2.

0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
Overview of the audit process likelihood of misstatements in account balance
and then adjusts the amount and type of audit
(1) Pre-engagement Activities work to the likelihood of material misstatements
a. Investigate new clients and existing clients occurring in account balances
b. Obtain an engagement letter - Auditors must focus on the risks to the entity’s
(2) Planning activities operations and ensure controls are in place to
a. Obtain knowledge of the client’s business eliminate, mitigate or compensate for those risks
b. Obtain preliminary understanding of - Audit teams now devote a significant amount
internal controls of their engagement planning to their client’s
c. Design a preliminary account balance business risks. Business risk is the risk that the
audit program (based on knowledge of client will fail to achieve its objectives.
internal controls)
d. Assign partner, manager and staff to Under this approach, the auditor performs the
engagement ff:
(3) Internal Control Risk Assessment 1. Identification of the client’s strategy and the
Activities processes for developing that strategy
a. Gathers evidence and evaluates the 2. Examination of the core business process and
client’s internal control structure. resource management
(4) Document the assessed level of control 3. Identification for each of the key processes
risk (and sub-processes) the inputs, activities,
a. Modify the audit program to final form if outputs, systems and transactions.
necessary 4. Assessment of the risks that the processes will
(5) Account Balance Audit Activities not meet the goals and controls related to
a. Gather evidence about the account those risks
balance peso amounts and related
footnote disclosures. Prepare audit Risk – is a concept used to express
working papers uncertainty about events and/or their outcomes
b. Decide whether or not evidence is that could have a material effect on the
sufficient. If not obtain more, unless cost is organization Four components of risk relevant
prohibitive to conducting the audit:
c. Evaluate the evidence and make audit
decision. Document the decision in
working papers
(6) Reporting Activities - Decide on appropriate
audit report opinion

Steps/Stages in Risk-Based Audit

1) Risk Assessment
2) Risk Response
3) Reporting

Auditor’s standard report:

We conducted our audits in accordance with Phil.
Standards on Auditing. Those standards require
that we comply with ethical standards and plan
and perform the audit to obtain reasonable
assurance about whether the financial statements
are free of material misstatements.
 The phrase “reasonable assurance” is intended
to inform the users that auditors do not
guarantee or insure the fair
 presentation.
 This phrase communicates that there is some
risk that the financial statements are not fairly
stated even when the opinion of the auditor is
unqualified.
 The phrase “free of material misstatement” is
intended to inform the users that the auditor’s
responsibility is limited to material financial 1) Audit risk
information. 2) Engagement risk
3) Financial reporting risk
Materiality is important because it is 4) Business risk
impractical for auditors to provide assurance
on immaterial amounts.
Audit risk: The risk that an auditor may give an
Thus, materiality and risk are fundamental
unqualified opinion on financial statements that
concepts that are important to planning the
are materially misstated. Risk that the auditor
audit and designing the audit approach.
fails to find material misstatements in the
client’s FS and thereby inappropriately
Risk-based approach is an audit approach that
issues an unqualified opinion of the FS. The
begins with an assessment of the types and
auditor can control the risk in two ways:
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
 Avoid audit risk by not accepting certain required
companies as client. B. Forming an opinion based on audit findings and
 Set audit risk at a level that the auditor preparing the auditor’s report
believes will mitigate the likelihood that the
auditor will fail to identify material
misstatements. Phase I-A Performance of Preliminary
It is not possible to completely eliminate Engagement Activities (Pre-Engagement
audit risk, but it can be reduced by doing Activities)
more work. However, doing more work increases At the beginning, the auditor should perform:
audit fees, which may create issues with the client.  Perform procedures required by PSA 220
“Quality Management of an Audit of Financial
Engagement risk: Economic risk that a CPA firm Statements” regarding the continuance of the
is exposed to, due to association with a client relationship and the specific audit
particular client, including loss of reputation, engagement
inability of client to pay the auditor, or  Evaluate compliance with ethical
financial loss because management is not honest requirements, including independence as
and inhibits the audit process. This risk is required by PSA 220
controlled by careful selection and retention  Establish an understanding of the terms of
of client engagement as required by PSA 210 “Agreeing
the Terms of Audit Engagements”
Financial reporting risk: Those risk that relate
directly to the recording of transactions and Pre-engagement
presentation of financial data in an organization’s (1) Acceptance and Continuance of Client
financial statements. Would arise from issues such Relationships and Audit Engagements (PSA 220) -
as assets impairments, mark-to-market In making a decision whether to accept or
accounting, warranties, pensions, estimates as well reject an engagement, an auditor should
as competence and integrity of management and consider the following:
incentives to misstate the FS a) Integrity of the Client (PSQC 1 A19) -
It is essential for a CPA firm to maintain its
Business risk: Those risk that affect the integrity, objectivity and reputation for
operations and potential outcomes of providing high quality services. Auditors
organizational activities. Business risk and financial cannot afford to be regularly associated
reporting risk, generally originates from the with clients who are engaging in
client and its environment, and these risks management fraud or other unlawful
then affect the auditor’s engagement risk activities. (this is related to engagement
and audit risk. The effectiveness of risk risk).
management processes will determine whether a Before accepting any engagement, the CPA
company or audit firm will continue to exist. should investigate the history of the
Business risk and financial reporting risk may prospective client, including such matters as
affect each other. Ex. Management facing strong the:
competition and weak financial results may be - Identities and reputation of the directors, officers
motivated to circumvent a weak internal control and major stockholders.
system or take advantage of complex financial - The nature of the client’s operations, including its
instruments to achieve desired financial results. business practices
Audit firms discovered that being associated - Indications that the client might be involved in
with companies with poor integrity creates money laundering or other criminal activities
risk that can destroy the audit firm or
significantly increase the cost of conducting the b) Competence of the auditor and team
audit. Engagement Team (PSA 220 A11) -
When considering the appropriate
Risk-Based Audit Process competence and capabilities expected of
Phase I – Risk Assessment the engagement team as a whole, the
A. Performance of preliminary engagement following are considered:
activities to decide whether to accept/continue an i. Understanding of, and practical
audit engagement experience with, audit engagements
B. Planning the audit to develop an overall audit of a similar nature and complexity
strategy and plan through appropriate training and
C. Performance of risk assessment procedures to participation.
identify the risk of material misstatement through ii. Understanding of professional
understanding the entity standards and regulatory and legal
Phase II – Risk Response requirements.
A. Designing overall responses and further audit iii. Technical expertise, including
procedures to develop appropriate responses to expertise with relevant information
the assessed risk of material misstatement technology and specialized areas of
B. Implementing responses to assessed risk of accounting or auditing.
material misstatement to reduce audit risk to an iv. Knowledge of relevant industries in
acceptably low level which the client operates.
Phase III – Reporting v. Ability to apply professional judgment.
A. Evaluating the audit evidence obtained to vi. Understanding of the firm’s quality
determine what additional audit work (if any( is control policies and procedures
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
Other things to consider:
1. Engagement Performance
 Direction, Supervision and Performance
 Reviews
 Consultation
 Engagement Quality Control Review
c) Compliance with independence and
relevant ethical requirements of the
auditor and team -
d) Significant matters that have arisen
during the current or previous audit
engagement - For example, a client may
have started to expand its business
operations into an area where the firm
does not possess the necessary expertise.
(2) Compliance with Relevant Ethical requirements
(PSA 220) - Throughout the audit engagement, the
engagement partner shall remain alert, through
observation and making inquiries as necessary, for
evidence of noncompliance with relevant ethical
requirements by members of the engagement
team.
If matters come to the engagement partner’s
attention through the firm’s system of quality
control or otherwise that indicate that members of
the engagement team have not complied with
relevant ethical requirements, the engagement
partner, in consultation with others in the firm,
shall determine the appropriate action which may
include eliminating the activity or interest that
creates the threat, or withdrawing from the audit
engagement, where withdrawal is legally
permitted.
(3) Establish an understanding of the terms of
engagement: Preconditions For An Audit (PSA
210)
Before accepting an engagement with a new client,
the CPA firm shall establish conditions: (PSA 210)
1) Whether the financial reporting framework to
be applied in the FS is acceptable
2) The agreement of management that it
acknowledges and understands its
responsibility for:
i. Preparation of FS in accordance with
applicable financial reporting framework
ii. Internal control to enable the preparation
of FS that are free from material
misstatement, whether due to fraud or
error
iii. Providing the auditor
Access to all information of
which management is aware
relevant to the preparation of FS such as
records, documentation and other matters
Additional information that the
auditor may request from management
for the purpose of the audit
Unrestricted access to persons
within the entity from whom the auditor
determines it is necessary to obtain audit
evidence
If management or those charged with governance
impose a limitation on the scope of the
auditor’s work in the terms of a proposed audit
engagement such that the auditor believes the
limitation will result in the auditor disclaiming an
opinion on the financial statements, the auditor
shall not accept such a limited engagement
as an audit engagement, unless required by
law or regulation to do so.
Performing the preliminary engagement activities
enables the auditor to plan an audit engagement:
a. The auditor maintains the necessary
independence and ability to perform the
engagement
b. There are no issues with management
integrity that may affect the auditor’s
willingness to continue the engagement
c. There is no misunderstanding with the
client as to the terms of engagement
Consideration for client continuance and ethical
requirements, including independence occurs
throughout the audit engagement as conditions
and changes in circumstances occur
Client Selection And Retention
It is essential for a CPA firm to maintain its
integrity, objectivity and reputation for providing
high quality services. Auditors cannot afford to be
regularly associated with clients who are engaging
in management fraud or other unlawful activities.
Before accepting any engagement, the CPA should
investigate the history of the prospective client,
including such matters as the identities and
reputation of the directors, officers and major
stockholders. To help assess engagement risk,
auditors:
 generally obtain management’s permission to
make inquiries of other 3rd parties
 CPAs choose to avoid engagements entailing a
high engagement risk
 assess whether they can complete the audit in
accordance with PSAs
Others may accept such engagements, but
are aware that it is a must to expand audit
procedures to offset unusually high levels of
risk.
To reduce their business risk, public
accounting firms:
 try to carefully manage their audit
engagements
 are not obligated to accept undesirable clients
 are not obligated to continue to serve clients
when relationships deteriorate or when
management behavior becomes suspicious
Final step - The CPA firm will confer and agree
with management the terms of the audit
engagement.
is The agreed terms shall be recorded in an
audit engagement letter or in other written
form of agreement and shall include:
i. The objective and scope of audit of the FS
ii. The responsibilities of the auditor
iii. The responsibilities of management
iv. Identification of the applicable financial
reporting framework for the preparation of FS
v. Reference to the expected form and content of
any reports to be issued by the auditor and a
statement that there may be circumstances in
which a report may differ from its expected
form and content
Engagement letter - General contents of the
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
letter:
(a) The objective and scope of the audit of the
financial statements;
(b) The responsibilities of the auditor;
(c) The responsibilities of management;
(d) Identification of the applicable financial
reporting framework for the preparation of the
financial statements; and
(e) Reference to the expected form and content of
any reports to be issued by the auditor and a
statement that there may be circumstances in
which a report may differ from its expected form
and content.
Acceptance of a Change in the Terms of the
Audit Engagement (PSA 210)
 The auditor shall not agree to a change in the
terms of the audit engagement where there is no
reasonable justification for doing so.
 A change in circumstances that affects the
entity’s requirements or a misunderstanding
concerning the nature of the service originally
requested may be considered a reasonable basis
for requesting a change in the audit engagement.
 In contrast, a change may not be considered
reasonable if it appears that the change relates to
information that is incorrect, incomplete or
otherwise unsatisfactory. An example might be
where the auditor is unable to obtain sufficient
appropriate audit evidence regarding receivables
and the entity asks for the audit engagement to
be changed to a review engagement to avoid a
qualified opinion or a disclaimer of opinion. If,
prior to completing the audit engagement, the
auditor is requested to change the audit
engagement to an engagement that conveys a
lower level of assurance, the auditor shall
determine whether there is reasonable
justification for doing so.
 Before agreeing to change an audit
engagement to a review or a related service, an
auditor who was engaged to perform an audit in
accordance with PSAs may need to assess, in
addition to the matters referred to in previous
slide, any legal or contractual implications of the
change.
 If the auditor concludes that there is
reasonable justification to change the audit
engagement to a review or a related service, the
audit work performed to the date of change may
be relevant to the changed engagement;
however, the work required to be performed and
the report to be issued would be those
appropriate to the revised engagement. In order
to avoid confusing the reader, the report on the
related service would not include reference to:
a) The original audit engagement; or
b) Any procedures that may have been
performed in the original audit
engagement, except where the audit
engagement is changed to an engagement
to undertake agreed-upon procedures and
thus reference to the procedures
performed is a normal part of the report
 If the terms of the audit engagement are
changed, the auditor and management shall
agree on and record the new terms of the
engagement in an engagement letter or other
suitable form of written agreement.
 If the auditor is unable to agree to a change of
the terms of the audit engagement and is not
permitted by management to continue the
original audit engagement, the auditor shall:
a) Withdraw from the audit engagement where
possible under applicable law or regulation;
and
b) Determine whether there is any obligation,
either contractual or otherwise, to report the
circumstances to other parties, such as those
charged with governance, owners or
regulators.
Knowledge of the business
Risk assessment procedures and sources of
information about the entity and its environment,
including its internal control. Purpose of risk
assessment procedures:
 To obtain an understanding of the client.
 Information obtained may be used as audit
evidence to support assessments of the risks
of material misstatements.
 The auditor may choose to perform
substantive procedures or tests of control
concurrently with risk assessment procedures
to be efficient.
Risk assessment procedures
1) Inquiries of management and others within the
entity
 From which people will the auditor make
inquiries?
 From management
 From those responsible for financial
reporting
 From others within the firm (internal audit
personnel, or production)
 From other employees with different levels
of authority
 The auditor should inquire about the
entity’s external legal counsel or valuation
experts that the entity has used and
reviewing information obtained from
external sources such as reports by
analysts, banks, or rating agencies, trade
and economic journals, or regulatory or
financial publications, etc.
2) Analytical procedures - helpful in identifying
the existence of unusual transactions, events,
amounts, ratios and trends that might indicate
matters which have FS and audit implications.
The auditor develops expectations about
plausible relationships that are reasonably
expected to exist. When comparison of those
expectations with recorded amounts or ratios
yields unusual or unexpected relationships, the
auditor considers those results in identifying
risks of material misstatements. Often, such
analytical procedures use data aggregated at
a high level. In such case, the auditor should
consider the results of analytical procedures
along with other information gathered in
identifying the risks of material misstatement
3) Observation and inspection - Specific audit
procedures:
 Observation of entity’s operations
 Inspection of documents, records and
internal control manuals
 Reading reports prepared by management
(quarterly management reports and
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
interim financial statements) and those the aggregate, could reasonably be expected to
charged with governance (minutes) influence the economic decisions of users taken on
 Visits to entity’s premises and plant the basis of the financial statements
facilities -Judgments about materiality are made in light of
 Tracing transactions through the surrounding circumstances, and are affected by
information system relevant to financial the size or nature of a misstatement, or a
reporting (walk-throughs) combination of both; and
-Judgments about matters that are material to
Understanding the Entity and Its users of the financial statements are based on a
Environment Including Its Internal Control. consideration of the common financial information
Auditor’s understanding consists of the following: needs of users as a group.
 Relevant industry, regulatory, and other -In designing the audit plan, the auditor establishes
external factors including applicable financial an acceptable materiality level so as to detect
reporting framework quantitatively material misstatements.
 Nature of the entity -The auditor also needs to consider the possibility
 The entity’s selection and application of of relatively small misstatements that
accounting policies, including the reasons for cumulatively, could have a material effect on the
any changes. FS.
 The entity’s objectives and strategies, and -Ex. An error in month-end procedure could be an
those related business risks that may result in indication of a potential misstatement if that error
risks of material misstatements is repeated every month
 The measurement and review of the entity’s
financial performance In planning the audit, materiality should be
 Internal control considered by the auditor when:
Determining the nature, timing and extent of audit
Materiality procedures
Application of the Concept of Materiality to Audit Identifying and assessing the risks of material
PSA 320 “Materiality in Planning and Performing an misstatements
Audit” Determining the nature, timing and extent of
-establishes standards and deals with auditor’s further audit
responsibility to apply the concept of materiality in The auditor’s determination of materiality is a
planning and performing an audit of financial matter of professional judgement and is affected
statements. by the auditor’s perception of the financial
information needs of users of FS. It is reasonable to
Materiality (FRSC) assume that the users:
Information is material if its omission or Have a reasonable knowledge of business and
misstatement could influence the economic economic activities and accounting and a
decisions of users taken on the basis of the willingness to study the information in the FS with
financial statements. reasonable diligence
Materiality depends on the size of the item or error Understand that FS are prepared, presented and
judged in the particular circumstances of its audit to levels of materiality
omission or misstatement Recognize uncertainties inherent in the
Thus materiality provides a threshold or cut-off measurement of amounts, based on the use of
point rather than being a primary qualitative estimates, judgement and consideration of future
characteristics which information must have if it is events
to be useful. Make reasonable economic decisions on the basis
Auditor’s must therefore have knowledge of the of the information in the FS
likely uses of their client’s statements and the
decisions that are being made. Levels of Materiality
Materiality involves both quantitative and 1st level – overall materiality (or materiality for the
qualitative considerations. In assessing the FS as a whole)
quantitative importance of a misstatement, it is 2nd level – specific materiality (or materiality level
necessary to relate the peso amount of the error to for particular classes of transactions, account
the FS being examined balances or disclosure)
Qualitative considerations, relate to the causes of
misstatement. An error that may not be material Overall Materiality
quantitatively, may be material qualitatively. – is based on the auditor’s professional judgement
Ex. as to the highest amount of misstatements that
Misstatement is due to irregularity or illegal act of could be included in the FS, without affecting the
the client. economic decisions taken by an FS user.
Inadequate or improper description of an If the amount of uncorrected misstatements, either
accounting policy and it is likely that a user of the individually or in aggregate is higher than the
FS would be misled by the description overall materiality established for the engagement,
Failure to disclose the breach of regulatory it would mean that the FS are materially misstated.
requirement and it is likely that consequent -Overall materiality is based on the common
imposition of regulatory restrictions will financial information needs of various users as a
significantly impair operating capability group. So, the possible effect of misstatements on
Materiality in Planning and Performing Audit specific users whose needs may vary, is not
-Misstatements, including omissions, are considered
considered to be material if they, individually or in Specific Materiality
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
In some cases, there may be a need to identify
misstatements of lesser amounts than overall
materiality that would affect the decision of users
of FS.
This could relate to sensitive areas such as:
-Particular note disclosures
-Compliance with legislation or certain terms in a
contract
-Transactions upon which bonuses are based.
Performance Materiality
-Is used by the auditor to reduce the risk to an
appropriate low level that the accumulation of
uncorrected and unidentified misstatements
exceed materiality for the FS as a whole (Overall
materiality) or materiality levels established for
particular classes of transactions, account balances
or disclosures (specific materiality)
-Is set at a lower amount(s) than overall or specific
materiality. The objective is to perform more audit
work than would be required by overall or specific
materiality to:
Ensure that misstatements less than overall or
specific materiality are detected, so as to
appropriately reduce the possibility that aggregate
of uncorrected errors are undetected
Provide a margin or buffer for possible undetected
misstatements. This buffer is between detected but
uncorrected misstatements in the FS in the
aggregate or overall or specific materiality
This margin provides some assurance for the
auditor that undetected misstatements, along with
all uncorrected misstatements, will not likely to
accumulate to reach an amount that would cause
the FS to be materially misstated.
Performance materiality is set in relation to overall
materiality or specific materiality.
Ex. A specific performance materiality can be set
at a lower amount that overall materiality for
testing repairs and maintenance expenses, if there
is a higher risk of assets not being capitalized.
Ex. Specific performance materiality may also be
used to perform additional work in areas that may
be sensitive due to the nature of potential
misstatements and their occurrence, rather than
their monetary size.
Ex. Overall Materiality was set at P200,000. Audit
procedures were planned to detect all errors in
excess of P200,000. An error of P80,000 might go
undetected. If three such errors existed totalling
P240,000 and are undetected, the FS would be
materially misstated.
Ex. Overall Materiality was set at P200,000.
If performance materiality was set at P120,000, it
would be more likely that at least one or all of the
P80,000 errors would be detected. Even if only one
of the errors is identified and corrected, the
remaining P160,000 misstatement would still be
less than P200,000 and the FS as a whole would
not be materially misstated.
How To Determine Materiality
-Auditors make a preliminary assessment of
materiality of the FS as a whole by determining the
amount by which they believe the FS
could be misstated without affecting users’
decisions.
-This amount is called “preliminary judgement
about materiality” or “planning materiality”.
- It is a professional judgement that may change
during the engagement if circumstances change.
-If the auditor sets a low planning materiality
amount, then more evidence is required than for a
high amount
-In establishing planning materiality, an auditor
must also consider any potential effect a
misstatement may have which may be greater
than the peso amount involved. A misstatement
which may not be material based on quantitative
factors, but that does not allow a client to meet a
condition in a contractual obligation or
expectations of an FS user may be considered
material.
OTHER CONSIDERATIONS
When accepting new audit engagement, inquire
about the overall materiality used by the previous
auditor. This would help determine whether further
audit procedures may be required on the opening
asset and liability balances.
Ensure that any experts employed by the entity (to
assist the entity in preparing the FS) or used by the
audit team are instructed to use appropriate
materiality level in relation to the work they
perform
Relationship between materiality and audit risk
-when planning the audit, the auditor considers
what would make the FS materially misstated. The
auditor’s assessment of specific materiality helps
the auditor decide which items to examine and
whether to use sampling and analytical
procedures. This enables the auditor to select audit
procedures that can be expected to reduce audit
risk to an acceptably low level.
There is an inverse relationship between
materiality and the level of audit risk. The lower
the audit risk the higher the materiality level. the
higher the audit risk . The lower the materiality
level
The auditor would compensate by:
Reducing the assessed level of control risk, where
this is possible and supporting the reduced level by
carrying out extended or additional tests of control
Reducing detection risk by modifying the nature,
timing and extent of planned substantive
procedures
2.3.4.4
Components of Audit risk:
Risk that the subject matter information is
materially misstated
Inherent Risk – the susceptibility or tendency of a
subject matter information to a material
misstatement, assuming there are no related
controls
Control Risk – the risk that a material misstatement
that could occur will not be prevented, or detected
and corrected, on a timely basis by related internal
controls.
Detection Risk – the risk that the practitioner will
not detect material misstatements that exists.
This is affected by the effectiveness of the
procedures conducted by the auditor to gather
evidence. This risk must be kept low, if the
combined level of inherent risk and control risk are
high. To keep this risk at a low level, the audit
must be more effective and efficient in gathering
audit evidences. This means more quality
evidence, more audit procedures. Keeping this risk
low means lower risk that the practitioner will not
detect misstatements.
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
However, a higher detection risk maybe
acceptable, when the combined level of inherent
and control risk are low. When inherent risk and
control risk are low, it means that there is lower
risk of material misstatement.
Below is a table showing the interrelationship of
the components of audit risk:
Important Note: The italized items refers to the
level of detection risk that must be set in order to
reduce overall audit risk.
Ex. If combined level of inherent and control risk
are very low, (their intersection would be the box
highlighted in yellow) the level of detection risk
can be set at highest, and this would still result to
an acceptably low audit risk.
Based on the table above, for example, if the
client’s combined level of inherent risk and control
risk are high, audit risk is potentially high, unless
the detection risk is reduced. Therefore the
detection risk must reduced to low so that audit
risk will be at an acceptable level. If detection risk
is to be reduced, it means that the auditor must
reduce the risk that he will fail to detect material
misstatements. In order to reduce detection risk to
a low level, the auditor must set lower materiality
levels in order to have higher chances of detecting
material misstatements. This also means
increasing the extent of substantive testing.
If audit risk is potentially high due to higher risk of
misstatements (IR and CR), then materiality level
should be lower. If audit risk is potentially low due
to lower risk of misstatements (IR and CR), then
materiality level can be higher.
2.3.4.1.5
PHASE I-B PLANNING THE AUDIT TO DEVELOP AND
OVERALL AUDIT STRATEGY AND AUDIT PLAN
Once the client has been obtained and the
engagement letter signed by both parties (auditor
and client), the planning process intensifies as the
auditors concentrate their efforts in obtaining a
detailed understanding of the client’s business in
developing an overall audit strategy and assess
the risks of material misstatement of the financial
statement.
PSA 300 “Planning an Audit of Financial
Statements
-establishes standards and provides guidance on
the considerations and activities applicable to
planning an audit of financial statements. It states
that the auditor should plan the audit so that the
engagement will be performed in an effective
manner.
The auditor-in-charge must develop a plan of
action to organize, coordinate and schedule
activities of the audit staff. The audit plan is
normally drafted before starting the work at the
client’s offices.
Nature and Scope of Audit Planning
Audit Planning
involves the establishment of the overall strategy
for the engagement and developing an audit plan,
in order to reduce the audit risk to an acceptably
low level.
Involves the engagement partner and other key
members of the engagement team continuous and
iterative process
-begins shortly after or in connection with the
completion of the previous audit and continues
until the completion of the current audit
engagement.
-includes consideration of timing of certain
activities and audit procedures that need to be
completed prior to the performance of further audit
procedures
The nature, extent and timing will vary, depending
on:
-The size and complexity of the entity
-The auditor’s previous experience with the entity
-Changes in circumstances that might occur during
the audit engagement
Considerations:
-analytical procedures to be applied as risk
assessment procedures
-obtain general understanding of legal and
regulatory framework applicable to the entity and
how the entity complies
-determination of materiality
-the involvement of experts
-performance of other risk assessment procedures
The auditor may discuss elements of planning with
the client’s management to facilitate the conduct
and management of the audit
engagement. Overall audit strategy and audit plan
remain the auditor’s responsibility.
Ex. Coordinating some of the planned audit
procedures with the work of the client’s personnel.
However, nature and timing of detailed audit
procedures should not be discussed with
management in order to maintain the effectiveness
through element of unpredictability.
Benefits Of Audit Planning
-Helps ensure that appropriate attention is devoted
to important areas of the audit
-Aids in identifying potential problems and
resolving them on a timely basis
-Helps ensure that the audit is properly organized,
managed and performed in an effective and
efficient manner
-Assists in the proper assignment and review of the
work of the engagement team members
-Helps coordinate the work to be done by auditors
of components and other parties involved such as
experts, specialists, etc
Overall Audit Strategy
PSA 300 requires that the auditor establishes the
overall strategy for the audit. This overall strategy
sets the scope, timing and direction of the audit
and guides the development of more detailed audit
plan.
Process of establishing audit strategy:
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
Identifying the characteristics of the engagement
that define its scope Example 1. Financial reporting
framework
Industry-specific reporting requirements
Locations of the components of the entity
Ascertaining the reporting objectives of the
engagement to plan the timing of the audit and the
nature of the communication required such as:
Deadlines for interim and final reporting.
Key dates and organization of meetings with
management and those charged with governance
to discuss the nature and extent of audit work.
Discussion with management regarding the
expected communication on the status of audit
work throughout the engagement.
Considering the important factors that will
determine the focus and direction of the
engagement team efforts, such as:
Determination of appropriate materiality levels
Preliminary identification of areas where there
maybe higher risk of material misstatement
preliminary identification of material components
and account balances
Evaluation of whether the auditor may plan to
obtain evidence regarding the effectiveness of
internal control
Identification of recent significant entity-specific,
industry, financial reporting or other relevant
developments
Considering the results of preliminary engagement
activities and where applicable, whether
knowledge gained on other engagements
performed by the engagement partner is relevant
and
Ascertaining the nature, timing and extent of
resources necessary to perform the engagement
Benefits Of Developing Overall Audit Strategy
-Assists the auditor to determine the ff, subject to
completion of the auditor’s risk assessment
procedures:
The resources to deploy for specific audit areas ,
such as the use of appropriately experienced team
members for high risk areas or the involvement of
experts on complex matters
-The amount of resources to allocate to specific
audit areas such as the number of team members
assigned to observe the inventory count at
material locations, the extent of review of other
auditor’s work in the case of group audits, or the
audit budget in hours to allocate to high risk areas.
-When these resources are to be deployed, such as
whether at an interim audit stage or at key cut-off
dates
-How such resources are managed, directed, and
supervised, such as when team briefing and
debriefing meetings are expected to be held, how
engagement partner and manager reviews are
expected to take place (onsite or offsite), and
whether to complete engagement quality control
reviews
AUDIT PLAN
The auditor shall develop an audit plan that shall
include a description of:
The nature, timing and extent of planned risk
assessment procedures, as determined under PSA
315, “Identifying and Assessing the
Risks of Material Misstatement Through
Understanding the Entity and Its Environment.”
The nature, timing and extent of planned further
audit procedures at the assertion level, as
determined under PSA 330, “The Auditor’s
Responses to Assessed Risks.”
Other planned audit procedures that are required
to be carried out so that the engagement complies
with PSAs
-The auditor shall
Update and change the overall audit strategy and
the audit plan as necessary during the audit
Plan the nature, timing and extent of direction and
supervision of engagement team members and the
review of their work
Document the overall audit strategy, audit plan
and any significant changes made to both and the
reasons for the changes
Undertake the ff. activities prior to starting an
initial audit.
Perform procedures required by PSA 220 regarding
acceptance of the client relationship and the
specific audit engagement
Communicate with previous auditor, where there
has been change of auditors, in compliance with
relevant ethical requirements
AUDIT PROGRAM
A set of audit procedures specifically designed for
each audit.
Includes both substantive and tests of controls
The audit program serves as a set of instructions to
assistants involved in the audit and as a means to
control and record the proper execution of the
work
May also contain the audit objectives for each area
and a time budget in which hours are budgeted for
the various audit areas or procedures
Additional considerations in Initial Audit
Engagements
The Auditor should consider the ff. in developing
the overall audit strategy and audit plan:
Arrangements made with the previous auditor
(unless prohibited by law or regulation) Ex. Review
of previous auditor’s working papers.
Any major issues (including application of
accounting principles or auditing and reporting
standards) discussed with management in
connection with initial selection as auditors, the
communication of such matters to those charged
with governance and how these matters affect the
overall audit strategy and audit plan
The planned audit procedures to obtain sufficient
appropriate audit evidence regarding opening
balances (PSA 510 “Initial
Engagements-Opening Balances)
Other procedures required by the firm’s system of
quality control for initial audit engagements
Changes to Planning Decisions During the Course
of the Audit
- The auditor may need to modify the overall audit
strategy and audit plan, due to unexpected events,
changes in conditions or audit evidence obtained.
This would result to changes in the planned nature,
timing and extent of further audit procedures.
Ex. The auditor may obtain audit evidence through
substantive procedures that contradicts the audit
evidence obtained with respect to testing of the
operating effectiveness of controls.
The auditor then re-evaluates the planned audit
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
procedures, based on the revised consideration of
assessed risks at the assertion level for all or some
classes of transactions, account balances or
disclosures
For smaller entities:
-If the engagement partner is a sole practitioner,
there is no question as to direction, supervision,
and review
When using professional judgement or when
complex or unusual problems arise, and the audit
is performed by the sole practitioner, it
is desirable to plan to consult with other suitably
experienced auditor’s or the auditor’s professional
body.
Documentation
The auditor should document the overall audit
strategy and the audit plan, including any changes
and the reasons for the changes
Documentation records the key decisions
considered necessary to properly plan the audit
and to communicate significant matters to the
engagement team.
The auditor may summarize the overall audit
strategy in the form of a memorandum that
contains the key decisions regarding overall scope,
timing and conduct of the audit
Is sufficient to demonstrate the planned nature,
timing and extent of risk assessment procedures,
and further audit procedures at the assertion level
for each material class of transactions, account
balances and disclosure in response to the
assessed risks.
-The auditor may use standard audit programs or
audit completion checklists, that should be tailored
fit to reflect the particular engagement
Additional considerations in Initial Audit
Engagements
The Auditor should:
Perform procedures regarding the acceptance of
the client relationship and the specific audit
engagement (PSA 220)
Communicate with the previous auditor, where
there has been a change of auditors, in compliance
with relevant ethical requirements
The Auditor should consider the ff. in developing
the overall audit strategy and audit plan:
Arrangements made with the previous auditor
(unless prohibited by law or regulation) Ex. Review
of previous auditor’s working papers.
Any major issues (including application of
accounting principles or auditing and reporting
standards) discussed with management in
connection with initial selection as auditors, the
communication of such matters to those charged
with governance and how these matters affect the
overall audit strategy and audit plan
The planned audit procedures to obtain sufficient
appropriate audit evidence regarding opening
balances (PSA 510 “Initial
Engagements-Opening Balances)
The assignment of firm personnel with appropriate
levels of capabilities and competence to respond to
anticipated significant risks
Other procedures required by the firm’s system of
quality control for initial audit engagements
Discussion of Other Critical Matters in Engagement
Planning
Application of Analytical Procedures in Planning
the Audit
When used for planning, analytical procedures
assist the auditors in planning the nature, timing
and extent of audit procedures that will be used for
specific accounts or transactions.
This approach used is obtaining an understanding
of the client’s business and transactions and
identifying areas that may represent higher risks
By identifying existence of unusual transactions
and events, amount ratios and trends, matters that
might affect the FS and audit planning, can be
brought to light.
Relevant non-financial information (number of
employees, area of selling space, volume of
production) may also contribute to the
accomplishment of the purpose of analytical
procedures
The auditors may then plan a more thorough
investigation of the potential problem areas and
perform a more effective audit.
PSA 520 requires that auditors perform analytical
procedures for every audit
Establishment of an Engagement or Audit Team
The team usually consists of engagement partner,
a manager, at least one senior, and one or more
staff auditors. The number of people assigned will
depend on:
Size and complexity of the audit
Availability and experience of personnel
Need for special expertise
Opportunity to train people
Continuity and rotation of personnel
An engagement involving an entity in a regulated
industry such as banking, also requires that the
major members of the audit team have necessary
knowledge and experience in that industry.
Considerations of Work Performed by Other
Auditors/Parties
In deciding to become the principal auditor, the
auditor must consider the ff:
Materiality of the portion of the FS which the
principal auditor audits
Principal auditor’s degree of knowledge regarding
the business of the components
Risk of material misstatement in the FS of the
components audited by the other auditor
Performance of additional procedures regarding
the components audited by the other auditor,
resulting in the principal auditor having significant
participation in such audit
Predecessor Auditor
Communication with the previous auditors can
provide the successor auditor with background
information about the client, details
about the client’s system of internal control, and
evidence as to account balances at the beginning
of the year under audit
-The successor auditor should first obtain client’s
consent or permission before making inquiries with
predecessor auditors
Other CPA
-Subsidiaries or divisions of large companies
located in different parts of the country or the
world, may have different auditors. Principal
auditor is the one with responsibility for reporting
on the FS of an entity when those FS include
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
financial information of one or more components
audited by another auditor.
-Other auditor means an auditor, other than the
principal, with responsibility for reporting on the
financial information of a component which is
included in the FS audited by the principal auditor.
Other auditors include affiliated firms, whether
using the same name or not, correspondents as
well as unrelated auditors.
Component means a division, branch, subsidiary,
joint venture, associated company or other entity
whose financial information is included in the FS
audited by the principal auditor
PSA 600 “Using the Work of Another Auditor”
establishes standards and provides guidance when
an auditor uses the work of another auditor on the
financial information of one or more components
included in the FS of the entity.
Specialists – bring unique knowledge and
judgement in a field other than accounting and
auditing. Effective planning involves arranging for
appropriate use of specialists inside and outside
the client organization
Ex. An auditor might need to have:
An art appraiser to put values on works of art.
A mineralogist to determine the physical
characteristics of mineral reserves
An actuary to provide data on a group’s life
expectancy
Use of Client’s Staff
Client’s staff, including internal auditors can help
prepare for the audit
Client’s staff should have the accounting records
up-to-date when the auditors arrive.
-Client’s staff may also prepare some of the
working papers for the auditors. This would help
reduce audit cost and freeing auditors from routine
work. Working papers prepared by client staff
should be labelled as such, subject also to review
and testing by the auditors.
Tasks that may be prepared by client’s staff:
Preparation of trial balance based on the general
ledger
Preparation of Aging of Accounts Receivable
Analyses of Accounts Receivable Written-off
Lists of Property Additions and retirements during
the year (PPE lapsing schedule)
Analyses of revenue and expense accounts.
Internal Auditors – affects the audit in two ways.
First, to enhance internal control.
Second, by assisting independent auditors in
performing specific audit procedures such as
observing client personnel during inventory count
Ex. If the internal auditors determined that bank
reconciliations were properly prepared and all cash
receipts were deposited, the entity’s
controls would enhance the reliability of the
accounting records. This would reduce the extent
of substantive testing by the auditor. Before
reducing the extent of testing for specific
assertions because of work performed by the
internal auditors , the ff. should be considered:
Materiality of the amount
Risk of misstatement
Degree of subjectivity involved in evaluating audit
evidence
As the above factors increase, the lesser is the
reliance on the internal auditor’s work.
Assessment of Going Concern Assumption
PSA 570 requires auditors to evaluate whether
substantial doubt exists about an entity’s ability to
continue as a going concern, based on procedures
planned and performed to obtain evidence about
the management assertions in the FS.
When information obtained raises substantial
doubt about the entity’s ability to continue in
operation for a year following the date of the FS
being audited, the auditor should add a paragraph
calling attention to the fact that the statements
have been prepared assuming the entity will
continue as a going concern. If disclosures are
adequate, the auditor may issue unqualified
opinion.
Examples of events or conditions that may raise
significant doubt as to the going concern of an
entity:
Financial
Net liability or Net current liability position (A<L)
Fixed-term borrowings approaching maturity
without realistic prospects of renewal or repayment
Excessive reliance on short-term borrowings to
finance long-term assets
Indications of withdrawal of financial support by
debtors and other creditors Negative operating
cash flows indicated by historical or prospective FS
Adverse key financial ratios (Current ratio, Debt
and Equity Ratio, etc)
Substantial operating losses or significant
deterioration in the value of assets used to
generate cash flows Arrears or discontinuance of
dividends
Inability to pay creditors on due dates
Inability to comply with the terms of loan
agreement
Change from credit to cash-on-delivery
transactions with suppliers
Inability to obtain financing for essential new
product developments or other essential
investments
Operating
Loss of key management without replacement
Loss of a major market, franchise, license, or
principal supplier Labor difficulties or shortages of
important supplies
Other
Non-compliance with capital or other statutory
requirements
Pending legal or regulatory proceedings against
the entity that may result in claims that are
unlikely to be satisfied Changes in legislation or
government policy expected to adversely affect
the entity
Identification of Related Parties
-Transactions with related parties are to be
disclosed in the FS if material.
-GAAP requires disclosure of the nature of related
party relationship, description of the transaction,
peso amounts and amounts due from and to
related parties.
-Most auditors assess inherent risk as high for
related parties and transactions, because of
accounting disclosure requirement and lack of
independence between the parties involved
Related Party-an affiliated company, a principal
owner of the client company, or any other party
with which the client deals where one of the
parties can influence management or operating
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
policies of the other.
Related party transaction-any transaction between
the client and a related party Example. 1. Sales or
purchase transactions between a parent company
and its subsidiary
Exchange of equipment between two companies
owned by the same person
Loans to officers
Exercise of significant management influence on
an audit client by its most important customer
It is important that all related parties be identified
and included in the permanent files early in the
engagement.
Common ways of identifying related parties include
inquiry of management, review of SEC filings, and
examination of stockholder listings to identify
principal stockholders
Client’s Legal Obligations
Current information that the auditor’s should
review:
Minutes of directors’ and stockholders’ meetings
Changes to articles of incorporation or by-laws
Significant contracts executed during the year
Auditor should be alert to:
Major contracts or agreements, including merger
and acquisition agreements, debt agreements,
compensation agreements and asset purchase
agreements
Information about current situations and future
business plans
Authorization of dividends
For new clients, the auditors should read the
articles of incorporation and by-laws since the
inception of the entity, as well as changes to them
and make summaries for the permanent file.
The auditor should also read all contracts having
an impact on the current year.
Completion of the Initial Audit Program
Audit Program
– a set of audit procedures specifically designed for
each audit.
- Includes both substantive and tests of controls
-The audit program serves as a set of instructions
to assistants involved in the audit and as a means
to control and record the proper execution of the
work
-May also contain the audit objectives for each
area and a time budget in which hours are
budgeted for the various audit areas or procedures
The auditor should develop and document an audit
program setting out the nature, timing and extent
of planned audit procedures required to implement
the overall audit plan
The auditor determines the procedures to test the
assertions embodied in the FS. Ex. To test the
existence of sales:
The auditor takes samples of entries in the sales
journal, compare data against approved customer
order, sales order and shipping document and
sales invoice.
Confirm a sample of accounts receivable year-end
On initial engagements, the audit program
develops in three stages:
The broad phase of the program can be outlined at
the time of engagement
Other details of the program can be identified after
the review of internal control structure and
accounting procedures has begun and
Procedures on specific phases of the audit can be
further challenged and revised as the work
progresses.
On recurring engagements, the program for the
preceding audit should be studied before preparing
the program for the current audit. Current program
should reflect modifications required by experience
gained in the business, internal control or
accounting methods of the client
Preparation of a Time Budget
Time budget
– is an estimate of the total hours an audit is
expected to take.
Based on the information obtained in
understanding the client
Also serves as the basis for estimating fees.
An important tool to communicate to the audit staff
those areas that are critical and requires more
time.
Used to measure the efficiency of staff
Determine each stage of the engagement, whether
the work is progressing at a satisfactory rate
Considers the ff. factors:
The client’s size as dictated by gross assets, sales,
number of employees
Location of client facilities
Anticipated accounting and auditing problems
Competence and experience of staff available
The total time must be allocated by the
preparation of work schedules, indicating who is to
do what and how long it should take. Total hours
are budgeted by major categories and may be
scheduled on a weekly basis
For repeat engagements, development of time
budgets is facilitated by referring to the preceding
year’s detailed time records
Managing time is an important consideration
because billing is often based on the amount of
time charged to the engagement. The most costly
element is the auditor’s time. Time budgets can
motivate staff to perform efficiently, and personnel
are evaluated on their ability to complete
assignments within the allotted time.
Special Considerations:
Too much emphasis on time management may
lower the quality of the audit.
Staff may underreport time spent on the audit
procedure in order to make an impression that
they finished the work on time or even ahead of
time.
Underreporting may:
Cause the firm to lose revenue it is entitled to.
Creates unrealistic basis for the following year’s
time budget
May cause staff burnout, if they work additional
hours, without being compensated
Assignment of Personnel to the Engagement
On larger engagements, there are likely to be one
or more partners and staff at several experience
levels doing the audit. Specialists in technical
areas such as statistical sampling and computer
auditing may be assigned.
On smaller audits, there may be only one or two
staff members
Major considerations:
Need for continuity from year to year. Continuity
helps the CPA firm maintain familiarity with the
2.0 The Risk-based Financial Statements Audit -Client Acceptance, Audit Planning, Supervision and Monitoring
technical requirements and closer interpersonal Conditions that may require changes in audit tests.
relations with client personnel.
Persons assigned must be familiar with the client’s 2.4 Direction, Supervision and Review
industry The nature, timing and extent, depends on many
Professional competence of assistants performing factors:
work delegated to them, when deciding the extent Size and complexity of the entity
of direction, supervision and review appropriate for Area of the audit
each assistant The assessed risks of material misstatements and
any changes
Scheduling of Work The capabilities and competence of the individual
Audit work that can be performed during the team members performing the audit work.
interim period includes:
Consideration of internal control
Issuance of management letter
Substantive tests of transactions that have
occurred to the interim date.
Interim tests of certain FS balances, such as
Equity. However the auditor must perform
additional tests of the accounts during the
remaining period between the time that the
interim test was performed and the date of the
statement of financial position Advantages of
performing audit during interim period:
Auditors may assess internal control more
effectively by observing and testing controls at
various times throughout the year
Auditors can give early consideration for
accounting problems
Creates a more uniform workload for CPA firms
For large clients, the auditors may have office
space within the client’s building and perform
auditing procedures throughout the entire
year.
Considerations for performing substantive tests
scheduled near and after the year-end date:
Deadline for submitting final audit report and filing
of income tax returns
Ability of the client’s staff to submit required
schedules
Other audit clients

DOCUMENTATION OF AUDIT PLAN AND AUDIT

PROGRAM
The auditor should develop and document an audit
program setting out the nature, timing and extent
of planned audit procedures required to implement
the overall audit plan.
Documentation of the planning process is done
through the preparation of working papers
showing:
Audit plans
Audit programs
Time budget
Documentation required for audit plans:
Description of the client company – its structure,
nature of business and organization
Audit objectives (if it is for stockholders, creditors
or a special purpose audit)
Description of the nature and extent of other
services such as preparation of tax returns, etc
Timetable of the audit work
Work to be done by the client’s employer
Assignment of audit staff
Target completion dates of the major segments of
the engagement
Preliminary evaluation and judgement about
materiality level for the engagement
Any special problems to be resolved during
engagement particularly those revealed by
analytical procedures