INTRODUCTION TO ASSURANCE AND AUDITING SERVICES

The Demand for Auditing and Assurance Services: Why Study Auditing and Assurance Principles?

1. Develop technical expertise in applying the concepts learned in Accountancy course.

2. Clarify the extent of responsibilities assumed by the company management and by the auditor.
 “stewardship function”
3. Auditing skills can be used in many non-audit situations.
4. An attitude that includes a questioning mind and a critical assessment of audit evidence is referred to as:
a. Due professional care – care and diligence exercised in carrying out auditing procedures to ensure evaluation of financial
statements free from misstatement
b. Professional skepticism – attitude with a questioning mind and critical mindset
c. Reasonable assurance – highest level of confidence on financial statements; FS are free from material misstatement whether due
to fraud or error; accumulation of the audit evidence
d. Supervision – overseeing and directing the work of the audit team to ensure accordance with professional standards
5. Gain deeper understanding of the ethics underlying the practice of one’s profession.
6. Provide assurance in making decision/s on day to day operations.
7. Your Decisions and actions are influenced by the information made available for you.

Public company – company that sells stocks or bonds to the public

Agents – managers or principals

Information asymmetry – the manager has more information about the true financial position and results of operations of the entity that the
owner

What is Audit?

An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events
to ascertain the degree of correspondence between these assertions and established criteria, and communicating the results to interested
users.

 systematic process – the audit process is a structured and documented plan

 objective – independent and free from bias
 evaluating evidence – study and evaluate accounting systems and internal controls
 established criteria – assertions of management
 communicating – provides assurance to the intended users

Philosophy of an Audit

 auditor’s verification of financial information adds credibility to the report and reduces information risks in making economic
decisions

information risk – risk that4 information circulated by a company’s management will be false misleading

The stakeholders expects the auditors to:

1. Find fraud
2. Require proper application accounting principles and concepts.
3. Be an independent management – in fact and in appearance

What is Assurance Services/Engagement

Independent professional services in which a practitioner issues a written communication that expresses a conclusion designed to
enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria.

Broad range of information enhancement services performed by a CPA to enhance the degree of confidence in the information.

a. Increase reliability
b. Information that facilitates decision-making
 According to the Philippine Framework for Assurance Engagements, an assurance engagement is conducted:

a. To provide a high level of assurance that the subject matter conforms in all material respects with identified suitable criteria;
or
b. To provide a moderate level of assurance that the subject matter is plausible in the circumstances.

Attestation services – provide assurance as to its reliability

- Occur when a practitioner is engaged to issue a report on subject matter, or an assertion about subject matter, that is the
responsibility of another party

Relationship among Assurance, Attest, Auditing, and Services

Attestation Services are only a portion of the assurance services that are offered by CPAs

Importance of Audited Financial Statements

 Express professional opinion as to the fairness of the company financial statements

 Providing impartial and unbiased feedbacks
 To prevent falsification, errors, careless reporting, bias, and lack of knowledge of accounting principles

Elements of Assurance Engagement

1. Three-Party Relationship
a. The practitioner – independent, responsible for determining the nature, timing or extent of procedures required by the
engagement
o Provides assurance about the subject matter or performs audit or review engagements
b. The responsible party - is the person/s responsible to the subject matter, the subject matter information, or both
i. Direct reporting engagements – subject matter
ii. Assertion-based engagement – subject matter and subject matter information
c. The intended users - the readers of assurance report, intended user may be limited to major stockholders with significant and
common interests.
2. Appropriate Subject Matter
a. Subject matter - the nature of the assertion the practitioner gathers sufficient evidence; specific aspect being audited; WHAT
THE AUDIT IS FOCUSING ON
b. Subject matter information - outcome of the evaluation or measurement of the subject matter; for which the practitioner
gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report;
DETAILS USED TO COME TO A CONCLUSION ABOUT THE SUBJECT MATTER
3. Criteria - The benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and
disclosure.
 a. Formal
b. Less formal
c. Established
d. Specially developed
Characteristics:
a. Relevance – relevant criteria to assist in decision-making
b. Completeness – include important information that could alter conclusion
c. Reliability
d. Neutrality – free from bias
e. Understandability – clear and comprehensive
4. Sufficient Appropriate Evidence - the practitioner performs the engagement with an attitude of professional skepticism to obtain
sufficient appropriate evidence about whether the subject matter information is free from material misstatement
a. Sufficiency and appropriateness – measure of quantity and quality evidence (reliable if independent, effective, obtained by
practitioner, and in an original documented form)
b. Materiality – nature, timing, and extent of evidence gathered
c. Assurance engagement risk – risk of expressing inappropriate conclusion
d. Cost-benefit Consideration
e. Professional Skepticism
5. Written Assurance Report - the practitioner provides a written report containing a conclusion or an opinion that conveys the assurance
obtained about the subject matter information.

Classification of Assurance Engagements

A. According to Level of Assurance

I. Reasonable Assurance Engagement
The objective of this is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the
engagement as the basis for a positive form of expression of the practitioner’s conclusion.
II. Limited Assurance Engagement
The objective of this is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the
engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of
expression of the practitioner’s conclusion.
B. According to Structure
 Assertion-based Engagement (Attestation)
In this type of engagement, the evaluation or measurement of the subject matter is performed by the responsible party, and
the subject matter information is in the form of an assertion by the responsible party that of made available to the intended
users.
 Direct Reporting Engagement
In this type of engagement, the practitioner either directly performs the evaluation or measurement of the subject matter, or
obtains representation from the responsible party that has performed the evaluation or measurement that is not available to
the intended user. The subject matter information is provided to the intended user in the assurance report.

2 Types of Assurance Services

1. Those that increase the reliability of information.

2. Those that involve putting information in a form or context that facilitates decision making.
Attestation – to provide assurance as to its reliability.
 Examination/ Review
 Audit
 Other Assurance Engagements
The subject matter of attestation services include:
 Financial and non-financial in nature
 Future-oriented financial information (such as the examination of prospective financial information)
 Management's discussion and analysis
 Effectiveness of internal control
 Compliance with statutory, regulatory, and contractual obligations

Management Assertions

Management assertions are implied or expressed representations by management about classes of transactions and related accounts in the
financial statements.

a. Assertions about classes of transactions and events for the period under audit:
1. Occurrence. Transactions and events that have been recorded or disclosed have occurre
2. Completeness. All transactions and disclosures have been recorded and included, respectively
 3. Accuracy. Transactions have been recorded appropriately and disclosures measured and described
4. Cutoff. Recorded in the correct accounting period
5. Classification. Recorded in proper accounts
6. *Authorization. All transactions and events have been authorized
7. *Preparation. Requirements of applicable financial reporting framework are met
b. Assertions about account balances at the period end:
1. Existence. Assets, liabilities, and equity interests exist
2. Rights and obligations. Entity has rights to assets and liabilities of the entity
3. Completeness. All transactions and disclosures have been recorded and included, respectively
4. Accuracy, valuation, and allocation. Transactions have been recorded appropriately and disclosures measured and described
5. Classification. Recorded in proper accounts
6. Presentations. Requirements of applicable financial reporting framework are met
7. *Valuation and allocation
c. Assertions about presentation and disclosure:
1. Occurrence and rights and obligations
2. Completeness
3. Classification and understandability
4. Accuracy and valuation

Users of Audited Financial Statements

User Types of Decisions

Management
Stockholders/Bondholders
Financial Institutions
Taxing Authorities
Regulatory Agencies
Labor Unions
Court System
Vendors
Retired Employees
Review performance, make operational decisions, report results to capital markets
Buy or sell stock or bonds
Concerning loans, interest rates, terms, and risk
Concerning tax dues and tax incomes
Making sure that regulations are complied
Making collective bargaining decisions
Assess financial position of a company in litigation
Assess credit risk
Protect from pensions and other postretirement benefits

Types of Audits

1. Audits of Financial Statements - examine financial statements to determine if they give a true and fair view or fairly present the
financial statements in conformity with specified criteria.
2. Operational Audits - is a study of a specific unit of an organization for the purpose of measuring its performance.
3. Compliance Audits – is a review of an organization’s procedures to determine whether the organization is following specific
procedures, rules or regulations set out by some higher authority.
4. Forensic Audits – detect a fraudulent activities.

Types of Auditors

1. Internal Auditors - an independent, objective assurance and consulting activity designed to add value and improve an organization’s
operations
o The purpose is to help businesses meet strategic objectives, detect fraud, and improve operations.
o Internal auditors also ensure that corporate governance is functioning correctly.
o They review the budgeting process for special projects, or to review internal processes. Internal auditors also ensure that
a company is ready for an external audit.
2. External Auditors –
o The purpose is to provide assurance to investors, lenders, and other stakeholders that a company’s issued financial
statements present the organization’s results in a materially correct and fair manner.
o This assurance is provided by verifying that a company is reporting its financial results in accordance with the relevant
accounting standards.

NOTE: Unlike internal auditors, external auditors perform the bulk of their work at the end of the year, looking backwards to verify that an
organization’s financial records correctly reflect the events of the past.

3. Government Auditors – COA Auditors, scope of work is within the government agencies and other entities that used public funds.
4. Forensic Auditors – specialized in consultations and investigative audit services.
o reconstruct damaged or incomplete accounting records
o probing money-laundering activities
o investigate embezzlement allegations and negotiating insurance settlements.
Types of Other Attest Services

Non-Assurance Services

a. Agreed-upon procedures – determines the procedure firms financial report.

b. Tax Preparation and Planning Services
c. Management Advisory Services
d. Compilation, Accounting and Data Processing System Services.

Assurance VS. Non-Assurance Services

Assurance Non-Assurance
Output: assurance in the form of an opinion Output: recommendation on how to use the
information
Improve the quality or enhance credibility of the Provide comments, suggestions, or recommendation
subject matter on how to use the information
3-party contract 2-party contract
Provided by independent professional Need not

Audit, Review, and Related Services

Nature of Service Audit Review Agreed-upon Compilation

Objective Obtain reasonable Financial reports Carry out audit Use accounting
assurance free from are not prepared procedures of an expertise to collect,
material according to audit nature where classify, and
misstatement financial reporting 2 parties have summarize financial
framework agreed upon information
Level of Assurance Reasonable (high) Limited (moderate) None None
Type of report Positive assurance Negative assurance Procedures done Identification of
(direct confirmation (no significant and factual findings information
of compliance or issues have been complied
accuracy) identified)
Basic procedures Risk assessment Primarily inquiry As agreed (audit Read FS for
procedures, tests of and analytical nature) misstatements
controls, and procedures
substantive
procedures
independence required required Need not Need not

CPA PROFESSION ENVIRONMENT, PRACTICE AND ETHICS

The Public Accounting Profession

A profession is distinguished by certain characteristics:

a. Mastery of particular intellectual skill, acquired by training and education.

b. Adherence by its members to a common code of values and conduct administered by its administering body.
c. Acceptance of a duty to society as a whole (in return for restrictions in use of a title or granting a qualification).

NOTE: Philippine Accountancy Act (RA 9298) – otherwise known as the “Philippine Accountancy Act of 2004”, is the law that regulates the
practice of the accounting profession in the Philippines. Accordingly, the law recognizes the invaluable contributions of accountants in nation
building and development.

Sectors of Accounting Practice

a. Public Accountancy
 shall constitute in a person (be it individual, partner, or staff member) holding out himself as one skilled in the knowledge, science
and practice of accounting.
 qualified person to render professional services as a CPA.
 offering or rendering or both to more than one client on a fee basis.
Example of Services:
 Audit or verification of financial transaction and accounting records.
 Preparation, signing, or certification for clients of reports of audit, balance sheet, and etc. to be used by stockholders or
for publication or for credit purposes etc.
  Design, installation, review and revision of accounting systems and controls.
 Preparation of income tax returns.
 Representation of clients before government agencies on tax and other matters.
b. Commerce and Industry
Institute in a person involved in decision making requiring professional knowledge in the science of accounting as well as aspects in
finance and taxations.
Representation of clients before government agencies on tax and other matters or when such employment or position requires the
holder is a CPA.
c. Academe or education
Shall constitute in a person in an educational institution
d. Government
Shall constitute in a person who holds or appointed to a position in an accounting professional group in government or government-
owned or controlled.
Performing proprietary functions where decision making requires professional knowledge of accounting or a civil service eligibility as a
CPA is required.

NOTE: Person who passes CPA board exam need not to take Civil Service Examination.

Core Values and Competency Requirements for CPAs/Auditors in Public Practice

Ethics represent a set of moral principles, rules of conduct, or values. Ethics apply when an individual has to make a decision from
various alternatives regarding moral principles.

All individuals and societies possess a sense of ethics in that they have some sort of.

Agreement as to what right and wrong are.

1. Integrity – act with conviction

2. Promise keeping – in relation to commitment and agreement
3. Loyalty – do not disclose information learned in confidence
4. Responsible citizenship – obey just laws
5. Caring and respect for others – help those who are in need
6. Fairness – open-minded and be willing to admit error
7. Honesty – truth and not deceive
8. *respect for others - human dignity, privacy, and self-determination
9. *pursuit of excellence – perform tasks with all your ability
10. *accountability – accept responsibility for actions

Fundamental Principles of an Audit

a. Integrity
b. Objectivity
c. Professional Competence and Due Care
d. Confidentiality
e. Professional Behavior
f. *Independence
g. *Technical Standards

Core Values

1. Integrity
2. Competence – superior technical proficiency by performing high level of expertise and knowledge.
3. Lifelong Learning – education beyond certification.
4. Objectivity – impartiality and intellectual honesty by remaining free of personal bias and conflict of interest.
5. Commitment to Excellence
6. Relevance in the Global Marketplace

Core Competencies

1. Communication skills
2. Leadership skills – facilitate change
3. Critical-Thinking and Problem-Solving skills
4. Anticipating and Servicing evolving needs
5. Synthesizing intelligence to insight
6. Integration and Collaboration

Regulatory and Professional Organizations that Influence the Profession

 a. Regulatory Government Agencies
i. PRC – jurisdiction over regulatory boards in the Philippines
ii. BOA – empowered to administer the Accountancy Law
iii. SEC – regulates the registration and operations of corporations
iv. COA – agency that audits or determines whether government units handle their funds in accordance to the law
v. BIR – enforce tax laws, rules, and regulations
b. Professional Organizations
i. PICPA – accredited national professional organization of CPAs
ii. Sectoral organizations – complement PICPA’s objectives
c. Standard-setting Bodies
i. IFAC
ii. IASB
iii. FRSC
iv. IAPC
v. AASC

CPA’s Legal Liability

Misstatements

1. An improper or inadequate disclosure or

2. An inappropriate valuation

Typical Lawsuit

1. Did not discover an employee defalcation (theft of assets) as a result of negligence in the conduct of the audit.
2. Did not complete the audit on the agreed date.
3. Inappropriate withdrawal of an audit.
4. Conflict/s of Interest

Legal Concepts Related to Auditor’s Liability

1. Due professional Care – prudent person concept

2. Sources of responsibility
a. Common law – court decisions
b. Statutory law – passed by legislative
3. Degree of wrongdoing
a. Negligence (ordinary – absence of reasonable care; and gross negligence – consistent failure to follow standards of profession)
b. Fraud(constructive fraud)
4. Lack of privileged communication – confidentiality
5. Liability for acts of others

Legal Liability of the Independent Auditor

a. To clients – exercise due professional care during the engagement including adherence to professional standards and ethics
b. To 3rd parties – placing confidence in audited FS

Minimizing Exposure to Legal Liability

1. Emphasize compliance with standards of Accountancy and Auditing, Code of Ethics and where appropriate Financial Reporting
Standards.
2. Thoroughly investigate prospective clients.
3. Avoid companies and industries in which the risk of litigation is high.
4. Exercise extreme care in audit of clients in financial difficulties.
5. Establish and following appropriate quality control procedures over all audit work.
6. Use engagement letter to clearly point out the scope and responsibilities of an audit work.
7. Conduct the audit with appropriate professional skepticism.
8. Seek consultation to more experienced colleague/s.
9. Maintain adequate professional liability insurance coverage.
10. Seek legal counsel whenever serious problem occur.

Management if a Public Accounting Practice

Factors Influencing the Organizational Structure of CPA Firms

A corporation is not allowed to engage in the practice of public accounting in the Philippines and therefore the SEC shall not register
any corporation organized for the practice of public accountancy.
The organizational structure of CPA firms is influenced by the following factors:

1. The need to be independent from clients to enable the auditor to remain unbiased in drawing conclusions about the FS.
2. The need of a structure to encourage competence to enable the auditor to conduct audits efficiently and effectively.
3. The increased risk of litigation faced by auditors.

Establishment and Organization of Public Accounting Practice

Advantages

SOLE PROPRIETORSHIP FORM OF PUBLIC PARTNERSHIP FORM OF PUBLIC ACCOUNTING

ACCOUNTING PRACTICE
The practitioner is his own boss and is independent.
He does not keep regular office hours.
He can earn more than a mere salaried employee can.
He can attain self-fulfillment or satisfaction from the
sources of his own practice.
PRACTICE
The practice has greater stability and continuity.
Responsibility, risks and cost of practice can be shared.
Opportunity for specialization is increased.
A partnership can handle larger engagements more efficiently and
adequately.
Partners can combine their talent, resources, time, and experience
to serve the clients better.
Disadvantages

SOLE PROPRIETORSHIP FORM OF PUBLIC PARTNERSHIP FORM OF PUBLIC ACCOUNTING

ACCOUNTING PRACTICE
He assumes all the risks and responsibilities of
entrepreneurship.
His income may not be regular and therefore should be
supplemented for mother sources.
He must rely on his own judgment in making decisions
PRACTICE
Personal differences between partners may arise and therefore
good and close working relationships may not be established.
One partner may feel that the other partner is not contributing to
the welfare of the firm.

Organization of CPA Firms

1. Audit partner – concerned about the overall quality of each audit, signs the audit report, accepting ultimate responsibility for each
audit, and is generally involved in maintaining client relationships, planning audits, and evaluating the audit findings
2. Audit manager/supervisor – administers important aspects of audit engagements, scheduling the audit work to be done with client
personnel, assigning work to audit staff, supervising staff, and reviewing staff work
3. In-charge senior auditor – work under the direction of audit managers and assist them in administering the audit, they generally
participate in audit planning and provide direct supervision to staff auditors
4. Staff auditor – perform various audit procedure and gather audit evidence to use as a basis for the audit reports, they may perform
procedure that relate to a variety of aspects od a client’s activities

SOURCES OF CLIENTS

1. Referrals from businessmen through active participation in civic and community affairs.
2. Referrals from clients by maintaining his integrity and rendering prompt and efficient services.
3. Referrals from financial and government institutions by keeping his standards high.
4. Referrals from other CPAs by active involvement in professional organizations of CPAs.
5. Referrals from legal and other professional firms.

Acceptance and Retention of Audit Clients

Pre-engagement planning includes procedures that are employed before the auditor begins to plan for the collection of evidential
matter. It begins with the evaluation of the prospective client.

Steps in considering a new client:

1. Identify potential client – recommendations, first hand knowledge

2. Evaluate the Relationship Between Auditor and Potential Client – no violation of Code of Ethics.
3. Evaluate Auditability - adequacy of accounting records and quality of internal control.
4. Evaluate management’s integrity.
5. Prepare Engagement Letter - Agreeing the Terms of Audit Engagements

Elements of a System of Quality Control

a. Leadership responsibilities
b. Ethical requirements Acceptance and continuance of client relationship and specific engagements.
c. Human resources
 d. Engagement performance
e. Monitoring

Professional Ethics

1. Ensure high standards of competence among a group’s members.

2. Regulate and strengthen their relationship
3. Promote and protect the image of the profession and the welfare of the community.

A mixture of moral and practical concepts, with a sprinkling of exhortation to ideal conduct designed to invoke right action on the part of
the members of the profession concerned – all reduced to riles which are intended to be enforceable, to extent at least by disciplinary
action. – Ethical Standards of the Accounting Profession , AICPA 1966

Objectives of Accountancy

It is in this context that the International Federation of Accountants (IFAC) Code of Ethics for Professional Accountants states:

Objectives of the accountancy profession are to work to the highest standards of professionalism, to attain the highest levels of
performance and generally to meet the public interest.

Why do people act unethical?

1. Bad apples (individual factors) - Unethical choices are more likely from people with specific personal characteristics — specific views
and values.
2. Bad cases (issue-specific factors) – pressure from the situation.
3. Bad barrels (environmental factors) - Unethical choices are more likely when the organization encourages individualistic behavior
rather than doing what is best for other employees, customers, and the community.

The Need for Professional Ethics

1. Responsibility to serve the public – the role of an auditor is to ensure that all information is fair to all parties and not biased to benefit
one group at the expense of another.
2. Complex body of knowledge – accounting must reflect in an increasingly complex environment.
3. Standards of admission to the profession – mastery of the body of knowledge.
4. Need for public confidence – credibility

Three-Part Framework of Ethics Code

Applicable To All Professional Applicable To Professional Accountants In The Public Applicable To Employed
Accountants Practice Professional Accountants
Integrity and Objectivity Independence for Assurance Engagements Conflict of Loyalties

Resolution of Ethical Professional Competence and Responsibilities Regarding Support for Professional
Conflicts the Use of Non-Accountants Colleagues

Professional Competence Fees and Commissions Professional Competence

Confidentiality Activities Incompatible with the Practice of Public Presentation of
Accountancy Information
Tax Practice Clients’ Monies (assets consisting of money)
Cross-Border Activities Relations with Other Professional Accountants in Public
Practice
Publicity Advertising and Solicitation

Threats to Compliance with Rules

Threat Definition Examples

Self-interest the threat that a financial or other interest will inappropriately  Joint venture with the client.
influence the professional accountant’s judgment or behavior.  Excessive professional fee

Self-review the threat that a professional accountant will not appropriately  Failure to practice
evaluate the results of a previous judgment made or service professional skepticism
performed by the professional accountant, or by another
individual within the professional accountant’s firm or employing
organization, on which the accountant will rely when forming a
judgment as part of providing a current service.
 Advocacy threat the threat that a professional accountant will promote a client’s or  Endorsement
employer’s position to the point that the professional accountant’s  Promotions
objectivity is compromised.  representation
Familiarity threat the threat that due to a long or close relationship with a client or  Accountant’s immediate
employer, a professional accountant will be too sympathetic to family, relative and friend
their interests or too accepting of their work.  Former colleague

Intimidation threat The threat that a professional accountant will be deterred from  Conflict with client vs.
acting objectively because of actual or perceived pressures, accountant
including attempts to exercise undue influence over the
professional accountant.

Safeguard to Mitigate or eliminate Threats

1. Safeguards created by the profession, legislation or regulation.

a. Educational, training and experience requirements for entry into the profession.
b. Continuing professional development requirements. Corporate governance regulations.
c. Professional standards.
d. Professional or regulatory monitoring and disciplinary procedures.
e. External review by a legally empowered third party of the reports, returns, communications or information produced by a
professional accountant.
2. Safeguards in the work environment.
a. Firm-wide safeguard – stresses the importance of compliance with the fundamental principles.
b. Engagement-specific safeguard – check and balance in the organization.

Code of Ethics: Applicability to CPAs in Public Practice

1. Conflicts of Interest – threat to objectivity and may create threats to other fundamental principles.
2. Marketing Professional Services - solicits new work through advertising or other forms of marketing.
3. Gifts and Hospitality – gifts and other incentive that may give rise to threat of compliance to standards
4. Custody of Client Assets – not assume custody of client assets unless permitted to do so;
5. Independence – both in mind and appearance

FUNDAMENTALS OF ASSURANCE AND FINANCIAL STATEMENT AUDIT

Assurance Engagement

An engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users
other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.

Assurance – refers to auditor’s satisfaction as to the reliability of an assertion being made one party for use by another party; assurance na
tama lahat ng data na ip-present sa users; satisfaction sa reliability ng assurance

Assertion – expressed opinion, conclusion, or recommendation

What happens when you miss one point in the process of auditing?

 May makakalusot na risk or fraud

 Hold transactions that could hamper operations

Example:

 Recognition, measurement, presentation and disclosure represented in the financial statements.

 An assertion about the effectiveness of internal control results from applying a framework.

Objective of Assurance Engagement

1. Obtain sufficient appropriate evidence to express a conclusion, providing reasonable or limited assurance – to support claims; have
credible and reliable sources to support evidence
2. Improving the quality of information for the individuals – put info. comprehensible and available to everyone = layman’s term for
users to understand it better
3. Reduce the risk—make the risk manageable that could lower its impact on the entity
 The higher the level of assurance provided, the greater the confidence the individual can place in the matter being assured and
the greater the need to reduce the risk.
Risk – uncertainty or possible opportunity
Five Elements Exhibited by All Assurance Engagements—All Must be Present

1. Three party relationship

a. The practitioner – gathers evidence to provide a conclusion to the intended users about whether a subject matter conforms,
in all material respects, to identified criteria; CPAs or Auditors
b. The responsible party - responsible for maintaining the accounting, computer and operation systems and determining
accounting and internal control methods; pagkukuhaan ng evidence upon assurance engagement; management or middle
managers
c. The Users – the stakeholder/s needing the audit report, the decision maker, public or the government
2. Subject matter.
o Information or data about historical or prospective financial performance or physical characteristics.
o Systems and processes
o Behavior (e.g. corporate governance, compliance with regulation, human resource practices).

The subject matter must be identifiable and capable of consistent evaluation or measurement against identified, suitable criteria (such
as International Financial Reporting Standards (IFRS)).

It must also be in a form that can be subjected to procedures for gathering evidence to support that evaluation or measurement.

Kung ano yung ia-audit mo: system or process (e.g. FS, A/R department, corporate governance, HR practices)

3. Suitable Criteria - benchmarks (standards, objectives, or set of rules) used to evaluate evidence or measure the subject matter of an
assurance engagement. (nasusunod ba yung standards or principles or GAAP)
The Characteristics for Assessing Suitable Criteria
 Relevance (e.g. HR in accordance to labor laws) – relevance of standards to subject matter being audited
 Completeness (omission of info. could affect results)
 Reliability – allow consistent evaluation or measurement of the subject matter
 Neutrality – free from bias
 Understandability – clear and comprehensive
4. Evidence - the same evidence gathering procedures, quality control and planning process apply to assurance services as applies to
audits; keen into details that will support your audit findings; solidifies audit findings
Elements of an Evidence
a. Professional Skepticism – critical assessment
b. Sufficiency and Appropriateness
i. Sufficiency – measurement of the quantity evidence/s
ii. Appropriateness – measurement of the quality of evidence/s – must support the findings
c. Reliability – from the source, nature and dependent on the individual circumstances on how it was obtained.
i. Independent sources
ii. Generated internally and related controls are effective
iii. Obtained directly from the practitioner – standards of accounting
iv. Existing documentary form – documented conversations or emails
v. Original documents – standard operating documents
d. Materiality – nature, timing and extent of evidence-gathering procedures.
e. Assurance Engagement Risk
i. Inherent risk - most likely occur when transactions are complex or situation that require high degree of
judgment.
ii. Control risk - failures in the controls used by the business
iii. Detection risk – failure to find material misstatement
AR = IR x CR x DR
5. Assurance report - the auditor provides a written report containing a conclusion that conveys the assurance obtained as to whether
the subject matter conforms, in all material respects, to the identified criteria. For instance, an audit of financial statements provides
an opinion on conformity with IFRS.
o The assurance report may be in “short-form” or “long-form.” “Short-form” reports ordinarily include only the basic
elements identified in appropriate ISAs and International Standards on Assurance Engagements (ISAEs)—check or
investigate

Types of Assurance Engagement

Type of Objective Evidence Gathering Procedures The Assurance

Engagement Engagement Report
Limited A reduction in assurance Sufficient appropriate evidence is obtained as Description of the
Assurance engagement risk to a level that is part of a systematic assurance engagement assurance engagement
Engagement acceptable in the circumstances process that includes obtaining an circumstances, and a
of the assurance engagement but understanding of the matter to be audited and negative form of
 where that risk is greater than for
a reasonable assurance
engagement, as the basis for a
negative form of expression of
the auditor’s conclusion.
Reasonable A reduction in assurance
Assurance engagement risk to an
Engagement acceptably low level in the
circumstances of the assurance
engagement, as the basis for a
positive form of expression of the
auditor’s conclusion. Reasonable
assurance means a high but not
absolute level of assurance.
other assurance engagement circumstances; expression of the
but evidence gathering procedures are conclusion.
deliberately limited in comparison with a
reasonable assurance engagement.
Sufficient appropriate evidence is obtained as Description of the
part of a systematic assurance engagement assurance engagement
process that includes: circumstances, and a
 obtaining an understanding of the positive form of
assurance engagement circumstances expression of the
 assessing risks conclusion.
 responding to assessed risks
 performing further evidence gathering
procedures, and
 evaluating the evidence obtained.

General Considerations in an Assurance Engagement

 Procedures in the Assurance Engagements - the auditor should obtain an understanding of the subject matter and other engagement
circumstances in order to assess risks.
 Assurance Report Basic Elements.
 Subject Matter – kung ano yung ina-audit mo
 Assurance Engagement Criteria - Criteria by which the evidence is measured or evaluated can be either established or specifically
developed.
 Practitioner’s Conclusion - The practitioner’s conclusion is expressed in positive form, negative form or as a reservation or denial
of conclusion.

Other Assurance Services

a. Assertion-based Engagement – involves the evaluation or measurement of the subject matter by the responsible party and
the subject matter information in the form of an assertion by the responsible party is made available to the intended users;
comments only
b. Direct reporting engagement – the practitioner either directly performs the evaluation or measurement of the subject matter
or obtains a representation from the responsible party; directly obtain and report to the BOD

Financial Statement Audit

- Auditors undertake to gather evidence to obtain high level of assurance that FS are free from material misstatements due to fraud or
error

Unqualified audit report – no reservations about management’s financial statements or internal controls

Independent Auditing - an examination of the financial records, accounts, business transactions, accounting practices, and internal controls of
a charitable nonprofit by an "independent" auditor/external auditors

Internal auditors – employees of the company; reports to BOD and members of the managements; review and improve effectiveness
of certain process—risk management and monitor external processes; discretion of management; cover internal controls related to a
certain process to provide improvements

External auditors – independent auditors; shareholders and external members of the company such as government, investors, etc.;
provide assurance and material accuracy to stakeholders; annual; cover financial statements and internal control related to financial
reporting

"Independent" refers to the fact that the auditor/CPA is not an employee of the nonprofit but instead is retained through a contract
for services, and hence is "independent."

Auditing - a systematic process by which a competent , independent person objectively obtain and evaluates evidence regarding assertions
about the economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and
communicating the results to interested users.

1. Systematic process – structured, logical, organized series steps of procedures; info. testing system and transactions and balances—
income statement, changes in owner’s equity, balance sheet, cash flow, notes to FS
2. Competent, independent person – qualified to understand the criteria and competence to gather and review evidence; must be
impartial and objective; licensed accountants are only allowed to audit
3. Objectively obtain and evaluates evidence – examine bases without bias and prejudice
 4. Assertions about the economic actions – representation made by the individual or entity to fairness of FS
5. Degree of correspondence – closeness with which the assertion can be identified with established criteria.
6. Established criteria – standards that assertion can be based; either by legislative body, management, or standard
7. Communicating the results – attestation; via written reports
8. Interested users – individuals who rely on the audit findings;

Purpose: enhance the degree of confidence of intended in the financial statements

Audited – the financial statements are accompanied by an audit report prepared by independent public accountants who expressed their
professional opinion as to the fairness of the company’s financial statements

NOTE: an audit of FS is an assurance engagement

IFAC Definition of Auditing

Auditing is a structured process that:

1. Involves the application of analytical skills, professional judgment and professional skepticism.
2. Usually performed by team of professionals, directed with managers skills
3. Uses appropriate forms of technology and adheres to a methodology - standards
4. Complies with all relevant technical standards – internal and local
5. Complies with required standards or professional ethics – code of ethics

Objective of Auditing

PSA 120 – Framework of Philippine Standards of Auditing

The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are
prepared, in all material respects, in accordance with an identified financial reporting framework. The phrase used to express the
auditor's opinion is “present fairly, in all material respects.” A similar objective applies to the audit of financial or other information
prepared in accordance with appropriate criteria.

a. Obtain reasonable assurance about whether the financial statement as a whole are free from material misstatement whether due to
fraud or error – express opinion whether the FS are prepared in accordance to standards and frameworks
b. To report the financial statement and communicate as required by PSA in accordance to audit findings – communicate and made
understood to intended users the report

NOTE: when reasonable assurance can’t be obtained; withdrawal of opinion is legally permitted

Scope of an Audit of Financial Statements

- Audit procedures deemed necessary in the circumstances to achieve the objective of the audit

Review – involves limited investigation of much narrower scope than an audit and undertaken for the purpose of providing limited
negative assurance that the statements are presented in accordance with identified Financial Reporting Standards

Negative assurance – nothing has come to the auditor’s attention that causes the auditor to believe that the financial statements are not
prepared

Other Assurance Services

a. Assurance services on IT
b. CPA Web Trust Service
c. Information system reliability service
d. Assurance services on other types of information

Why Independent Financial Auditing is Necessary

Information risk – unreliable information will be provided to decision makers

a. Remoteness of information users from information providers – decision-makers don’t get firsthand knowledge = convey to users
in an understandable form
i. Owners are divorced from management (corporate governance)
ii. Directors are not involved in day-to-day operations or decisions
iii. Business is dispersed among different locations
b. Potential bias and motives of information providers – conflict of interest
c. Voluminous data – risk of improper recording of information
d. Complex exchange transactions – business relationships may lead to innovative accounting and reporting problems
e. Consequences – unreliable information can lead to crisis
Audit Risk and Materiality

Reasonable assurance acknowledges that there is a risk that audit opinion is inappropriate – obtained when the auditor has reduced
audit risk to an acceptably low level

The risk that audit opinion when the FS is materially misstated – audit risk

How Information Risk may be Reduced

a. Allow users to verify the information – examine records and obtain information about reliability
Due diligence risk – use of special audit team to independently verify and evaluate key info.
b. Users shares information risks with management – provide reliable info.
c. Have financial statement audited – enhance quality of financial reporting

Advantages and Practical Benefits of Independent Audit

To Creditors, Prospective Investors, Employees

a. Financial institutions have more credible basis in deciding whether financial assistance will be extended to the auditee.
b. Suppliers and other creditors will have reliable basis in making decisions related to extension of credit
c. Potential and current investors will have more credible basis in evaluating managerial efficiency.
d. Employees will have a better and credible basis in requesting for fringe benefits and wage adjustments.
e. In the event of sale, purchase, or merger of a business, both buyer and seller will have more confident basis for aiming at a
decision as to the terms and conditions of the arrangement.

To the Auditee or Client

a. Independent audit makes the financial statements more credible and reliable.
b. Management is the beneficiary of constructive suggestions in improving business operations.
c. Commission of fraud by management and employee is minimized.
d. Audited financial statements provide a more credible basis for the preparation of tax returns.
e. Better and sound management decisions may be made if financial records and reports are accurately maintained and provided.

To Government Agencies and Legal Community

a. BIR has more assurance concerning accuracy and dependability of tax return if they have been based on audited financial
statements.
b. Government institutions like GSIS, SSS, DBP will have better basis in extending financial assistance to business enterprises.
c. Audited statements provide the legal community an independent basis for administering estates and trust, setting action in
bankruptcy and insolvency, etc.

Review of Financial Statements Report

a. Title
b. Addressee
c. Opening or introductory paragraph including:
- Identification of the financial statements on which the review has been performed; and
- A statement of the responsibility of the entity’s management and the responsibility of the auditor;
d. Scope paragraph, describing the nature of a review, including:
- A reference to the International Standard on Auditing applicable to review engagements, or to relevant national standards or
practices;
- A statement that a review is limited primarily to inquiries and analytical procedures; and
- A statement that an audit has not been performed, that the procedures undertaken provide less assurance than an audit, and that
an audit opinion is not expressed;
e. Statement of negative assurance;
f. Date of the report;
g. Auditor’s address; and
h. Auditor’s signature.

Audit Opinion Formulation Process

Risk-based Audit Process – audit approach that begins with an assessment of the types and likelihood of misstatements in account
balance and then adjusts the amount and type of audit work, to the likelihood of material misstatements occurring in account
balances

Account-based audit – approach wherein the auditor obtains an understanding of control and assesses control risk for particular types
of errors and frauds in specific accounts and cycle
Stages of the Risk-based Audit Process

Phase I – Risk Assessment

 Performing of preliminary engagement activities to decide client acceptance and continuance decision
 Planning audit to develop an overall audit strategy and audit plan
 Performance of risk assessment procedures to identify or assess risk of material misstatement through understanding the entity

Phase II – Risk Response

 Obtaining evidence about internal control operating effectiveness

 Obtaining substantive evidence about accounts, disburses and assertions
 Design responses and further audit procedures to develop appropriate responses to the assessed risk of material misstatement
 Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level

Phase III – Reporting

 Evaluate audit evidence

 Form opinion based on audit findings
 Completing the audit and making reporting decisions

Activities in Each Phase of the Audit Opinion Formulation Process

Phase of the Audit Opinion Formulation Process
Phase I—Risk Assessment
Performing risk assessment including client
acceptance and continuance decisions
Phase II—Risk Response
Obtaining evidence about internal control
Operating effectiveness, if applicable
Activities Within the Phase
 assess preconditions for an audit
 develop common understanding of the audit engagement with
the client
 identify and assess risks of material misstatement
 respond to identify risks of material misstatement
 select control to test, if applicable
 perform tests of controls, if applicable
 consider the results of tests of controls, if applicable

Obtaining substantive evidence about  perform substantive tests

accounts, disclosures, and assertions
Phase III—Reporting
Completing the audit and making reporting  complete review and communication activities
decisions  determine the type of opinion to issue
Risk Assessment Risk Response Reporting
What events could occur that would Did the events identified occur and result What audit opinion, based on the evidence
cause a material misstatement in the FS in material misstatement in the FS obtained, is appropriate on the FS
Overview of Financial Auditing Process

Three Fundamental Concepts of FS Audit

a. materiality – amount by which a set of financial statements could be misstated without affecting judgment of reasonable
person; magnitude of omission of accounting info.
b. audit risk – audit may be mistakenly given a clean opinion that are materially misstated
 audit provides reasonable assurance, there is risk of material misstatement failed to detect
c. audit evidence – underlying accounting data and info.; obtain evidence for management assertion
i. sufficiency – quantity of evidence the auditor obtaines
ii. appropriateness
1. reliable – diagnosticity of the evidence
2. relevant – relation to management assertion being tested

Understanding the Audit Risk Model

Risk – expresses uncertainty about events or outcomes that could have a material effect on the organization

a. Audit risk – risk that an auditor may give an unqualified opinion on FS materially misstated
 b. Engagement risk – economic risk that a CPA firm is exposed to – lose of reputation, inability to be paid, financial loss
c. Financial reporting risk – related to recording and presentation of financial data in firm’s FS
d. Business risk – affect operations and outcomes of firm’s activities

Factors to Consider in Implementing the Audit Risk Model

a. High-risk activities – where material misstatement could easily occur

b. Existence of large non-routine transactions – significant related party transactions outside the entity’s normal course of business
are to be treated as giving rise to significant risks
- Routine non-complex transactions are less likely to be of significant risk
c. Matters requiring judgment or management intervention
d. Potential for fraud higher risk in material misstatement from fraud

Limitations of the Audit Risk Model

a. Inherent risk is difficult to assess because of susceptibility to error

b. Each risk as separate and independent
c. Audit risk is judgmentally determined
d. Precise estimate of the model are not possible

Accountancy as a Profession

a. Systematic theory – consists of accounting theory achieved through formal college-level education in an academic environment
b. Professional authority – determines what is good and bad for the client
c. Community sanction – satisfaction of educational requirements
d. Regulations code – powers and privileges granted to the public accounting profession by the community effectively constitute a
monopoly
e. A culture – guided by norms and code of ethics

Professional accountant – individual who holds a valid certificate issued by BOA

IN PUBLIC PRACTICE – provides professional services

IN BUSINESS – in an executive or non-executive capacity

a. Commerce and industry

b. Education or academe
c. Government

OVERVIEW OF RISK-BASED AUDIT PROCESS

Risk-based auditing

- an approach to auditing that focuses on identifying and prioritizing areas of risk within an organization, and then designing an
audit plan to address those risks. It is a method of auditing that is driven by the level of risk associated with a particular area or
process within the organization.

In conducting an audit of financial statements, the overall objectives of the auditor are:

a. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether
due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all
material respects, in accordance with an applicable financial reporting framework; and
b. To report on the financial statements, and communicate as required by the International Standard on Auditing (ISAs), in accordance
with the auditor’s findings.

Risk-Based Audit Approach

1. The Proactive Approach of a Risk-Based Audit – up and down; internal to external = WHOLE PROCESS

2. Focusing on the Future: Anticipating Risks and Making Recommendations

3. Involving Stakeholders for a Wider Perspective

Auditor Performs:

1. Identification of the client's strategy and the processes for developing that strategy.

2. Examination of the core business process and resource management.

 3. Identification for each of the key processes (as well as sub-processes) the objectives, inputs, activities, outputs, systems and
transactions – to eliminate fraud and error (sinasala)

4. Assessment of the risks that the processes will not meet the goals and controls related to those risks.

Benefits of the Risk-Based Audit

1. Time Flexibility When Audit Work Needs to Be Performed – provides client with time to respond to identified weaknesses in internal
control and other requests for assistance

2. Audit Team’s Effort Focused on Key Areas – focus effort on high-risk areas and reduced work in low-risk areas

3. Audit Procedures Focused on Specific Risks – tests of details addressed in general terms can be reduced or eliminated

4. Timely Communication of Matters of Interest to Management – communicating weaknesses will enable the management to take
appropriate action

5. Understanding of Internal Control – understanding of whether or not to test operating effectiveness of internal control; results in
less work than performing extensive tests of details

Factors to Consider in Implementing the Audit Risk Model

1. High-risk activities – where material misstatement could easily occur. Owner’s equity and cash flow

2. Existence of large non-routine transactions – outside significant transactions that is not the normal course of business process;
routine non-complex are less likely to give rise to significant risks

3. Matters requiring judgment or management intervention.

4. Potential for fraud. Risk of not detecting a material misstatement resulting from fraud

Limitation of Audit Risk Model

1. Inherent Risk - refers to the natural risk level in a process that has not been controlled or mitigated in risk management. In
accounting, inherent risk indicates the probability of any material misstatements in financial reporting caused by factors other than an
internal control failure – natural risk where you only place band-aid solution

2. The model treats each risk component as separate and independent when in fact the components are not independent.

3. Audit risk is judgmentally determine.

4. Audit technology is not fully developed that each component of the model can be accurately assessed.

Risk-Based Audit Account-Based Audit

 Views all activities first in terms of risks to  Traditional audit
strategies  Obtain first understanding of control
 Identify risks then mitigate it  Assess control risk for particular types of error and frauds
Reasonable assurance – inform users that auditors do not guarantee or insure the fair presentation of the FS

Free of material misstatement – inform users that the auditor’s responsibility is limited to material financial info.

How to Perform a Risk-Based Audit

1. The auditor shall plan and perform an audit with professional skepticism recognizing that circumstances may exist that cause the
financial statements to be materially misstated.

2. The auditor shall exercise professional judgment in planning and performing an audit of financial statements.

3. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably
low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion.

4. To achieve the overall objectives of the auditor, the auditor shall use the objectives stated in relevant ISAs in planning and
performing the audit, havingf regard to the interrelationships among the ISAs, to:

a. Determine whether any audit procedures in addition to those required by the ISAs are necessary in pursuance of the
objectives stated in the ISAs.

b. Evaluate whether sufficient appropriate audit evidence has been obtained.

Risk-based Audit Process

Phase I: Risk Assessment—identify and assess risks of material misstatement in the FS

  Performance of preliminary engagement activities to decide whether to accept / continue an audit engagement.
 Planning the audit to develop an overall audit strategy and audit plan.
 Performance of risk assessment procedures to identify / assess risk of material misstatement through understanding the entity.
 The objective of the auditor is to identify and assess the risks of material misstatement
a. Whether due to fraud or error at the financial statement and assertion levels
b. Understanding the entity and its environment including the entity’s internal control.
c. Providing a basis for designing and implementing responses to the assessed risks of material misstatement.

An appropriate risk assessment phase would include the following:

1. Up-front involvement of senior team members – ensures that experience and insights will be utilized and taken advantaged of
2. An emphasis on professional skepticism – no disregard to past honesty that would lead to satisfaction to less-than-persuasive audit
evidence—always practice professional skepticism to obtain reasonable assurance
3. Planning – ensure that objectives are met and focus on gathering evidence on most critical areas of potential misstatement
4. Team discussions and ongoing communication
 Inform staff about client in general and discussing potential risk areas
 Discuss effectiveness of audit strategy and plan that involves making changes as necessary
 Brainstorm about occurrence of fraud and how to respond to it
 Discuss disclosures in higher risk of material misstatement
 Allocate audit responsibilities and set time frames
5. Focus on risk identification – unidentified fraud and risk will not be assessed, documented, and responded
6. Financial statement disclosures – understanding disclosures and assess risks of material misstatement in them
7. Ability to evaluate management’s response to risk – evaluate effectiveness of responses to risk
8. Use of professional judgment – use and documentation of judgments made by the auditor in the audit process
 Deciding to accept or continue with the client
 Developing the overall audit strategy
 Establishing materiality
 Assess risk of material misstatement where special audit consideration is necessary
 Develop expectations for use when performing analytical procedures

Phase II: Risk Response

 Designing overall responses and further audit procedures to develop appropriate responses to the assessed risk of material
misstatement.
 Implementing responses to assessed risk of material misstatement to reduce audit risk to an acceptably low level.
 The objective of the auditor is to obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement
and designing and implementing appropriate responses to those risks.

Planning the appropriate mix of audit procedures to respond to identified risks include the following:

1. Use of tests of controls – Identify relevant internal controls that, if tested, would reduce the need/scope for other substantive
procedures. Identify any assertions that can’t be addressed by substantive procedures alone

2. Substantive analytical procedures – These are procedures for which the total amount of a transaction stream can be reliably
predicted based on available evidence.

3. Unpredictability – The need to incorporate an element of unpredictability in procedures performed, such as when responding to a
risk of material misstatement due to possible fraud.

4. Management override – The need for specific audit procedures to address the potential for management override.

5. Significant risks

Phase III: Reporting—assess audit evidence obtained and determine whether it is sufficient to reduce audit risk to an acceptably low level

 Evaluating the audit evidence obtained to determine what additional audit work (if any) is required.
 Forming an opinion based on audit findings and preparing the auditor's report.
 Prepare and issue reports that are appropriate to the conclusions reached
 The objectives of the auditor are: To form an opinion on the financial statements based on an evaluation of the conclusions drawn
from the audit evidence obtained; and To express clearly that opinion through a written report.

Summary of Risk-Based Audit Process

Risk that are relevant in conducting audit to FS:

Risk – uncertain event that could be potentially dangerous or could be an opportunity depending on the application of risk
management.

Audit Risk – the risk that the auditor expresses an inappropriate audit opinion when the financial statements are materially misstated.

Engagement Risk - the risk that the auditor expresses an inappropriate conclusion in the audit report.

Financial Reporting Risk - the possibility of inaccuracy and unreliability in financial reporting.

Business Risk – exposure of the entity to any events that will lower its profit or may lead to bankruptcy and closure.
Determining and Using Materiality

The objective of the auditor:

1. Apply the concept of materiality appropriately in planning and performing the audit.

2. Evaluate the effect of identified misstatements on the audit and the effect of uncorrected misstatements, if any, on the financial statements.

Integration of materiality in risk-based audit:

 Overall Materiality - Materiality for the financial statements as a whole (overall materiality) is based on the auditor’s professional
judgment as to the highest amount of misstatement(s) that could be included in the financial statements without affecting the
economic decisions taken by a financial statement user.
 Specific Materiality - Levels for Particular Classes of Transactions, Account Balances, or Disclosures)

Nature of Misstatements

1. The size (or quantitative aspects) of the potential misstatement in relation to materiality.

2. The nature (or qualitative aspects) of potential misstatements and the particular circumstances of their occurrence. Factors to consider in
considering whether misstatements in qualitative disclosures could be material, include:

 Changes in the circumstances of the entity – entity has undertaken a significant business combination or divestiture.
  Changes in and the application of the requirements of the applicable financial reporting framework – new financial reporting standard
may require new and significant qualitative disclosures.
 Need for disclosures that would be important to users of the financial statements – the entity may no longer be in compliance with
loan covenant or has failed to meet some statutory/regulatory reporting requirements or engaged in some illegal acts.

RISK ASSESSMENT

Phase 1A – Performance of Preliminary Engagement Activities

Phase 1B- Planning the Audit to Develop an Overall Audit Strategy and Audit Plan

Phase 1C.1 – Performance of Risk Assessment Procedures to Identify/Assess Risk Material Misstatement through Understanding the Entity

Phase 1C.2 – Consideration of Internal Control in a Financial Statement Audit

Phase 1A – Performance of Preliminary Engagement Activities

Audit Engagement (PSA 220)

 Perform procedures regarding the continuance of the client relationship and the specific audit engagement – PSA 220 Quality Control
of an Audit of Financial Statement.
 Evaluate compliance with ethical requirements.
 Establish an understanding of the terms of engagement – Agreeing the Terms of Audit Engagements.

Client Acceptance and Retention

The client acceptance phase of the audit has two objectives:

a. Examination of the proposed client to determine if there is any reason to reject the engagement (acceptance of the client)—
tayo yung nililigawan ni client
b. Convincing the client to hire the auditor (acceptance by the client)—nililigawan ng auditor si client

I. Acquiring knowledge of the client’s business – before accepting the client and entity (especially when it has scandals or issues)
II. Examination the audit firm’s ethical requirements and technical competence – align manner of expertise and match requirements
III. Possible use of other professionals (including outside specialist) in the audit – to cater audit needs
IV. Communication with the predecessor auditor – get audit findings of former auditors for comparison
V. Preparation of client proposal – will depend on what service is needed
VI. Select staff to perform the audit
VII. Submission of the terms of the engagement in the form of an audit engagement letter – contract stipulating everything

There are two basic types of audit engagement proposals:

1. Those to continuing (recurring) clients – proposal discusses how the auditing firm can add value, plans for further improvement in
the client relationship, and provides a description of the audit team and a detailed fee proposal – improvements in the proposal
 2. Those to new clients – discusses business and audit expectations, audit firm strengths, audit team, audit approach, reliance on
internal auditors, transition needs and management, after-service monitoring, and fee details – provide core strength to the client

* It is in the interests of both client and auditor that the auditor sends an engagement letter, preferably before the commencement of the
engagement, to help in avoiding misunderstandings with respect to the engagement.

Engagement Letter—includes company, fees, and services to be offered

 An engagement letter is an agreement between the accounting firm and the client for the conduct of the audit and related services.
 An auditor’s engagement letter documents and confirms his acceptance of the appointment, the objective and scope of the audit, the
extent of auditor responsibilities to the client, and the form of any reports.
 The engagement letter may affect legal responsibilities to the client. In litigation, the Auditor may use an engagement letter as a
contract stating its scope, responsibilities, and limitations.
 The letter describes the auditor’s purpose, that the audit entails study of internal control, the time schedule of the engagement, and
fees (stipulated and stated whether one-time or installment billing)

Contents of the Engagement Letter

a. Objective and scope of the audit of financial statements.

b. The responsibilities of the auditor.
c. The responsibilities of management.
d. Identification of the applicable financial reporting framework for the preparation of the financial statement.
e. Reference to the expected form and content of any reports to be issued by the auditor and a statement that there may be
circumstances in which a report may differ from its expected form and content.

Phase 1B- Planning the Audit to Develop an Overall Audit Strategy and Audit Plan

Audit Plan

International Standards on Auditing (ISA) 300, “Planning,” states, “The auditor should plan the audit work so that the audit will be performed in
an effective manner. Planning means developing a general strategy and a detailed approach for the expected nature, timing and extent of the
audit – see detailed structures as a guidance or flow for audit work

 Objective – To determine the amount and type of evidence and review required to assure the auditor that there is no material
misstatement of the financial statements.

Planning Procedures (PSA 300, ISA 315)

I. Perform audit procedures to understand the entity and its environment, including the entity’s internal control.

Understanding the Entity and its Environment

1. Industry (i-align or itama process for competitive advantage), regulatory, and other external factors including applicable financial
reporting framework.
 The market and competition, including demand, capacity, and price competition.
 Cyclical or seasonal activity (e.g. financing and investing activity)
  Product technology relating to the entity’s products
 Energy supply and cost
 Accounting principles and industry specific practices
 Taxation (corporate and other)
 Government policies currently affecting the conduct of the entity’s business
2. Nature of the entity – operations, investments, financing and capital structure.
3. Objectives and strategies and related business risks.
4. Measurement and review of the entity’s financial performance.
5. Internal control.
 Inquiries of management and others within the entity.
 Analytical procedures - involve a comparison of company results to that of the industry; keen into details
 Observation and inspection
 Other Information Sources – entity’s external legal counsel

II. Assess the risks of material misstatements of the financial statements.

 Identifying risks through considering
- the entity and its environment, including its internal control
- classes of transactions, account balances and disclosures
 Relating the identified risks to what can go wrong at the assertion level.
 Considering the significance and likelihood of the risks.

Levels of Risk

 Inherent risk - the susceptibility of an account balance or class of transactions to misstatements that could be material, individually or
when aggregated with misstatements in other balances or classes, assuming that there were no related internal controls.
 Control risk - misstatement that could occur in an account balance or class of transactions and that could be material – individually or
when aggregated with misstatements in other balances or classes – will not be prevented or detected and corrected on a timely basis
by accounting and internal control systems.
 Detection risk - risk that an auditor’s substantive procedures will not detect a misstatement that exists in an account balance or class
of transactions that could be material, individually or when aggregated with misstatements in other balances or classes.

III. Determine materiality.

PSA 320 – Materiality in planning and performing an audit establishes standards and deals with the auditor’s responsibility to apply the concept
of materiality in planning and performing an audit of financial statement.
Information is material (FRSC - Financial Reporting Standards Council)

 omission or misstatement could influence the economic decisions of users taken on the basis of the financial statement.
 relate peso (foreign) amount of the error
 causes of misstatement – irregularity or illegal act

Levels of Materiality

Overall Specific Performance

Based on auditor’s professional judgement as to Based on professional judgment – No specific guidance per PSA.
the highest amount of misstatement/s. establish lower amount.  60% of overall or specific
 Per PSA profit from continuing profit statement where there is a
from continuing operations – 3% to 7% Sensitive financial statement areas. higher risk material
 Other considerations: misstatement.
Revenues or expenditures – 1% to 3%  85% where the assessed risk
Assets – 1% to 3% of material misstatement is
Equity – 3% to 5% less.
IV. Prepare the planning memorandum and audit program containing the auditor’s response to the identified risks.

Other Critical Matters in Engagement Planning

1. Application of Analytical procedures in planning the audit. Assist in understanding the business and in identifying areas of potential
risk
2. Establishment of an engagement or audit team. Considers audit size and complexity
3. Consideration of work performed by other auditors/parties.
 Predecessor auditor. Consult with auditors of the higher-ups
 Other CPAs. Principal auditor – auditor with responsibility for reporting on the FS of an entity when those FS include financial
info. of one or more components audited by another auditor
 Specialists. Brings unique knowledge and judgment in a field other than accounting and auditing
 Use of Client’s staff. Make the auditor’s free from routine work.
 Internal auditors. Enhance internal control and assist independent auditors in performing specific audit procedures
4. Assessment of Going Concern Assumption – Financial, Operations and others.
5. Identification of related parties – affiliated company, principal owners or any other party with which the client deals.
 Related party – affiliated company
 Related party transaction – transaction between client and related party
6. Client’s legal obligations. Auditors should review:
 Minutes of BOD and stockholders’ meetings
 Changes to articles of incorporation or by-laws
 Any significant contracts
7. Completion of the initial audit program
Audit program – set of audit procedures specifically designed for each audit.
8. Preparation of a Time budget
Time budget – estimate of the total hours an audit is expected to take
 Client’s size – gross assets, sales, employees
 Location – main office, warehouse, plants
 Anticipated accounting and auditing problems
 Competence and experience of staff available
9. Assignment of personnel to the engagement.
10. Scheduling of work.

Documentation of Audit Plan/Program in Risk Assessment

1. Description of the client company its structure, nature of business and organization.
2. Audit objectives.
3. Description of the nature and extent of other services.
4. Timetable of the audit work
5. Work to be done by the client’s employer
6. Assignment of audit staff
7. Target completion dates
8. Preliminary evaluation and judgment about materiality level for the engagement.
9. Any special problems to be resolved during engagement.
10. Conditions that may require changes in audit test.
 RISK ASSESSMENT PART 2 & 3

Phase 1C.1 – Performance of Risk Assessment Procedures to Identify/Assess Risk Material Misstatement through Understanding the Entity

PSA 315

Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment.

1) Risk Assessment Procedures and Related Activities

 The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of
material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however,
do not provide sufficient appropriate audit evidence on which to base the audit opinion.
 The risk assessment procedures shall include the following:
a) Inquiries of management, and of others within the entity who in the auditor’s judgment may have information that is
likely to assist in identifying risks of material misstatement due to fraud or error.
b) Analytical procedures – identify existence of unusual transactions or events, and amounts, ratios, and trends that
might indicate matters that have FS and audit implications.
c) Observation and inspection – support inquiries of management and others
 The auditor shall consider whether information obtained from the auditor’s client acceptance or continuance process is relevant
to identifying risks of material misstatement.
 Where the engagement partner has performed other engagements for the entity, the engagement partner shall consider whether
information obtained is relevant to identifying risks of material misstatement.
 When the auditor intends to use information obtained from the auditor’s previous experience with the entity and from audit
procedures performed in previous audits, the auditor shall determine whether changes have occurred since the previous audit
that may affect its relevance to the current audit.
2) The Required Understanding of the Entity and Its Environment, Including the Entity’s Internal Control
 The Entity and Its Environment
The auditor shall obtain an understanding of the following:
a) Relevant industry, regulatory, and other external factors including the applicable financial reporting framework
b) The nature of the entity.
i. Its operations;
ii. Its ownership and governance structures;
iii. The types of investments that the entity is making and plans to make
iv. The way that the entity is structured and how it is financed, to enable the auditor to understand the classes
of transactions, account balances, and disclosures to be expected in the financial statements.
v. The entity's selection and application of accounting policies, including the reasons for changes thereto. The
auditor shall evaluate whether the entity's accounting policies are appropriate for its business and
consistent with the applicable financial reporting framework and accounting policies used in the relevant
industry.

Examples of matters an auditor may consider include the following

o Business operations: (e.g., nature of revenue sources, products or services markets, conduct of operations, key
customers, suppliers of goods and services, alliances, joint ventures and outsourcing activities, involvement in electronic
commerce, including internet sales and marketing activities, geographic dispersion and industry segmentation, location
of production facilities, employment
o Investments: (e.g.. acquisitions, mergers or disposals of business activities, capital investment activities)
o Financing: (e.g., debt structure, leasing of property and equipment, related parties)
o Financial reporting: (e.g., accounting principles and industry specific practices, revenue recognition practices, accounting
for fair values, foreign currency assets, liabilities and transactions)
c) The entity’s selection and application of accounting policies, including the reasons for changes thereto.
d) The entity’s objectives and strategies, and those related business risks that may result in risks of material
misstatement.
e) The measurement and review of the entity’s financial performance.
 The Entity’s Internal Control - The auditor shall obtain an understanding of internal control relevant to the audit.
 Nature and Extent of the Understanding of Relevant Controls
 Components of Internal Control
a) Control environment
b) The entity’s risk assessment process
c) Understanding of the information system
d) Ad hoc process
3) Identifying and Assessing the Risks of Material Misstatement
 The auditor shall identify and assess the risks of material misstatement at:
a) The financial statement level
 b) The assertion level for classes of transactions, account balances, and disclosures to provide a basis for designing and
performing further audit procedures.
 Purpose
 Identify risks throughout the process of obtaining an understanding of the entity and its environment, including
relevant controls that relate to the risks and by considering the classes of transactions, account balances, and
disclosures in the financial statements.
 Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole
and potentially affect many assertions.
 Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the
auditor intends to test.
 Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the
potential misstatement is of a magnitude that could result in a material misstatement.
4) Material Weakness in Internal Control
 The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has identified a material weakness
in the design, implementation or maintenance of internal control.
 The auditor shall communicate material weaknesses in internal control identified during the audit on a timely basis to
management at an appropriate level of responsibility, and, as required by PSA 260 (Revised).
5) Documentation
 The discussion among the engagement team where required by paragraph 10, and the significant decisions reached.
 Key elements of the understanding obtained regarding each of the aspects of the entity and its environment specified in
paragraph 11 and of each of the internal control components specified in paragraphs 14-23 (PSA 315); the sources of
information from which the understanding was obtained; and the risk assessment procedures performed.
 The identified and assessed risks of material misstatement at the financial statement level and at the assertion level as
required by paragraph 24 (PSA 315).
 The risks identified, and related controls about which the auditor has obtained an understanding, as a result of the
requirements in paragraphs 26-29 (PSA 315)
 Scope – This Philippine Standard on Auditing (PSA) deals with the auditor’s responsibility to identify and assess the risks of material
misstatement in the financial statements, through understanding the entity and its environment, including the entity’s internal
control.
 Objective - The objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at
the financial statement and assertion levels, through understanding the entity and its environment, including the entity’s internal
control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement.
 Purpose
a) Assertions
b) Business risk
c) Internal control
d) Risk assessment procedures
e) Significant risk

Assessing the Inherent Risk and Control Risk at the Assertion Level

For each of the financial statement account, audit risk consist of the possibility that:

1. A material misstatement in assertion about the account has occurred.

2. Auditors do not detect the misstatement.

Types of Audit Risk: AUDIT RISK = INHERENT RISK x CONTROL RISK x DETECTION RISK

Risk of Occurrence

1. Inherent risk
 Financial Statement level
 Integrity of the management
 Management experience and knowledge
 Management change
 At the account balance and class transaction level
 Adjusting in the prior period
 Complexity of transactions and events
2. Control risk
 Preliminary assessment of Control Risk
 Determine or identify internal controls relevant to the assertion which are likely to prevent or detect and correct
material misstatement.
 Plans to perform test of control to support the assessment.
 Documentation of understanding and assessment of control risk.
  Understanding the entity and it’s internal control
 Assessment of the control risk

Undetectable Risk

3. Detection risk - the risk that the auditor will not detect a misstatement that exists in an assertion that could be material (significant),
either individually or when aggregated with other misstatements.

Audit Risk for a Specific FS Assertion

Inherent risk and control risk comprise the risk that an assertion is misstated and detection isk is the risk that the auditor will not detect the
misstatement

Audit Risk Model

a) Determine planned audit Risk – plan acceptable audit risk.

b) Assess inherent risk – auditors attempt to predict where misstatement are most and least likely in the financial statement segment.
c) Assess control risk – effectiveness of control in mitigating misstatements

Factors Methods used by practitioners to assess acceptable audit risk

External users’ reliance  Examine the FS, including footnotes
on FS  Read minutes of board of directors meetings to determine future plans
 Discuss financing plans with management
Likelihood of financial  Analyze the FS for financial difficulties using ratios and other analytical procedures
difficulties  Examine historical and projected cash flow statements for the nature of cash inflows
and outflows
Management integrity  Obtain information from local attorneys, other CPAs, banks, predecessor auditor.
d) Determine the allowable detection risk.
 Dependent on acceptable audit risk, inherent risk and control risk.
 Determine the amount of substantial evidence that auditors plans to accumulate, inversely with size planned
detection risk.
Audit Risk Model for Evaluating Audit Results

 AcAR – Achieved audit risk. Risk taken on account in the FS that materially misstated after accumulating audit evidence.
 IR – Inherent Risk
 CR – Control Risk
 AcDr – Achieved detection Risk. Risk from the audit evidence did not detect misstement exceeding a tolerable amount.
AcAR = IR x CR x AcDr
 Reduce inherent risk
 Reduce control risk
 Reduced achieved detection risk by increasing substantive audit test.

Phase 1C.2 – Consideration of Internal Control in a Financial Statement Audit

Nature and Purpose of Internal Control

PSA 315

 Defines internal control as the process designed and effected by those charged with governance, management, and other personnel to
provide reasonable assurance about the achievement of the entity's objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations and compliance with applicable laws and regulations. It follows that internal control is
designed and implemented to address identified business risks that threaten the achievement of any of these objectives.
Those objectives fall into three categories:
o Reliability of the entity's financial reporting
o Effectiveness and efficiency of operations
o Compliance with applicable laws and regulations

Internal Control System Defined

 Internal control system means all the policies and procedures (internal controls) adopted by the management of an entity to assist in
achieving management's objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including
adherence to management policies, the safeguarding of assets, the prevention and detection of fraud and error, the accuracy and
completeness of the accounting records, and the timely preparation of reliable financial information.

Components and Principles of Internal Control

a. The control environment - overall attitude, awareness and actions of the board of directors and management regarding
internal control.
c. The function of the board of directors and its committees.
d. Management's philosophy and operating style.
e. The entity's organizational structure and methods of assigning authority and responsibility.
f. Management's control system including the internal audit function, personnel policies and procedures and segregation of
duties.
 Communication and Enforcement of Integrity and Ethical Values
 Commitment to Competence
 Participation by those Charged with Governance
 Management's Philosophy and Operating Style
 Organizational Structure
 Assignment of Authority and Responsibility
 Human Resources Policies and Procedures
b. The entity's risk assessment process - Risk assessment is the "identification, analysis, and management of risks pertaining to
the preparation of financial statements.
Risks can arise or change due to circumstances such as the following:
o Changes in regulatory or operating environment.
o New personnel.
o New or revamped information systems.
o New technology.
o Rapid growth.
o New business models, products, or activities.
o Corporate restructurings; Expanded foreign operations.
o Expanded foreign operations.
o New accounting pronouncements.
c. The information system, including the related business processes, relevant to financial reporting, and communication - An
information system consists of infrastructure (physical and hardware components), software, people, procedures, and data.
Infrastructure and software will be absent, or have less significance, in systems that are exclusively or primarily manual. Many
information systems make extensive use of IT.
 An information system encompasses methods and records that:
o Identify and record all valid transactions.
o Describe on a timely basis the transactions in sufficient detail to permit proper classification of transactions for
financial reporting.
o Measure the value of transactions in a manner that permits recording their proper monetary value in the financial
statements.
o Determine the time period in which transactions occurred to permit recording of transactions in the proper
accounting period.
o Present properly the transactions and related disclosures in the financial statements.
d. Control activities are the policies and procedures that help ensure that management directives are carried out, for example,
that necessary actions are taken to address risks that threaten the achievement of the entity's objectives.
The major categories of control procedures are:
a) Performance Review
b) Information Processing Controls - Segregation of duties, Adequate documents and records, Safeguards over access
to assets and Independent checks on performance
c) Physical controls
e. Monitoring of controls.
 the process that an entity uses to assess the quality of internal control over time. Monitoring involves assessing the
design and operation of controls on a timely basis and taking corrective action as necessary. Management monitors
controls to consider whether they are operating as intended and to modify them as appropriate for changes in
conditions.
 Some monitoring activities may include communications from external parties.

Objective of the Study of Internal Control

 To assess control risk below maximum, an auditor should identify, relevant to each assertion, the specific controls that are likely to
prevent or detect material misstatements in those assertions.
 To evaluate the effectiveness of controls that have been placed in operation, the auditor performs tests to determine that they are
being applied. This is not required in obtaining an understanding of internal control to plan an audit.

Documentation of Understanding

 Internal accounting control questionnaire – design to detect control weakness.

Advantages
a. They provide audit assurance that attention is given to presence or absence of all controls listed and that certain features of
the system are not overlooked.
b. They provide a means of obtaining uniform documentation of internal control system reviewed.
c. They provide inexperienced audit staff members with guidance in performing internal control reviews.
d. They facilitate the early detection of potential weaknesses In the system.

Disadvantages

a. Auditor may view the questionnaire device for accomplishing an automatic evaluation of internal control.
b. Controls listed on questionnaires may not suit the particular circumstances of a specific audit.
c. The auditor may overlook pertinent control not included in the questionnaires.
 Flowchart – symbolic diagram of specific part of an internal control
 *Internal accounting control questionnaire - contains series of questions designed to detect control weaknesses
 Flowchart

Advantages

 Easily understood
 Better overall picture or complex system
 Parallels EDP documentation (Electronic Document Processing)
 Easy to update

Disadvantage

 higher level of knowledge and training are required to prepare a good flowchart of a complex system
 flowcharts take more time to prepare and require more knowledge
 more difficult to spot internal control weakness
 Narrative Description - written description of a particular phase or phases or a control system.

Advantages

 Narrative is flexible and may be tailor-made for engagement.

 Requires a detailed analysis and thus forces auditor to understand functioning of the system.

Disadvantages

 Auditor may not have the ability to describe the system correctly and concisely.
 This may require more time and careful study.
 Auditor may overlook important portions of internal control system. A poorly written internal accounting control narrative
can lead to a misunderstanding of the system thus resulting In the Improper design and application of compliance tests.
 Internal Control Checklist – This contains a detailed enumeration of the methods and practices which characterize good internal
control or of item to be considered in reviewing internal control. The checklist basically provides only a guide to review the internal
control of the auditee and does not represent a record of the auditor's findings. In most cases therefore, this tool is used together with
the narrative approach.
 Decision Tables In this approach, the system is depicted as decision points. Advantages and disadvantages are similar to those of the
flowchart approach.
Relationship of Effectiveness of Internal Control and Substantive Tests

Communication of Performance, Improvements, and Observations in Internal Control to Management

Reportable Conditions

 Deficiencies in internal control structures design

 Failures in the operations of internal control structures
 Others – absences of sufficient levels of control consciousness, failure to follow and correct previously identified internal
control.

Reporting - form and Content

 Indicate that the purpose of audit was to report FS and not provide assurance in internal control structure.
 Include the definition of reportable conditions
 Include restriction on distribution