
formally prepared and presented
- also include those that arise from the auditing
process that are generally not visible to those
outside of the audited organization
○ ex: improvements to the entity’s
ûnancial reporting practices
Key Interactions within the Financial Reporting Supply
Chain
- the way in which stakeholders interact can
have a particular impact on audit quality
- allows a dynamic relationship to exist
between inputs and outputs
Contextual Factors
- have a potential to impact the nature and
quality of ûnancial reporting and audit quality
○ ex: laws and regulations, corporate
governance
- auditors respond to these factors when
determining how best to obtain suýcient
appropriate evidence

Inputs
- grouped into the following factors:
○ values, ethics and attitudes of
auditors (inüuenced by the ûrm’s
internal culture)
○ knowledge, skills, and experience of
auditors, as well as the time
allocated for them to perform
- quality attributes are further organized
between those that apply directly at:
○ audit engagement level
○ level of an audit ûrm
○ National (or jurisdictional) level
- inüuenced by:
○ context in which audit is performed
○ interactions with key stakeholders
○ outputs
CH 6: THE CODE OF ETHICS FOR CPAs IN THE
accountants and strengthening the
PHILIPPINES independence requirements of auditors

Introduction September revised the deûnition of the term <those

- profession shall be regulated and performed 2013 charged with governance=
with utmost care and professionalism
○ to maintain public conûdence July 2016 2016 edition of the Handbook of the
○ gain respect from the users Code of Ethics for Professional
Accountants
- code of ethics is important given the
presence of ethical dilemmas Added sections 225 and 360,
○ ethical dilemmas rarely present addressing accountants responsibilities
themselves as such when they become aware of
noncompliance with laws
Code of Ethics for CPAs
December issued The Code of Ethics for
- Ethics: bedrock of accountancy profession
18, 2015 Professional Accountants in the PH
○ when ethics is lacking, the
foundation of profession crumbles

Special Need for Ethical Conduct

- special meaning to the term <professional=
○ expected to conduct himself at a
higher level than most other
members of society
- Professional: responsibility for conduct that
extends beyond satisfying responsibilities to
himself or herself
○ recognizes a responsibility to:
■ public
■ client
■ fellow practitioners
- it is essential that clients have conûdence in
the quality of service given by CPAs
- it isn’t practical for users to evaluate the
quality of service because of its complexity
○ most users have neither the
competence nor the time to evaluate
○ thus, the presence of PRC and other
professional & regulatory boards
■ requiring a code of ethics
for the profession
- code of ethics enhances public conûdence in
the quality of professional services
PART A - General Application of the Code
Code of Ethics for Accountants
- developed by IFAC’s International Ethics Introduction and Fundamental Principles
Standards Board of Accountants (IESBA) - responsibility to act in the public interest
- serves as a model for all codes of ethics by ○ a distinguishing mark of the
national accountancy organizations accountancy profession
- all CPAs are expected to comply ○ responsibility isn’t exclusively to
○ failure to do so may result in an satisfy the needs of the client
investigation into the CPA’s conduct ○ accountant should observe and
comply with the ethical requirements
Other Notes Regarding Code of Ethics
Fundamental Principles
July 2009 revised Code of Ethics, clarifying the
1. Integrity
requirements for all professional
- being straightforward and honest
 2. Objectivity
- unbiased and no conüict of interest
- no undue inüuence of others to
override judgements
3. Professional Competence and Due Care
- maintain professional knowledge
and skill at the level required
- ensure competence (based on
current developments in practice)
- act diligently and in in accordance
with applicable standards
4. Conûdentiality
- do not disclose information to 3rd
parties without proper authority
○ unless there is a legal or
professional right or duty
- conûdential information acquired
shouldn’t be used for the personal
advantage of the CPA or 3rd parties
5. Professional Behavior
- to comply with relevant laws and
regulations and avoid any action that
discredits the profession
Threats and Safeguards
- threats may be created by a broad range of
relationships and circumstances
○ could compromise compliance
- Safeguards: eliminates or reduces such
threats to an acceptable level
○ safeguards created by the:
■ profession
■ legislation
■ regulation
○ safeguards in the work environment
- safeguards may increase the likelihood of
identifying or deterring unethical behavior like:
○ effective complaints systems
○ explicitly stated duty to report
breaches of ethical requirements

Conceptual Framework
- guidance on fundamental ethical principles
○ to identify threats to compliance
○ to evaluate the threats’ signiûcance
○ to apply safeguards to eliminate or
reduce threats to an acceptable level
■ such that compliance with
fundamental principles isn’t
compromised
- circumstances in which accountants operate
may give rise to threats to compliance
○ it is impossible to deûne every
situation that create such threats
○ nature of engagements may differ
and create different threats
■ thus, different safeguards
- if accountant cannot implement safeguards,
he/she shall decline, discontinue, or resign
- an accountant may inadvertently violate a
provision of the Code
○ may not compromise compliance Ethical Conüict Resolution
○ once violation is discovered, it is - resolving a conüict in the application of
corrected promptly and safeguards fundamental principles
are immediately applied - factors relevant to the resolution process:
○ relevant facts
** for unusual circumstances in which the application of ○ ethical issues involved
a provision would result in a disproportionate outcome ○ fundamental principles related to the
(or not for the public interest), accountant should matter in question
consult with a member body or the relevant regulator ○ established internal procedures
○ alternative courses of action
 - accountant shall determine the appropriate
course of action, weighing the consequences
of each possible action
○ if unresolved, consult with other
appropriate persons within the ûrm
○ if signiûcant conüict is unresolved,
obtain professional advice from:
■ professional body
■ legal advisors
in order to not breach conûdentiality:
■ discussions made are on
an anonymous basis
■ may be with a legal advisor
under the protection of
legal privilege
○ if unresolved after exhausting all
relevant possibilities, refuse to
remain association with the matter
creating the conüict
■ withdraw or resign
- accountant documents the substance of the
issue and details of discussions or decisions
** where a matter involves a conüict with an
organization, accountant shall determine whether to
consult with those charged with governance
■ continuing awareness and
understanding of relevant
developments
- Diligence: act in accordance with the
requirements of an assignment
- accountants shall make clients aware of
limitations inherent in the services
○ to avoid the misinterpretation of an
expression of opinion as an
assertion of fact
Conûdentiality
- accountants should refrain from:
○ disclosing outside the ûrm or
employing organization conûdential
information without proper authority
○ using conûdential information to
their personal advantage or of the
3rd party’s advantage
- being alert of the possibility of inadvertent
disclosure (ex: family member)
- conûdentiality continues even after the end of
relationships

Integrity
- being straightforward and honest
- accountant shall not knowingly be associated
with reports or other information that:
○ contains a materially false or
misleading statement
○ contains statements of information
furnished recklessly
○ omits or obscures information
required to be included (misleading)

Objectivity
- not to compromise judgement due to:
○ bias
○ conüict of interest
○ undue inüuence of others

Professional Competence and Due Care

- accountants’ obligation to:
○ maintain professional knowledge
and skill at the level required
○ act diligently in accordance with
applicable standards
Professional Behavior
- professional competence may be divided into
- to comply with relevant laws and regulations
2 separate phases:
- avoid any action that may bring discredit to
○ attainment
the profession
○ maintenance
- in marketing and promoting services
 ○ accountants shall not bring the
profession into disrepute
○ shall be honest and truthful
■ no exaggerated claims

PART B - Professional Accountants in Public Practice

Introduction
- accountants in public practice must not
engage in any business/activity that impairs:
○ integrity
○ objectivity
○ good reputation of profession

Threats and Safeguards

- accountants should always be alert for
unique circumstances that give rise to threats
- work-environment safeguards comprises:
○ ûrm-wide safeguards
○ engagement speciûc safeguards
- accountant should exercise judgement to
determine how to best deal with a threat
○ based on the ff considerations:
■ signiûcance of threat
■ nature of engagement
■ structure of ûrm

** accountant may also be able to rely on safeguards

that the client has implemented (but it isn’t possible to
rely solely on such safeguards)
Professional Appointment
Client Acceptance
- consider whether acceptance would create
any threats to compliance
○ client issues that could threaten
compliance include:
■ client involvement in illegal
activities
■ dishonesty
■ questionable ûnancial
reporting practices
- accountant shall evaluate the signiûcance of
any threats and apply safeguards, including:
○ obtaining knowledge
understanding of the client
○ securing the client’s commitment to
improve corporate governance
practices or internal controls
- when it is not possible to reduce threats,
decline to enter into the client relationship
- for recurring client engagements, accountant
shall periodically review acceptance decision
Engagement Acceptance
- provide to services where the accountant is
competent to perform
- when an accountant relies on an expert,
determine whether such reliance is warranted
○ considers factors such as:
■ reputation
■ expertise
■ resources available
■ applicable professional and
ethical standards
○ accountant can decide whether it
would be appropriate to accept
- when threats cannot be eliminated or
reduced, decline the engagement
- work that is complementary or additional to
the work of an existing accountant
○ may create threats to professional
competence and due care
■ ex: lack of information
- existing accountant is bound by
conûdentiality
○ extent of discussion of affairs of a
client with a proposed accountant
will depend on the:
and ■ nature of the engagement
■ client’s permission
■ legal / ethical requirements
- where existing accountant provides
information, it should be honestly and
unambiguously
** if proposed accountant is unable to communicate
with the existing, he/she shall take reasonable steps to
obtain information by other means

Conüicts of Interest
- identify circumstances that could pose a
conüict of interest

Changes in a Professional Appointment

- determine whether there are any reasons for
not accepting the engagement
- may require direct communication with the
existing accountant
○ in order to establish the facts and
circumstances behind the proposed
change
** when accountant has requested consent from a
client to act for another party (interests are in conüict)
and consent has been refused, accountant shall not
continue to act for one of the parties
Second Opinions
- second opinion on the application of
standards or principles to circumstances
○ may give rise to threats
compliance with principles
** if the entity seeking the opinion will not permit
communication with existing accountant, professional
accountant considers whether it is appropriate to
provide the opinion sought
Fees and Other Types of Remuneration
- accountant may quote whatever fee deemed
to be appropriate
- there may be threats to compliance arising
from the level of fees quoted
○ self-interest threat to professional
competence and due care
- signiûcance of threats depends on factors:
○ level of fee quoted
○ services to which the fee applies
- safeguards should be considered and applied,
including:
○ making the client aware of the terms
of engagement and the basis which
fees are charged
○ assigning appropriate time and
qualiûed staff to the task
Contingent Fees
- widely used for certain types of
non-assurance engagements
- may give rise to compliance
○ self-interest to objectivity
- signiûcance of threats depend on factors:
○ nature of engagement
○ range of possible fee amounts
○ basis for determining the fee
○ whether the outcome or result of the
transaction is to be reviewed by an
independence 3rd party
Referral Fees and Commissions
- referral fee or commission relating to a client
○ ex: referring a continuing client to
another professional accountant or
other expert
○ may give rise to self-interest threats
to objectivity and professional
competence and due care
to - may also pay a referral fee to obtain a client
○ may give rise to self-interest threats
to objectivity and professional
competence and due care
- safeguards:
○ disclosing to the client any
arrangements to pay a referral fee
○ disclosing to the client any
arrangements to receive a referral
fee
○ obtaining advance agreement from
the client for commission
arrangements
Marketing Professional Services
- solicits new work though advertising or other
forms of marketing
- self-interest threat to compliance with the
principle of professional behavior
- accountant shouldn’t bring the profession into
disrepute with marketing professional
services
Gifts and Hospitality
- offered gifts and hospitality from a client
- self-interest threats to objectivity and
intimidation threats to objectivity
- signiûcance of such threats depend on the
nature, value and intent behind the offer
- if offer is made in the normal course of the
business, accountant may conclude that it is
at an acceptable level
- if threats cannot be eliminated or reduced,
accountant shall not accept the offer
Custody of Client Assets
Objectivity - All Services
Independence - Audit and Reviews
Networks and Network Firms
Public Interest Entities
Related Entities
Those Charged with Governance
Documentation
Engagement Period
Mergers and Acquisitions
Other Considerations
Independence - Other Assurance Engagements
Attestation Engagements CH 8: AUDIT PLANNING
Direct Engagements
Multiple Responsible Parties Introduction
Documentation - auditor’s objective: <plan the audit so that it
Engagement Period will be performed in an effective manner=
Other Considerations - factors affecting the nature and extent of
planning required:
PART C - Professional Accountants in Business ○ complexity of the client’s business
○ form of the client’s business
Introduction ○ its commercial environment
Threats and Safeguards
Potential Conüicts Audit Planning
Preparation and Reporting of Information - conducted in order to reducing audit risk by:
Acting with Suýcient Expertise ○ establishing overall audit strategy
Financial Interests ■ sets the scope, timing, and
Inducements direction of the audit
■ guides the development of
the audit plan
○ developing audit plan
- main outputs:
○ overall audit strategy
○ overall audit plan
○ draft audit programs
■ what work to be performed

** the main outputs are supported by a summary that

documents the following:
- main decisions taken during the planning
- information gathered (related to engagement)
- main administrative arrangements

Major Audit Planning Activities

1. Obtaining an understanding of the client and
its environment
2. Assessing the possibility of non-compliance
3. Establishing materiality and assessing risk
4. Identifying related parties
5. Performing preliminary analytical procedures
6. Determining the need for experts
7. Development of the overall audit strategy and
detailed audit plan
8. Preparation of preliminary audit programs

Obtain an Understanding of the Client and its Environment

- identify and assess the risks of material
misstatement by understanding the entity
 ○ identify the events, transactions, and
practices that may have a signiûcant
effect on the FS or audit report
- obtaining an understanding on the entity’s:
○ general economic factors
○ industry conditions
○ characteristics
○ ûnancial performance
○ reporting requirements
○ changes since the date of prior audit
○ general level of competence
- assists the auditor in assessing risk and in
Analytical - evaluation of ûnancial information
planning the audit effectively and eýciently
Procedures ○ studying relationships
○ provides a basis for designing and among both ûnancial and
implementing responses to risks non-ûnancial data

Observation - supports inquiries

and Inspection - provides information about the entity
and its environment

Required Understanding of the Entity

- auditor’s understanding of the entity includes:
○ industry factors
■ nature of the business
■ degree of regulation
○ regulatory factors
Risk Assessment Procedures ■ include applicable ûnancial
- performed in order to: reporting framework
○ identify and assess risks of material ○ other factors
misstatement
○ obtain an understanding of the entity Nature of the - understand classes of transactions,
and its environment Entity account balances, and disclosures
■ including its internal control to be expected in the FS
- auditor should perform the following risk - includes the entity’s:
assessment procedures: ○ operations
○ ownership
○ governance structures
Inquiries - provides a different perspective in ○ types of investments
identifying risks of misstatement ○ structure
- may be obtained from: ○ ûnancing activities
○ management
○ those responsible for Selection and - consider whether policies are
ûnancial reporting Application of appropriate and consistent with:
○ others within the entity Accounting ○ applicable ûnancial
Policies reporting framework
○ accounting policies in the
relevant industry
- encompasses the:
○ entity’s methods to account
for signiûcant and unusual
 transactions
○ effect of policies in
controversial areas
○ entity’s changes in
accounting policies
Objectives, - objectives: targeted action to
Strategies, respond to both internal and
Related external business factors
Business - strategies: operational approaches
Risks to achieve objectives
- business risk: could adversely
affect the entity’s ability to:
○ achieve objectives
○ execute strategies
- understanding business risk
increases the likelihood of
identifying material misstatement
○ since most business risks
will eventually have
ûnancial consequences
- auditor doesn’t have a
responsibility to identify all
business risk
** <business risk is broader than the
risk of material misstatement of the FS,
though it includes the latter=
Measurement - performance measures create
and Review pressures on the entity
of Entity’s ○ may motivate management
Financial to misstate FS
Performance - consider whether such pressures
result in management actions that
may have increased the risks of
material misstatement
Internal - reasonable assurance about the
Control achievement of the entity’s
objectives with regard to:
○ reliability of ûnancial
reporting
○ effectiveness and
eýciency of operations
○ compliance with applicable
laws and regulations
Assessing the Possibility of Non-Compliance
- non-compliance: omission or commission by
the entity which are contrary to the prevailing
laws or regulations
- assessing how the entity is complying with
the applicable ûnancial reporting framework
○ some laws and regulations may give
rise to business risks
Establishing Materiality and Assessing Risk
- materiality: amount expected to inüuence the
economic decisions of users
- assessing the risk of material misstatement
○ helps determine the nature, timing,
and extent of audit procedures
- performance materiality: set to reduce the
probability that an aggregate of undetected
and uncorrected misstatements exceed the
materiality of FS as a whole
○ detecting only material
misstatements may cause the FS to
be materially misstated as a whole
○ its determination is not a simple
mechanical calculation
■ involves the exercise of
professional judgement
○ valuation is affected by the:
■ auditor’s understanding of
the entity
■ nature and extent of
misstatements identiûed in
previous audits
■ auditor’s expectations in
relation to misstatements
Steps in Applying Materiality
During Planning
1. establish a preliminary judgement about
materiality
2. determine tolerable misstatement
At Audit Completion
3. estimate likely misstatements and compare
the totals to the preliminary judgement
Establish a Preliminary Judgement about Materiality
- estimating the maximum amount by which a
set of FS could be misstated and would still
not affect the decisions of reasonable users
○ materiality is affected by the size of
the client’s company
- AASC standards: not required to be quantiûed
 ○ it is common to document at least a
range (in actual practice)
- in quantifying materiality, auditor establishes
a base that when multiplied by a % factor,
determines the preliminary judgement
○ resulting amount is known as the
planning materiality
Common Criteria Used by Auditors
1. % effect on net income before taxes
2. % effect on total revenues
3. % effect on total assets
** % effect on net income is the most common
criterion used by auditors
- most auditors agree that:
○ combined error of less than 5% of
net income is normally immaterial
○ combined error of more than 10% of
net income is normally material
Estimate likely Misstatements and Compare Totals to
the Preliminary Judgement about Materiality
- towards the end of the engagement, the
auditor again considers materiality
○ by comparing misstatements with
the preliminary estimate
- assesses whether the aggregate of identiûed
uncorrected misstatements is material
○ a.k.a. likely misstatements
○ comprises of:
■ speciûc misstatements
identiûed by the auditor
■ auditor’s best estimate of
other misstatements
○ if it approaches the materiality level,
the auditor considers:
■ additional procedures to
reduce audit risk
■ ask management to adjust
the misstatements

Determine the Tolerable Misstatement Assessing the Risks of Material Misstatement

(Performance Materiality) - auditor is required to perform the following:
- Tolerable Misstatement: amount of planning ○ identify risks
materiality allocated to an account balance or ○ relate identiûed risks to assertions
class of transactions ○ consider whether risks are of
○ may be assigned unproportionately magnitude (could result in a material
○ if amount of misstatements exceed misstatement of the FS)
tolerable misstatement = auditor - assessment may be expressed quantitatively
should consider: or qualitatively
■ additional procedures to
reduce audit risk
■ ask management to adjust
the misstatements
- process may be done:
○ judgmentally
○ formal quantitative approaches

Effect of Materiality on Audit Procedures 1. Assessment of Inherent Risk

- the amount of tolerable misstatement affects - auditor uses professional judgement
the extent of audit procedures
○ lower tolerable misstatement =
more extensive audit procedures
○ ex: A/P’s tolerable misstatement is 0
■ implies that any amount of
misstatement in A/P can
affect the users’ decisions
■ thus, auditor should test
every transaction making
up the A/P account
- materiality recognizes the auditors work
within constraints of time and cost
○ that is why they permit a
reasonable allowance for error

2. Assessment of Control Risk
- internal control system: designed by
management to prevent or detect
and correct misstatements
○ it is how the management
reacts to inherent risks
- the amount of substantive test
procedures depends on the extent of
reliance on the internal control
○ more reliable internal
controls = less substantive
test procedures
- auditor obtains an overall <feel= of
the situation
○ determine the major areas
where audit work will place
reliance on internal controls
Signiûcant Risks
- requires special audit consideration
- auditor uses professional judgement, and
considers the following:
Effect of Audit Risk on Audit Procedures
- higher combined assessments of inherent
and control risks = lower amount of detection
risk that can be accepted
- lower acceptable detection risk = greater
amount of audit procedures performed
Relationship Between Audit Risk and Materiality
- inverse relationship
○ higher audit risk = lower materiality
level (vice versa)
○ auditor will compensate by either:
■ reducing assessed risk of
material misstatement
■ reducing detection risk
- assessing risks of material misstatement
○ enables auditor to select audit
procedures to reduce audit risk
■ what items to examine
■ whether to use sampling
and substantive analytical
procedures
Materiality and Audit Risk in Evaluating Audit Evidence
- assessment on materiality and audit risk may
be different at the time of initial planning and
at the time of evaluating the results
○ change in circumstances
○ change in auditor’s knowledge
- auditor may intentionally set the materiality
level at a lower level than intended
○ to evaluate the results of the audit
○ to reduce the likelihood of
undiscovered misstatements
○ to provide a margin of safety
Identifying Related Parties
- there may be risk of material misstatement
regarding transactions with related parties
○ related party transaction: transfer of
resources, services, or obligations
between related parties
■ regardless of whether there
is a price charged
- auditor needs to be aware of them because:

Performing Analytical Review Procedures
- Analytical Procedures: evaluations of ûnancial
information made by a study of plausible
relationships among both ûnancial and
non-ûnancial data
- encompasses the investigation of:
○ identiûed üuctuations
○ relationships that:
■ are inconsistent with other
relevant information
■ deviate signiûcantly from
predicted amounts
- required to be performed in:
○ planning stage
○ ûnal review stage
Analytical Procedures During the Planning Stage
- to enhance the auditor’s understanding of the
client (including its business and industry)
○ enables auditor to identify areas of
potential risk
- helpful in identifying the existence of unusual
transactions, events, amounts, etc.
- basic premise of its application: because
relationships among data may reasonably be
expected to exist and to continue to exist in
the absence of known conditions to the
contrary
Determining the Need for Auditor’s Expert
- auditor is not expected to have the expertise
of another profession
○ therefore, auditor may require audit
evidence obtained from an expert
■ ex: expert’s opinion, reports
- in determining the need of an expert, auditor
should consider:
○ engagement team’s knowledge and
previous experience
○ risk of material misstatement
○ quantity and quality of other audit
evidence expected to be obtained
- auditor should evaluate the professional
competence of the expert
○ professional certiûcation or license
○ membership in a professional body
○ expert’s experience and reputation
- auditor should also evaluate the objectivity
○ objectivity will be impaired when the
expert is:
■ employed by the entity
■ related in some other
manner to the entity
- if auditor is concerned with the expert’s
competence and objectivity, auditor should:
○ discuss with management
○ consider whether suýcient
appropriate evidence can be
obtained about the work of an expert
○ seek audit evidence from another
expert
Development of the Audit Strategy
- designing optimized audit approaches
○ to achieve audit assurance at the
lowest cost within the constraints
- sets the scope, timing, and direction of the
audit; and guides the development of a more
detailed audit plan
- its establishment involves:
○ determining the characteristics of
the engagement (deûnes its scope)
○ ascertaining the reporting objectives
of the engagement (to plan timing)
○ considering the important factors (to
determine the direction or focus of
the engagement team’s efforts)
- small entities = smaller team
○ coordination and communication is
easier than a larger team
○ audit strategy need not be a complex
or time-consuming exercise
** brief memorandum prepared at the completion of the
previous audit can serve as the basis for planning the
current audit engagement
Development of the Detailed Audit Plan
- addresses the various matters identiûed in
the overall audit strategy
 - overall audit strategy and detailed audit plan
are closely interrelated
○ since changes in one may result in
changes to another
○ they aren’t necessarily discrete or
sequential processes
- includes description of the nature, timing, and
extent of:
○ risk assessment procedures
○ further audit procedures
■ test of controls
■ substantive tests
○ other audit procedures
- its documentation serves as a record of the
proper planning and performance of the audit
○ can be reviewed and approved prior
to performance of further audit
procedures
- audit plan for the engagement develops
○ thus, planning takes over the course
of the audit
** auditor may begin the execution of further audit
procedures before completing the more detailed audit
plan
Preparation of the Preliminary Audit Programs
- Audit Program: list of procedures used to
gather suýcient appropriate audit evidence
○ most important control mechanism
in an audit
- mostly, audit programs are already pre-printed
○ auditors would modify it suit the
client’s conditions, situations
- 2 types of audit programs:
○ tests of controls audit program
■ compliance test
■ reliance approach: when
auditor identiûed controls
to rely on
○ substantive test audit program
■ reliance or no reliance:
prepared regardless of
approach taken by auditor
Initial Engagements Continuing Engagements
audit programs aren’t audit programs can be
usually prepared until drafted in advance based
the client’s control on the auditor’s prior
structure has been knowledge and the results
reviewed and of previous assessments
documented of control risk
Timing of Audit Work
- eýcient scheduling of audit work
- to maximize the effectiveness and monetary
return of an accounting ûrm
- ûrms strive to perform as much work at an
interim date as possible
○ not all audit procedures must be
performed after the end of the
period being audited
○ this practice allows:
■ ûrm to reduce staff
requirements
■ client to issue FS and
annual reports at an earlier
date
- timing of signiûcant phases of the audit and
tentative deadlines should be determined
○ agreed upon with the client
○ documented in a timetable
Other Planning Considerations
Arrangements for Company Assistance
- extent should be determined and arranged as
early as possible
- listing of schedules and analyses (prepared
by client) with indication of dates and by
whom they are to be completed
○ only useful items should be listed
○ completion dates should be realistic
and consistent with the timing of
audit plan and company’s schedule
○ suggested formats may be given to
the accountant of the company
- schedules may be accessed electronically
Consider the Work of the Internal Auditors
- the following should be determined: the
internal auditor’s
○ scope of work
○ principal ûndings
○ availability for coordination or direct
assistance
- review and evaluate the objectivity and
competence of internal auditors
○ including the effectiveness of their
procedures
- coordination in areas such as:
○ observation of inventory count
○ conûrmation of receivables
○ review of ûxed assets additions and
disposals
○ review of depreciation provisions
○ bank reconciliation preparation
○ review of loss events
Direction, Supervision, and Review
- Supervision: directing the efforts of assistants
involved in accomplishing the objectives of
the examination
- extent depends on many factors
○ ex: complexity of subject matter
- include the following activities:
CH 9: STUDY & EVALUATION OF INTERNAL CONTROL
Introduction
- Internal Control: basis for designing and
implementing responses to the assessed
risks of material misstatement
- auditor shall obtain an understanding of the
client’s internal control, and should:
1. identify the following:
a. types of potential misstatements in FS
b. factors that affect the risk of material
misstatement in FS
2. design the nature, extent, and timing of further
audit procedures
Internal Control - Deûnition
- Committee of Sponsoring Organizations of
the Treadway Commission (COSO):
Internal Control is a Process
- it is a means to an end, not an end in itself
○ a tool used by management, not a
substitute for management
- it is a part and it is integrated with the basic
management processes, including
○ planning
○ executing
○ monitoring
- enables processes to function and monitors
their conduct and continued relevancy
Internal Control Involves People
- it is accomplished by people in the
organization (by what they do & say)
○ it isn’t merely policy manuals
○ people establish the entity’s
objectives and put control
mechanisms in place
- likewise, it affects people’s actions
○ since it recognizes that people don’t
always understand, communicate,
and perform consistently
○ people must know their:
■ responsibilities
■ limits of authority
Internal Control Provides Reasonable Assurance
- no matter how well designed and operated, it
can only provide reasonable assurance
 ○ due to limitations that are inherent
Internal Control is Geared Towards the Achievement of
an Entity’s Objectives
- objectives fall into 3 categories:
○ operations
○ ûnancial reporting
○ compliance
- categorization of objectives allows:
○ focusing on separate aspects of
internal control (what can be
expected from each category)
Internal Control System - Deûnition
- consists of all policies and procedures
adopted by the management of the entity
- assists in achieving the management’s
objective of ensuring:
○ eýcient conduct of business
○ adherence to management policies
○ safeguarding of assets
○ prevention & detection of fraud/error
○ accuracy and completeness of
accounting records
○ timely preparation of reliable
ûnancial information
5 Interrelated Components of Internal Control
- components are derived from the way the
management runs a business
○ small to midsize companies may be
less formal and less structured
■ yet, still effective
- the following are the components:
1. Control Environment
2. Risk Assessment Process
3. Control Activities
4. Information System and Related Business
Processes Relevant to Financial Reporting
and Communication
5. Monitoring of Controls
** division into components provides a useful
framework for auditors to consider how different
aspects of internal control may affect the audit
The Control Environment
- foundation for components of internal control
- sets the tone of an organization
○ inüuencing the control
consciousness of people
- includes the following:
○ governance & management functions
○ attitudes, awareness, and actions of
those charged with governance and
management relating internal control
Elements of the Control Environment
Communication and Enforcement of
Integrity and Ethical Values
- Integrity: a prerequisite for ethical behavior
- it is diýcult to establish ethical values
○ due to concerns of several parties
- <ethics pays= - ethical behavior is good for business
- integrity and ethical values are expressed through:
1. codes of conduct and other policies related to:
a. acceptable business practice
b. conüicts of interest
c. expected standards
d. ethical and moral behavior
2. dealings with employees, suppliers, customers,
investors, creditors, auditors, etc.
3. pressure to meet unrealistic performance targets
(short-term results)
Commitment to Competence
- Competence: knowledge and skills needed to
accomplish tasks or his/her job
- often trade-off between competence and cost
○ in some cases, it is not necessary to hire
- commitment to competence is expressed through:
1. job description or other means of deûning tasks
2. analyses of the knowledge and skills needed to
perform jobs adequately
Participation by Those Charged with Governance
- control environment is inüuenced signiûcantly by the
entity’s BOD and audit committee
○ independence from management
- adequately perform the necessary governance,
guidance, and oversight responsibilities
○ critical to effective internal control
- controls involving the BOD and audit committee:

1. independence from management
- so that even if diýcult and proving,
questions are raised
2. frequency and timeliness of meetings with:
a. chief accounting oýcers
b. internal auditors
c. external auditors
3. suýciency and timeliness of information
provided to board and committee members
- to allow monitoring of management’s
objectives and strategies
Management’s Philosophy and Operating Style
- affects the way the enterprise is managed
○ ex: kinds of business risks accepted
○ different outlook on internal control
- controls involving management’s philosophy and
operating style include:
1. nature of business risks accepted
- whether management often enters into
particularly high-risk ventures
2. frequency of interaction between senior
management and operating management
3. attitudes and actions towards ûnancial reporting
- including disputes over application of
accounting treatments
Organizational Structure
- provides framework within which activities for
achieving entity-wide objectives are:
○ planned
○ executed
○ controlled
○ monitored
- value chain: activities, including inbound (receiving),
production, outbound (shipping), marketing, sales
and service
○ support functions: administration, human
resources or technology department
- controls involving organizational structure are
expressed through:
1. appropriateness of the entity’s organization
structure (its ability to provide the needed
information üow to manage activities)
2. adequacy of deûnition of key manager’s
responsibilities (their understanding)
3. adequacy of knowledge and experience of key
managers (in light of responsibilities)
Assignment of Authority and Responsibility
- how reporting relationships and authorization
hierarchies are established
- policies relating to carrying out duties, including:
○ appropriate business practices
○ knowledge and experience of key personnel
○ resources provided
- also includes policies ensuring that all personnel:
○ understand entity’s objectives
○ know how their individual actions interrelate
and contribute to objectives
○ recognize how and for what they will be
held accountable
Human Resources Policies and Practices
- competent and trustworthy people
- send messages to employees regarding:
○ expected levels of integrity
○ ethical behavior
○ competence
- practices relate to hiring, orientation, training,
evaluating, counseling, promoting, compensating,
and remedial actions
- training policies communicates prospective roles
and responsibilities, and includes practices such as:
○ training schools
○ seminars
○ simulated case studies
○ role play exercises
- controls involving management’s philosophy and
operating style include:
1. extent of policies and procedures for hiring,
training, promoting, and compensating
2. appropriateness of remedial action in response
to departure from policies and procedures
3. adequacy of employee candidate background
checks (prior actions unacceptable by entity)
4. adequacy of employee retention and promotion
criteria and information-gathering techniques
(performance evaluations)
The Entity’s Risk Assessment Process
- Objectives: precondition to risk assessment
- Risk Assessment: identiûcation and analysis
of relevant risks to achieve objectives
○ how the risks should be managed
○ mechanisms needed to identify and
deal with risks
- <all entities, regardless of size, structure,
nature, or industry, encounter risks at all levels
within their organizations=
○ there is no practical way to reduce
business risk to 0
○ the decision to be in business
creates risk
- risks affect each entity’s ability to:
○ survive
○ successfully compete in the industry
○ maintain its ûnancial strength and
positive public image
 ○ maintain overall quality of its
products, services, and people
- management must determine how much risk
is to be accepted and strive to maintain risks
within these levels
○ be alert when objectives are in
danger of not being achieved
- internal control’s goal in this area is to:
1. develop consistency of objectives and goals
throughout the organization
2. identifying key success factors
3. timely reporting to management on
performance and expectations
** risk assessment process is an ongoing reiterative
process and is a critical component of an effective
internal control system
Risk Identiûcation
- <risk rises as objectives increasingly differ
from past performance=
- should be comprehensive
○ consider all signiûcant interactions
between an entity and relevant
external parties
- an iterative process that is often integrated
with the client’s business planning process
- clean sheet of paper approach (not merely
relate the risk to the previous review)
Information System and Communication
Risk Analysis and Management
- methodology for analyzing risks can vary
○ many risks are diýcult to quantify
○ risks are indeterminate at size
■ thus, they are described as
large, moderate, or small
○ risk that doesn’t have a signiûcant
effect or has a low likelihood doesn’t
warrant serious concern
- it may be more or less formal and includes:
1. estimating the signiûcance of a risk
2. assessing the likelihood of the risk (frequency)
3. considering how the risk should be managed
- assessment of actions to be taken
- involves judgement based on:
○ assumptions about risk
○ reasonable analysis of
costs associated with
reducing the level of risk
- procedures may satisfy multiple
objectives and so:
○ management may discover
that additional actions are
not warranted
○ existing procedures may be
suýcient
- Information System: consists of the following:
○ infrastructure (hardware)
○ software
○ people
○ procedures
○ data
- many information systems make extensive
use of information technology (IT)
- Financial Reporting System: procedures and
records established to initiate, record,
process, and report entity transactions
 ○ also, to maintain accountability for
About Operation ○ purchases, sales, and
the related assets, liabilities, equity other transactions
- transactions may be initiated manually or ○ economic conditions
automatically by programmed procedures ○ competitor’s product
○ quality of system-generated releases
information affects management’s - essential to achieve both
ability to make appropriate decisions compliance and ûnancial
reporting objectives
- information system encompasses methods
○ ex: preparing FS
and records that:

Information Quality
- quality of information affects management’s
ability to make appropriate decisions
- modern systems often provide on-line query
ability (freshest info is available on request)
- it is critical that reports contain enough
appropriate data to support effective control

** All of these questions must be addressed by the

system design. If not, it is probable that the system will
not provide the information that management requires

Communication
- providing an understanding of individual roles
and responsibilities pertaining to internal
control over ûnancial reporting
○ personnel understands how their
Information activities relate to the work of others
- Information: needed at all levels of an - open communication channels help ensure
organization to run the business and move that exceptions are reported and acted on
toward the achievement of the objectives in:
○ operations Means of Communication
○ ûnancial reporting 1. written or electronic
○ compliance - include:
- information systems sometimes operate by: ○ policy manuals
○ monitoring mode (routinely) ○ accounting and ûnancial
○ special actions (ex: interviews) reporting manuals
○ memoranda
○ bulletin board notices
Information - enables monitoring (ex: brand
About Monetary proûtability, market share) 2. oral form
and Related - essential to: - include:
Measurements ○ planning ○ video tape messages
○ budgeting ○ meetings
○ pricing
○ evaluating vendor
3. actions by management
performance
○ evaluating joint - <actions speak louder than words=
ventures/alliances - actions are inüuenced by the history
and culture of entity
Information - includes the routine:
 ○ how their superiors dealt
with similar situations

Control Activities
- Control Activities: ensures that necessary
actions are taken to address risks to
achievement of the entity’s objectives
- includes a range of diverse activities such as:
○ approvals
○ authorizations
○ veriûcations
○ reconciliations
○ reviews of operating performance
○ security of assets
○ segregation of duties

Types of Control Activities

- divided into 3 categories:
○ operations
○ ûnancial reporting
○ compliance
- some controls often overlap in categories
○ ex: operations controls can help
ensure reliable ûnancial reporting
- control activities can be typed by speciûed
control objectives
○ ex: ensuring completeness and
accuracy of data processing
- control activities commonly performed:
Performance Reviews
Physical Controls
- encompass the physical security of assets, including
safeguards such as:
1. secured facilities over access to assets, records
2. authorization for access to computer programs
and data ûles
3. periodic counting and comparison with amounts
shown on control records
** extent to which physical controls intended to prevent
theft of assets are relevant to the reliability of FS
preparation (audit depends on circumstances such as
when assets are highly susceptible to misappropriation)

- include the following: Segregation of Duties

1. review and analyses of actual performance vs
budgets, forecasts, and prior period performance
2. relating different sets of data (operating or
ûnancial) and analyses of relationships
3. comparing internal data with external sources
4. review of functional or activity performance (ex:
reports by branch or region)
Information Processing
- performed to check accuracy, completeness, and
authorization of transactions
- 2 broad groupings of information systems control
activities are:
○ general IT controls
○ application controls
- assigning different people the responsibilities
- intended to reduce opportunities to allow any person
to perpetrate and conceal errors or fraud
Policies and Procedures
- control activities usually involve 2 elements:
○ policy (what should be done)
○ procedures (implement policy)
- oftenly, policies are communicated orally
○ effective where:
■ policy is long-standing and
well-understood
■ smaller organizations
○ must be implemented thoughtfully,
conscientiously and consistently

Evaluation of Control Activities

- to address risks associated with established
objectives for each signiûcant activity
- consider whether control activities:
○ relate to risk-assessment process
 ○ are appropriate to ensure that
management’s directives are done
○ done properly

Monitoring of Controls
- to assess the quality of internal control
performance over time
○ to ensure that controls continue to
operate effectively
- involves the following procedures:

1. assessing the design & operation of controls

2. taking necessary corrective actions

The Need to Monitor Controls

- internal control systems change over time
○ the way controls are applied evolve
○ once-effective procedures can
become less effective
- circumstances for which the internal control
system originally was designed may change
○ less able to warn of the risks brought
by new conditions Considerations
- whether internal control system continues to
be relevant and able to address new risks

Methods for Monitoring Controls

- can be done in 2 ways:
○ ongoing activities
■ internal controls usually are
structured to monitor
themselves
○ separate evaluations
■ its frequency is a matter of
management’s judgement
- <the greater the degree and effectiveness of
ongoing monitoring, the less need for separate
evaluations=
- in determining whether separate evaluation is
necessary, considerations should be given to:
○ nature and degree of changes and
their associated risks
○ competence and experience of the
people implementing controls Inherent Limitations of Internal Control
○ results of the ongoing monitoring - it can provide only reasonable assurance due
- internal control deûciencies should be to inherent limitations, including:
reported to:
○ responsible individual 1. management’s usual requirement that a
○ at least one level of management control be cost effective
above the responsible individual 2. most controls tend to be directed at
■ to provide needed support anticipated type of transactions
■ to oversight for taking - not at unusual transactions such as
corrective actions potential human error
■ to communicate with 3. the possibility of circumvention of controls
others in the org whose through collusion with parties
activities may be affected
 4. person exercising control could abuse that Performing a Preliminary Review
responsibility - in determining the level of understanding
5. procedures may become inadequate due to necessary, auditor uses sources such as:
changes in condition and compliance with ○ past experience with client
procedures may deteriorate ○ understanding of the industry
- knowledge from planning is used to:
Relevance of Controls to Audit ○ identify types of potential
- <it is a matter of professional judgement, misstatements
whether a control is relevant to the auditor’s ○ considers factors that affect the risk
considerations= of material misstatements
- relevant controls pertain to the entity’s ○ design substantive tests
objective of: - understanding of the components of the
○ preparing FS for external purposes internal control provides a general knowledge
■ presented fairly of the entity’s:
■ in accordance with the ○ organizational structure
applicable ûnancial ○ methods used to communicate
reporting framework responsibility and authority
○ management of risk ○ methods used to supervise the
■ give rise to a material system
misstatement in FS - understanding of the üow of transactions
provides a general knowledge of the:
○ various classes of transactions
○ methods used
- based on the understanding of relevant
control elements and üow of transactions,
auditor considers whether it is reasonable to
plan to rely on internal control structure

Identifying Transaction Cycles

- identifying each client’s major transactions
○ since number and nature of
Internal Control Evaluation in FS Audit
transactions vary (per industry)
- nature, extent, and timing of audit procedures
- Transaction Cycle: cycle of steps necessary to
through understanding of the internal control
complete either the:
- evaluation of client’s internal control consists
○ exchange of assets or services
of the following steps:
between parties to the transaction
○ transfer or use of assets within the
1. Obtain an understanding of the client’s internal
business
control structure
- transaction cycles deal with controls
2. Make a preliminary assessment of control risk
○ over the authorization, execution,
3. Determine the appropriate response to the
and recording transactions
assessed risk
4. Reassess control risk
5. Determine the nature, extent, and timing of
substantive tests

Obtain Understanding of the Client’s Internal Control

- to identify potential misstatements in FS
- consists of the following procedures:

1. Performing preliminary review

2. Identifying transaction cycles
3. Documenting the system
4. Performing a transaction walkthrough
5. Identifying controls that are potentially reliable

Advantages of Identifying Transaction Cycles
1. to gain an understanding of the üow of
transactions (from inception to conclusion)
- all signiûcant processes has been
identiûed, noted, and evaluated
2. to better evaluate the impact of internal control
on speciûc FS items
- assists in determining the nature, timing,
and extent of substantive tests
Documentation of Understanding of Internal Control
- ensuring that auditors comply with signiûcant
requirements of GAAP
- requires the documentation of:
Narratives
- written description of a particular phase/s of an
accounting system
- Inappropriate when a system is complex or
frequently revised
Internal Control Questionnaires
- designed to identify control points and techniques
and detect control deûciencies
- requires Yes, No, or Not Applicable responses
○ Yes: suggests satisfactory control
○ No: signals potential material deûciencies
that could lead to misstatements
- increases the likelihood of detection, but can also
result in unreliable documentation
○ employees may respond inaccurately
○ to avoid inaccurate responses, auditor shall
attempt to verify responses with:
■ supervisory personnel
■ entity’s procedures manual
Flowcharts
- diagram the üow of transactions and events
- a creative process, requiring keen imagination and
thoughtful preparation
- ûrm should adopt standardized symbols
○ to promote understanding and
communication
- üowchart should be:
○ concise
○ informative
Combination of Methods
- auditor could use any combination
○ to maximize the advantage of each
Performing a Transaction Walkthrough
- a single transaction for each major segment of
the internal control is selected and followed
○ to verify narrative, questionnaire,
and/or üowchart documentation
○ to familiarize auditor with audit trail
- may be started at the termination of the
transaction (trace back)
- if the walk-through isolates differences, the
reason for the differences should be resolved
and the auditor’s documentation should be
revised
The Relationship of Controls to Assertions
- may either be direct or indirect
- degree of directness (closeness) determines
how likely a speciûc policy or procedure is to
have an effect on a particular assertion
- categories of FS assertions:
○ classes of transactions and events
○ account balances
○ presentation and disclosure
 High Control Risk Assessment
- at the maximum level
- when there is high likelihood that signiûcant
misstatements exist in the FS
○ due to inadequate internal controls
that cannot be relied upon
- can result from the belief that control
structure has not been effectively designed or
have not operated effectively

Less than High Control Risk Assessment

- below the maximum level
- certain control structure policies and
procedures are in place and are likely to
prevent or detect material misstatements
○ must test whether internal control are
designed and operating effectively
- keep in mind that some policies and
procedures have a pervasive effect
○ affects several assertions
○ but, other policies and procedures
have a speciûc effect on only one
account

Determine Appropriate Response to Assessed Risks

Overall Responses
Make a Preliminary Assessment of Control Risk - responses to assessed risks at FS level
- combined assessments of control risk and ○ to reduce audit risk to low level
inherent risk is the basis for determining the - responses to assessed risks at assertion level
nature, timing, and extent of substantive tests ○ perform further audit procedures
- in assessing control risk, the auditor: - may include:

1. considers the errors and irregularities that

could occur and that could result in material
misstatements in the FS
2. identiûes relevant control procedures
designed to prevent errors
3. performs tests of controls on the control
procedures to be relied on

Responses at the Assertion Level

Preliminary Control Risk Assessment is High

- to adopt the audit approach that relies primarily on

substantive tests (no-reliance approach)
- auditor proceeds to step 5 and only substantive test
audit programs are prepared

Internal Control Questionnaires

- use the reliance approach

- 2 sets of audit programs are prepared:
 ○ test of controls audit program
○ substantive test audit program
- auditor performs test of controls to obtain evidence
that controls were operating effectively at relevant
times
Test of Controls
- to test the effectiveness of the design or
operation of a client’s internal control
○ in the period of reliance
○ in support to a <less than high=
control risk assessment
Nature of Test of Controls
- generally consists one or a combination of:
○ inquiry of client personnel
■ inquiry alone doesn’t
provide suýcient evidence
○ observation of the application of
policies and procedures
○ inspection (examination of docs)
■ tests a sample, not all
transactions or records
○ reperformance or recalculation
■ done if a control is so
signiûcant that further
evidence is necessary
- tests should provide evidence of:
○ how the control was applied
○ whether it was applied consistently
throughout the period
○ person/s who applied it
Control Deviations
- also referred to as exceptions, occurrences
○ not errors (exception doesn’t
necessarily mean that error exists)
- differences between what was expected and
what actually occurred
Timing of Tests of Controls
- depends on the auditor’s:
○ objectives
○ period of reliance on those controls
- auditor also considers how much to rely on
tests of prior periods
Test of Controls auditor obtains evidence of the
Done Throughout effectiveness of controls during
the Period the whole period
Test of Controls auditor obtains evidence for
Done at a that particular time only
Particular Time
Test of Controls auditor determines what
Done During an additional audit evidence should
Interim Period be obtained for the remaining
period
Extent of Tests of Controls
- the more the auditor relies on controls, the
greater the extent of the test controls
- the higher the rate of expected deviation, the
greater extent of the test controls
○ if expected deviation is too high =
tests of controls for a particular
assertion may not be effective
Reassess Level of Control Risk
- evaluate whether the internal controls are
designed and operating as contemplated in
the preliminary assessment of control risk
Higher than Originally Expected
- auditor should:
○ reassess the level of control risk
○ reconsider the assurance needed from
substantive tests
- if tests of controls reveal a departure from
prescribed controls, auditor should:
○ consider its cause
○ document the conclusions reached
- amendments needed to planned substantive tests
will depend in part on the reasons for departure
- auditor should consider all control components of
internal control taken together
○ entity-level components must be effective
for control as a whole to be effective
○ internal control as a whole is effective =
lower risk that misstatements in lower level
 aspects of internal control will occur

Deûciencies in Internal Control

- deûciency exists when:
○ control is unable to prevent, or
detect, or correct misstatements
Documentation Requirements
■ on a timely basis
- depend mainly on the control risk assessment
○ control necessary is missing
○ high control risk assessment = the
- Signiûcant Deûciency: deûciency that is of
following should be documented:
suýcient importance to merit the attention of
■ understanding of internal
those charged with governance
controls; and
- if 1 or more deûciencies identiûed, auditor
■ control risk assessment
should determine whether (individually or in
○ less than high control risk
combination) they constitute signiûcant
assessment = the following should
deûciencies
be documented:
- auditor shall communicate to management at
■ understanding of internal
an appropriate level of responsibility:
controls; and
○ signiûcant deûciencies in internal
■ control risk assessment
control
■ basis for the control risk
○ other deûciencies that are of
assessment
suýcient importance to merit
management’s attention

Nature, Extent and Timing of Substantive Tests

- determine and perform substantive
procedures for each:
○ material class of transactions
○ account balance
○ disclosures
- assessed level of control risk for an assertion
has a direct effect of the design of
substantive tests
○ lower assessed level of control risk =
less evidence the auditor needs
- regardless of the assessed levels of control
risk, auditor should perform some substantive
tests for signiûcant account balances
○ since assessed level of control risk
cannot be suýciently low
- if signiûcant risk, auditor should perform
substantive procedures that are speciûcally
responsive to that risk
Enterprise Risk Management - Integrated Framework
- Enterprise Risk Management (ERM) COSO
Framework: principles-based guidance to help
entities design and implement effective
approaches to risk management
- introduces risk management and concepts
such as risk appetite, risk tolerance, portfolio
view
- Emphasizes the importance of identifying and
managing risks across the enterprise
- consists of 8 components:
1. Internal Control Environment
2. Objective Setting
3. Event Identiûcation
4. Risk Assessment
5. Risk Response
6. Control Activities
7. Information and Communication
8. Monitoring