lOMoARcPSD|4530506

AUDITING THEORY SUMMARY

Accountancy (The National Teachers College)

StuDocu is not sponsored or endorsed by any college or university

Downloaded by CJ Tin ([email protected])
 lOMoARcPSD|4530506

AUDITING THEORY
ASSURANCE, PRINCIPLES, PROFESSIONAL ETHICS
& GOOD GOVERNANCE

HANNAJ MAY BUENAVENTURA

JUNE 8, 2020

PROF. NORMAND MIRANDA

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Table of Contents
CHAPTER 1: AUDIT – AN OVERVIEW ................................................................................................ 2
CHAPTER 2: THE PROFESSIONAL STANDARDS .............................................................................. 5
CHAPTER 3: AUDITOR’S RESPONSIBILITY ....................................................................................... 9
CHAPTER 4: THE AUDIT PROCESS – ACCEPTING AN ENGAGEMENT ........................................ 12
CHAPTER 5: AUDIT PLANNING ........................................................................................................18
CHAPTER 6: CONSIDERATION OF INTERNAL CONTROL ........................................................... 24
CHAPTER 7: AUDITING IN A COMPUTERIZED ENVIRONMENT ................................................ 29
CHAPTER 8: PERFORMING SUBSTANTIVE TESTS ......................................................................... 30
CHAPTER 9: AUDIT SAMPLING ....................................................................................................... 37

PAGE 1

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 1: AUDIT – AN OVERVIEW

Auditing Defined:
• To enable the auditor to express an opinion whether the financial statements are
prepared, in all material respects, in accordance with an identified financial reporting
framework. (PSA: Philippine Standards on Auditing)
• An audit is a systematic process of objectively obtaining and evaluating evidence Commented [HMDG1]: Ordered and
structured series of steps
regarding assertions about economic actions and events to ascertain the degree of
Commented [HMDG2]: Without bias
correspondence between these assertions and established criteria and communicating the
Commented [HMDG3]: Inquiry, observation,
results to interested users. (AAA: American Accounting Association) inspection external confirmation,
Comparison among the different types of audit documentation, recalculation, reperformance,
analytical procedure
Financial Audit Compliance Audit Operational Audit
Commented [HMDG4]: Financial statements
Assertions made by That the financial That the organization That the
the auditee statements are fairly has complied with organizations Commented [HMDG5]: Representations
presented laws, regulations or activities are made by the client management
contracts conducted effectively
Commented [HMDG6]: Corroborates or
and efficiently
refutes
Established criteria Financial reporting Laws, regelation and Objectives set by the
standards or other contracts board of directors Commented [HMDG7]: Financial reporting
financial reporting framework
framework
Commented [HMDG8]: Audit findings
Objective: An opinion about Reports on the degree Recommendations on
Content of the whether the financial of compliance with how to improve Commented [HMDG9]: Internal: Owners,
auditor’s report statements are fairly applicable laws, operations Managers, Employees
presented in regulations and External: Investors, Creditors, Suppliers,
conformity with an contracts Customers, Government, General Public
identified financial
reporting framework
Auditors who External auditors – Government auditors Internal auditors –
generally perform independent CPA – government entity’s own
employees employees

The Independent Financial Statement Audit

• Responsibility for the financial statements
o Management – preparing and presenting the financial statements in accordance
with the financial reporting framework
o Auditor – to form and express an opinion on these financial statements.

PAGE 2

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

• Assurance provided
An audit conducted in accordance with the Philippine Standards on Auditing (PSA) is
designed t0 provide only reasonable assurance. Commented [HMDG10]: High but not
absolute assurance that the financial
• Factors resulting to Inherent Limitations of detecting material misstatements
statements taken as a whole are free from
o Sampling Risk / The Use of Testing material statements

The possibility that the sample selected are not truly representative of the
population being tested.
o Non-Sampling Risk / Error in Application of Judgement
The probability of arriving at an incorrect conclusion
o Reliance on Management’s Representation
Management may provide false representation causing the auditor to rely on
unreliable evidence
o Client’s Accounting and Internal Control Systems
Collusion among employees or management’s circumvention of internal control
o Nature of Evidence
Audit evidence is generally persuasive rather than conclusive in nature.
• General principles governing the audit of financial statements
o Code of Professional Ethics
To retain public confidence in the credibility of the auditor’s work
o Philippine Standards on Auditing
To assist auditors in interpreting and applying the auditing standards Commented [HMDG11]: Management may
provide overly optimistic or false financial
o Professional Skepticism information
Users want unbiased, realistic financial
An attitude that includes a questioning mind
statements
• Need for an independent financial statement audit Commented [HMDG12]: A qualified person
o Conflict of interest between management and users of financial statements is hired by users to verify the reliability of
financial statements
o Expertise
Commented [HMDG13]: Users do not have
o Remoteness access to the entity’s records to verify the
quality of the financial information
o Financial Consequences
Commented [HMDG14]: Misleading
financial information could have substantial
economic consequences for a decision maker

PAGE 3

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

• Theoretical Framework of Auditing Commented [HMDG15]: Postulates,

assumptions or ideas
o Audit function operates on the assumption that all financial data are
verifiable
It must have supporting documents or evidence to prove their validity
o The auditor should always maintain independence with respect to the
financial statement under audit
Independence is essential for ensuring the credibility of auditor’s report
o There should be no long-term conflict between the auditor and the client
management
Both must be interested in the fair presentation of the financial statement
o Effective internal control system reduces the possibility of errors and fraud
affecting the financial statements
The entity’s internal control system directly affects the reliability of the financial
statements
o Consistent application of GAAP or PFRS results in fair presentation of
financial statements
The criteria are usually the PFRS
o What was held true in the past will continue to hold true in the future in the
absence of known conditions to the contrary
Experience and knowledge accumulated in auditing a client in prior years can be
used to determine the appropriate audit procedures that need to be performed
o An audit benefits the public
Users who rely on the financial statements are the primary beneficiaries of the
financial statement audit

PAGE 4

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 2: THE PROFESSIONAL STANDARDS

Generally Accepted Auditing Standards

GAAS represents measures of the quality of the auditor’s performance. Commented [HMDG16]: Minimum standard
of performance that auditors should follow
Commented [HMDG17]: General
Standards
•Training and Proficiency – gained through
formal education, continuing education
programs and experience. Auditors should
stay current with the latest accounting and
auditing pronouncements and
developments with the business world.
•Independence – precludes relationships
that may impair the auditor’s objectivity.
Independence in fact and appearance
•Due Professional Care – auditors must not
act negligently or in bad faith
Standard of Fieldwork
•Planning and Supervision – plan to ensure
adequate, more effective audit and
supervision because field work is done by
less experienced staff
•Internal Control Consideration – requires
that the auditor gain sufficient
understanding of an entity’s internal control
to effectively plan the scope - nature (what
procedures are performed), timing (when
Philippine Standards on Auditing (PSA) audit work is done: interim or period end)
and extent (how much work is done) of
The Philippine Standards on Auditing (PSA) establishes the independent auditor’s audit procedures
overall responsibilities when conducting an audit of financial statements in accordance •Evidential Matter – search for and
evaluation of managements assertions
with PSAs. These are issued by AASC as interpretations to GAAS. Standard of Reporting
The four reporting standards require the
Practice Statements – are additions to these standards to provide practical assistance to auditor to prepare a report on the financial
auditors in implementing the standards and to promote good practice in the accountancy statements taken as a whole, including
informative disclosures.
profession.

System of Quality Control

Commented [HMDG18]: It comprises
Quality Controls are policies and procedures adopted by CPA’s to provide reasonable assurance
methods used to ensure that the firm meets
of conforming to professional standards in performing audit and related services. its professional responsibilities to clients and
others.

PAGE 5

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Elements of Quality Control (PSA 220)

1. Leadership Responsibilities for Quality on Audits (“tone at the top”) – The firm should Commented [HMDG19]: Example of a
promote a culture that quality is essential in performing engagements and should establish procedure:
The firm’s training program emphasize the
policies and procedures that support that culture importance of quality work, and this is
2. Ethical Requirements reinforced in performance evaluation and
compensation decisions
a. Integrity. A professional accountant should be straightforward and honest in all
Commented [HMDG20]: Example of a
professional and business relationships. procedure:
b. Objectivity. A professional accountant should not allow bias, conflict of interest or undue Each partner and employee must answer an
“independence questionnaire” annually,
influence of others to override professional or business judgments. dealing with such things as stock ownership
c. Professional Competence and Due Care. A professional accountant has a continuing and membership on board of directors

duty to maintain professional knowledge and skill at the level required to ensure that a
client or employer receives competent professional service based on current developments
in practice, legislation and techniques
d. Confidentiality. A professional accountant should respect the confidentiality of
information acquired as a result of professional and business relationships and should not
disclose any such information to third parties without proper and specific authority unless
there is a legal or professional right or duty to disclose.
e. Professional Behavior. A professional accountant should comply with relevant laws and
regulations and should avoid any action that discredits the profession.
3. Independence - Independence in fact indicates that the auditor possesses
an independent mindset when planning and executing an audit, and that the resulting audit
report is unbiased. Independence in appearance indicates whether the auditor appears to
be independent.
4. Acceptance and Continuance of Client Relationships – Policies and procedures should be Commented [HMDG21]: Example of a
established for deciding whether to accept or continue a client relationship to minimize the risk procedure:
A client evaluation form, dealing with such
of associating with a client whose management lacks integrity. matters as predecessor auditor comments and
5. Human Resources and Assignment - The firm should only undertake engagements that can evaluation of management, must be prepared
for every new client before acceptance
be completed with professional competence
Commented [HMDG22]: Example of a
a. Recruitment procedure:
b. Performance Evaluation Each professional must be evaluated on every
engagement using the firm’s individual
c. Capabilities engagement evaluation report
d. Career Development

PAGE 6

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

e. Engagement Team Assignment

6. Engagement Performance – policies and procedures should exist to ensure that the work Commented [HMDG23]: Example of a
performed by engagement personnel meets applicable professional standards, regulatory procedure:
The firm’s director of accounting and auditing
requirements and the firm’s standards of quality is available for consultation and must approve
a. Direction. Direction of the engagement team involves informing the members of the all engagements before their completion

engagement team of matters such as:

• Their responsibilities, including the need to comply with relevant ethical requirements,
and to plan and perform an audit with professional skepticism.
• Responsibilities of respective partners where more than one partner is involved in the
conduct of an audit engagement.
• The objectives of the work to be performed.
• The nature of the entity’s business.
• Risk-related issues.
• Problems that may arise.
• The detailed approach to the performance of the engagement.
b. Supervision. Supervision includes matters such as:
• Tracking the progress of the audit engagement.
• Considering the competence and capabilities of individual members of the engagement
team, including whether they have sufficient time to carry out their work, whether they
understand their instructions and whether the work is being carried out in accordance with
the planned approach to the audit engagement.
• Addressing significant matters arising during the audit engagement, considering their
significance and modifying the planned approach appropriately.
• Identifying matters for consultation or consideration by more experienced engagement
team members during the audit engagement
c. Review. A review consists of consideration whether, for example:
• The work has been performed in accordance with professional standards and applicable
legal and regulatory requirements;
• Significant matters have been raised for further consideration;
• Appropriate consultations have taken place and the resulting conclusions have been
documented and implemented;
• There is a need to revise the nature, timing and extent of work performed;

PAGE 7

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

• The work performed supports the conclusions reached and is appropriately documented;
• The evidence obtained is sufficient and appropriate to support the auditor’s report; and
• The objectives of the engagement procedures have been achieved.
d. Consultation. Effective consultation on significant technical, ethical and other matters
within the firm or, where applicable, outside the firm can be achieved when those consulted:
• Are given all the relevant facts that will enable them to provide informed advice; and
• Have appropriate knowledge, seniority and experience.
e. Engagement Quality Control Review. Matters that may be considered in an engagement
quality review include:
• Significant risks identified during the engagement and the responses to those risks
including the engagement team’s assessment of, and response to, the risk of fraud
• Judgments made, particularly with respect to materiality and significant risks.
• The significance and disposition of corrected and uncorrected misstatements identified
during the audit.
f. Differences of Opinion. If differences of opinion arise within the engagement team, with
those consulted or, where applicable, between the engagement partner and the engagement
quality control reviewer, the engagement team shall follow the firm’s policies and
procedures for dealing with and resolving differences of opinion.
7. Monitoring – policies and procedures should exist to ensure that the other quality control Commented [HMDG24]: Example of a
elements are being effectively applied procedure:
The quality control partner must test the
quality control procedures at least annually to
Quality Control Review ensure the firm is in compliance

The government thru the Professional Regulatory Board of Accountancy (BOA) has required all
CPA firms and individual CPAs in public practice to obtain a certificate of accreditation to practice Commented [HMDG25]: Valid for 3 years
public accountancy and can be renewed after complying with the
requirements of BOA
Quality Review Committee (QRC) is created by PRC which shall conduct a quality review on
applicants for registration to practice public accountancy.

PAGE 8

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 3: AUDITOR’S RESPONSIBILITY

The auditor’s responsibility is to design the audit to provide reasonable assurance of detecting Commented [HMDG26]: It indicates that
material misstatements in the financial statements. These misstatements may emanate from: assurance is high but not absolute.

• Error – refers to unintentional misstatements in the financial statements, including the Commented [HMDG27]: Materiality is
relative in nature.
omission of an amount or a disclosure:
Commented [HMDG28]: Misstatements are
o Mathematical or clerical mistakes in the underlying records and accounting data usually considered material if the combined
o An incorrect accounting estimate arising from oversight or misrepresentation of facts uncorrected errors and fraud in the financial
statements would likely have changed or
o Mistake in the application of accounting policies influenced the decision of a reasonable user.
• Fraud – refers to intentional act by one or more individuals among management, employees, Commented [HMDG29]: The primary factor
or third parties which results in misrepresentation of financial statements that distinguishes fraud from error is whether
the underlying cause is intentional or
o Fraudulent Financial Reporting or Management Fraud – involves intentional unintentional
misstatements or omissions of amounts or disclosures in the financial statements to deceive Commented [HMDG30]: The risk of not
financial statements users committed by management or those charged with governance: detecting misstatements from fraud is higher
than for error
▪ Manipulation, falsification or alteration of records or documents
Commented [HMDG31]: The risk of not
▪ Misrepresentations in or intentional omission of the effects of transactions from records detecting material misstatement resulting
or documents from management fraud is greater than for
employee fraud
▪ Recording of transactions without substance
▪ Intentional misapplication of accounting policies
o Misappropriation of Assets or Employee Fraud – theft of an entity’s assets committed
by the entity’s employees
▪ Embezzling receipts
▪ Stealing entity’s assets
▪ Lapping of accounts receivable

PAGE 9

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Responsibility of Management and Those Charged with Governance (PSA 240)

➢ Management to establish a control environment and to implement internal control policies
and procedures designed to ensure, the detection and prevention of fraud and error
➢ Individuals charged with governance to ensure the integrity of an entity’s accounting and
financial reporting systems and that appropriate controls are in place
Auditor’s Responsibility
The auditor is not and cannot be held responsible for the prevention of fraud and error.
PLANNING PHASE
1. Make inquiries of management about possibility of misstatements due to fraud and error Commented [HMDG32]: It may provide
2. Assess the risk of material misstatement due to fraud or error useful information to ROMM resulting from
TESTING PHASE employee fraud but unlikely so to ROMM
3. Perform procedures necessary to determine whether material misstatements exist resulting from management fraud
4. Consider whether such misstatement resulted from error or fraud
COMPLETION PHASE Commented [HMDG33]: Using the auditor’s
5. Obtain a written representation from the client’s management knowledge of the business, the auditor may
EFFECT ON AUDITOR’S REPORT identify fraud risk factors.
6. When the auditor believes that material error or fraud exists, request the management to Commented [HMDG34]: Errors will only
revise the financial statements. Otherwise, express a qualified or adverse opinion result to an adjustment of financial
7. If there’s a limitation on the scope of the audit qualify or disclaim opinion statements but fraud may have other
implication on an audit
Fraud Risk Factors
Commented [HMDG36]: It pertain to the
FRAUDULENT FINANCIAL REPORTING MISAPPROPRIATION OF ASSETS
nature of an entity’s assets and the degree to
(MANAGEMENT FRAUD) (EMPLOYEE FRAUD) which they are subject to theft
1. Management’s Characteristics and 1. Susceptibility of Assets to Misappropriation Commented [HMDG35]: It pertains to
management’s abilities, pressures, style and
Influence over the Control Environment attitude relating to internal control and the
2. Industry Conditions 2. Controls financial reporting process

3. Operating Characteristics and Financial Commented [HMDG37]: It involves the

economic and regulatory environment in
Stability which the entity operates
Commented [HMDG38]: It involve lack of
• Non-Compliance with Laws and Regulations – refers to acts or commission by the controls designed to prevent or detect
misappropriation of assets
entity being audited, either intentional or unintentional, which are contrary to prevailing laws
Commented [HMDG39]: It pertains to the
or regulations. nature and complexity of the entity and its
o Tax evasion transactions

o Violation of environmental protection laws Commented [HMDG40]: Auditors are

primarily concerned with noncompliance that
o Inside trading of securities will have a direct and material effect in the
financial statements

PAGE 10

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Responsibility of Management (PSA 250)

➢ Management to ensure that the entity’s operations are conducted in accordance with laws and
regulations.
Auditor’s Responsibility
An audit cannot be expected to detect noncompliance with all laws and regulations. Nevertheless, Commented [HMDG41]: Information or
the auditor should recognize that noncompliance by the entity with laws and regulations may Circumstances That May Indicate an Illegal
Act
materially affect the FS. •Unauthorized transactions, improperly
PLANNING PHASE recorded transactions, or transactions not
recorded in a complete or timely
1. Obtain a general understanding of the legal and regulatory framework applicable to entity
2. Design procedures to help identify instances of noncompliance with laws and regulations •manner.
3. Design audit procedures to obtain sufficient appropriate audit evidence about compliance •An investigation by a government agency, an
enforcement proceeding, or payment of
with laws and regulations
unusual fines or penalties.
TESTING PHASE
•Violations of laws or regulations cited in
4. When the auditor is aware concerning instance of noncompliance, evaluate the possible
reports of examinations by regulatory
effect on the financial statements agencies.
5. When the auditor believes there maybe noncompliance, the auditor should document the •Large payments for unspecified services to
findings, discuss them with management and consider the implication on other aspects of consultants, affiliates, or employees.
the audit. •Sales commissions or agents’ fees that
COMPLETION PHASE appear excessive.
6. The auditor should obtain a written representation from the client’s management. •Large payments in cash or bank cashiers’
EFFECT ON AUDITOR’S REPORT checks.
7. When the auditor believes that there is noncompliance, the auditor should request the •Unexplained payments to government
management to revise the financial statements. Otherwise, a qualified or adverse officials.
opinion will be issued. •Failure to file tax returns or pay government
8. If a scope limitation has precluded the auditor from obtaining sufficient appropriate duties.
evidence, the auditor should express a qualified opinion or a disclaimer of opinion.

PAGE 11

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 4: THE AUDIT PROCESS – ACCEPTING AN ENGAGEMENT

Management Assertions are implied or Commented [HMDG42]: Management
expressed representations by management assertions are directly related to the financial
reporting framework used by the company
about classes of transactions and the related (usually GAAP or PFRS), as they are part of the
accounts and disclosures in the financial criteria that management uses to record and
disclose accounting information in financial
statements. statements
• Assertions about classes of transactions and
events for the period under audit
• Assertions about account balances at the
period end
• Assertions about presentation and disclosure

Assertions about Classes of Assertions about Assertions about

Transactions and Events
Completeness – All transactions
and events that should have been
recorded have been recorded
Occurrence – Transactions and
events that have been recorded
have occurred and pertain to the
entity
Classification – Transaction and
events have been recorded in the
proper accounts
Accuracy – Amounts and other
data relating to recorded
transactions and events have
been recorded appropriately
Cutoff – Transactions and events
have been recorded in the proper
accounting period
Account Balances
Completeness – All assets,
liabilities and equity interests
that should have been recorded
have been recorded
Existence – Assets, liabilities
and equity interests exist
Rights and Obligations – The
entity holds or controls the
rights to assets, and liabilities are
the obligations of the entity
Valuation and Allocation –
Assets, liabilities and equity
interest are included in the
financial statements are
appropriate amounts and any
resulting valuation adjustments
are appropriately recorded
Presentation and Disclosure
Completeness – All disclosures
that should have been included
in the financial statements have
been included
Occurrence and Rights and
Obligations – Disclosed events
and transactions have occurred
and pertain to the entity
Classification and
Understandability – Financial
and other information is
appropriately presented and
described and disclosures are
clearly expressed
Accuracy and Valuation –
Financial and other information
are disclosed appropriately and
at appropriate amounts

PAGE 12

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

PAGE 13

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Audit Procedures The procedures selected should enable the auditor to gather sufficient
appropriate evidence about a particular assertion.
• Inspection – involves examining of records, documents, or tangible assets.

Commented [HMDG43]: Do not confuse the

technical auditing definition of the term
observation with the common usage of the
word. Students often use the term observation
to describe such audit procedures as
• Observation – consists of looking at a process or procedure being performed by others.
inspection of tangible assets or documents and
• Inquiry – consists of seeking information from knowledgeable persons inside or outside the records. However, “observation” in the
auditing sense consists of looking at a process
entity. or procedure being performed by others
Commented [HMDG44]: Specific examples
of this
type of procedure includes recalculation of
depreciation expense on fixed assets and
recalculation of accrued interest. Recalculation
also includes footing, cross footing, reconciling
subsidiary ledgers to account balances, and
• Confirmation – consists of the response to an inquiry to corroborate information contained in testing postings from journals to ledgers.
Because the
the accounting records.
auditor creates this type of evidence; it is
normally viewed as highly reliable.
Commented [HMDG45]: For example, the
auditor may reperform the aging of accounts
receivable. Again, because the auditor creates
this type of evidence, it is normally viewed as
highly reliable.
Commented [HMDG46]: Analytical
• Recalculation – consists of checking the arithmetical accuracy of source documents and procedures can be used by an auditor to
accomplish three purposes:
accounting records or performing independent calculations. 1. Risk assessment procedures to assist the
• Reperformance - involves the independent execution by the auditor of procedures or controls auditor to better understand the business and
to plan the nature, timing, and extent of audit
that were originally performed by company personnel. procedures (sometimes referred to as planning
or preliminary analytical procedures).
• Analytical Procedures – consist of the analysis of significant ratios and trends including the 2. Substantive analytical procedures are used as
resulting investigation of fluctuations and relationships that are inconsistent with other a substantive procedure to obtain
evidential matter about particular assertions
relevant information or deviate from particular amounts. related to account balances or classes of
transactions.
3. Final analytical procedures are used as an
overall review of the financial information in
the final review stage of the audit.

PAGE 14

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Audit Evidence refers to the information obtained by the auditor in arriving at the conclusions Commented [HMDG47]: Audit standards
on which the audit opinion is based. Audit evidence will comprise source documents and require the auditor to accumulate sufficient
appropriate evidence to support the opinion
accounting records underlying the financial statements and corroborating information from other issued.
The two determinants of the persuasiveness
sources.
of evidence are
1.appropriateness is a measure of the
quality of evidence, meaning its relevance
and reliability in meeting audit objectives
2.sufficiency is measured primarily by the
sample size the auditor selects.

Accepting an Engagement
In deciding whether to accept or reject an engagement, the firm should consider:
1. Competence – acquired through a combination of education, training, and experience. The
auditor should obtain a preliminary knowledge of client’s business and industry to determine
whether the auditor has the degree of competence required by the engagement.
2. Independence – the auditor should consider whether there are threats to audit team’s
independence and objectivity and, if so, whether adequate safeguards can be satisfied.
3. Ability to serve the client properly – An engagement should not be accepted if there are no
enough qualified personnel to perform the audit. PSA 220 suggests that the audit work should
be assigned to personnel who have the appropriate capabilities, competence, and time to
perform the audit engagement in accordance with professional standards.
4. Integrity of the management – PSA 220 requires the firm to conduct a background
investigation of the prospective client in order to minimize the likelihood of association with
clients whose management lacks integrity. This involves:
o Making inquiries of appropriate parties in the business community
o Communicating with the predecessor auditor
Retention of Existing Clients
✓ Clients should evaluate at least once a year or upon occurrence of major events such as
changes in management ownership, nature of client’s business, etc.
✓ In general, conditions that would cause the firm to reject the prospective client may also lead
to decision of terminating an audit engagement.

PAGE 15

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Engagement Letter
• This serves as the written contract between the auditor and the client. This letter sets forth:
o The objective of the audit of FS which is to express an opinion on the FS.
o The management’s responsibility for the fair representation of the FS.
o The scope of the audit.
o The forms or any reports or other communication that the auditor expects to issue.
o The fact that because of limitations of the audit, there is an unavoidable risk that material
misstatements may remain undiscovered.
o The responsibility of the client to allow the auditor to have unrestricted access to whatever
records, documentation, and other information requested in connection with the audit.
o Billing arrangements
o Expectations of receiving management representation letter.
o Arrangements concerning the involvement of others (experts, other auditors, internal
auditors, etc.)
o Request for the client to confirm the terms of the engagement
• Importance of the engagement letter
(1) to avoid misunderstanding with respect to the management and
(2) document and confirm the auditor’s acceptance of the appointment
• Recurring audits – the auditor doesn’t normally send new engagement letter every year, unless
(1) client misunderstands the objective and scope of audit,
(2) revised or special terms of the engagement
(3) recent change of senior management
(4) significant change in nature or size of business
(5) legal and government pronouncements
• Audit of components – the auditor will consider the factors whether they will send a separate
letter to component:
(1) who appoints the auditor of component,
(2) whether a separate audit report is to be issued on the component,
(3) legal requirements,
(4) the extent of any work performed by other auditor
(5) degree of ownership by parent,
(6) degree of independence of the component’s mgmt.

PAGE 16

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

PAGE 17

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 5: AUDIT PLANNING

Audit Strategy Commented [HMDG48]: The auditor’s plan
In establishing the audit strategy, the auditor should determine the scope of the engagement, for the expected conduct, organization, and
staffing of
ascertain the reporting objectives to plan the timing of the audit, and consider the factors that will the audit.
determine the focus of the audit team’s efforts. Commented [HMDG49]: Developing the
audit strategy helps the auditor determine
Audit Plan what resources are needed to perform the
In the audit plan, the auditor documents a description of the nature, timing, and extent of the engagement.

planned audit procedures to be used in order to comply with auditing standards. The auditor’s main Commented [HMDG50]: Audit plan is more
detailed than audit strategy
objective in planning the audit is to determine the scope of the audit procedures to be performed.
Commented [HMDG51]: The audit plan
Understand the Client’s Business and Industry should consider how
to conduct the audit in an effective and
PSA 315 requires the auditor to obtain sufficient understanding of the entity and its environment
efficient manner.
including the internal control. Such understanding involves obtaining knowledge of entity’s:
• Industry, regulatory, and other external factors, including financial reporting framework Commented [HMDG52]: •The market and
• Nature of the entity, including entity’s selection and application of accounting policies competition
•Cyclical or seasonal activity
• Objectives and strategies and the related risks that may result in material misstatement of FS •Product Technology
• Measurement and review of the entity’s performance Commented [HMDG53]: •Accounting
• Internal control principles and industry specific practices
•Regulatory framework for a regulated
Additional Consideration on New Engagements industry
PSA 510 requires the auditor to obtain sufficient appropriate audit evidence that: •Legislation and regulation
•Taxation
• The opening balances do not contain misstatements that materially affect the current year’s FS •Government policies
• The prior period’s closing balances have been correctly brought forward to the current period •Environmental requirements

or, when appropriate, have been restated Commented [HMDG54]: •General

economic conditions
• Appropriate accounting policies are consistently applied or changes in accounting policies have •Interest rates
been properly accounted for and properly disclosed •Inflation and currency revaluation

Developing an Overall Audit Strategy

The best strategy is the approach that results in the most efficient audit – that is, an effective audit
performed at the least possible cost. An audit plan should be made regarding:
• How much evidence to accumulate
• How and when this should be done
When developing an audit strategy, the auditor must consider carefully the appropriate levels of
materiality and audit risk.

PAGE 18

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Materiality Commented [HMDG55]: Materiality is a

• Information is material if its matter of professional judgement

omission or misstatement could Commented [HMDG56]: It involves

quantitative factors (amount of the item in
influence the economic decision relation to FS) and qualitative factors (the
of users taken on the basis of the nature of misstatement)

financial statements Commented [HMDG57]: There is an inverse

relationship between materiality and evidence
• Materiality may be viewed as:
o The largest amount of misstatement that the auditor could tolerate in the FS, or
o The smallest aggregate amount that could misstate the FS
Audit Risk refers to the risk that the auditor gives an inappropriate audit opinion on the FS. This
occurs because the auditor believes that the FS are fairly stated when in fact the FS are materially
misstated.
Audit Risk Model [𝑨𝒖𝒅𝒊𝒕 𝑹𝒊𝒔𝒌 = 𝑰𝒏𝒉𝒆𝒓𝒆𝒏𝒕 𝑹𝒊𝒔𝒌 ∗ 𝑪𝒐𝒏𝒕𝒓𝒐𝒍 𝑹𝒊𝒔𝒌 ∗ 𝑫𝒆𝒕𝒆𝒄𝒕𝒊𝒐𝒏 𝑹𝒊𝒔𝒌]
• Inherent Risk is the susceptibility of an account balance or class of transactions to a material
misstatement assuming that there are no related internal controls.
PSA 315 requires the auditor to assess inherent risk at FS level and account balance/transaction
level. Factors that affect the risk of misstatement at FS level include:
o Management integrity
o Management
Characteristics (e.g.
aggressive attitude toward
financial reporting)
o Operating Characteristics
(e.g. profitability of the
entity relative to its
industry)
o Industry Characteristics
(e.g. industry is
experiencing a large no. of
business failures)

PAGE 19

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Factors affecting inherent risk at the account balance level include:

o Susceptibility of the
account to theft
o Complexity of
calculations related to
account
o The complexity
underlying transactions
and other events.
o The degree of judgment
involved in determining
account balances
As the assessed level of INHERENT RISK INCREASES, the auditor should design MORE
EFFECTIVE SUBSTANTIVE PROCEDURES.
• Control Risk is the risk that the material misstatement that could occur in an account balance
or class of transactions will not be prevented or detected on a timely basis by accounting and
control systems.
o Control risk is related to the effectiveness of the client’s internal control.
o If the entity’s internal control is effective, the assessed level of control risk decreases (and
vice versa).
o As the assessed level of CONTROL RISK INCREASES, the auditor should design MORE
EFFECTIVE SUBSTANTIVE PROCEDURES.
• Detection Risk is the risk that an auditor’s Commented [HMDG58]: Unlike inherent
substantive procedure will not detect a material and control risk, THE AUDITOR CAN
CONTROL THE LEVEL OF DETECTION
misstatement. RISKS by performing more effective
o Detection risk is a function of the effectiveness substantive procedures.

of the auditor’s substantive procedures.

o As the acceptable level of DETECTION RISK
DECREASES, the ASSURANCE DIRECTLY
PROVIDED FROM SUBSTANTIVE TESTS
INCREASES. Hence, the auditor should design more effective audit procedures in order to
achieve the desired level of assurance.

PAGE 20

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Relationship of Risk to Evidence

For example, in situation 1, the auditor
has decided on a high acceptable audit
risk for an account or objective. The
auditor has concluded a low risk of
misstatement in the financial
statements exists and that internal controls are effective. Therefore, a high planned detection risk
is appropriate. As a result, a low level of evidence is needed. Situation 3 is at the opposite extreme.
If both inherent and control risks are high and the auditor wants a low acceptable audit risk,
considerable evidence is required. The other three situations fall between these two extremes.
Relationship of Risk to Nature, Timing and Extent
Nature Timing Extent
Low Acceptable Level More Effective Year-end
Larger Sample Size
of Detection Risk Substantive Procedures procedures
High Acceptable Level Less Effective
Tests at interim Smaller Sample Size
of Detection Risk Substantive Procedures
Relationship of Materiality and Risk
• There is an INVERSE RELATIONSHIP between MATERIALITY and the LEVEL OF AUDIT RISK.
• After planning for specific audit procedure, if the auditor determines that the acceptable
materiality level is lower, audit risk is increased. The auditor would compensate for this by
either:
o Reducing the assessed level of control risk, where this is possible, and supporting the
reduced level by carrying out extended or additional tests of control; or
o Reducing detection risk by modifying the nature, timing, and extent of planned substantive
procedures.
Risk Assessment Procedures – the procedures performed by auditors to obtain an
understanding of the entity and its environment including its internal control and to assess the
risks of material misstatements in the FS. These include:
• Inquiries of management and others within the entity
• Analytical procedures
• Observation and inspection

PAGE 21

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Analytical Procedures – involves analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationships that are inconsistent with other relevant information
or deviate from particular amounts.
PSA 520 requires the auditor to use analytical procedures in the planning and overall stages of the
audit.
• Steps in Applying Analytical Procedures
Step 1. Develop expectations regarding FS using:
o Prior year’s financial statements
o Anticipated results such as budgets and forecasts
o Industry averages (FS of other entities operating within the same industry)
o Non-financial information
o Typical relationships among FS account balances
Step 2. Compare expectations with the FS under audit.
Step 3. Investigate significant unexpected differences (unusual fluctuations) to determine
whether FS contain material misstatements
• Uses of Analytical Procedures:
o As a planning tool, to determine the nature, timing, and extent of other auditing procedures
▪ to understand the client’s business
▪ to identify areas that may represent specific risks
o In using analytical procedures as a planning tool, if the difference between recorded
balances in FS and expectations is significant, the auditor must design more extensive
substantive tests (or vice versa)
o As a substantive test to obtain corroborative evidence about particular assertions related to
account balance or transaction class
o As an overall review of the financial statements in the completion phase of the audit
▪ to identify unusual fluctuations that were not identified in the planning and testing
phases of the audit
▪ to confirm conclusions reached w/ respect to the fairness of the FS
Documenting the Audit Plan – the final step in planning process is the documentation of the
audit planning process by preparing:
✓ Audit plan – the overview of the expected scope and conduct of the audit. It sets out in broad
terms the nature, timing, and extent of the audit procedures to be performed.

PAGE 22

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

✓ Audit program – it sets out in detail the audit procedures to be performed in each segment of
the audit.
✓ Time budget – is an estimate of the time that it will be spent in executing the audit procedures
listed in the audit program.
Sample Audit Plan

Sample Audit Program of Accounts Receivable

PAGE 23

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 6: CONSIDERATION OF INTERNAL CONTROL

A system of internal control consists of policies and procedures designed to provide management
with reasonable assurance that the company achieves its objectives and goals. These policies and
procedures are often called controls, and collectively, they make up the entity’s internal control.
Management typically has three broad objectives in designing an effective internal control system:
Commented [HMDG59]: Integrity and
1. Reliability of financial reporting ethical values are the product of the entity’s
2. Efficiency and effectiveness of operations ethical and behavioral standards, as well as
how they are communicated and reinforced in
3. Compliance with laws and regulations practice.
Responsibilities for internal controls differ between management and the auditor. Management is Commented [HMDG60]: Management,
responsible for establishing and maintaining the entity’s internal controls. Management is through its activities, provides clear signals to
employees about the importance of internal
also required by Section 404 to publicly report on the operating effectiveness of those controls. control. For example, does management take
significant risks, or is it risk averse? Are sales
In contrast, the auditor’s responsibilities include understanding and testing internal control
and earnings targets unrealistic, and are
over financial reporting. employees encouraged to take aggressive
actions to meet those targets? Can
COSO Components of Internal Control management be described as “fat and
COSO’s Internal Control—Integrated Framework, the most widely accepted internal control bureaucratic,” “lean and mean,” dominated by
one or a few individuals, or is it “just right”?
framework in the United States, describes five components of internal control that management
Commented [HMDG61]: The board of
designs and implements to provide reasonable assurance that its control objectives will be met. directors is essential for effective corporate
governance because it has ultimate
responsibility to make sure management
implements proper internal control and
financial reporting processes.
To assist the board in its oversight, the board
creates an audit committee that is charged
with oversight responsibility for financial
reporting.

1. Control Environment consists of the actions, policies, and procedures that reflect the overall Commented [HMDG62]: Commitment to
competence includes management’s
attitudes of top management, directors, and owners of an entity about internal control and its consideration of the competence levels for
specific jobs and how those levels translate
importance to the entity
into requisite skills and knowledge.
a. Integrity and Ethical Values Commented [HMDG63]: If employees are
b. Management Philosophy and Operating Style competent and trustworthy, other controls can
be absent, and reliable financial statements
c. Active Participation of Those Charged with Governance will still result. Incompetent or dishonest
d. Commitment to Competence people can reduce the system to a shamble—
even if there are numerous controls in place.
e. Personnel Policies and Procedures
Commented [HMDG64]: The entity’s
f. Organizational Structure organizational structure defines the existing
lines of responsibility and authority.

PAGE 24

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

2. Risk Assessment for financial reporting is management’s identification and analysis of risks Commented [HMDG65]: Business risk is the
relevant to the preparation of financial statements in conformity with appropriate accounting risk that the entity’s business objectives will
not be attained as a result of internal and
standards external factors such as technological
3. Control Activities are the policies and procedures, in addition to those included in the other developments, changes in customers demand
and other economic changes
four control components, that help ensure that necessary actions are taken to address risks to
the achievement of the entity’s objectives.
a. Adequate separation of duties
• Separation of the Custody of Assets from Accounting Commented [HMDG66]: If the cashier, for
• Separation of the Authorization of Transactions from the Custody of Related Assets example, receives cash and is responsible for
data entry for cash receipts and sales, that
• Separation of Operational Responsibility from Record-keeping Responsibility person could pocket the cash received and
adjust the customer’s account by failing to
• Separation of IT Duties from User Departments record a sale or by recording a fictitious credit
b. Proper authorization of transactions and activities to the account.
Authorization can be either Commented [HMDG67]: For example, the
same person should not authorize the payment
• General - management establishes policies and subordinates are instructed to of a vendor’s invoice and also approve the
implement these general authorizations by approving all transactions within the limits disbursement of funds to pay the bill.

set by the policy Commented [HMDG68]: For example, if a

department or division oversees the creation
• Specific – applies to individual transactions of its own records and reports, it might change
the results to improve its reported
c. Adequate documents and records upon which transactions are entered and summarized.
performance.
They include such diverse items as sales invoices, purchase orders, subsidiary records, sales
Commented [HMDG69]: For example, sales
journals, and employee time cards. Adequate documents are essential for correct recording agents may enter customer orders online. In
this example, responsibility for designing and
of transactions and control of assets. controlling accounting software programs that
d. Physical control over assets and records to maintain adequate internal control. If assets are contain the sales authorization and posting
controls should be under the authority of IT,
left unprotected, they can be stolen. If records are not adequately protected, they can be whereas the ability to update information in
stolen, damaged, altered, or lost, which can seriously disrupt the accounting process and the master file of customer credit limits should
reside in the company’s credit department
business operations. outside the IT function.
e. Independent checks on performance or internal verification to make sure that controls are Commented [HMDG70]: •Prenumbered
consecutively to facilitate control over
in place and being followed.
missing documents
4. Information and Communication is designed to initiate, record, process, and report the •Prepared at the time of transaction to
minimize timing errors
entity’s transactions and to maintain accountability for the related assets.
•Designed for multiple use, to minimize the
5. Monitoring activities deal with ongoing or periodic assessment of the quality of internal number of different forms
control by management to determine that controls are operating as intended and that they are •Constructed in a manner that encourages
correct preparation
modified as appropriate for changes in conditions.

PAGE 25

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Obtain and document

Decide planned
understanding of Design, perform, and
Assess control risk detection risk and
internal control design evaluate tests of controls
substantive tests
and operation

Obtain and document understanding of internal control design and operation

The auditor uses procedures to obtain an understanding, which involve gathering evidence about
the design of internal controls and whether they have been implemented, and then uses that
information as a basis for the integrated audit.
Auditors commonly use three types of documents to obtain and document their understanding of
the design of internal control: narratives, flowcharts, and internal control questionnaires.
Narrative is a written description of a client’s internal controls. A proper narrative of an accounting
system and related controls describes four things:
1. The origin of every document and record in
the system. Commented [HMDG71]: For example, the
2. All processing that takes place. description should state where customer
orders come from and how sales invoices are
3. The disposition of every document and generated.
record in the system. Commented [HMDG72]: For example, if
sales amounts are determined by a computer
4. An indication of the controls relevant to the
program that multiplies quantities shipped by
assessment of control risk. standard prices contained in price master files,
that process should be described.
Flowchart is a diagram of the client’s
Commented [HMDG73]: The filing of
documents and their sequential flow in the documents, sending them to customers, or
organization. destroying them should be described.
Internal Control Questionnaire asks a series Commented [HMDG74]: These typically
include separation of duties (such as
of questions about the controls in each audit separating recording cash from handling cash),
area as a means of identifying internal control authorizations and approvals (such as credit
approvals), and internal verification (such as
deficiencies. Most questionnaires require a “yes” comparison of unit selling prices to sales
or a “no” response, with “no” responses contracts).

indicating potential internal control

deficiencies
Assess control risk
This assessment is a measure of the auditor’s expectation that internal controls will prevent material
misstatements from occurring or detect and correct them if they have occurred.

PAGE 26

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Design, perform, and evaluate tests of controls

In most cases, the auditor will not have gathered enough evidence to reduce assessed control risk
to a sufficiently low level. The auditor must therefore obtain additional evidence about the
operating effectiveness of controls throughout all, or at least most, of the period under audit. The
procedures to test effectiveness of controls in support of a reduced assessed control risk are called
tests of controls.

PAGE 27

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Decide planned detection risk and substantive tests

The auditor uses the control risk assessment and results of tests of controls to determine planned
detection risk and related substantive tests for the audit of financial statements.

Summary of Understanding Internal Control and Assessing Control Risk

PAGE 28

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 7: AUDITING IN A COMPUTERIZED ENVIRONMENT

This page is intentionally left blank.

PAGE 29

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 8: PERFORMING SUBSTANTIVE TESTS

Substantive Tests Commented [HMDG75]: •Planning Phase
to assist om determining the nature, timing
These are audit procedures designed to substantiate the account balances or to detect material and extent of audit procedures
misstatements in the financial statements. There are two (2) types of substantive tests, namely •Testing Phase as a substantive test in
support of account balances. These tests are
analytical procedures and test of details. often done in conjunction with other audit
• Analytical Procedures procedures
•Completion Phase serves as a final review
This approach involves comparison of financial information with auditor’s expectations to for material misstatements or financial
determine the reasonableness of an account balance reported in financial statement. Analytical problems

procedures may be performed at any of three times during an engagement Commented [HMDG76]: The most
important benefits of industry comparisons
are to aid in understanding the client’s
business and as an indication of the likelihood
of financial failure. They are less likely to help
auditors identify potential misstatements.
Commented [HMDG77]: The auditor can
easily compare the current year’s balance and
previous year’s balance to decide, early in the
audit, whether an account should receive more
than the normal amount of attention because
of a significant change in the balance.
Commented [HMDG78]: By briefly
The auditor typically compares the client’s balances and ratios with expected balances and comparing the detail of the current period with
similar detail of the preceding period, auditors
ratios using one or more of the following types of analytical procedures. often isolate information that needs further
1. Industry data examination.
Commented [HMDG79]: Many of the ratios
and percent used for comparison with
previous years are the same ones used for
comparison with industry data.
Commented [HMDG80]: Because budgets
2. Similar prior-period data represent the client’s expectations for the
period, auditors should investigate the most
a. Compare Current Year’s Balance with that of the Preceding Year significant differences between budgeted and
b. Compare the Detail of a Total Balance with Similar Detail for the Preceding Year actual results, as these areas may contain
potential misstatements.
c. Compute Ratios and Percent Relationship for Comparison with Previous Years
Commented [HMDG81]: the auditor makes
3. Client-determined expected results an estimate of what an account balance should
be by relating it to some other balance sheet or
4. Auditor-determined expected results
income statement account
5. Expected results using nonfinancial data
Commented [HMDG82]: The major concern
• in using nonfinancial data, however, is the
accuracy of the data.

PAGE 30

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

• Test of Details
This approach involves examining the actual details making up the various account balances.
o Test of Details of Balances involves direct testing of the ending balance of an account. Commented [HMDG83]: Test of balance will
o Test of Details of Transactions involves testing the transactions which give rise to the be used when account balances are affected
by large volume of relatively immaterial
ending balance of an account. transactions. Such as, cash, accounts
Effectiveness of Substantive Tests receivable and inventory.
Commented [HMDG84]: Test of
Nature Timing Extent
transactions is useful if account balances are
More Effective High quality evidence Closer to year-end Extent of substantive comprised of a smaller volume of transactions
representing relatively material amounts.
but costly procedures increase as
Such as, PPE, intangibles, bonds payable and
Less Effective Low quality of Interim the risk of material SHE accounts
evidence misstatement increase

Audit Evidence
The auditor should obtain sufficient appropriate evidence to be able to draw reasonable conclusions
on which to base the audit opinion. It consists of the following:
• Underlying accounting data refers to the accounting records underlying the financial
statements Commented [HMDG85]: Amount of
sufficient evidence varies inversely with the
• Corroborating information supporting the underlying accounting data obtained from client competence of evidence. The more
and other sources. competent, the less amount of evidence is
needed vis a vis
Qualities of Evidence
Commented [HMDG86]: The materiality of
• Sufficiency refers to the amount of evidence that the auditor should accumulate. The following the account in financial statement varies
directly with the amount of evidence needed.
factors may be considered in evaluating the sufficiency of evidence
Commented [HMDG87]: The risk of
o The competence of evidence
misstatement varies directly with the amount
o The materiality of the item being examined of evidence needed.
o The risk involved in a particular account Commented [HMDG88]: Experience gained
during previous audit may indicate the
o Experience
amount of evidence taken before and whether
• Appropriateness is the measure of the quality of audit evidence and its relevance to a such evidence was enough
particular assertion and its reliability Commented [HMDG89]: Relevance relates
the timeliness of evidence and its ability to
o Audit evidence obtained from independent outside sources is more reliable than that
satisfy the audit objective
generated internally
Commented [HMDG90]: Reliability relates
to the objectivity of the evidence and is
influenced by its source and by its nature

PAGE 31

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

o Audit evidence generated internally is more reliable when the related accounting and
internal control systems are effective
o Audit evidence obtained directly by the auditor is more reliable than that obtained from the
entity
o Audit evidence in the form of documents and written representations is more reliable than
oral representations
Cost-benefit consideration when obtaining evidence Commented [HMDG91]: The two most
As a guiding rule, there should be a rational relationship between the cost of obtaining evidence expensive types of evidence are physical
examination and confirmation.
and the usefulness of the information obtained. Physical examination is costly because it
normally requires the auditor’s presence when
the client is counting the asset, often on the
Audit Documentation / Working Papers balance sheet date.
Confirmation is costly because the auditor
Working papers are records kept by the auditor that documents the audit procedures applied, must follow careful procedures in the
confirmation preparation, mailing or
information obtained and conclusions reached.
electronic transmittal, receipt, and in the
➢ PSA 230 requires the auditor to document matters that are important to support an opinion on follow-up of nonresponses and exceptions.
Documentation, analytical procedures, and
FS, and evidence that the audit was conducted in accordance with PSA. reperformance are moderately costly. If client
Functions of the Working Papers personnel provide documents and electronic
files for the auditor and organize them for
Working papers are prepared primarily to Secondarily, working papers also assist the convenient use, documentation usually has a
fairly low cost. When auditors must find those
• Support the auditor’s opinion on financial auditor in
documents themselves, however,
statements • Planning future audits documentation can be extremely costly.
Because analytical procedures are
• Support the auditor’s representation as to • Providing information useful in rendering considerably less expensive than
compliance with PSA other services (MAS or tax consultancy) confirmations and physical examination, most
auditors prefer to replace tests of details with
• Assist the auditor in the planning, • Providing adequate defense in case of analytical procedures when possible
The three least-expensive types of evidence
performance, review and supervision of the litigation
are observation, inquiries of the client, and
engagement. recalculation. Observation is normally done
concurrently with other audit procedures.
Form, Content and Extent of Audit Documentation Inquiries of clients are done extensively on
In deciding on these, the auditor should consider what would enable an experienced auditor, having every audit and normally have low cost.
Recalculation is usually low cost because it
no previous connection with the audit, to understand: involves simple calculations and tracing that
can be done at the auditor’s convenience.
a. The nature, timing, and extent of the audit procedures to comply with PSAs and applicable
Commented [HMDG92]: Audit
legal and regulatory requirements.
documentation is the principal record of
b. The results of the audit procedures and the audit evidence obtained. auditing procedures applied, evidence obtained,
and conclusions reached by the auditor in the
c. Significant matters during the audit and the conclusions reached thereon. engagement.

PAGE 32

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Classification of Working Papers

• Permanent File contains data of a historical or continuing nature pertinent to the current
audit. This file would most likely include
o Copies of the articles of incorporation,
and by-laws
o Major contracts
o Engagement letter
o Organizational chart
o Analyses of long-term accounts such as
plant assets, long-term liabilities and
stockholder’s accounts
o Internal control analyses
• Current File contains evidence gathered and
conclusions reached relevant to the audit of a
particular year. This file would normally
include
o A copy of the financial statements
o Audit program
o Working trial balance
o Lead schedules
o Detailed schedules
o Correspondence with other parties such
as lawyers, customers, banks and
management
Ownership of Working Papers
➢ Working papers are the property of the auditor and the client has no right to the working
papers prepared by the auditor.
➢ Working papers may sometimes serve as reference source for the client but they should not be
considered as part or as a substitute for the client’s records.
Confidentiality of Working Papers
➢ Although the working papers are the personal property of the auditor, these working papers
cannot be shown to third parties w/o client’s permission, except:

PAGE 33

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

✓ When disclosure is required by law or when the working papers are subpoenaed at court.
✓ When there is a professional right to disclose information such as when the auditor uses his
working papers to defend himself when sued by client for negligence.
Retention of working papers
Working papers should be retained by the auditor for a period of time sufficient to meet the needs
of his practice and to satisfy any pertinent legal requirements of record retention.
Guidelines for the Preparation of Working Papers
• Heading to be properly identified with such information such as name of the client, type of
working paper, a description of its content, and the date or period covered by the examination
• Indexing refers to the use of lettering or numbering system to aid in cross referencing essential
information
• Cross Indexing / Cross Referencing is important to provide a trail useful to supervisors in
reviewing the working papers
• Tick Marks refers to the symbols used to describe the audit procedures performed

PAGE 34

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Auditing Accounting Estimates

➢ PSA 540 defines ‘accounting estimate’ as an approximation of the amounts of an item in the
absence of a precise means of measurement. Examples include:
• Allowance for uncollectible accounts
• Depreciation and amortization
• Accrued revenue
• Deferred taxes
• Loss contingencies
• Percentage of completion income on construction contracts
• Warranty claims
The risk of material misstatement is greater when accounting estimates are involved.
➢ Management is responsible for making accounting estimates included in the financial
statements.
➢ The auditor’s responsibility is to obtain sufficient appropriate evidence as to whether:
✓ Accounting estimate is properly accounted for and disclosed
✓ Accounting estimate is reasonable
In addition, the auditor may use one or a combination of the following approaches:
1. Review and tests the process used by management to develop the estimate
2. Make an independent estimate
3. Review subsequent events which confirm the estimate made
Related Parties
It refers to persons or entities that may have dealings w/ one another in which one party as the
ability to exercise significant influence or control over the other party in making financial and
operating decisions.
➢ Management’s Responsibility: Mgmt. is responsible for the identification and disclosure of
related parties and transactions with such parties.
➢ Auditor’s responsibility: The auditor should obtain and review information provided by the
directors and management identifying the names of all known related parties and related party
transaction.
• An audit cannot be expected to provide assurance that all related party transactions will be
discovered.

PAGE 35

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Using the Work of an Auditor’s Expert

➢ An expert is a person or firm possessing special skill, knowledge and experience in a particular
field other than accounting and auditing.
➢ PSA 620 identifies two kinds of experts:
• Auditor’s Expert – an expert, whose work in his/her field of specialization, is used by the
auditor to assist the auditor in obtaining sufficient appropriate audit evidence.
• Management’s Expert – an expert, whose work in his field of expertise, is used by the entity
to assist in preparing the financial statements.
➢ Not all engagements would require the help of an expert. When determining the need of use of
the work of an expert, the auditor would consider: whether the mgmt. has used a mgmt.’s expert
in preparing FS, the nature and significance of the matter, the risk of material misstatement in
the matter, and expected nature of procedures to respond to identified risks
➢ Effect of the Reliance on Expert’s Work on the Auditor’s Report
➢ The auditor has sole responsibility for the audit opinion expressed and that responsibility
is not reduced by the auditor’s use of the work of an expert. Thus, the auditor should not
refer to the work of an auditor’s expert in an auditor’s report containing an unmodified
opinion.
➢ When an auditor’s report contains a modified opinion, the auditor can make reference to
the expert’s work if the auditor believes that such reference is necessary in order for the
readers to understand the reason of expressing a modified opinion. When this happens, the
auditor should indicate in his report that such reference does not reduce the auditor’s
responsibility.
Considering the Work of Internal Auditors
Internal auditing is an appraisal activity established within an entity as a service to the entity.
Considering the work of internal auditor involves two important phases:
1. Making a preliminary assessment of internal auditing (considering the competence,
objectivity, due professional care, and scope of function of internal auditors)
2. Evaluating and testing the work of internal auditing – to confirm its adequacy for the external
auditor’s purposes.
➢ The external auditor may also request the assistance of the internal auditors in performing
routine or mechanical audit procedures.

PAGE 36

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

CHAPTER 9: AUDIT SAMPLING

PSA 530 defines audit sampling as, “the application of audit procedures to less than 100% of the
items within an account balance or class of transactions such that all sampling units have a
chance of selection.

Risks in Sampling
➢ Sampling Risk – refers to the possibility that the auditor’s conclusion, based on a sample may
be different from the conclusion reached if the entire population were subjected to the same
audit procedures. This exists because the sample selected for testing may not be truly
representative of a population
• The only way to eliminate sampling risk is to examine the whole population, yet it is not
feasible to do so.
• Controlling the sampling risk can be done by
o Increasing the sample size
o Using an appropriate selection method
Alpha Risk – results in an auditor
performing audit procedures more
Risk of under reliance Risk of incorrect rejection
than what is necessary, thus affecting
audit efficiency
Beta Risk – results in an auditor
performing audit procedures less than Risk of incorrect
Risk of overreliance
what is necessary, thus affecting audit acceptance
effectiveness
➢ Non-Sampling Risk – refers to the risk that the auditor may draw incorrect conclusions about
the account balance or class of transactions because of human errors
• Non-sampling risk is something that cannot be eliminated even if the auditor examines the
population
• Controlling the sampling risk can be done by
o Proper planning
o Adequate direction, review, and supervision of the audit team

PAGE 37

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

General Approaches to Audit Sampling

➢ Statistical Sampling – is a sampling approach that uses random based selection of samples Commented [HMDG93]: Statistical
and uses the law of probability to measure sampling risk and evaluate sample results sampling differs from nonstatistical sampling
in that, by applying mathematical rules,
➢ Non-Statistical Sampling – is a sampling approach that purely uses auditor’s judgement in auditors can quantify (measure) sampling risk
estimating sampling risks, determining sampling size, and evaluating sample results in planning the sample and in evaluating the
results
Estimate the frequency of
Test of controls to estimate Commented [HMDG94]: Probabilistic
Attribute Sampling occurrence of a certain sample selection methods include the
the rate of deviations following:
characteristic in a population 1. Simple random sample selection
Estimate a numerical 2. Systematic sample selection
Substantive tests to estimate 3. Probability proportional to size sample
Variable Sampling measurement of a population selection
the amount of misstatements
such as a peso value 4. Stratifified sample selection
Commented [HMDG95]: In nonstatistical
sampling, auditors do not quantify sampling
Basic Steps in Audit Sampling
risk. Instead, auditors select sample items they
believe will provide the most useful
information, given the circumstances, and
reach conclusions about populations on a
judgmental basis. For that reason, the use of
nonstatistical sampling is often termed
judgmental sampling.
Commented [HMDG96]: Nonprobabilistic
(judgmental) sample selection methods
include the following:
1. Directed sample selection
2. Block sample selection
3. Haphazard sample selection

PAGE 38

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Steps in Audit Sampling Test of Controls Substantive Tests

1. Tolerable deviation rate. Specify the control to be Specify the purpose of the test
selected and its
relationship to the financial
statement
assertions.
2. Determine the procedures Determine the appropriate Determine the appropriate
to be performed audit procedures to satisfy the audit
objective procedures to satisfy the
objective.
Define the population and its
characteristics.
3. Determine the sample size Consider the effects of the Consider the effects of the
following factors in following
determining the sample size factors in determining the
• Acceptable sampling risk sample
(inverse) size:
• Tolerable deviation rate • Acceptable sampling risk
(inverse) (inverse)
• Expected population • Tolerable misstatement
deviation rate (direct) (inverse)
• Expected misstatement
and population variation
(direct)
4. Select the sample Use any of the following Use any of the following
techniques techniques
• Random number selection and stratify the population,
• Systematic selection when
• Haphazard selection appropriate:
(applies only to non- • Random number selection
statistical sampling) • Systematic selection
• Sequential sampling • Haphazard selection
• Discovery sampling (applies only to non-
statistical sampling)
• Value weighted selection
• Stratified sampling
5. Apply the audit Apply the audit procedures to Apply the audit procedures to
procedures the sample items the sample items.
6. Evaluate the sample Decide whether the results Decide whether to accept
results supported the planned degree account balance as fairly
of reliance on internal control stated or to require further
actions.
It is to be emphasized that steps 1, 2, 5, and 6 will be performed whether the auditor uses auditor
sampling or not.

PAGE 39

Downloaded by CJ Tin ([email protected])

 lOMoARcPSD|4530506

Factors in Determination of Sample Size of Test of Controls (Step 3):

1. Acceptable sampling risk. There is an inverse relationship b/w the acceptable sampling risk and
sample size.
2. Tolerable deviation rate. This is the maximum rate of deviations the auditor is willing to accept.
3. Expected deviation rate. This is the rate of deviations the auditor expects to find in the
population before testing begins.
Factors in Determination of Sample Size of Substantive Tests (Step 3):
1. Acceptable sampling risk. There is an inverse relationship b/w the acceptable sampling risk and
sample size.
2. Tolerable misstatement. This is the maximum rate of misstatement the auditor will permit in
the population and still be willing to conclude that the account balance is fairly stated.
3. Expected misstatement. This is the amount of misstatement the auditor believes exists in the
population.
4. Variation in the population – when using statistical sampling, this is measured by standard
deviation.

PAGE 40

Downloaded by CJ Tin ([email protected])