Anda di halaman 1dari 49

CPA REVIEW SCHOOL OF THE PHILIPPINES

Manila

AUDITING THEORY CPA REVIEW

 PREFACE TO PHILIPPINE STANDARDS ON QUALITY CONTROL, AUDITING, REVIEW, OTHER


ASSURANCE AND RELATED SERVICES
 PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS
 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS
(PSA 200 [Amended as a result of PSA 700 (Revised)])

The Authority Attaching to Philippine Standards Issued by the AASC


STANDARDS APPLICATION
1. Philippine Standards on Auditing  Audit of historical financial information
(PSAs)
2. Philippine Standards on Review  Review of historical financial
Engagements (PSREs) information
3. Philippine Standards on Assurance  Assurance engagements dealing with
Engagements (PSAEs) subject matters other than historical
financial information
4. Philippine Standards on Related  Compilation engagements
Services (PSRSs)  Engagements to apply agreed-upon
procedures to information
 Other related services engagements as
specified by the AASC

1. PSAs, PSREs, PSAEs and PSRSs are collectively referred to as the AASC’s Engagement Standards.
2. Philippine standards on Quality Control (PSQC) are to be applied for all services falling under the
AASC’s engagement standards.
3. Philippine Standards are applicable to engagements in the Public sector.

The Authority Attaching to Practice Statements Issued by the AASC


1. Philippine Practice Statements are issued to:
 Provide interpretive guidance and practical assistance o professional accountants in
implementing Philippine Standards; and
 Promote good practice
2. Professional accountants should be aware of and consider Practice Statements applicable to the
engagement.
3. A professional accountant who does not consider and apply the guidance included in a relevant
Practice Statements should be prepared to explain how the basic principles and essential procedures in
the AASC’s Engagement Standard(s) addressed by the Practice Statement have been complied with.

PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS


1. The Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements.
2. In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who perform assurance
engagements are governed by:
 The Philippine Code of Ethics for Professional Accountants; and
 Philippine Standards on Quality Control (PSQCs)

ASSURANCE ENGAGEMENTS
1. “Assurance engagement” means an agreement in which a particular expresses a conclusion designed
to enhance the degree of confidence of the intended users other than the responsible party about the
outcome of the evaluation or measurement of a subject matter against criteria.
2. “Subject matter information” refers to the outcome of the evaluation or measurement of a subject
matter.
3. In some assurance engagements, the evaluation or measurement of the subject I performed by the
responsible party, and the subject matter information is in the form of an assertion by the responsible
party that is made available to intended users (assertion-based engagements).
4. In other assurance engagements, the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that has
performed the evaluation or measurement that is not available to the intended users in the assurance
report (direct reporting engagements)

1
TWO TYPES OF ASSURANCE ENGAGEMENT
1. Reasonable assurance engagement – the objective is a reduction in assurance engagement risk to an
acceptably low level in the circumstances of the engagement as the basis for a positive form of
expression of the practitioner’s conclusion.
2. Limited assurance engagement – the objective is a reduction in assurance engagement risk to a level
that is acceptable in the circumstances of the engagement, but where the risk is greater than for a
reasonable assurance engagement, as a basis for a negative form of expression of the practitioner’s
conclusion.

SCOPE OF THE FRAMEWORK


The following are non-assurance engagements and therefore are not covered by the Framework:
1. Engagements covered by the PSRSs such as agreed-upon procedures engagements and compilations
of financial or other information.
2. The preparation of tax returns where no conclusion conveying assurance is expressed.
3. Consulting (or advisory) engagements, such as management and tax consulting.
ELEMENTS OF AN ASSUARANCE ENGAGEMENT
1. A three-party relationship involving:
 A practitioner;
 A responsible party; and
 Intended users.
2. An appropriate subject matter;
3. Suitable criteria;
4. Sufficient appropriate evidence; and
5. A written assurance report in the form appropriate to a reasonable assurance engagement or a limited
assurance engagement.

OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS


1. The OBJECTIVE of an audit of financial statements is to enable the auditor to express an opinion
whether the financial statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework.
2. The auditor should comply with relevant ethical requirements relating to audit engagements.
3. The auditor should conduct the audit in accordance with PSAs.
4. “Scope of an audit” refers to the audit procedures that, in the auditor’s judgment and based on PSAs,
are deemed appropriate in the circumstances to achieve the objective of the audit.
5. The auditor should plan and perform an audit with an attitude of PROFESSIONAL SKEPTICISM
recognizing that circumstances may exist that cause the financial statements to be materially misstated.
6. In forming the audit opinion, the auditor obtains sufficient appropriate evidence to be able to draw
conclusions on which to base that opinion.
7. The auditor’s opinion enhances the credibility of financial statements by providing a high, but not
absolute, level of assurance.
8. Absolute assurance in auditing is not attainable as a result of such factors as:
 The need for judgment;
 The use of testing;
 The inherent limitations of any accounting and internal control systems; and
 The fact that most of the evidence available to the auditor is persuasive, rather than conclusive,
in nature.
9. While the auditor is responsible for forming and expressing an opinion on the financial statements, the
responsibility for the preparation and presentation of the financial statements in accordance with the
applicable financial reporting framework is that of the entity’s MANAGEMENT, with oversight from
those charged with governance.
ENGAGEMENTS TO REVIEW FINANCIAL STATEMENTS
1. The objective of a review of financial statements is to enable a practitioner to state whether, on the
basis of procedures which do not provide all the evidence that would be require in an audit, anything
has come to the practitioner’s attention that causes the practitioner to believe that the financial
statements are not prepared, in all material respects, in accordance with an identified financial reporting
framework (negative assurance)
2. A review comprises INQUIRY and ANALYTICAL PROCEDURES which are designed to review the
reliability of an assertion that is the responsibility of one party for use by another party.
3. A review does not ordinarily involve an assessment of accounting and internal control systems, tests of
records and of responses to inquiries by obtaining corroborating evidence through inspection,
observation, confirmation and computation, which are procedures ordinarily performed during an audit.
4. The level of assurance provided in a review report is less that that given in an audit report.
ENGAGEMENTS TO PERFORM AGREED-UPON PROCEDURES REGARDING FINANCIAL
INFORMATION
1. In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those
procedures of an audit nature to which the auditor and the entity and any appropriate third parties have
agreed and to report on FACTUAL FINDINGS.
2. The recipients of the report must form their own conclusion from the report of the auditor.
3. The report is restricted to those parties that have agreed to the procedures to be performed since
others, unaware of the reasons for the procedures, may misinterpret the results.
ENGAGEMENTS TO COMPILE FINANCIAL INFORMATION

2
1. In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to
auditing expertise to collect, classify, and summarized financial information.
2. It ordinarily entails reducing detailed data to manageable and understandable form without a
requirement to test the assertions underlying that information.
3. The procedures performed are not designed and do not enable the accountant to express any
assurance on the financial information.
4. Users of compiled financial information derived some benefit as a result of the accountant’s
involvement because the service has been performed with due professional skill and care.

SUMMARY
Nature of Audit Review Agreed-upon Compilation
service Procedures
Level of High, but not Moderate No assurance No assurance
Assurance absolute assurance
Provided assurance
Report provided Positive Negative Factual findings Identification of
assurance on assurance on of procedures information
assertion(s) assertion(s) compiled
(Audit Report) (Review Report) (Compilation
Report)

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW

 PSQC1 QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF
HISTORICAL FINANCIAL INFORMATION, AND OTHER ASSURANCE AND RELATED
SERVICES
 PSA 220 (REVISED)
QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL INFORMATION
 PSA 210 [AMENDED BY PSA 700(REVISED)]
TERMS OF AUDIT ENGAGEMENTS

PSQC 1
1. The firm should establish a System of Quality Control to provide it with reasonable assurance that:
a. The firm and its personnel comply with professional standards and regulatory and legal
requirements; and
b. The reports issued by the firm or engagement partners are appropriate in the
circumstances.
2. Elements of a System of Quality Control
a. Leadership responsibility for quality within the firm
b. Ethical requirements
c. Acceptance and continuance of client relationships and specific engagements.
d. Human resources
e. Engagement performance
f. Monitoring

PSA 220 (Revised)


1. The engagement team should implement quality control procedures that are applicable to the individual
audit engagement.
2. The engagement partner should
a. Take responsibility for the overall quality on each audit engagement to which that partner is
assigned.
b. Consider whether members of the engagement team have complied with ethical
requirements.
c. Be satisfied that appropriate procedures regarding the acceptance and continuance of client
relationships and specific audit engagements have been followed, and that conclusions
reached in this regard are appropriate and have been documented.
d. Be satisfied that the engagement team collectively has the appropriate capabilities,
competence and time to perform the audit engagement in accordance with professional
standards and regulatory and legal requirements, and to enable an auditor’s report that is
appropriate in the circumstances to be issued.
e. Take responsibility for the direction, supervision and performance of the audit engagement
in compliance with professional standards and regulatory and legal requirements, and for
the auditor’s report that is issued to be appropriate n he circumstances.
f. Be satisfied that sufficient appropriate audit evidence has been obtained to support the
conclusions reached and for the auditor’s report to be issued.

PSA 210 [AMENDED BY THE PSA 700 (REVISED)]


3
1. The purpose of this standard is to establish standards and provide guidelines on:
a. Agreeing the terms of the engagement with the client; and
b. The auditor’s response to a request by a client to change the terms of an engagement to
one that provides a lower level of assurance.
2. Audit Engagement Letters

 It is in the interest of both client and auditor that the auditor sends an engagement letter,
preferably before the commencement of the engagement, to help in avoiding misunderstandings with
respect to the engagement.

 Principal Contents
An engagement letter would generally include reference to:
 The objective of the audit of financial statements.
 Management’s responsibility for the financial statements.
 The financial reporting framework adopted by management in preparing
the financial statements.
 The scope of the audit, including reference to applicable legislation,
regulations or pronouncements of professional bodies to which the
auditor adheres.
 The form of any reports or other communication of results of the
engagement.
 The fact that because of the test nature and other inherent limitations of
an audit, together with the inherent limitations of any accounting and
internal controls system, there is an unavoidable risk that even some
material misstatement may remain undiscovered.
 Unrestricted access to whatever records, documentation and other
information requested in connection with the audit.
3. Acceptance of a Change in Engagement
1. An auditor who, before the completion of the engagement, is requested to change the
engagement tone which provides a lower level of assurance, should consider the
appropriateness of doing so.
2. A request from the client for the auditor to change the engagement may result from:
a. A change in circumstances affecting the need for the service;
b. A misunderstanding as to the nature of an audit or related service originally
requested; or
c. A restriction on the scope of the engagement, whether imposed by management or
caused by circumstances.
(NOTE: A or B would ordinarily be a reasonable basis for requesting a change
in the engagement)
3. A change would not be considered reasonable if it appeared that the change relates to
information that is incorrect, incomplete or otherwise unsatisfactory.
4. Before agreeing to change an audit engagement to a related service, an auditor would also
consider any legal or contractual implications of the change.
5. If the auditor concludes that there is reasonable justification to change the engagement and
if the audit work performed complies with the PSAs applicable to the change engagement,
the report issued would be that appropriate for the revised terms of the engagement.
6. In order to avoid confusing the reader, the report would not include reference to:
a. The original engagement; or
b. Any procedures that may have been performed by the original engagement, except
where the engagement is changed to undertake agreed-upon procedures.
7. Where the terms of the engagement are changed, the auditor and the client should agree in
the new terms.
8. The auditor should not agree to a change of engagement where there is no reasonable
justification for doing so.
9. If the auditor is unable to agree to a change of engagement and is not permitted to continue
the original engagement, the auditor should withdraw and consider whether there is any
obligation, contractual or otherwise, to report to other parties, such as the board of directors
or shareholders, the circumstances necessitating the withdrawal.

CPA REVIEW SCHOOL OF THE PHILIPPINES

4
Manila

AUDITING THEORY CPA REVIEW

 PSA 300 (Rev.) PLANNING AN AUDIT OF FINANCIAL STATEMENTS


 PSA 315 UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING
THE RISKS OF MATERIAL MISTATEMENT

PSA 300 (Rev.)


PLANNING AN AUDIT OF FINANCIAL STATEMENTS

1. Planning an audit involves:


 establishing the overall audit strategy for the engagement and
 developing an audit plan,
 in order to reduce audit risk to an acceptably low level.

Preliminary Engagement Activities

2. The auditor should perform the following activities at the beginning of the current audit engagement:
 Perform procedures regarding the continuance of the client relationship and the specific audit
engagement.
 Evaluate compliance with ethical requirements, including independence.
 Establish an understanding of the terms of the engagement.

Planning Activities

3. The auditor should establish the overall audit strategy for the audit. The overall audit strategy sets the
scope, timing and direction of the audit, and guides the development of the more detailed audit plan

4. The establishment of the overall audit strategy involves:


a.) Determining the characteristics of the engagement that define its scope;
b.) Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature
of the communication required; and
c.) Considering the important factors that will determine the focus of the engagement team’s efforts.

5. The auditor should develop an audit plan for the audit in order to reduce audit risk to an acceptably low
level.
6. The audit plan is more detailed than the overall audit strategy and includes the nature, timing and extent of
audit procedures to be performed by engagement team members in order to obtain sufficient appropriate
audit evidence to reduce audit risk to an acceptably low level.

7. The audit plan includes:


 A description of the nature, timing and extent of planned risk assessment procedures sufficient to
assess the risks of material misstatement as determined under PSA 315, “Understanding the Entity
and its Environment and Assessing the Risks of Material Misstatement.”;
 A description of the nature, timing and extent of planned further audit procedures at the assertion level
for each material class of transactions, account balance, and disclosure, as determined under PSA
330, “The Auditor’s Procedures in Response to Assessed Risks,”; and
 Such other procedures required to be carried out for the engagement in order to comply with PSAs

Changes to Planning Decisions during the Course of the Audit

The overall audit strategy and the audit plan should be updated and changed as necessary during the course
of the audit.

Direction, Supervision and Review

1. The auditor should plan the nature, timing and extent of direction and supervision of engagement team
members and review their work.

2. The nature, timing and extent of the direction and supervision of engagement team members and review
of their work vary depending on many factors, including:

 The size and complexity of the entity;


 The area of audit;
 The risks of material misstatement; and
 The capabilities and competence of personnel performing the audit work.

5
3. The auditor plans the nature, timing and extent of direction and supervision of engagement team members
based on the assessed risk of material misstatement.

Documentation

The auditor should document the overall audit strategy and the audit plan, including any significant changes
made during the audit engagement.

Communications with Those Charged with Governance and Management

1. The auditor may discuss elements of planning with those charged with governance and the entity’s
management.

2. Discussions with those charged with governance ordinarily include the overall audit strategy and timing of
the audit, including any limitations thereon, or any additional requirements.

3. When discussion of matters included in the overall audit strategy or audit plan occur, care is required in
order not to compromise the effectiveness of the audit.

Additional Considerations in Initial Audit Engagements

The auditor should perform the following activities prior to starting an initial audit:

1. Perform procedures regarding the acceptance of the client relationship and the specific audit engagement.

2. Communicate with the previous auditor, where there has been a change of auditors, in compliance with
relevant ethical requirements.

PSA 315
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF MATERIAL
MISSTATEMENT

1. The auditor should obtain an understanding of the entity and its environment, including its internal control,
sufficient to identify and assess the risks of material misstatement of the financial statements whether due
to fraud or error, and sufficient to design and perform further audit procedures.

2. The auditor should perform the following risk assessment procedures to obtain an understanding of the
entity and its environment, including its internal control:

a.) Industry, regulatory, and other external factors, including the applicable financial reporting framework.
b.) Nature of the entity, including the entity’s selection and application of accounting policies.
c.) Objectives and strategies and the related business risks that may result in a material misstatement of
the financial statements.
d.) Measurement and review of the entity’s financial performance.
e.) Internal control.
INTERNAL CONTROL

1. Internal control is the process designed and effected by those charged with governance, management,
and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with
regard to:
 Reliability of financial reporting;
 Effectiveness and efficiency of operations; and
 Compliance with applicable laws and regulations.

2. The auditor uses the understanding of internal control to:


 Identify types of potential misstatements;
 Consider factors that affect the risks of material misstatement; and
 Design the nature, timing and extent of further audit procedures.

3. Internal control consists of the following components:

1.) The control environment.


2.) The entity’s risk assessment process.
3.) The information system, including the related business processes, relevant to financial reporting, and
communication.
4.) Control activities.
5.) Monitoring of controls.

The control environment includes the governance and management functions and the attitudes,
awareness, and actions of those charged with governance and management concerning the entity’s
internal control and its importance in the entity.

6
Elements of control environment:
a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Management’s philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.

The auditor should obtain an understanding of the entity’s risk assessment process, i.e., the entity’
process for identifying business risks relevant to financial reporting objectives and deciding about actions
to address those risks, and the results thereof.

The auditor should obtain an understanding of the information system, including the related business
processes, relevant to financial reporting, including the following areas:

 The classes of transactions in the entity’s operations that is significant to the financial statements.

 The procedures, within both IT and manual systems, by which those transactions are initiated,
recorded, processed and reported in the financial statements.

 The related accounting records, whether electronic or manual, supporting information, and specific
accounts in the financial statements, in respect of initiating, recording, processing and reporting
transactions.

 How the information system captures events and conditions, other than classes of transactions
that are significant to the financial statements.

 The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures.
Control activities are the policies and procedures to help ensure that management directives are carried
out. Examples of control activities include those relating to the following:
 Authorization
 Performance reviews.
 Information processing.
 Physical controls.
 Segregation of duties.

Monitoring of controls involves assessing the design and operation of controls on a timely basis and
taking the necessary corrective actions modified for changes in conditions.

4. Obtaining an understanding of internal control involves:

a) Evaluating the design of a control; and


b) Determining whether it has been implemented.

ASSESSING THE RISKS OF MAERIAL MISSTATEMENT

1. The auditor should identify and assess the risks of material misstatement at the financial statements level,
and at the assertion level for classes of transactions, account balances, and disclosures.

2. The auditor:
 Identifies risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the classes of
transactions, account balances, and disclosures in the financial statements;
 Relates the identified risks to what can go wrong at the assertion level;
 Considers whether the risks are of a magnitude that could result in a material misstatement of the
financial statements; and
 Considers the likelihood that the risks could result in a material misstatement of the financial
statements.

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW

PSA 330
THE AUDITOR’S PROCEDURES IN REPONSE TO ASSESSED RISKS

7
Overall responses
1. The auditor should determine overall responses to address the risks of material misstatement at the
financial statement level. Such responses may include:
 Emphasizing to the audit team the need to maintain professional skepticism n gathering
and evaluating audit evidence
 Assigning more experienced staff or those with special skills or using experts
 Providing more supervision
 Incorporating additional elements of unpredictability in the selection of further audit
procedures to be performed
 Making general changes to the nature, timing or extent of audit procedures

Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level


1. In designing further audit procedures, the auditor considers the following:
 The significance of the risk
 The likelihood that the material misstatement will occur
 The characteristics of the class transactions, account balance, or disclosure involved.
 The nature of the specific controls used by the entity and in particular whether they are
manual or automated
 Whether the auditor expects to obtain audit evidence to determine if the entity’s controls
are effective n preventing, or detecting and correcting, material misstatements
2. Considering the nature, timing and extent of further audit procedures

The nature of further audit procedures refers to their:


a. Purpose- tests of controls or substantive procedures
b. Type - inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedures.

Timing refers to when audit procedures are performed or the period or date to which the audit evidence
applies.

Extent includes the quantity of a specific audit procedure to be performed.

TESTS OF CONTROLS
1. The auditor is required to perform tests of controls when:
a. The auditor’s risk assessment includes an expectation of the operating effectiveness of
controls; or
b. When the substantive procedures alone do not provide sufficient appropriate audit evidence
at the assertion level

2. Tests of the operating effectiveness of controls are performed only on those controls that the
auditor has determined are suitably designed to prevent, or detect and correct, a material
misstatement in an assertion
3. Testing the operating effectiveness of controls includes obtaining evidence about:
a. How controls were applied at relevant times during the period under audit;
b. The consistency with which they were applied; and
c. By whom or by what means they were applied.

SUBSTANTIVE PROCEDURES
1. Substantive test procedures are performed in order to detect material misstatements at the assertion
level, and include:
 Tests of details of classes of transactions, account balances, and disclosures; and
 Substantive analytical procedures
2. The auditor’s substantive procedures should include the following audit procedures related to the
financial statement closing process:
 Agreeing or reconciling the financial statements with accounting records; and
 Examining material journal entries and other adjustments made during the course of
preparing the financial statements
3. The auditor should perform audit procedures to evaluate whether the overall presentation of the
financial statements, including the related disclosures, are in accordance with the applicable financial
reporting framework.

Evaluating the sufficiency and appropriateness of audit evidence obtained


1. Based on the audit procedures performed and the audit evidence obtained, the auditor should evaluate
whether the assessments of the risks of material misstatement at the assertion level remain
appropriate.
2. The auditor should conclude whether the assessments of the risks of material misstatement in the
financial statements.
3. If the auditor has not obtained sufficient appropriate audit evidence as to a material financial statement
assertion, the auditor should attempt to obtain further audit evidence. If the auditor is unable to obtain
further audit evidence, the auditor should express a qualified opinion or a disclaimer of opinion.

8
Documentation
1. The auditor should document:
 The overall responses to address the assessed risks of material misstatement at the
financial statement level and the nature, timing, and extent of the further audit
procedures;
 The linkage of those procedures with the assessed risks at the assertion level; and
 The results of the audit procedures
2. If the auditor plans to use audit evidence about the operating effectiveness of controls obtained in prior
audits, the auditor should document the conclusions reached with regard to relying on vcfsuch controls
that were tested in a prior audit.
3. The auditor’s documentation should demonstrate that the financial statements agree or reconcile with
the underlying accounting records.
CPA REVIEW SCHOOL OF THE PHILIPPINES
Manila

AUDITING THEORY CPA REVIEW

PSA 320 AUDIT MATERIALITY (amended by PSA 240 [Revised 2005])


PSA 520 ANALYTICAL PROCEDURES
PSA 550 RELATED PARTIES
PSA 610 CONSIDERING THE WORK OF INTERNAL AUDIT
PSA 620 USING THE WORK OF AN EXPERT

PSA 320
AUDIT MATERIALITY
1. Materiality should be considered by the auditor when:
 Determining the nature, timing and extent of audit procedures; and
 Evaluating the effect of misstatements
2. There is an inverse relationship between materiality and the level of audit risk
3. In evaluating whether the financial statements are prepared, in all material respects, in accordance with
an applicable financial reporting framework, the auditor should assess whether the aggregate of
uncorrected misstatements that have been identified during the audit is material.
4. If the auditor concludes that the aggregate of uncorrected misstatements may be material, the auditor
needs to consider:
 Reducing audit risk by extending audit procedures; or
 requesting management to adjust the financial statements for the misstatements
identified
5. If management refuses to adjust the financial statements and the results of extended audit procedures
do not enable the auditor to conclude that the aggregate of uncorrected misstatements is not material,
the auditor should consider the appropriate modification to the auditor’s report.
6. If the auditor has identified a material misstatement resulting from error, the auditor should
communicate the misstatements to the appropriate level of management on a timely basis, and
consider the need to report it to those charged with governance.

PSA 520
ANALYTICAL PROCEDURES
1. “Analytical procedures” means the analysis of significant ratios and trends including the resulting
investigation of fluctuations and relationships that are inconsistent with other relevant information or
which deviate from predicted amounts.
2. Analytical procedures also include consideration of comparisons of the entity’s financial statements:
a. Comparable information for prior periods
b. Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor,
such as an estimation of depreciation
c. Similar industry information
3. Analytical procedures also include consideration of relationships:
a. Among elements of financial information that would be expected to conform to a predictable
patter based on the entity’s experience, such as gross margin percentages.
b. Between financial information and relevant no-financial information, such as payroll costs to
numbers and employees
4. The auditor should apply analytical procedures at the planning stage to assist in understanding the
business and in identifying areas of potential risk. Analytical procedures in planning the use both
financial and non-financial information.
5. The auditor should apply analytical procedures at or near the end of the audit when performing an
overall conclusion as to whether the financial statements as a whole are consistent with the auditor’s
knowledge of the business.
6. The application of analytical procedures is based on the expectation that relationships among data exist
and continue in the absence of known conditions to the contrary. The presence of these relationships
provides audit evidence as to the completeness, accuracy and validity of the data produced by the
accounting system
7. The extent of reliance that the auditor places on the results of analytical procedures depends on the
following factors:
9
a. Materiality of the items involved
b. Other audit procedures directed toward the same audit objectives
c. Accuracy with which the expected results of analytical procedures can be predicted.
8. When analytical procedures identify significant fluctuations or relationships that are inconsistent with
other relevant information or that deviate from predicted amounts, the auditor should investigate and
obtain adequate explanations and appropriate corroborative evidence.
9. The investigation of unusual fluctuations and relationships ordinarily begins with inquiries of
management, followed by:
a. Corroboration of management responses; and
b. Consideration of the need to apply other audit procedures based on the results of such
inquiries, if management is unable to provide an explanation or if the explanation is not
considered adequate.

PSA 550
RELATED PARTIES
1. Management is responsible for the identification and disclosure of related parties and transactions with
such parties.
2. The auditor should perform audit procedures designed to obtain sufficient appropriate audit evidence
regarding the identification and disclosure by management of related parties and the effect of related
party transactions that are material to the financial statements. However, an audit cannot be expected
to detect all related party transactions.
3. The auditor needs to have a sufficient understanding of the entity and its environment to enable
identification of the events, transactions and practices that may result in a risk of material misstatement
regarding related parties and transactions with such parties.
4. When obtaining an understanding of the entity’s internal control, the auditor should consider the
adequacy of control activities over the authorization and recording of related party transactions.
5. In examining the identified related party transactions, the auditor should obtain sufficient appropriate
audit evidence as to whether these transactions have been properly recorded and disclosed.
6. The auditor should obtain a written representation from management concerning:
a. The completeness of information provided regarding the identification of related parties; and
b. The adequacy of related party disclosures in the financial statements
7. The auditor is unable to obtain sufficient appropriate audit evidence concerning related parties and
transactions with such parties or concludes that their disclosure in the financial statements is not
adequate; the auditor should modify the audit report appropriately.

PSA 610
CONSIDERING THE WORK OF INTERNAL AUDIT
1. The external auditor should obtain a sufficient understanding of internal audit activities to identify and
assess the risks of material misstatement of the financial statements and to design and perform further
audit procedures.
2. The external auditor should perform an assessment of the internal audit function when internal auditing
is relevant to the external auditor’s risk assessment.
3. When obtaining an understanding and performing a preliminary assessment of the internal audit
function, the important criteria are:
a. Organizational status
b. Scope of the function
c. Technical competence
d. Due professional care
4. When planning to use the work of internal auditing, the external auditor will need to consider internal
auditing’s tentative plan for the period and discuss it as early a stage as possible.
5. Where the work of internal auditing is to be a factor in determining the nature, timing and extent of the
external auditor’s procedures, it is desirable to agree in advance the timing of such work, the extent of
audit coverage, materiality levels and proposed methods of sample selection, documentation of the
work performed and review and reporting procedures.
6. A liaison with internal auditing is more effective when meetings are held at appropriate intervals during
the period.
7. When the external auditor intends to use specific work of internal auditing, the external auditor should
evaluate and perform audit procedures on that work to confirm its adequacy for the external auditor’s
purposes.
8. The evaluation of specific work of internal auditing involves consideration of the adequacy of the scope
of the work and related programs and whether the preliminary assessment of the internal auditing
remains appropriate.
9. The nature, timing and extent of audit procedures performed on the specific work of internal auditing
will depend on:
 The external auditor’s judgment as to the risk of material misstatement of the area
concerned;
 The assessment of internal auditing; and
 The evaluation of the specific work by internal auditing.
10. The external auditor would record conclusions regarding the specific internal auditing work that has
been evaluated and the audit procedures performed on the internal auditor’s work.
10
PSA 620
USING THE WORK OF AN EXPERT
1. “Expert’ means a person or firm possessing special skill, knowledge and experience in a particular filed
other than accounting and auditing.
2. An expert may be:
a. Contracted by the entity;
b. Contracted by the auditor;
c. Employed by the entity; or
d. Employed by the auditor.
3. When determining the need to use the work of an expert, the auditor would consider:
a. The materiality of the financial statement item being considered;
b. The risk of misstatement based on the nature and complexity of the matter being
considered; and
c. The quantity and quality of other audit evidence available
4. When planning t use the work of an expert, the auditor should evaluate the professional competence
and objectivity of the expert.
5. The risk that an expert’s objectivity will be impaired increases when the expert is:
a. Employed by the entity; or
b. Related in some other manner to the entity.
6. The auditor should obtain sufficient appropriate audit evidence that the scope of the expert’s work is
adequate for the purposes of the audit. Audit evidence may be obtained through a review of the terms
of reference which are often set out in written instructions from the entity to the expert.
Such instructions to the expert may cover matters such as:
a. The objectives and scope of the expert’s work
b. A general outline as to the specific matters the auditor expects the expert’s report to cover
c. The intended use by the auditor of the expert’s work, including the possible communication
to third parties of the expert’s identity and extent f involvement
d. The extent of the expert’s access to appropriate records and files
e. Clarification of the expert’s relationship with the entity, if any.
f. Confidentiality of the entity’s information
g. Information regarding the assumptions and methods intended to be used by the expert and
their consistency with those used in prior periods.
7. The auditor should evaluate the appropriateness of the expert’s work as audit evidence regarding the
financial statement assertion being considered. This will involve assessment of whether the substance
of the expert’s findings is properly reflected in the financial statements or supports the financial
statement assertions, and consideration of:
a. Source data used.
b. Assumptions and methods used and their consistency with prior periods
c. Results of the expert’s work in the light of the auditor’s overall knowledge of the business
and of the results of other audit procedures.
8. When considering whether the expert has used source data which is appropriate in the circumstances,
the auditor would consider the following procedures:
a. Making inquiries regarding any procedures undertaken by the expert to establish whether
the source data is sufficient, relevant and reliable.
b. Reviewing or testing the data used by the expert
9. If the results of the expert’s work do not provide sufficient audit evidence or if the results are not
consistent with other audit evidence, the auditor should resolve the matter. This may involve:
a. Discussions with the entity and the expert
b. Applying additional audit procedures
c. Including possibly engaging another expert; or
d. Modifying the auditor’s report
10. When issuing an unmodified auditor’s report, the auditor should not refer to the work of an expert. Such
a reference might be misunderstood to be a qualification of the auditor’s opinion or a division of
responsibility, neither of which is intended.
11. If as a result of the work of an expert, the auditor decides to issue a modified auditor’s report, in some
circumstances it may be appropriate, in explaining the nature of the modification, to refer to or describe
the work o the expert (including the identity of the expert and the extent of the expert’s involvement). In
these circumstances, the auditor would obtain the permission of the expert before making such a
reference. If permission is refused and the auditor believes a reference is necessary, the auditor may
need to seek legal advice.
CPA REVIEW SCHOOL OF THE PHILIPPINES
Manila

AUDITING THEORY CPA REVIEW

PSA 500(REVISED) AUDIT EVIDENCE


PSA 501 AUDIT EVIDENCE – ADDITIONAL CONSIDERATIONS ON SPECIFIC ITEMS
PSA 505 EXTERNAL CONFIRMATIONS
PSA 230 AUDIT DOCUMENTATION

11
PSA 500(REVISED)
AUDIT EVIDENCE
1. The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion
2. “Audit Evidence” is all the information used by the auditor in arriving at the conclusions on which the
opinion is based, and includes the information contained in the accounting records underlying the
financial statements and other information
3. Accounting records generally include:
 The records of initial entries and supporting records, such as checks and records of
electronic fund transfers;
 Invoices
 Contracts
 The general and subsidiary ledgers, journal entries and other adjustments to the
financial statements that are not reflected in formal journal entries; and
 Records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures
4. Other information that the auditor may use as audit evidence includes:
 Minutes of the meetings
 Confirmations from third parties
 Analysts’ reports
 Comparable data about competitors (benchmarking)
 Control manuals
 Information obtained by auditors from such audit procedures as inquiry, observation, and
inspection; and
 Other information developed by, or available to, the auditor that permits the auditor to
reach conclusions through valid reasoning

Sufficient appropriate evidence


1. Sufficiency is the measure of the quantity of audit evidence
2. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in
providing support for, or detecting material misstatements in, the classes of transactions, account
balances, and disclosures and related assertions.
3. The following generalizations can be made about the reliability of audit evidence:
a. Audit evidence I more reliable when it is obtained from independent sources outside the
entity
b. Audit evidence that is generated internally is more reliable when the related controls
imposed by the entity are effective
c. Audit evidence obtained directly by the auditor (for example, observation of the application
of a control) is more reliable than audit evidence obtained indirectly or by inference (for
example, the inquiry about the application of control)
d. Audit evidence is more reliable when it exists in a documentary form, whether paper,
electronic, or other medium (for example, contemporaneously written record of a meeting is
more reliable than a subsequent oral representation of the matters discussed)
e. Audit evidence provided by original documents is more reliable than audit evidence provided
by photocopies or facsimiles
4. An audit rarely involves the authentication of documentation, nor is the auditor trained as or expected to
be an expert in such authentication
5. When information produced by the entity is used by the auditor to perform audit procedures, the auditor
should obtain audit evidence about the accuracy and completeness of the information
6. In forming an audit opinion, the auditor does not examine all the information available because
conclusions ordinarily can be reached by using sampling approaches and other means of selecting
items for testing.

The use of assertions in obtaining audit evidence


1. Management is responsible for the fair presentation of financial statements that reflect the nature and
operations of the entity.
2. In representing that the financial statements are presented fairly, in all material respects, in accordance
with the applicable financial reporting framework, management implicitly or explicitly makes assertions
regarding the recognition, measurement, presentation, and disclosure of the various elements of
financial statements and related disclosures
3. The auditor should use assertions for classes of transactions, account balances, and presentation and
disclosures in sufficient detail to form a basis for the assessment of risks of material misstatement and
the design and performance of further audit procedures

CATEGORIES OF ASSERTIONS
a. Assertions about classes of transactions and events for the period under audit:
1. OCCURRENCE - transactions and events that have been recorded have occurred and
pertain to the entity

12
2. COMPLETENESS - all transactions and events that should have been recorded have
been recorded.
3. ACCURACY - amounts and other data relating to recorded transactions and
events have been recorded appropriately
4. CUTOFF - transactions and events have been recorded in the correct accounting
period
5. CLASSIFICATION - transactions and events have been recorded in the proper
accounts
b. Assertions about account balances at the period end:
1. EXISTENCE -assets, liabilities, and equity interests exist
2. RIGHTS AND OBLIGATIONS - the entity holds or controls the right to assets, and
liabilities are obligations of the entity
3. COMPLETENESS - all assets, liabilities, and equity interests that
should have been recorded have been recorded
4. VALUATION AND ALLOCATION - assets, liabilities and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded

c. Assertions about presentation and disclosure:


1. OCCURRENCE AND RIGHTS AND OBLIGATIONS
 Disclosed events, transactions, and other matters have occurred and pertain to
the entity
2. COMPLETENESS
 All disclosures that should have been included in the financial statements have
been included
3. CLASSIFICATION AND UNDERSTANDABILITY
 Financial information is appropriately presented and described and disclosures
are clearly expressed
4. ACCURACY AND VALUATION
 Financial and other information are disclosed fairly and at appropriate amounts

Audit procedures for obtaining audit evidence


1. RISK ASSESSMENT PROCEDURES
Obtain an understanding of the entity and its environment, including its internal control, to
assess the risk of material misstatement at the financial statement and assertion levels
2. TESTS OF CONTROLS
When necessary or when the auditor has determined to do so, test the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at the assertion
level

3. SUBSTANTIVE PROCEDURES
Detect material misstatements at the assertion level. These include analytical review
procedures and tests of details

Examples of audit procedures


1. INSPECTION
Consists of examining records and documents, whether internal or external in paper form,
electronic form, or other media. Inspection of tangible assets consists of physical examination of
the assets.
2. OBSERVATION
Consists of looking at a process or procedure being performed by others
3. INQUIRY
Consists of seeking information of knowledgeable persons, both financial and nonfinancial,
throughout the entity or outside the entity
4. CONFIRMATION
The process of obtaining a representation of information or of an existing condition directly from
a third party
5. RECALCULATION
Consists of checking the mathematical accuracy of documents or records
6. REPERFORMANCE
The auditor’s independent execution of procedures or controls that were originally performed as
part of the entity’s internal control, either manually or through the use of CAATs
7. ANALYTICAL PROCEDURES
Consists of evaluations of financial information made by a study of plausible relationships
among both financial and nonfinancial data. It also encompasses the investigation of identified
fluctuations and relationships that are inconsistent with other relevant information or deviate
significantly from predicted amounts.

PSA 501
AUDIT EVIDENCE – ADDITIONAL CONSIDERATIONS ON SPECIFIC ITEMS
13
Attendance at Physical Inventory Counting

1. When inventory is material to the financial statements, the auditor should obtain sufficient appropriate
audit evidence regarding its existence and condition by attendance at physical inventory counting unless
impracticable.

2. If unable to attend the physical inventory count on the date panned due to unforeseen circumstances, the
auditor should take or observe some physical counts on an alternative date and, when necessary,
perform tests of intervening transactions.

3. Where attendance is impracticable, due to factors such as the nature and location of the inventory, the
auditor should consider whether alternative procedures provide sufficient appropriate audit evidence of
existence and condition to conclude that the auditor need not make reference to a scope limitation.

4. In planning attendance at the physical inventory count or the alternative procedures, the auditor would
consider:
 The nature of the accounting and internal control systems used regarding inventory.
 Inherent, control, and detection risks, and materiality related to inventory.
 Whether adequate procedures are expected to be established and proper instructions issued for
physical inventory counting.
 The timing of the count.
 The locations at which inventory is held.
 Whether an expert’s assistance is needed.

5. The auditor would review management’s instructions regarding:


 The application of control procedures, for example, the collection of used stocksheets, accounting for
unused stocksheets, and count and recount procedures.
 Accurate identification of the stage of completion of work in progress, of slow moving, obsolete or
damaged items and inventory by a third party, for example, on consignment.
 Whether appropriate arrangements are made regarding the movement of inventory between areas
and the shipping and receipt of inventory before and after the cutoff date.

6. To obtain assurance that management’s procedures are adequately implemented the auditor would
observe employee’s procedures and perform test counts.

7. The auditor would also consider cutoff procedures including details of the movement of inventory just
prior to, during, and after the count so that the accounting for such movements can be checked at a later
date.

8. The auditor would test the final inventory listing to assess whether it accurately reflects actual inventory
counts.

9. When inventory is under the custody and control of a third party, the auditor would ordinarily obtain direct
conformation from the third party as to the quantities and condition of inventory held on behalf of the
entity. Depending on the materiality of this inventory, the auditor would consider:
 The integrity and independence of the third party.
 Observing, or arranging for another auditor to observe, the physical inventory count.
 Obtaining another auditor’s report on the adequacy of third party’s accounting and internal control
systems for ensuring that inventory is correctly counted and adequately safeguarded.
 Inspecting documentation regarding inventory held by third parties, for example, warehouse receipts,
or obtaining confirmation from other parties when such inventory has been pledged as collateral.

Procedures regarding litigation and claims

1. The auditor should carry out procedures in order to become aware of any litigation and claims involving
the entity, which may have a material effect on the financial statements.

Such procedures would include:


 Make appropriate inquiries of management including obtaining representations.
 Review board minutes and correspondence with the entity’s lawyers.
 Examine legal expense accounts.
 Use any information obtained regarding the entity’s business including information obtained from
discussions with any in–house legal department.

2. When litigation or claims have been identified or when the auditor believes they may exist, the auditor
should seek direct communication with the entity’s lawyers.

14
3. The letter, which should be prepared by management and sent by the auditor, should request the lawyer
to communicate directly with the auditor. When it is considered unlikely that the lawyer will respond to a
general inquiry, the letter would ordinarily specify:
 A list of litigation and claims.
 Management’s assessment of the outcome of the litigation or claim and its estimate of the financial
implications, including costs involved.
 A request that the lawyer confirms the reasonableness of management’s assessments and provides
the auditor with further information if the list is considered by the lawyer to be incomplete or incorrect.

4. The auditor considers the status of legal matters up to date of the audit report.

5. If management refuses to give the auditor permission to communicate with the entity’s lawyers, this
would be a scope limitation and should ordinarily lead to a qualified opinion or a disclaimer of opinion.

Valuation and disclosure of long-term investments

1. When long-term investments are material to the financial statements, the auditor should obtain sufficient
appropriate audit evidence regarding their valuation and disclosure.

2. Audit procedures ordinarily include considering evidence as to whether the entity has the ability to
continue to hold the investments on a long-term basis and discussing with management whether the
entity will continue to hold the investments as long-term investments and obtaining written
representations to that effect.

3. Other procedures would ordinarily include considering related financial statements and other information,
such as market quotations, which provide an indication of value and comparing such values to the
carrying amount of the investments up to the date of the auditor’s report.

Segment information

1. When segment information is material to the financial statements, the auditor should obtain sufficient
appropriate audit evidence regarding its disclosure in accordance with the applicable financial reporting
framework.

2. The auditor considers segment information in relation to the financial statements taken as a whole, and is
not ordinarily required to apply auditing procedures that would be necessary to express an opinion on the
segment information standing alone.

3. Audit procedures regarding segment information ordinarily consist of analytical procedures and other
audit test appropriate in the circumstances.

4. The auditor would discuss with management the methods used in determining segment information, and
consider whether such methods are likely to result in disclosure in accordance with GAAP and test the
application of such methods.

PSA 505
EXTERNAL CONFIRMATIONS
1. External confirmation is the process of obtaining and evaluating audit evidence through a direct
communication from a third party in response to a request for information about a particular item affecting
assertions made by management in the financial statements.

Use of positive and negative external confirmations

2. A positive external confirmation request asks the respondent to reply to the auditor in all cases either by
indicating the respondent’s agreement with the given information, or by asking the respondent to fill in the
information.

3. A negative external confirmation request asks the respondent to reply only in the event of disagreement
with the information provided in the request.

4. Negative confirmation requests may be used to reduce the risk of material misstatement to an
acceptable level when:
 The assessed risk of material misstatement is lower.
 A large number of small balances are involved.
 A substantial number of errors are not expected.
 The auditor has no reason to believe that respondents will disregard these requests.

5. When performing confirmation procedures, the auditor should maintain control over the process of
selecting those to whom a request will be sent, the preparation and sending of confirmation requests, and
the responses to those requests.

15
6. The auditor should perform alternative procedures where no response is received to a positive external
confirmation request. The alternative audit procedures should be such as to provide the evidence the
evidence about the financial statement assertions that the confirmation request was intended to provide.

7. When the auditor forms a conclusion that the confirmation process and alternative procedures have not
provided sufficient appropriate audit evidence regarding an assertion, the auditor should undertake
additional procedures to obtain sufficient audit evidence.

8. The auditor should evaluate whether the results of the external confirmation process together with the
results from any other procedures performed, provide sufficient appropriate audit evidence regarding the
assertion being audited.

PSA 230 (Revised)


AUDIT DOCUMENTATION
1. The auditor should prepare, on a timely basis, audit documentation that provides:
 a sufficient and appropriate record of the basis for the auditor’s report; and
 evidence that the audit was performed in accordance with PSAs and applicable legal and
regulatory requirements
2. “Audit documentation” means the record of audit procedures performed, relevant audit evidence
obtained, and conclusions the auditor reached (terms such as “working papers” or “work papers” are
also sometimes used).
3. “experience auditor” means an individual (whether internal or external to the firm) who has reasonable
understanding of
 Audit processes;
 PSAs and applicable legal and regulatory requirements
 The business environment in which the entity operates; and
 Auditing and financial reporting issues relevant to the entity’s industry
4. Audit documentation may be recorded on paper or on electronic or other media
5. The auditor should prepare the audit documentation so as to enable an experiences auditor, having no
precious connection with the audit, to understand:
 the nature, timing , and extent of the audit procedures performed to comply with PSAs and
applicable legal and regulatory requirements
 the results of the audit procedures and the audit evidence obtained; and
 significant matters arising during the audit and the conclusions reached thereon
6. in documenting the nature, timing and extent of audit procedures performed, the auditor should record
the identifying characteristics of the specific items or matters beig tested
7. the auditor should document discussions of significant matters with management and others on a timely
basis
8. where, in exceptional circumstances, the auditor judges it necessary to depart from a basic principle or
an essential procedure that is relevant in the circumstances of the audit, the auditor should document
how the alternative audit procedures performed achieved the objective of the audit, and, unless
otherwise clear, the reasons for the departure
9. the auditor should record:
 who performed the audit work and the date such work was completed
 who reviewed the audit work performed and the date and extent of such review

Assembly of the final audit file


10. The auditor should complete the assembly of the final audit file on a timely basis after the date of the
auditor’s report. As PSQC 1 indicates, 60 days after the date of the auditor’s report is ordinarily an
appropriate time limit within which to complete the assembly of the final audit file

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW


PSA 240 (REVISED 2006) THE AUDITOR’S RESPONSIBILITY TO CONSIDER FRAUD IN AN
AUDIT OF FINANCIAL STATEMENTS

PSA 250 CONSIDERATIONS OF LAWS AND REGULATIONS IN AN AUDIT OF


FINANCIAL STATEMENTS

PSA 260 COMMUNICATIONS OF AUDIT MATTERS WITH THOSE CHARGED


WITH GOVERNANCE

PSA 240 (REVISED 2006)


THE AUDITOR’S RESPONSIBILITY TO CONSIDER FRAUD IN AN AUDIT OF FINANCIALSTATEMENTS

16
FRAUD refers to an intentional act by one party or more individuals among management, those charged with
governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage

Fraud involves:
 Incentive or pressure to commit fraud
 A perceived opportunity to act or to do so
 Some rationalization of the act

Management fraud - fraud involving one or more members of management or those charged with
governance
Employee fraud - fraud involving only employees of the entity
(In either case, there may be collusion within the entity or with third parties outside of the entity)

TWO TYPES OF FRAUD


1. FRAUDULENT FINANCIAL REPORTING
 Involves intentional misstatements including omissions of amounts or disclosures in financial
statements to deceive financial statement users
 often involves management override of controls that otherwise may appear to be operating
effectively
 can be caused by the efforts of management to manage earnings in order to deceive financial
statements users by influencing their perceptions as to the entity’s performance and profitability
 may be accomplished by the following
 manipulation, falsification (including forgery), or alteration of accounting records
or supporting documentation from which the financial statements are prepared
 misrepresentation in, or intentional omission from, the financial statements of
events, transactions or other significant information
 intentional misapplication of accounting principles relating to amounts,
classifications, manner of presentation, or disclosure

2. MISAPPROPRIATION OF ASSETS
 Involves the theft of an entity’s assets and is often perpetrated by employees in relatively small
and immaterial amounts
 Can also involve management who are usually more able to disguise or conceal
misappropriations in ways that are difficult to detect
 Often accompanied by false or misleading records or documents in order to conceal the fact
that the aspects are missing or have been pledged without proper authorization
 Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
o Using an entity’s assets for personal use
Responsibilities of Those charged with Governance and of Management
1. The primary responsibility for the prevention and detection of fraud rests with both those charged with
governance of the entity and with management
2. It is important management, with the oversight of those charged with governance, place a strong
emphasis on fraud prevention, which may reduce opportunities for fraud to take place, and fraud
deterrence, which could persuade in individuals not to commit fraud because of the likelihood detection
and punishment
3. It is the responsibility of those charged with governance of the entity to ensure , through oversight of
management, that the entity establishes and maintains internal control to provide reasonable assurance
with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance
with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged with governance, to establish
a control environment and maintain policies and procedures to assist in achieving the objective
ensuring, as far as possible, the orderly and efficient conduct of the entity’s business

Inherent limitations of an Audit in the context of Fraud


1. Owing to inherent limitations of an audit, there is an unavoidable risk that some material misstatements
of the financial statements will not be detected, even though the audit is properly planned and
performed in accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not
detecting a material misstatement resulting from error because fraud may involve sophisticated and
carefully organized schemes designed to conceal it, such as:
 Forgery
 Deliberate failure to record transactions
 Intentional misrepresentation being made to the auditor

3. The risk of the auditor not detecting a material misstatement resulting from management fraud is
greater than for employee fraud, because management is frequently in a position to directly or indirectly
manipulate accounting records and present fraudulent financial information
17
4. The subsequent discovery of a material misstatement of the financial statements resulting from fraud
does not, in and of itself, indicate a failure to comply with PSAs

Responsibilities of the auditor for detecting material misstatements due to fraud


1. An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the
financial statements taken as a whole are free from material misstatement, whether caused by fraud or
error
2. An auditor cannot obtain absolute assurance that material misstatements in the financial statement will
be detected because of such factors as of the following:
 use of judgment
 use of testing
 inherent limitations of internal control
 the fact that much of the audit evidence available to the auditor is persuasive rather than
conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput the audit, recognizing the
possibility that a material misstatement due to fraud could exist, notwithstanding the auditor’s past
experience with the entity about the honesty and integrity of management and those charged with
governance
4. Members of the engagement team should discuss the susceptibility of the entity’s financial statements
to material misstatement due to fraud
5. Risk assessment procedures
The auditor should perform risk assessment procedures to obtain an understanding of the entity
and its environment, including its internal control. As part of this work, the auditor performs the
following procedures to obtain information that is used to identify the risks of material
misstatements due to fraud:
1. Makes inquiries of management, of those charged with governance, and of others within the
entity as appropriate and obtains an understanding of how those charged with governance
exercise oversight of management’s processes for identifying and responding to the risks of
fraud and he internal control that management has established to mitigate these risks
2. Considers whether one or more fraud risk factors are present
3. Considers any unusual or unexpected relationships that have been identified in performing
analytical procedures
4. Considers other information that may be helpful in identifying the risks of material
misstatement due to fraud.
Responses to the risks of material misstatement due to fraud
1. The auditor should determine overall responses to address he assessed risks of material misstatement
due to fraud at the financial statement level and should design and perform further audit procedures
whose nature, timing and extent are responsive to the assessed risks at the assertion level
2. In determining overall responses to address the risks of material misstatement due to fraud at the
financial statement level the auditor should:
 Consider the assignment and supervision of personnel
 Consider the accounting policies used by the entity; and
 Incorporate an element of unpredictability in the selection of the nature, timing and
extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to fraud at the assertion level
The auditor’s responses may include changing the nature, timing, and extent of audit procedures in the
following ways:
a. The nature of audit procedures to be performed may need to be changed to obtain audit
evidence that is more reliable and relevant to obtain additional corroborative information
b. The timing of substantive procedures may need to be modified. The auditor may conclude that
performing substantive testing at or near the period end better addresses an assessed risk of
material misstatement due to fraud
c. The extent of the procedures applied reflects the assessment of the risks of material
misstatement due to fraud. For example, increasing sample sizes or performing analytical
procedures at a more detailed level may be appropriate
4. To respond to the risk of management override of controls, the auditor should design and perform audit
procedures to:
a. Test the appropriateness of journal entries recorded in the general ledger and other adjustments
made in the preparation of the financial statements
b. Review accounting estimates for biases that could result to material misstatement due to fraud
c. Obtain an understanding of the business rationale of significant transactions that the auditor
become aware of that are outside the normal course of the business for the entity, or that
otherwise appear to be unusual given the auditor’s understanding of the entity and its
environment

Evaluation of audit evidences


1. The auditor should consider whether analytical procedures that are performed at or near the end of
audit when forming an overall conclusion as to whether the financial statements as a whole are
consistent with auditor’s knowledge of the business indicate a previously unrecognized risk of material
misstatement due to fraud
2. When the auditor identifies the misstatement, the auditor should consider whether such a misstatement
may be indicative of fraud and if there is such an indication the auditor should consider the implications
18
of the misstatement in relation to other aspects of the audit, particularly the reliability of management
representations
3. When the auditor confirms that, or is unable to conclude whether, the financial statements are
materially misstated as a result of fraud, the auditor should consider the implications for the audit

Management representations
The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of internal control to prevent and
detect fraud
b. It has disclosed to the auditor the results of its assessment of the risk that the financial statements may
be materially misstated as a result of fraud
c. It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity involving:
i. Management
ii. Employees who have significant roles in internal control
iii. Others where the fraud could have a material effect on the financial statements and
d. It has disclosed to the auditor its knowledge of any allegations of fraud, or suspected fraud,
affecting the entity’s financial statements communicated by the employees, former employees,
analysts, regulators or others

Communication with management and those charged with governance


1. If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the
auditor should communicate these matters as soon as practicable to the appropriate level of
management
2. If the auditor has identified fraud involving management, employers who have significant roles in
internal control, or others where the fraud results in a material misstatement in the financial statements,
the auditor considers seeking legal advice to assist in the determination of the appropriate course of
action
3. If the integrity or honesty of management or those charged with governance is doubted, the auditor
considers seeking legal advice to assist in the determination of the appropriate course of action
4. The auditor should make those charged with governance and management aware, as soon as
practicable, and at the appropriate level of responsibility, of material weaknesses in the design or
implementation of internal control to prevent and detect fraud which may have come to the auditor’s
attention
5. The auditor’s professional duty to maintain the confidentiality of client information may preclude
reporting fraud to a party outside the client the entity. However, the duty of confidentiality may be
overridden by regulatory requirements

Auditor unable to continue the engagement


1. If , as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters
exceptional circumstances that bring into question the auditor’s ability to continue performing audit, the
auditor should:
a. Consider the professional and legal responsibilities applicable in the circumstances,
including whether there is a requirement for the auditor to report to the person or persons
who made the audit appointment or, I some cases, to regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:
i. Discuss the appropriate level of management and those charged with governance the
auditor’s withdrawal from the engagement and the reasons for the withdrawal; and
ii. Consider whether there is a professional or legal requirement to report to the person or
persons who made the audit appointment or, in some cases, to regulatory authorities,
the auditor’s withdrawal from the engagement and the reasons for the withdrawal

Documentation
1. The documentation of the auditor’s understanding of the entity and its environment and the auditor’s
assessment of the risks of material misstatement should include:
a. The significant decisions reached during the discussion among the engagement team
regarding the susceptibility of the entity’s financial statements to material misstatement due
to fraud
b. The identified and assessed risks of material misstatement due to fraud at the financial
statement level and at the assertion level
2. The documentation of the auditor’s responses to the assessed risks of material misstatement should
include:
a. The overall responses to the assessed risks of material misstatement due to fraud at the
financial statement level and the nature, timing and extent of audit procedure, and the
linkage of those procedures with the assessed risks of material misstatement due to fraud at
the assertion level
b. The results of the audit procedures, including those designed to address the risk of
management override of controls
3. The auditor should document the communications about fraud made to management, those charged
with governance, regulators and others

19
4. When the auditor has concluded that the presumption that there is a risk of material misstatement due
to fraud related to revenue recognition is not applicable in the circumstances of the engagement, the
auditor should document the reasons for that conclusion

PSA 250
CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS
1. “Noncompliance” as used in PSA 250 refers to acts of omission or commission by he entity being
audited, either intentional and unintentional, which are contrary to the prevailing laws and regulations
2. Noncompliance does not include personal misconduct (unrelated to the business activities of the entity)
by the entity’s management or employees
3. When planning and performing audit procedures and in evaluating and reporting the results thereof, the
auditor should recognize that noncompliance by the entity with laws and regulation may materially
affect the financial statements

Responsibility of management for the compliance with laws and regulations


1. It is management’s responsibility to ensure that the entity’s operations conducted in accordance with
laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests with management
3. The following policies and procedures, among others, may assist management in discharging its
responsibilities for the prevention and detection of noncompliance:
 Monitoring legal requirements and ensuring that operating procedures are designed to meet
these requirements
 Instituting and operating appropriate systems of internal control
 Developing, publicizing and following a Code of Conduct
 Ensuring employees are properly trained and understand the Code of Conduct
 Monitoring compliance with the Code of Conduct and acting appropriately to discipline
employees who fail to comply with it
 Engaging legal advisors to assist in monitoring legal requirements
 Maintaining a register of significant laws with which the entity has to comply within its particular
industry and a record of complaints

The auditor’s consideration of compliance with laws and regulations


1. The auditor is not, and cannot be held responsible for preventing noncompliance
2. The auditor should plan and perform the audit with an attitude of professional skepticism recognizing
that the audit may reveal conditions or events that would lead to questioning whether an entity is
complying with laws and regulations
3. In order t plan the audit, the auditor should a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying wih that framework
4. After obtaining the general understanding, the auditor should perform procedures to help identify
instances of noncompliance with those laws and regulations where non compliance should be
considered when preparing financial statements specifically:
a. Inquiring of management as to whether the entity is in compliance with such laws and
regulations
b. On receipt of an inquiry from the proposed auditor, the existing auditor should advise
whether there are any professional reasons why the proposed auditor should not accept the
appointment. If permission from the client to discuss its affairs with the proposed auditor of
denied by the client, the fact should be disclosed to the propose auditor

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW


AUDIT SAMPLING
(BASED ON PSA 530: AUDIT SAMPLING AND OTHER SELECTIVE TESTING PROCEDURES)

Selecting items of testing to gather audit evidence


When designing audit procedures, the auditor should determine appropriate means of selecting items for
testing. The means available to the auditor are:
a. Selecting all items (100% examination)
b. Selecting specific items
c. Audit sampling

Selecting all items (100% examination)


 Unlikely in the case of tests of control but more common for substantive procedures
20
 May be appropriate when:
a. The population constitutes a small number of large value items
b. When both inherent risk and control risk are high and other means do not provide
sufficient appropriate audit evidence
c. When the repetitive nature of a calculation or other process performed by a computer
information system makes a 100% examination cost effective

Selecting specific items


 The auditor may decide to select specific items from a population based on such factors as knowledge
of the client’s business, preliminary assessments of inherent and control risks, and the characteristics
of the population being tested
 The judgmental selection of specific items is subject to nonsampling risk
 Specific selected items may include:
 High value or key items
 All items over a certain amount
 Items to obtain information
 Items to test procedures
 While an efficient means of gathering audit evidence, it does not constitute audit sampling. The results
of audit procedures applied to specific items selected cannot be projected to the entire population

AUDIT SAMPLING
1. “Audit Sampling” involves the application of audit procedures to less than 100% of items with an
account balance or class of transactions
2. Sampling may be statistical or nonstatistical.
I. Statistical sampling means any approach t sampling that has the following
characteristics:
a. Random selection of a sample
b. Use of probability theory to evaluate sample results

II. Nonstatistical sampling is a sampling approach that does not have characteristics (a)
and (b).

Audit sampling plan refers to the procedures an auditor applies t accomplish a sampling application. In aids
an auditor I forming conclusions about one r more characteristics or either a particular class of transactions or
a particular account balances

1. ATTRIBUTE SAMPLING
 Applicable to tests of control
 Used to test an entity’s rate of deviation (also called rate of occurrence) from a prescribed
control procedure
2. VARIABLES SAMPLING
 Applicable to substantive test
 Most commonly used to test whether recorded account balances are fairly stated

SAMPLING RISK
1. It arises from the possibility that the auditor’s conclusion, based on a sample may be different from the
conclusion reached if the entire population were subjected to the same audit procedures
2. The confidence level (also called reliability level) is the mathematical complement of the applicable
sampling risk factor
3. It is to be measured and controlled. The auditor controls it by specifying the acceptable level when
developing the sampling design
4. For tests of control, it has the following aspects:
a. Risk of assessing control risk too low (Risk of Overreliance)
 The risk that the auditor would conclude that the control risk is lower than it
actually is
 It affects audit effectiveness and is more likely to lead to an inappropriate audit
opinion
b. Risk of assessing control risk too high (Risk of under reliance)
 The risk that the auditor would conclude that control risk is higher than actually is
 It affects audit efficiency as it would lead to additional work to establish that initial
conclusions were incorrect
5. For substantive tests, it has the following aspects:
a. Risk of incorrect acceptance
 The risk that the auditor would conclude that a material error exists when in fact it
does
 It affects audit effectiveness and is more likely to lead to an inappropriate audit
opinion
b. Risk of incorrect rejection
 The risk that the auditor would conclude that a material error exists when in fact it
does not

21
 It affects audit effectiveness as it would lead to additional work to establish that
initial conclusions were incorrect
NONSAMPLING RISK
It arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the
size of the sample. For example, most audit evidence is persuasive rather than conclusive, the auditor might
use inappropriate procedures, or the auditor might misinterpret evidence and fail to recognize an error.

5 STEPS IN ATTRIBUTE SAMPLING PLAN


1. Define the objectives of the plan
2. Define the population
 For example, if an auditor’s objective is to test controls designed to assure that all
shipped goods are invoiced, the population would be defined as all sipping
documents issued during the period not all sales invoices

3. Define the attribute and deviation conditions


 An attribute s a characteristic of control. For example, the supervisor’s signature of
approval on a document. A deviation is the absence of an attribute
4. Determine the sample size
The sample size is determined by considering the following factors:
a. Risk of assessing control risk too low
b. Tolerable deviation rate
c. Expected population deviation rate

Risk of assessing control risk too low


 There is an inverse relationship between the risk and the sample size. The higher the
acceptable risk, the smaller the sample size
 Because the risk of assessing control risk too low relates to the effectiveness of the audit, it is
kept at a relatively low level by the auditor

Tolerable deviation rate


 This the maximum deviation rate that the auditor is willing to accept
 The lower the rate of deviation that the auditor is willing to accept, the larger the sample size
needs to be

Expected population deviation rate (expected error)


 The rate of deviation from the prescribed control procedure the auditor expects to find in the
population
 The higher the rate of deviation the auditor expects, the larger the sample size needs to e so as
to be in a position o make a reasonable estimate of the actual rate of deviation
 Factors relevant to the auditor’s consideration of the expected error rate include:
o The auditor’s understanding of the business (in particular, procedures undertaken to
obtain an understanding of the accounting and internal control systems)
o Charges in the personnel or in the accounting and internal control systems
o The results of audit procedures applied in prior periods
o The results of other audit procedures

5. Determine the method of sample selections


Some commonly used methods are:
a. Random number sampling
 Each item in the population has an equal chance and nonzero probability of selection
 It is usually accomplished by generating random numbers from a random number table or
computer program and tracing them to associated documents or items in th population
 It is appropriate for both statistical and nonstatistical sampling
b. Systematic selection
 The number of sampling units in the population is divided by the sample size to give a sample
interval, for example 50, and having determined the starting point within the first 50, each 50th
sampling unit is hereafter selected
 Although the starting point may be determined haphazardly, the sample is more likely to be truly
random if it is determined by use of a computerized random number generator or random
number tables
 When using systematic selection, the auditor would need to determine that sampling interval
corresponds with a particular pattern in the population

c. Block selection or cluster sampling


 It involves selecting a block(s) of contiguous items from within the population
 It cannot be ordinarily used in audit sampling because most populations are structured such that
items in sequence can be expected to have similar characteristics to each other, but different
characteristics from items elsewhere in the population
 Although in some circumstances it may be an appropriate audit procedure to examine a block of
items, it would rarely be an appropriate sample selection technique when the auditor intends to
draw valid inferences about the entire population based on sample
22
d. Haphazard selection
 The auditor selects a sample without following a structured technique
 It is not appropriate when using statistical sampling

e. Stratification
 This involves subdividing the population into subpopulations or strata, i.e., a group of sampling
units which have similar characteristics (often monetary value)
 The strata must be explicitly defined so that each sampling unit can belong to only one stratum
 This method enables the auditor to direct his efforts towards the items he considers would
potentially contain the greater monetary error

6. Perform sampling plan


7. Evaluate and document results
These include:
a. Determining the sample deviation rate
Sample deviation rate = number of deviations observed
Sample size
b. Determining the maximum population deviation rate (achieved upper deviation limit) and the
allowance for sampling risk (achieved precision)
 The maximum deviation rate is based on the sample size and the number of deviations
discovered. There are standard tables that yield maximum population deviation rates at
specified risks of assessing control risk too low
 Allowance for sampling risk = Maximum Deviation Rate – Sample Deviation Rate
c. Considering qualitative information
The auditor considers each of the deviation’s nature, importance, and probable cause
d. Reaching an overall conclusion
In assessing control risk, the auditor considers all available quantitative and qualitative information

COMMONLY USED ATTRIBUTES SAMPLING TECHNIQUES


1. ATTRIBUTE ESTIMATION SAMPLING
 A statistical sampling plan for tests of controls
 Appropriate when an auditor wishes to estimate a true but unknown population deviation rate
 Uses a fixed sampling plan, i.e., the auditor tests a single sample
2. SEQUENTIAL SAMPLING (ALSO CALLED STOP-OR-GO SAMPLING)
 The sampling plan is performed in several steps
 Following each step, the auditor decides whether to stop or to go on to the next step
 Appropriate when the auditor expects zero or very few deviations
3. DISCOVERY SAMPLING
 Appropriate when the expected deviation rate is near zero and when the auditor’s objective is to
find at least one deviation in a sample if the actual population deviation rate exceeds or equals a
predetermined critical rate (tolerable deviation rate)

STEPS IN A VARIABLE SAMPLING PLAN


1. Determine the objectives of the test
The auditor’s objective is to test the reasonableness of a record account balance, called
hypothesis testing.
2. Define the population and sampling unit
3. Choose an audit sampling technique
a. Statistical vs. Nonstatistical
b. Classical variables sampling vs. Probability-proportional-to-size sampling
4. Determine the sample size
The auditor considers the following:
a. Variation within the population
 Sample size varies in the same direction as the variation in population amounts. As population
variation increases, so does the sample size
 An estimate of population variation is made by determining a population standard deviation
b. Acceptable risk of incorrect rejection
c. Acceptable risk of incorrect acceptance
d. Tolerable error – the maximum monetary error that may exist in an account balance without
causing the financial statements to be materially misstated

5. Determine the method of sample selection


6. Perform the sampling plan
7. Evaluate the sample results
The following procedures are performed:
a. Projecting the same error to the population
b. Considering sampling risk
23
c. Considering qualitative information
d. Reaching an overall conclusion

CLASSICAL VARIABLES SAMPLING TECHNIQUES


A. Mean-per-unit estimation
A classical variables sampling technique that projects the sample average to the population by
multiplying the sample average by the number of items in the population

B. Difference estimation
It is a classical variables sampling technique that uses the average difference between audited
amounts and individual recorded amounts to estimate the total audited amount of a population and an
allowance for sampling risk.

C. Ratio estimation
A classical variables sampling technique that uses the ratio of audited amounts to recorded
amount in the sample to estimate the total amount of the population and an allowance for sampling risk

Conditions for using difference and ration estimation


1. Each population item must have a recorded book value
2. Total population book value must be known
3. Expected differences between audited and recorded book values must not be too rare

Choosing between difference and ratio estimation

Ratio estimation is more appropriate when he differences are nearly proportional to book values.
Difference estimation is more appropriate when there is little or n relationship between the absolute
amounts of the differences and the book values.

PROBABILITY-PROPROTIONAL-TO-SIZE SAMPLING (PPS)


 PPS uses a peso as the sampling unit
 PPS sampling gives each individual peso in the population an equal chance of selection
 PPS is only useful for TESTS OF OVERSTATEMENTS (e.g., assets) since the sample selection
method dictates that the larger the transaction or amount, the more likely that it will be selected.
 PPS is inappropriate for testing liabilities because understatement is the primary audit consideration

EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR TESTS OF CONTROL


(PSA 530, APPENDIX I)

Factor Effect on Sample size


An increase in the auditor’s intended reliance on accounting and
Internal control systems increase

An increase in the rate of deviation from the prescribed control


Procedure that the auditor is willing to accept
(Tolerable error) decrease

An increase in the rate of deviation from the prescribes control


Procedure that the auditor expects to find in the population
(Expected error) increase

An increase in the auditor’s required confidence level (or conversely


A decrease in the risk that the auditor will conclude that the auditor will
Conclude that the control risk is lower than the actual control risk in the
Population) increase

An increase in number of sampling units in the population negligible effect

EXAMPLES OF FACTORS INFLUENCING SAMPLE SIZE FOR SUBSTANTIVE PROCEDURES


(PSA 530, APPENDIX II)

Factor Effect on Sample size


An increase in the auditor’s assessment of inherent risk increase

An increase in the auditor’s assessment of control risk increase


24
An increase in the use of other substantive procedures
Directed at the same financial statement assertion decrease

An increase in the auditor’s required confidence level (or


Conversely, a decrease in the risk that the auditors will conclude that
A material error does not exist, when in fact it does exist) increase

An increase in the amount of error the auditor expects to find in


The population (tolerable error) decrease

An increase in the amount of error the auditor expects to find in the


Population (expected error) increase

Stratification of the population when appropriate decrease

The number of sampling units in the population negligible effect

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW


AUDITING IN A CIS (IT) ENVIRONMENT

1. A CIS environment exists when a computer of any type or size is involved in the processing by the
entity of financial information of significance to the audit, whether the computer is operated by the entity
or by a third party
2. The overall objective and scope of an audit does not change in a CIS environment
3. A CIS environment may affect:
a. The procedures followed in obtaining a sufficient understanding of the accounting and
internal control systems
b. The consideration of the inherent and control risk
c. The design and performance of tests of controls and substantive procedures
4. The auditor should have sufficient knowledge of the CIS to plan, direct, and review the work performed
5. If specialized skills are needed, the auditor would seek the assistance of a professional possessing
such skills, who may be either on the auditor’s staff or an outside professionals
6. In planning the portions of the audit which may be affected by the client’s CIS environment, the auditor
should obtain an understanding of the significance and complexity of the CIS activities and the
availability of data for use in the audit
7. When the CIS are significant, the auditor should also obtain an understanding of the CIS environment
and whether it may influence the assessment of inherent and control risks
8. The auditor should consider the CIS environment in designing audit procedures to reduce audit risk to
an acceptably low level. The auditor can use either manual audit procedures, computer-assisted audit
techniques, or a combination of both to obtain sufficient evidential matter

RISK ASSESSMENTS AND INTERNAL CONTROL:


CIS CHARACTERISTICS AND CONSIDERATION

Organizational Structure
Characteristics of a CIS organizational structure includes:
25
a. Concentration of functions and knowledge
Although most systems employing CIS methods will include certain manual operations,
generally the number of persons involved in the processing of financial information is significantly reduced.
b. Concentration of programs and data
Transaction and master file data are often concentrated, usually in machine-readable form,
either in one computer installation located centrally or in a number of installations distributed throughout the
entity.

Nature of Processing
The use of computers may result in the design of systems that provide less visible evidence than those
using manual procedures. In addition, these systems may be accessible by a larger number of persons.

System characteristics that may result from the nature of CIS processing include:
a. Absence of input documents
 Data may be entered directly into the computer system without supporting document
 In some on-line transaction systems, written evidence of individual data entry authorization
(e.g., approval for order entry) may be replaced by other procedures, such as authorization
controls contained in computer programs (e.g., credit limit approval)
b. Lack of visible audit trail
The transaction trail may be partly in machine-readable form and may exist only for a limited
period of time (e.g., audit logs may be set to overwrite themselves after a period of time or when the allocated
disk space is consumed)
c. Lack of visible output
Certain transactions or results of processing may not be printed or only summary data may be
printed

d. Ease of access to data and computer programs


Data and computer programs may be assessed and altered at the computer or through the use
of computer equipment at remote locations. Therefore, in the absence of appropriate controls, there is an
increased potential for unauthorized access to, and alteration of, data and programs by persons inside or
outside the entity

Design and procedural aspects


The development of CIS will generally result n design and procedural characteristics that are different
from those found in manual systems. These different design and procedural aspects of CIS include:
a. Consistency of performance
CIS perform functions exactly as programmed and are potentially more reliable than annual
systems, provided that all transactions types and conditions that could occur are anticipated and incorporated
into the system. On the other hand, a computer program that is not correctly programmed and tested may
consistently process transactions or other data erroneously
b. Programmed control procedures
The nature of computer processing allows the design of internal control procedures in computer
programs
c. Single transaction update of multiple or data base computer files
A single input t the accounting system may automatically update all records associated with the
transaction
d. Systems generated transactions
Certain transactions may be initiated by the CIS itself without the need for an input document
e. Vulnerability of data and program storage media
Large volumes of data and the computer programs used to process such data may be stored on
portable or fixed storage media, such as magnetic disks and tapes. These media are vulnerable to theft, loss,
or intentional or accidental destruction.

INTERNAL CONTROLS IN A CIS ENVIRONMENT


GENERAL CIS CONTROLS – to establish a framework of overall control over the CIS activities and to provide
a reasonable level of assurance that the overall objectives of internal control are achieved

General CIS controls may include:


a. Organization and management controls – designed to define the strategic direction and establish an
organizational framework over CIS activities, including:
 Strategic information technology plan
 CIS policies and procedures
 Segregation of incompatible functions
 Monitoring of CIS activities performed by third party consultants
b. Development and maintenance controls – designed to provide reasonable assurance that systems are
developed or acquired, implemented and maintained in an authorized and efficient manner. They also
typically are designed to establish control over:
 Project initiation, requirements definition, systems design, testing, data conversion, go-live
decision, migration to production environment, documentation of new or revised systems, and
user training
 Acquisition and implementation of off-the-shelf packages

26
 Request for changes to the existing systems
 Acquisition, implementation, and maintenance of system software
c. Delivery and support controls – designed to control the delivery of CIS services and include:
 Establishment of service level agreements against which CIS services are measured
 Performance and capacity management controls
 Disaster recovery/contingency planning, training, and file backup
 Computer operations controls
 Systems security
 Physical and environment controls
d. Monitoring controls – designed to ensure that CIS controls are working effectively as planned. These
include:
 Monitoring of key CIS performance indicators
 Internal external CIS audits

CIS APPLICATION CONTROLS – to establish specific control procedures over the application systems in
order to provide reasonable assurance that all transactions are authorized, recorded and are processed
completely, accurately and on a timely basis. CIS application controls include:
a. Controls over Input – designed to provide reasonable assurance that:
 Transactions are properly authorized before being processed by the computer
 Transactions are accurately converted into machine readable form and recorded in the
computer data files
 Transactions are not lost, added, duplicated or improperly changed
 Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis.
b. Controls over processing and computer data files – designed to provide reasonable assurance that:
 Transactions, including system generated transactions, re properly processed by the computer
 Transactions are not lost, added, duplicated or improperly changed
 Processing errors (i.e., rejected data and incorrect transactions) are identified and corrected on
a timely basis
c. Controls over output – designed to provide reasonable assurance that:
 Results of processing are accurate
 Access to output is restricted to authorized personnel on a timely basis
 Output is provided to appropriate authorized personnel on a timely basis

Review of general CIS controls


General CIS controls that relate to some or all applications are typically interdependent controls in that
their operation is often essential to the effectiveness of CIS application controls. Accordingly, it may be more
efficient to review the design of the general controls before reviewing the application controls.

Review of CIS application controls


CIS application controls which the auditor may wish to test include:
a. Manual controls exercised by the user
b. Controls over system output
c. Programmed control procedures

CIS ENVIRONMENTS – STAND-ALONE PERSONAL COMPUTERS


1. A personal computer (PC) can be used in various configurations. These include:
a. A stand-alone workstation operated by a single user or a number of users at different times;
b. A workstation which part of a Local Area Network (LAN) of PCs; and
c. A workstation connected to a server
2. In a stand-alone PC environment, it may not be practicable or cost-effective for management to
implement sufficient controls to reduce the risks of undetected error to a minimum level
3. After obtaining the understanding of the accounting system and control environment, the auditor may
find it more cost-effective not to make a further review of general controls or application controls, but
concentrate audit efforts on substantive procedures.

CIS ENVIRONMENTS – ON-LINE COMPUTER SYSTEMS


1. On-line computer systems are computer systems that enable users to access data and programs
directly through terminal devices
2. On-line systems allow users to directly initiate various functions such as:
a. Entering transactions
b. Making inquiries
c. Requesting reports
d. Updating master files
e. Electronic commerce activities
3. Types of terminals used in on-line systems:
A. General purpose terminals
1. Basic keyboard and screen
2. Intelligent terminal
3. PCs
B. Special purpose terminals
27
1. Point-of-sale devices
2. Automated teller machines (ATM)
5. Types of on-line computer systems:
a. On-line/ real time processing
Individual transactions are entered at terminal devices, validated, and used to update
related computer files immediately.
b. On-line/batch processing
Individual transactions are entered at a terminal device, subjected to certain validation
checks, and added to a transaction file that contains other transactions entered during the period. Later, during
a subsequent processing cycle, the transaction file may be validated further and then used to update relevant
master file.
c. On-line/Memo update (and subsequent Processing)

 Combines in-line/ real time and on-line/ batch processing


 Individual transactions immediately update a memo file containing information
that has been extracted from the most recent version of the master file. Inquiries
are made from this memo file
 These same transactions are added to a transaction file for subsequent
validation and updating of the master file on a batch basis
d. On-line/ inquiry
 Restricts users at terminal devices to making inquiries of master file
 Master files are updated by other systems, usually on a batch basis
e. On-line downloading/ uploading processing
 On-line downloading refers to the transfer of data from a master file to an
intelligent terminal device for further processing by a user

NETWORK ENVIRONMENT
1. A network environment is a communication system that enables computer users to share computer
equipment, application software, data, and voice and video transmissions
2. A file server is a computer with an operating system that allows multiple users in a network to access
software applications and data files
3. Basic types of networks
a. Local area network (LAN)
b. Wide area network (WAN)
c. metropolitan area network (MAN)

CIS ENVIRONMENTS – DATABASE SYSTEMS


1. DATABASE – a collection of data that is shared and used by many different users for different
purposes
2. Two components of database systems:
a. Database
b. Database management system (DBMS) – software that creates, maintains, and operates the
database
3. Characteristics of database systems:
a. Data sharing
b. Data independence

TERMS USED IN CIS ENVIRONMENTS


HARDWARE
1. COMPUTER HARDWARE – consists of the configuration of physical electronic equipment
2. CONSOLE – a special CRT (Cathode Ray Tube) used for communication between the operator and
the computer.
3. PERIPHERAL EQUIPMENT – all non-CPU hardware that may be placed under the control of the
processor. This consists of input, storage, output, and communication devices
4. CONTROLLERS – units designed to operate (control) specific input/output devices
5. CHANNELS – units designed to handle the transfer of data into or out of primary storage (memory)
6. BUFFER MEMORY (BUFFER) – temporary storage unit used to hold data during input/output
operations
7. OFF-LINE – peripheral equipment not in direct communication with the CPU
8. ON-LINE – peripheral equipment in direct communication with, and under the control of the CPU
9. INPUT DEVICES – provides a means of transferring data into CPU storage
a. Magnetic tape reader – capable of sensing information recorded as magnetized spots on
magnetic tape. It is also used as an output device and storage medium.
b. Magnetic ink character reader( MICR) – reads characters by scanning temporarily
magnetized characters using magnetic ink
c. Optical character recognition (OCR) – reads characters directly from documents based on
their shapes and positions on the source document
d. Cathode ray tube (CRT) – a typewriter-like device that decodes keystrokes into electronic
impulses
e. Key-to-tape and Key-to-disk – systems in which input data can be entered directly onto
magnetic tape, magnetic disk, or floppy disk through CRT
10. STORAGE DEVICES – devices which store data that can be subsequently used by the CPU
28
a. Random access – data can be accessed directly regardless of how it is physically stored
(e.g., magnetic disk)
b. Sequential access – data must be processed in the order in which it is physically stored
(e.g., magnetic tape)
11. OUTPUT DEVICES – produce readable data or machine-readable data when further processing is
required. Examples are CRT, printer, and CRT COM (Computer output to Micro film)
12. TERMINALS – CRT devices or microcomputers used for input/output (communication) with the CPU
13. POINT-OF-SALE DEVICES – a terminal connected to a computer. It takes the place of a cash register
or similar devices which allows instant recording and is capable of keeping perpetual inventory
14. MODEM – a device for interfacing communications equipment within communication networks

Software consists of computer programs which instruct the computer hardware to perform the desired
processing.

Types of computer programs


1. OPERATING SYSTEM – controls the functioning of the CPU and its peripheral equipment. Several
different operating systems allow a single configuration of hardware to function in the following modes:
a. MULTIPROGRAMMING – the operating system processes a program until an input/output
operation is required. Since input or output can be handled by peripheral devices, such as
channels and controllers, the CPU can begin executing another program’s instructions.
Several programs appear to be concurrently processing
b. MULTIPROCESSING – multiple CPUs process data while sharing peripheral devices,
allowing two or more programs to be process simultaneously
c. VIRTUAL STORAGE – the operating system separates user programs into segment pages
automatically. It appears as though there is unlimited memory available for programs, even
though the program is still confined to a physical segment of memory.
2. UTILITY PROGRAM – performs a commonly required process, such as storing and merging
3. APPLICATION PROGRAM – performs the desired processing tasks (e.g., payroll preparation)
4. SOURCE PROGRAM – written by a programmer in a source language (e.g., COBOL) that will be
converted into an object program
5. OBJECT PROGRAM – converted source program that was changed using a complier to create a set of
machine-readable instructions
6. COMPILER – converts a source program to a machine language object program
7. INTERPRETER – converts each source code instruction to object code each time it is executed
8. DATABASE MANAGEMENT SYSTEM (DBMS) – a software package for the purpose of creating,
accessing, and maintaining a database
9. TELECOMMUNICATIONS MONITOR PROGRAM – provides edit capabilities and file maintenance to
users, monitors on-line terminals, and handles input to application programs

ELECTRONIC DATA INTERCHANGE (EDI) – the electronic exchange of transactions, from one entity’s
computer to another entity’s computer through an electronic communications network. In electronic fund
transfer (EFT) Systems, for example, electronic transactions replace checks as a mean of payment.
EDI controls include:
a. Authentication – controls must exist over the origin, proper submission, and proper delivery of EDI
communications to ensure that the EDI messages are accurately sent and received to and from
authorized customers and suppliers.
b. Encryption – involves conversion of plain text data to cipher text data to make EDI messages
unreadable to unauthorized persons
c. VAN controls – a value added network (VAN) is a computer service organization that provides
network, storage, and forwarding (mailbox) services for EDI messages
AUDIT APPROACHES
1. Auditing around the computer – the auditor ignores or bypasses the computer processing function of an
entity’s EDP system
2. Auditing with the computer – the computer is used as an audit tool
3. Auditing through the computer – the auditor enters the client’s system and examines directly the
computer and its system and application software

COMPUTER ASSISTED AUDIT TECHNIQUES FOR TESTS OF CONTROLS


I. Program analysis – techniques that allow the auditor to gain an understanding of the client’s
program
1. Code review – involves actual analysis of the logic of the program’s processing routines
2. Comparison programs – programs that allow the auditor to compare computerized files
3. Flowcharting software – used to produce a flowchart of a program’s logic and may be used
both in mainframe and microcomputer environments
4. Program tracing and mapping – program tracing is a technique in which instruction executed
is listed along with control information affecting that instruction. Program mapping identifies
sections of code which may be potential source of abuse
5. Snapshot – this technique “takes a picture” of the status of program execution, intermediate
results, or transaction data at specified processing points I the program processing
II. Program testing – involves the use of auditor-controlled actual or simulated data
1. Historical audit techniques – test the audit computer controls at a point in time
a. Test data
29
 A set of dummy transactions specifically designed to test the control activities
that management claims to have incorporated into the processing programs
 Shifts control over processing to the auditor by using the client’s software to
process auditor-prepared test data that includes both valid and invalid conditions
 It embedded controls are functioning properly, the client’s software should detect
all the exceptions planted in the auditor’s test data
 Ineffective if the client does not use the software tested
b. Base case system evaluation (BCSE)
 Develops test data that purports to test every possible condition that an auditor
expects a client’s software will confront
 Provides an auditor with much more assurance than test data alone, but
expensive to develop and therefore cost-effective only in large computer systems
c. Integrated test facility (ITF)
 A variation of test of data whereby simulated data and actual data are run simultaneously with the
client’s program and computer results are compared with auditor’s predetermined results
 It provides assurance that the software tested is actually used to prepare financial reports
d. Parallel simulation
 It involves of processing client’s live (actual) data utilizing an auditor’s generalized audit software
 If an entity’s control have been operating efficiently, the client’s software should generate the same
exceptions as the auditor’s software
 It should be performed on a surprise basis, I possible
e. Controlled reprocessing
 A variation of parallel simulation, it involves processing of actual client data through a copy of the
client’s application program
2. Continuous audit techniques – test the audit computer controls throughout a period.
a. Audit modules – programmed audit routines incorporated into an application program
that are designed to perform an audit function such as a calculation, or logging
activity
b. Systems control audit review files (SCARFs) – log that collect transaction information
for subsequent review and analysis by the auditor
c. Audit hooks – “exists” in an entity’s computer program that allows an auditor to insert
commands for audit processing
d. Transaction tagging – a transaction record is tagged and then traced through critical
control points in the information system
e. Extended records – this technique attaches additional audit data which would not
otherwise be saved to regular historic records and thereby helps to provide a more
complete audit trail
III. Review of operating system and other system software
1. JOB ACCOUNTING DATA/ OPERATING SYSTEM LOGS – these logs that track particular
functions, include reports of the resources use by the computer system. The auditor may be
able to use them to review the work processed, to determined whether unauthorized
applications were processed and to determine that authorized applications were processed
properly
2. LIBRARY MANAGEMENT SOFTWARE – this logs changes in programs, program
modules, job control language, and other processing activities
3. ACCESS CONTROL AND SECURITY SOFTWARE – this restricts access to computers to
authorized personnel through techniques such as only allowing certain users with “read-
only” access or through use of an encryption
COMPUTERIZED AUDIT TOOLS
1. AUDIT SOFTWARE – computer programs used to process data of audit significance from the client’s
accounting system
a. Package programs (generalized audit software)
1. Reading computer files
2. Selecting samples
3. Performing calculations
4. Creating data files
5. Printing reports in an auditor-specified format
b. Purpose written programs (special purpose or custom designed programs)
c. Utility programs – they are generally not designed for audit purposes
2. Electronic spreadsheets – contain a variety of predefined mathematical operations and functions that
can be applied to data entered into the cells of a spreadsheet
3. Automated work paper software – designed to generate a trial balance, lead schedules, and other
reports useful for the audit. The schedules and reports can be created once the auditor has either
manually entered or electronically imported through using the client’s account balance information into
the system
4. Text retrieval software – allow user to view any text that ia available in an electronic format. The
software program allows the user to browse through text files much as a user would browse through
books.
5. Database management systems
6. Public databases
7. Word processing software

30
Factors to consider in using CAAT
1. Degree of technical competence in CIS
2. Availability of CAAT and appropriate computer facilities
3. Impracticability of manual tests
4. Effectiveness and efficiency
5. Timing of tests

Controlling the CAAT application


Procedures to control the use of AUDIT SOFTWARE may include:
1. Participating in the design and testing of computer programs
2. Checking the coding of the program
3. Requesting the client’s CIS personnel to review the operating system instructions
4. Running the audit software on small test files before running them on main data files
5. Ensuring that the correct files were used
6. Obtaining evidence that the audit software functioned as planned
7. Establishing appropriate security measures to safeguard against manipulations of the entity’s data files

Procedures to control the use of TEST DATA may include:


1. Controlling the sequence of submission of test data where it spans several processing cycles
2. Performing test runs
3. Predicting the results of test data
4. Confirming that the current version of the program was used
5. Obtaining reasonable assurance that the programs used to process the test data were used by the
entity throughout the applicable audit period

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW


COMPLETING THE AUDIT

The procedures to wrap-up an audit engagement are:


1. Review for related party transactions
2. Review for subsequent events
3. Make inquiries of a client’s legal counsel
4. Search for unrecorded liabilities
5. Perform final review stage analytical procedures
6. Review adequacy of disclosures using a disclosure checklist that list all specific disclosures required by
GAAP and the SEC, if appropriate
7. Review of working papers
8. Form an opinion

RELATED PARTY TRANSACTIONS


Identifying transactions with related parties
The following procedures may identify material transactions with known related parties or indicate the
existence of previously unknown related parties:
1. Provide personnel performing all segments of the audit with the names of known related parties
2. Review the minutes of meetings of the board of directors and committees
3. Review filings with SEC and other regulatory agencies
4. Review conflict-of-interest statements obtained from the client’s management
5. Review business transacted with major customers, suppliers, borrowers, and lenders for indications of
undisclosed relationships
6. Consider whether unrecognized transactions are occurring, such as receiving or providing accounting,
management, or other services at no charge
7. Review accounting records for large, unusual, or nonrecurring transactions or balances, especially
those near the end of the period
8. Review invoices from law firms
9. Review confirmations of loan receivable and payable for guarantees.

Examining identified related party transaction


1. Obtain an understanding of the business purpose of the transaction
2. Examine invoices, executed copies of agreements, contracts, and other documents
3. Determine whether the transaction has been approved by the board of directors or other officials
4. Test for reasonableness the compilation of amounts to be disclosed or considered for disclosure

31
5. Arrange for the audits of intercompany balances to be performed as of concurrent dates, even the fiscal
years differ, and for the examination of the specified, important, and representative related party
transactions by the auditor for each of the parties with appropriate exchange of relevant information
6. Inspect or confirm and obtain satisfaction concerning the transferability and value of the collateral

EVENTS AFTER THE BALANCE SHEET DATE (subsequent events)


(Based on PSA 560 – subsequent events)
1. Events after the balance sheet date are those events, both favorable and unfavorable, that occur
between the balance sheet date and the date when the financial statements are authorized for issue
2. The following procedures are typically performed at or near the completion of the fieldwork to detect
subsequent events:
a. Read the latest available interim financial statements and compare them with the financial
statements being reported on
b. Read the available minutes of the meetings of stockholders, directors, and appropriate
committees
c. Assemble pertinent findings resulting from inquiries of legal counsel and other auditing
procedures for litigation, claims, and assessments
d. Obtain a letter of representation from management
3. When the auditor becomes aware of events which materially affect the financial statements, the auditor
should consider whether such events are properly accounted for and adequately disclosed in the
financial statements

INQUIRIES OF CLIENT’S LEGAL COUNSEL


1. The auditor is required to communicate directly with a client’s attorney about liabilities arising from
litigations, claims, and assessments
2. A list of legal issues should be prepared by the client’s management, rather than the client’s attorney.
This information is sent by the auditor to the auditor to the attorney, requesting information about:
a. Pending or threatened litigation, claims, and assessments
b. Unasserted claims and assessments
3. The client should request the attorney to furnish the following information for all pending or threatened
litigation, claims, and assessments, and to comment on differences between the attorney’s and
management’s views:
a. A description of the nature of the matter, progress to date, and action that client intends to
take
b. An evaluation of the likelihood of an unfavorable outcome and an estimate, if one can be
made, of the amount or range of potential loss
c. A statement that management’s list of pending or threatened claims is complete, or
identification of any omissions
4. The attorney’s refusal to reply to the audit inquiry is a SCOPE LIMITATION that may affect the audit
report
5. In the case of unasserted claims which the client has not disclosed, the lawyer is not required to note
them in his or her reply to the auditor. However, the lawyer is generally required to inform the client of
the omission and to consider withdrawing if the client fails to inform the auditor

MANAGEMENT REPRESENTATION LETTER


(BASED ON PSA 560 – MANAGEMENT REPRESENTATIONS)
1. The representation letter
a. Confirms the oral representations given by management to the auditor and reduces the
possibility of misunderstanding between the client and the auditor
b. Reminds management of its primary responsibility for the financial statements
c. Addressed to the auditor
d. Dated as of the audit report date
e. Signed by the CEO and the CFO
f. Not a substitute for the application of other necessary auditing procedures
2. If management refuses to provide a representation that the auditor considers necessary, this
constitutes a scope limitation and the auditor should express a qualified opinion or a disclaimer of
opinion
3. Written representations requested from management may be limited to matters that are considered
either individually or collectively material to the financial statements

EXAMPLE OF A MANAGEMENT REPRESENTATION LETTER


(ENTITY LETTERHEAD)
(TO AUDITOR) (DATE)

The representation letter is provided in connection with your audit of the financial statements of ABC Company for the
year ended December 31, 20X1 for the purpose of expressing an opinion as to whether the financial statements present
fairly, in all material aspects, the financial position of ABC Company as of December 31, 20X1 and of the results of its
operations and its cash flows for the year time ended in accordance with (indicate relevant financial reporting framework).

We acknowledge our responsibility for the fair presentation of the financial statements in accordance with (indicate
relevant financial reporting framework).

32
We confirm to the best of our knowledge and belief, the following representations:

Include here representations relevant to the entity. Such representations may include:
 There have been no irregularities involving management or employees who have a significant role in the
accounting and internal control systems or that could have a material effect on the financial statements
 We have made available to you all the books of account and supporting documentation and all minutes of
meetings and shareholders and BOD (namely those held on (dates) respectively)
 We confirm the completeness of the information provided regarding the identification of related parties
 The financial statements are free of material misstatements, including omissions
 The company has complied with all aspects of contractual agreements that could have a material effect on the
financial statements in the event of noncompliance. There has been no noncompliance with requirements of
regulatory authorities that could have a material effect on the financial statements in the event of
noncompliance.
 We have no plans or intentions that may affect or alter the carrying value or classification of asset and liabilities
reflected in the financial statement
 (no plans regarding the inventory abandonment or no inventory were stated in an amount in excess of net
realizable value)
 Indicate that there are no events subsequent to period which require adjustments in the statements
 Indicate that the claim is settled in a specific amount and there are no other litigations are expected to be
received
 Indicate that there are no formal or informal compensating balance arrangements with any of the cash, except
those that are disclosed
 Indicate that you have recorded material regarding the capital per se
______________________
(Senior Executive Officer)
______________________
(Senior Financial Officer)

EVALUATION OF GOING CONCERN STATUS


(BASED ON PSA 570 – GOING CONCERN)
1. The auditor should evaluate if the entity is going to continue as a going concern
2. The auditor should consider:
 The process followed
 Assumptions that are being based on
 Management’s plans for future action
3. When doubting events with regards to its “going concern assumption”, the auditor should:
 Review the plans of the management
 Gather sufficient evidence that indicates a company will not be able to carry out the business
anymore, consider the effect of any plans and other mitigating factors
 Seek written representations from the management regarding its future plans
4. Events and conditions that may cast doubt about the going concern assumption:
FINANCIAL
 Net (current) liability position
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment
 Financial debtors indications of withdrawal
 Negative operating cash flows
 Adverse key financial ratios
 Substantial operating loss or deterioration of assets
 Arrears of dividends
 Inability to pay creditors on time
 Inability to comply with loan terms and agreements
 Conversion of cash to credit when in delivery
 Inability to obtain financing for essential investments
OPERATING
 Loss of key management personnel without replacement
 Loss of major franchise, supplier etc.
 Labor and shortages of important supplies
OTHER
 Non compliance with capital or other statutory requirements
 Pending legal or regulatory proceedings against the entity
 Changes in the legislation or government policy that may affect the entity

WRITING A MANAGEMENT LETTER


1. Reasons:
a. To encourage a better relationship between the auditor and the management
b. To suggest additional tax and management services that the auditor can provide
2. This letter is OPTIONAL and it helps the client operate its business effectively
3. There is no standard format for writing this letter.

33
CPA REVIEW SCHOOL OF THE PHILIPPINES
Manila

AUDITING THEORY CPA REVIEW


THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS
(Based on PSA 700 revised – The Independent Auditor’s Report
On a Complete Set of General Purpose Financial Statements)

INDEPENDENT AUDITOR’S REPORT

[Appropriate addressee]

Report on the financial statements


[This subheading is unnecessary in circumstances when the second subheading “Report on Other Legal and
Regulatory Requirements” is not applicable.

We have audited the accompanying financial statements of ABC Company which comprise a balance sheet as
at date December 31, 20X1, and the income statement, statement of changes in equity and cash flow
statement for the year ended, and a summary of significant accounting policies and other explanatory notes.

Management’s responsibility for the financial statements


Management is responsible for the preparation and fair presentation of these financial statements in
accordance with the Philippine Financial Reporting Standards. This responsibility includes: designing,
maintaining and implementing internal control relevant to the preparation and fair presentation of financial
statements that are free from material misstatements, whether due to fraud or error; selecting and applying
appropriate accounting policies; and making accounting estimates that are reasonable in circumstances.

Auditor’s responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our
audit in accordance with Philippine Standards on Auditing. Those standards require that we comply with ethical
requirements and plan and perform the audit to obtain reasonable assurance whether the financial statements
are free from material misstatement. An audit involves performing procedures to obtain audit evidence about
the amounts and disclosures in the financial statements. The procedures selected depend upon the auditor’s
judgment, including the assessment of the risks of material misstatements on the financial statements whether
due to fraud or error. In making those risk assessments; the auditor considers internal control relevant to the
entity’s preparation and fair presentation of the financial statements in order to design audit procedures that
are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of
the internal control of the entity. An audit also includes evaluating the appropriateness of the accounting
policies used and the reasonableness of accounting estimates made by the management, as well as
evaluating the overall presentation of the financial statements.

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our
audit opinion.

Opinion
In our opinion, the financial statements fairly, in all material respects, the financial position of ABC Company as
of December 31, 20X1, and of its financial performance and its cash flows for the year then ended in
accordance with the Philippine Financial Reporting Standards.

Report on other legal and regulatory requirements


[Form and content of this section of the auditor’s report will vary depending on the nature of the auditor’s other
reporting responsibilities]

[Auditor’s signature]
[Date of Auditor’s report]
[Auditor’s address]

MODIFICATIONS TO THE INDEPENDENT AUDITOR’S REPORT (BASED ON PSA 701)


Matters that do not affect the auditor’s opinion
 You may add an emphasis of matter paragraph to the report to highlight a matter affecting the
financial statements which is included in the note of the financial statements that more
extensively discuss the matter
 The paragraph would preferably be included after the opinion paragraph but before the section
on any other reporting responsibilities, if any.
 Emphasis of matter paragraph is used to highlight the existence of:
 Material uncertainty relating to the event or condition that may cast significant doubt
on the entity’s ability to continue as a going concern; or
34
 Significant uncertainty (other than a going concern problem), the resolution of which is
dependent upon future events and which may affect the financial statements
 Emphasis of matter paragraph to report on matters other than those affecting the financial
statements. For example, if an amendment to other information in a document containing
audited financial statements is necessary and the entity refuses to make an amendment

Example of an emphasis of matter paragraph relating to a going concern problem:

Without qualifying our opinion, we draw attention to Note X in the financial statements which indicates that
the Company incurred a net loss of P_____ during the year ended December 31,20X1 and, as of date, the
company’s current liabilities exceeded its total assets by P_____. These conditions, along with other matters,
as set forth in Note X, indicate the existence of a material uncertainty which may cast significant doubt about
the Company’s ability to continue as a going concern.

Matters that affect the auditor’s opinion


 If the following circumstances exists that the auditor may not be able to conclude an
unqualified judgment and the effect of the matter is or may be material to the financial
statements:
 There is a limitation on the scope of the auditor’s work. – could lead to a qualified
opinion or a disclaimer of opinion
 A disagreement with the management regarding the acceptability of the accounting
policies selected the method of their application on the adequacy of financial
statement disclosures. Could lead to a qualified opinion or an adverse of opinion.

Qualified opinion
 Should be expressed when the auditor concludes that the unqualified opinion cannot be
expressed but that the effect of any disagreement with management, or limitation on scope is
not so material and pervasive as to require an adverse opinion or a disclaimer of opinion.
 A qualified opinion should be expressed as being “except for” the effects of the matter to which
the qualification relates.
Adverse opinion
 Should be expressed when the effect of the disagreement is so material and pervasive to the
financial statements that the auditor concludes that a qualification of the report is not adequate
to disclose the misleading or incomplete nature of the financial statements.
Disclaimer of Opinion
 Should be expressed when the possible effect of a limitation on the scope is so material and
pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and
accordingly is unable to express an opinion on the financial statements.

REPORT MODIFICATIONS

Limitation on scope

ILLUSTRATIVE EXAMPLES OF MODIFIED REPORTS

1. LIMITATION ON SCOPE – QUALIFIED OPINION


We have audited … (remaining words are the same as in the introductory page)

Management is responsible for … (same as illustrated in the management’s responsibility paragraph)

Our responsibility is to express an opinion on these financial statements based on our audit. Except as
discussed in the following paragraph, we conducted our audit in accordance with … (auditor’s
responsibility paragraph)

We did not observe the counting of the physical inventories as of December 31, 20X1, since that date
was prior to the time we were initially engaged as auditors for the company. Owing to the nature of the
company’s records, we were unable to satisfy ourselves as to inventory quantities by other audit
procedures.

In our opinion, except for the effects of such adjustments, if any, as might have been determined to be
necessary had we been able to satisfy ourselves as to physical inventory quantities, the financial
statements fairly presents, in all material respects … (opinion paragraph)

2. LIMITATION ON SCOPE – DISCLAIMER OF OPINION


We were engaged to audit the accompanying financial statements of ABC Company, which comprise the
balance sheet date as of December 31, 20X1, and the income statements, statement of changes in equity
and cash flow statement for the year ended, and a summary of significant accounting policies and other
explanatory notes.

35
Management is responsible for … (same as illustrated in the management’s responsibility paragraph)

(Omit the sentence stating the responsibility of the auditor)

(The paragraph discussing the scope of the audit would either be omitted or amended according to the
circumstances)

(Add a paragraph describing the scope limitation as follows:

We were not able to observe all physical inventories and confirm accounts receivables due to limitations
placed on the scope of our work by the company)

Because of the significance of the matters discussed in the preceding paragraph, we do not express an
opinion on the financial statements.

3. DISAGREEMENT ON ACCOUNTING POLICIES – INAPPROPRIATE ACCOUNTING


METHOD
QUALIFIED OPINION
We have audited … (remaining words are the same as in the introductory page)

Management is responsible for … (same as illustrated in the management’s responsibility paragraph)

Our responsibility is to express an opinion on these financial statements based on our audit. Except as
discussed in the following paragraph, we conducted our audit in accordance with … (auditor’s
responsibility paragraph)

As discussed in the Note X to the financial statements, no depreciation has been provided in the financial
statements which practice, in our opinion, is not in accordance in PFRS. The provision for the year ended
December 31, 20X1, should be xxx based on the straight-line method of depreciation using annual rates
of 5% for the building and 20% for the equipment. Accordingly, the fixed assets should be reducedby
accumulated depreciation of xxx and the loss for the year and accumulated deficit should be increased by
xxx and xxx, respectively.

In our opinion, except for the effects of such adjustments, if any, as might have been determined to be
necessary had we been able to satisfy ourselves as to physical inventory quantities, the financial
statements fairly presents, in all material respects … (opinion paragraph)
4. DISAGREEMENT ON ACCOUNTING POLICIES – INADEQUATE DISCLOSURES
QUALIFIED OPINION
We have audited … (remaining words are the same as in the introductory page)

Management is responsible for … (same as illustrated in the management’s responsibility paragraph)

Our responsibility is to express an opinion on these financial statements based on our audit. Except as
discussed in the following paragraph, we conducted our audit in accordance with … (auditor’s
responsibility paragraph)

On January 31,20X2, the Company issued debentures in the amount of… for the purpose of financing
plant expansion. The debenture agreement restricts the payment of future cash dividends to earnings
after December 31,19X1, which restrictions was not disclosed in the company’s financial statements.
Disclosure of this is required by the PAS 1, Presentation of financial statements.

In our opinion, except for the omission of the information included in the preceding paragraph, the
financial statements present fairly, in all material respects… (opinion paragraph)

5. DISAGREEMENT ON ACCOUNTING POLICIES – INADEQUATE DISCLOSURE


ADVERSE OPINION
We have audited … (remaining words are the same as in the introductory page)

Management is responsible for … (same as illustrated in the management’s responsibility paragraph)

Our responsibility is to express an opinion on these financial statements based on our audit. Except as
discussed in the following paragraph, we conducted our audit in accordance with … (auditor’s
responsibility paragraph)

(Paragraph(s) discussing the disagreement)

In our opinion, because of the effects of the matters discussed in the preceding paragraph(s), the
financial statements do not present fairly, in all material respects, the financial position of ABC Company
as of December 31,19X1, and of its financial performance and its cash flows for the year then ended in
accordance with PFRS… (Opinion paragraph)

SUBSEQUENT EVENTS (BASED ON PSA 560)


1. The auditor should consider the effect of subsequent events on the financial statements and
on auditor’s report.

36
Events occurring up to the date of the auditor’s report
2. The auditor should perform procedures designed to obtain sufficient appropriate audit
evidence that all events up to date of the auditor’s report that may require adjustment of, or
disclosure in, the financial statements have been identified.
3. When the auditor becomes aware of events which materially affect the financial statements,
the auditor should consider whether such events are properly accounted for and adequately
disclosed in the financial statements.

Facts discovered after the date of the auditor’s report but before the financial statements are
issued
4. During the period from the date of the auditor’s report to the date the financial statements are
issued:
o The responsibility to inform the auditor of facts which may affect the financial statements
rests with management
o When the auditor becomes aware of the facts that will materially affect the financial
statements, the auditor should:
 Consider whether the financial statements needed amendment
 Discuss the matter with the management
 Take the action appropriate in the circumstances
5. When the management amends the financial statements, the auditor would carry out the
procedures necessary in the circumstances and would provide management with a new report
on the amended financial statements
6. The new auditor’s report would be dated not earlier than the date the amended financial
statements are signed or approved and, accordingly, the procedures to identify subsequent
events would be extended to the date of the new auditor’s report
7. When management does not amend the financial statements but the auditor believes they
need to be amended and the auditor’s report has not been released to the entity, the auditor
should express a qualified opinion or an adverse opinion.

Facts discovered after the financial statements have been issued


8. After the financial statements have been issued, the auditor has no obligation to make any
inquiry regarding such financial statements.
9. When, after the financial statements have been issued, the auditor becomes aware of a fact
which existed at the date of the auditor’s report and which, if known at date, may have caused
the auditor to modify the auditor’s report, the auditor should:
o Consider whether the financial statements need revision
o Discuss the matter with management
o Take the appropriate action in the circumstances
10. When management revises the financial statements, the auditor would:
o Carry out the audit procedures necessary in the circumstances
o Review the steps taken by management to ensure that anyone in receipt of the
previously issued financial statements together with the auditor’s report thereon is
informed of the situation.
o Issue a new report on the revised financial statements:
 Include an emphasis of a matter paragraph.
 Would be dated earlier than the date the revised financial statements are
approved
 The auditor is permitted to restrict the audit procedures regarding the revised
financial statements to effects of the subsequent event that necessitated the
revision.
11. It may not be necessary to revise the financial statements and issue a new auditor’s report
when issue of the financial statements for the following period is imminent, provided
appropriate disclosures are to be made in such statements

USING THE WORK OF ANOTHER AUDITOR (BASED ON PSA 600)


1. The principal auditor is the auditor with responsibility for reporting on the financial statements
of an entity when those financial statements include financial information of one or more
components audited by another auditor
2. The auditor should consider whether the auditor’s own participation is sufficient to be able to
act as principal auditor. The following would be considered:
o The materiality of the portion of the financial statements which the principal auditor
audits
o The principal auditor’s degree of knowledge regarding the business of the components
o The risk of material misstatements in the financial statements of the components
audited by the other auditor

37
o The performance of additional procedures as set out in PSA 600 regarding the
components audited by other auditor resulting in the principal auditor having significant
participation in such audit
3. When planning to use the work of another auditor, the principal auditor should:
o Consider the professional competence of the other auditor in the context of specific
assignment
o Perform procedures to obtain sufficient appropriate audit evidence that the work of the
other auditor is adequate for the principal auditor’s purposes in the context of the
specific assignment
o Consider the significant findings of the other auditor
4. Reporting conclusions
o When the principal auditor concludes that the work of the other cannot be used and the
principal auditor has not been able to perform sufficient additional procedures regarding
financial information of the component audited by the other auditor, the principal auditor
should express a qualified or a disclaimer of opinion because of a scope of limitation.
o If the auditor issues or intend to issue, a modified auditor’s report, the principal auditor
would consider whether the subject of modification is of such a nature and significance,
in relation to the financial statements of the entity on which the principal auditor is
reporting that a modification on the principal auditor’s report is required.

5. Division of responsibility
o When the principal auditor bases the audit opinion on the financial statements taken as
a whole solely upon the report of another auditor regarding the audit of one or more
components, the principal auditor’s report should state this fact clearly and should
indicate the magnitude of the portion of the financial statements audited by the other
auditor.

COMPARATIVES (BASED ON PSA 710)


1. Two broad financial reporting frameworks for comparatives:

CORRESPONDING FIGURES
o For the prior periods, these are an integral part of the current period financial
statements and have to be read in conjunction with the amounts and other disclosures
relating to the current period.
o These are not presented as complete financial statements capable of standing alone
o The auditor should obtain sufficient appropriate audit evidence that the corresponding
figures meet the requirements of GAAP in the Philippine
o The auditor should assess whether:
 Accounting policies used for the corresponding figures are consistent with those
of the current period or whether appropriate adjustments and/or disclosures have
been made
 Corresponding figures agree with the amounts and other disclosures presented
in prior period or whether appropriate adjustments and/or disclosures have been
made
COMPARATIVE FINANCIAL STATEMENTS
 These comparative financial statements for the prior period(s) are considered separate
financial statements.
 These are presented for comparison with the financial statements of the current period, but do
not form part of the current period financial statements
 The auditor should obtain sufficient appropriate evidence that the comparative financial
statements meet the requirements of GAAP in the Philippines
 The auditor should assess whether:
o Accounting policies of the prior period are consistent with those of the current period or
whether appropriate adjustments and/or disclosures have been made
o Prior period figures presented agree with the amounts and other disclosures presented
in the prior period or whether appropriate judgments and disclosures have been made

REPORTING – CORRESPONDING FIGURES


1. The comparatives are not specifically identified in the audit report because the auditor’s
opinion is on the current period financial statements as a whole, including the corresponding
figures
2. When the auditor’s report on the prior period, as previously issued, included an opinion other
than unqualified and the matter which gave rise to the modification is:
a. Unresolved, and results in modification of the auditor’s report regarding the current
figures period, the auditor’s report should also be modified regarding the corresponding
figures
38
b. Unresolved, but does not result in a modification of the auditor’s report regarding the
current period figures, the auditor’s report should also be modified regarding the
corresponding figures
c. Resolved, and properly dealt with in the financial statements, the current period report
does not ordinarily refer to the previous modification. However, if the matter is material
to the current period, the auditor may include an emphasis of the matter paragraph
dealing with the situation

3. When the incoming auditor decides to refer to the predecessor auditor’s report, the incoming
auditor’s report should indicate:
a. That the financial statements of the prior period were audited by another auditor
b. Type of report issued by the predecessor auditor and, if the report was modified, the
reasons therefore;
c. Date of that report

4. When the prior period financial statements were not audited, the incoming auditor should state
that the corresponding figures are unaudited.
5. If the incoming auditor identifies that the corresponding figures are materially misstated, the
auditor should request management to revise the corresponding figures or if management
refuses to do so, appropriately modify the report

REPORTING – COMPARATIVE FINANCIAL STATEMENTS


CONTINUING AUDITOR
1. The auditor may express adverse or qualified opinion, disclaim an opinion, or include an
emphasis of paragraph with respect to one or more financial statements for one or more
period, while issuing a different report on the other financial statements
2. When finding the connectivity of the prior period financial statements with the current financial
statements, if the opinion on such prior period is different from the opinion previously
expressed, the auditor should disclose the substantive reasons for the different opinion in an
emphasis of matter paragraph

INCOMING AUDITOR
When the financial statements of the prior period were audited by another auditor,
 The predecessor auditor may reissue the audit report on the prior period with the incoming
auditor only reporting on the current period; or
 The incoming auditor’s report should state that the prior period was audited by another auditor
and the incoming auditor’s report should indicate:
o That the financial statements of the prior period was audited by another auditor
o The type of report issued by the predecessor auditor, and if the report was modified, the
reasons; therefore
o Date of the report

PRIOR PERIOD FINANCIAL STATEMENTS NOT AUDITED


1. When the prior financial statements were not audited, the incoming auditor should state in the
auditor’s report that the comprehensive financial statements are unaudited
2. If the prior period financial statements were materially misstated, the auditor should request
management to revise the prior year’s figures or if management refuses to do so, appropriately
modify the report

OTHER INFORMATION IN DOCUMENTS CONTAINING AUDITED FINANCIAL STATEMENTS


(BASED ON PSA 720)

1. An entity ordinarily issues on an annual basis a document which includes its audited financial
statements together with the auditor’s report thereon, also called “annual report”.

Material inconsistencies
2. This exists when the other information contradicts information contained in the audited
financial statements
3. If, on reading the other information, the auditor identifies material inconsistency, the auditor
should determine whether the financial statements need to be amended
 If the amendment is necessary and the entity refuses to make an amendment, the
auditor should express a qualified or adverse opinion
39
 If the amendment is necessary and the entity refuses to make an amendment, the
auditor should consider including in the auditor auditor’s report an emphasis of
matter paragraph.

Material misstatements of facts


4. A Material misstatements of fact in other information exists when such information, not related
to matters appearing in the audited financial statements, is incorrectly stated or presented
5. If the auditor becomes aware that there is a misstatement of fact, the auditor should discuss
the matter with the entity’s management
6. When the auditor still considers there is an apparent misstatement of fact in the other
information which management refuses to correct, the auditor should consider taking
appropriate action such as notifying those persons ultimately responsible for the overall
direction of the entity in writing of the auditor’s concern regarding the other information and
obtaining legal advice

THE AUDITOR’S REPORT ON SPECIAL PURPOSE AUDOT ENGAGEMENTS


(BASED ON PSA 800)
1. Special purpose audit engagements include:
a. Financial statements prepared in accordance with a comprehensive basis of accounting
other than GAAP in the Philippines
b. Specified accounts, elements of accounts, or terms in a financial statement
c. Compliance with contractual agreements
d. Summarized financial statements
2. The auditor should assess and review the conclusions drawn from the audit evidenced
obtained during the special purpose audit engagement as the basis for an expression of
opinion. The report should contain a clear written expression of opinion
3. Before undertaking a special purpose audit engagement, the auditor should ensure there is
agreement with the client as to the exact nature of the engagement and the form and content
of the report to be issued
4. The auditor’s report on a special purpose audit engagement, except for a report on
summarized financial statements, should include the following basic elements, ordinarily in the
following layout:
 Title
 Addressee
 Opening or introductory paragraph
o Identification of the financial information audited
o A statement of the responsibility of the entity’s management and the
responsibility of the auditor
 A scope paragraph
o Reference to the PSAs applicable to special purpose audit engagements
o Description of the work the auditor performed
 Opinion paragraph containing an expression of opinion on the financial information
 Date of the report
 Auditor’s address
 Auditor’s signature

Reports on an “other comprehensive basis of accounting” financial statements


1. The report should include a statement that indicates the basis of accounting used or should
refer to the note to the financial statements giving that information
2. The opinion should state whether the financial statements are prepared, in all material aspects,
in accordance with the identified basis of accounting
3. If the financial statements are not suitably titled or the basis of accounting is not adequately
disclosed, the auditor should issue an appropriately modified report

Reports on a component financial statement


1. This type of engagement may be undertaken as a separate engagement or in conjunction with
an audit of the entity’s financial statements
2. The auditor’s report on a component of financial statements should include a statement that
indicates the basis accounting in accordance with which the component is presented or refers
to an agreement that specifies the basis. The opinion should state whether the component is
prepared, in all material aspects, in accordance with the identified basis of accounting.
3. When an adverse opinion or disclaimer of opinion on the entire financial statements has been
expressed, the auditor should report components of the financial statements only if those
components are not so extensive as to constitute a major portion of the financial statements.
To do otherwise may overshadow the report on the entitre financial statements.

40
Reports on a compliance with contractual agreements
1. Engagements to express an opinion as to an entity’s compliance with contractual agreements
should be undertaken only when the overall aspects of compliance relate to accounting and
financial matters within the scope of the auditor’s professional competence
2. The report should state whether, in the auditor’s opinion, the entity has complied with the
particular provisions of the agreement

Reports on summarized financial statements


1. Unless the auditor has expressed an audit opinion on the financial statements from which the
summarized financial statements are derived, the auditor should not report the summarized
financial statements
2. Summarized financial statements should be appropriately titled to identify the audited financial
statements from which they have been derived.
3. Summarized financial statements do not contain all the information required by the financial
reporting framework used for annual audited financial statements. Consequently, wording such
as “present fairly, in all material respects,” is not used
4. The following elements in an auditor’s report:
a. Title
b. Addressee
c. An identification of the audited financial statements from the summarized financial
statements were derived
d. A reference to the date of the audit report on the unabridged financial statement and the
type of opinion given in that report
e. An opinion as to whether the information in the summarized financial statements is
consistent with the audited financial statements from which it is derived
f. A statements, or reference to te note within the summarized financial statements, which
indicates that for a better understanding of an entity’s financial performance and
position and of the scope of the audit performed, the summarized financial statements
should be read n conjunction with the unabridged financial statements and the audit
report thereon
g. Date of the report
h. Auditor’s address
i. Auditor’s signature
CPA REVIEW SCHOOL OF THE PHILIPPINES
Manila

AUDITING THEORY CPA REVIEW

REPORTS – OTHER ASSURANCE AND RELATED SERVICES

ENGAGEMENTS TO REVIEW FINANCIAL STATEMENTS


(Based on PSRE 2400)

1. The objective of a review of financial statements is to enable an auditor to state whether, on the
basis of procedures which do not provide all the evidence that would be required in an audit,
anything has come to the auditor’s attention that causes the auditor to believe that the financial
statements are not prepared, in all material respects, in accordance with Philippine Financial
Reporting Standards (negative assurance).

2. For the purpose of expressing negative assurance in the review report, the auditor should obtain
sufficient appropriate audit evidence primarily through inquiry and analytical procedures to be
able to draw conclusions.

3. A review engagement provides a moderate level of assurance that the information subject to
review is free of material misstatement. This is expressed in the form of negative assurance.

4. In planning a review of financial statements, the auditor should obtain or update the knowledge of
the business including consideration of the entity’s organization, accounting systems, operating
characteristics and the nature of its assets, liabilities, revenues, and expenses.

5. Procedures for the review of financial statements will ordinarily include:


 Obtaining an understanding of the entity’s business and the industry in which I operates.
 Inquiries concerning the entity’s
 Accounting principles and practices.
41
 Procedures for recording, classifying, and summarizing transactions, and accumulating information for
disclosures.
 Actions taken at meeting of stockholders, the board of directors, and committees.
 Analytical procedures designed to identify relationships and individual items that appear
unusual. Examples:
 Comparison of the financial statements with those from prior periods.
 Comparison of the statements with anticipated results, such as previously prepared budgets or
forecasts.
 Study of the relationships of elements of the financial statements that are expected to form a
predictable pattern.
 Reading the financial statements to consider, on the basis of information coming to the
auditor’s attention, whether the financial statements appear to conform to basis of
accounting indicated.
 Obtaining reports from other auditor’s, if any if considered necessary, who have been
engaged to audit or review the financial statements of components of the entity.
 Inquiries of persons having responsibility for financial and accounting matters concerning,
for example:
 Whether all transactions have been recorded.
 Whether the financial statements have been prepared in accordance with the basis of accounting
indicated.
 Changes in the entity’s business activities and accounting principles and practices.
 Matters as to which questions have arisen in the course of applying the foregoing procedures.
 Obtaining written representations from managements when considered appropriate.

6. If the auditor has reason to believe that the information subject to review may be materially
misstated, the auditor should carry out additional or more extensive procedures as are necessary
to be able to express negative assurance or to confirm that a modified report is required.

EXAMPLE OF AN UNQUALIFIED REVIEW REPORT

We have reviewed the accompanying balance sheet of AAA Company at December 31, 19XX, and the related statements
of income, changes in equity and cash flows for the year then ended. These financial statements are the responsibility of
the Company’s management. Our responsibility is to issue a report on these financial statements based on our review.

We conducted our review in accordance with the Philippines Standards on Review Engagements 2400. This Standard
requires that we plan and perform the review to obtain moderate assurance as to whether the financial statements are
free of material misstatement. A review is limited primarily to inquiries of company personnel and analytical procedures
applied to financial data and thus provide less assurance than an audit. We have not performed an audit an accordingly,
we do not express an audit opinion.

Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial
statements are not presented fairly, in all material respects in accordance with Philippine Financial Reporting Standards.

ENGAGEMENTS TO PERFORM AGRRED-UPON PROCEDURES


REGARDING FINANCIAL INFORMATION (Based on PSRS 4400)

1. An engagement to perform agreed-upon procedures may involve the auditor in performing certain
procedures concerning:
 Individual items of financial data (for example, accounts payable, accounts receivable, purchases from related
parties and sales and profits of a segment of an entity).
 A financial statement (for example, a balance sheet).
 A complete set of financial statements.
2. The objective of an agreed-upon procedures engagement is for the auditor to carry out
procedures of an audit nature to which the auditor and the entity and any appropriate third parties
have agreed and to report on factual findings.

3. As the auditor simply provides a report of the factual findings of agreed-upon procedures, no
assurance is expressed. Users of the report assess for themselves the procedures and findings
reported by the auditor and draw their own conclusions from the auditor’s work.

4. The report is restricted to those parties that have agreed to procedures to be performed since
others, unaware of the reasons for the procedures, may misinterpret the results.

5. Independence is not a requirement for an agreed-upon procedures engagement.

REPORTING

42
6. The report on an agreed-upon procedures engagement needs to describe the purpose and the
agreed-upon procedures of the engagement in sufficient detail to enable the reader to
understand the nature and the extent of the work performed.

7. The report of factual findings should contain:


 Title;
 Addressee (ordinarily the client who engaged the auditor to perform the agreed-upon procedures);
 Identification of specific financial or non-financial information to which the agreed-upon procedures have been
applied;
 A statement that the procedures performed was those agreed upon with the recipient;
 A statement that the engagement was performed in accordance with the Philippine Standard on Related
Services applicable to agreed upon procedures engagements;
 A statement that the auditor is not independent of the entity if such is the case;
 Identification of the purpose for which the agreed-upon procedures were performed;
 A listing of the specific procedures performed;
 A description of the auditor’s factual findings including sufficient details of errors and exceptions found;
 A statement that the procedures performed does not constitute either an audit or a review and, as such, no
assurance is expressed;
 A statement that had the auditor performed additional procedures, an audit or a review, other matters might have
come to light that would have been reported;
 A statement that the report is restricted to those parties that have agreed to the procedures to be performed;
 A statement (when applicable) that report relates only to the elements, accounts, items, or financial and non-
financial information specified and that it does not extend to the entity’s financial statements taken as a whole;
 Date of the report;
 Auditor’s address; and
 Auditor’s signature.

ENGAGEMENTS TO COMPLETE FINANCIAL INFORMATION (Based on PSRS 4410)

1. A compilation engagement would ordinarily include the preparation of financial statements (which
may or may not be a complete set of financial statements) but may also include the collection,
classification, and summarization o other financial information.

2. The objective of a compilation engagement is for the accountant to use accounting expertise, as
opposed to auditing expertise, to collect, classify and summarize financial information.

3. The procedures employed are not designed and do not enable the accountant to express any
assurance on the financial information.

4. Independence is not a requirement for a compilation engagement. However, where the


accountant is not independent, a statement to that effect would be made in the accountant’s
report.

5. The accountant should obtain a general knowledge of the business and operations of the entity
and should be familiar with the accounting principles and practices of the industry in which the
entity operates and with the form and content of the financial information that is appropriate in the
circumstances.

6. The accountant is not ordinarily required to:


 Make any inquiries of management to assess the reliability and completeness of the
information provided;
 Assess internal controls;
 Verify any matters;
 Verify any explanations.

If the accountant becomes aware that information supplied by management is incorrect,


incomplete, or otherwise unsatisfactory, the accountant should consider performing the above
procedures and request management to provide additional information.

If management refuses to provide additional information, the accountant should withdraw from
the engagement, informing the entity of the reasons for the withdrawal.

7. The accountant should read the compiled information and consider whether it appears to be
appropriate in form and free from obvious material misstatements.

43
8. The accountant should obtain an acknowledgement from management of its responsibility for
the appropriate presentation of the financial information and of its approval of the financial
information.

9. The financial information compiled by the accountant should contain a reference such as
“Unaudited’, “Compiled without Audit or Review,’ or “Refer to the Compilation report’ on each
page of the financial information or on the front of the complete set of financial statements.

Example of a report on an engagement to compile financial statements

On the basis of information provided by the management we have compiled, in accordance with the Philippine Standard
on Related Services applicable to compilation engagements, the balance sheet of XXX Company as of December 31,
19XX and statements of income, changes in equity and cash flows for the year then ended. Management is responsible
for these financial statements. We have not audited or reviewed these financial statements and accordingly express no
assurance thereon.

THE EXAMINATION OF PROSPECTIVE FINANCIAL INFORMATION


(Based on PSAE 3400)

1. “PROSPECTIVE FINANCIAL INFORMATION” means financial information based on


assumptions about events that may occur in the future and possible actions by an entity. It can
be in the form of a forecast, a projection, or a combination of both, for example, a one year
forecast plus a five year projection.

2. A “FORECAST” means prospective financial information prepared on the basis of assumptions


as to future events which management expects to take place and the actions management
expects to take as of the date the information is prepared (best-estimate assumptions).

3. A “PROJECTION” means prospective financial information prepared on the basis of:


 Hypothetical assumptions about future events and management actions which are not necessarily
expected to take place, such as when some entities are in a start-up phase or are considering a major
change in the nature of operations; or
 A mixture of best-estimate and hypothetical assumptions.

4. Prospective financial information can include financial statement or one or more elements of
financial statements and may be prepared:
 As an internal management tool, for example, to assist in evaluating a possible capital investment; or
 For distribution to third parties.

5. Management is responsible for the preparation and presentation of the prospective financial
information, including the identification and disclosure of the assumptions on which it is based.

6. In an engagement to examine prospective financial information, the auditor should obtain


sufficient appropriate evidence as to whether:

 Management’s best-estimate assumptions on which the prospective financial information is


based are not unreasonable and, in the case of hypothetical assumptions, such assumptions
are consistent with the purpose of the information.
 The prospective financial information is properly presented and all material assumptions are
adequately disclosed, including a clear indication as to whether they are best-estimate
assumptions or hypothetical assumptions; and
 The prospective financial information is prepared on a consistent basis with historical financial
statements, using appropriate accounting principles.

7. The auditor should not express any opinion as to whether the results shown in the prospective
financial information will be achieved.

8. When reporting on the reasonableness of management’s assumptions, the auditor provides only
a moderate level of assurance.

44
9. The auditor should not accept, or should withdraw from, an engagement when the assumptions
are clearly unrealistic or when the auditor believes that the prospective financial information will
be inappropriate for its intended use.

10. The auditor should obtain written representations from management regarding the intended use
of the prospective financial information, the completeness of significant management
assumptions and management’s acceptance of its responsibility for the prospective financial
information.

Example of an unmodified report on a forecast

We have examined the forecast (include name of the entity, the period covered by the forecast and provide suitable
identification, such as by reference to page numbers or by identifying the individual statements) in accordance with
Philippine Standard on Assurance Engagements applicable to the examination of prospective financial information.
Management is responsible for the forecast including the assumptions set out in Note X on which it is based.

Based on our examination of the evidence supporting the assumptions the assumptions, nothing has come to our
attention which causes us to believe that these assumptions do not provide a reasonable basis for the forecast. Further, in
our opinion the forecast is properly prepared on the basis of the assumptions and is presented in accordance with
Philippine Financial Reporting Standards.

Actual results are likely to be different from the forecast since anticipated events frequently do not occur as expected and
the variation may be material.

Example of an unmodified report on a projection

We have learned the projection (include name of the entity, the period covered by the forecast and provide suitable
identification, such as by reference to page numbers or by identifying the individual statements) in accordance with
Philippine Standard on Assurance Engagements applicable to the examination of prospective financial information.
Management is responsible for the projection including the assumptions set out in Note X on which it is based.

This projection has been prepared for (describe purpose). As the entity is in a start-up phase the projection has been
prepared using a set of assumptions that include hypothetical assumptions about future events and management’s
actions that are not necessarily expected to occur. Consequently, readers are cautioned that this projection may not be
appropriate for purposes other than that described above.

Based on our examination of the evidence supporting the assumptions, nothing has come to our attention which causes
us t believe that these assumptions do not provide a reasonable basis for the projection, assuming that (state or refer to
the hypothetical assumptions). Further, in our opinion the projection is properly prepared on the basis of the assumptions
and is presented in accordance with Philippine Financial Reporting Standards.

Even if the events anticipated under the hypothetical assumptions described above occur, actual results are still likely to
be different from the projection since other anticipated events frequently do not occur as expected and the variation may
be material.

 When the auditor believes that the presentation and disclosure of the prospective information is not
adequate, the auditor should express a qualified or adverse opinion or withdraw from the engagement as
appropriate.

 When the auditor believes that one or more significant assumptions do not provide a reasonable basis for
the prospective financial information, the auditor should either express an adverse opinion or withdraw
from the engagement as appropriate.

 When the examination is affected by conditions that preclude application of one or more procedures
considered necessary in the circumstances, the auditor should either withdraw from the engagement or
disclaim the opinion describe the scope limitation in the report on the prospective financial information.

CPA REVIEW SCHOOL OF THE PHILIPPINES


Manila

AUDITING THEORY CPA REVIEW


CODE OF PROFESSIONAL ETHICS FOR CPAs

Code of Ethics for Professional Accountants in the Philippines

 is based on the International Code of Ethics for professional accountants developed by the
International Federation of Accountants.
 Is mandatory for all CPAs and is applicable to professional services performed in the Philippines
on or after January 1, 2004.
 Is divided into three parts:
Part A - applies to all professional accountants unless otherwise specified
Part B - applies only to those professional accountants in public practice
45
Part C - applies to employed professional accountants, and may also apply, in appropriate
circumstances, to accountants employed in public practice

CPAs should observe the following FUNDAMENTAL PRINCIPLES:


1. Integrity
2. Objectivity
3. Professional competence and due care
4. Confidentiality
5. Professional behavior
6. Technical standards

RULES APPLICABLE TO ALL PROFESSIONAL ACCOUNTANTS


1. INTEGRITY AND OBJECTIVITY
a. Integrity implies not merely honesty but fair dealing and truthfulness. The principle of
objectivity imposes the obligation on all professional accountants to be fair, intellectually
honest, and free of conflicts of interest.
b. Professional accountants should neither accept nor offer gifts or entertainment which might
reasonably be believed to have a significant and improper influence on their professional
judgment or those with whom they deal.

2. PROFESSIONAL COMPETENCE may be divided into two separate phases


a. Attainment of professional competence- requires initially a high standard of general education
followed by specific education, training, and examination in professionally relevant subjects
and a period of work experience.
b. Maintenance of professional competence– requires a continuing awareness of development in
the accountancy profession including relevant national and international pronouncements on
accounting, auditing, and other relevant regulations and statutory requirements

3. CONFIDENTIALITY
a. Professional accountants have an obligation to respect the confidentiality of information about
a client’s or employer’s affairs acquired in the course of professional services.
b. The duty of confidentiality continues even after the end of the relationship between the
professional accountant and the client or employer.

4. TAX PRACTICE
a. The professional accountant should ensure that the client or the employer are aware of the
limitations attaching to tax advice and services so that they do not misinterpret an expression
of opinion as an assertion of fact.
b. A professional accountant should not be associated with any return or communication in which
there is reason to believe that it:
1. Contains a false or misleading statement;
2. Contains statements or information furnished recklessly or without any real knowledge of
whether they are true or false; or
3. Omits or obscure information required to be submitted and such omission or obscurity
would mislead the revenue authorities.
c. When a professional accountant learns of a material error or omission in a tax return of a prior
year, or the failure to file a required tax return, he/she has a responsibility to:
1. Promptly advise the client or employer of the error or omission and recommend that
disclosure be made to the revenue authorities.
2. If the client or employer does not correct the error, he/she:
a. Should inform the client or the employer that it is possible to act for them in connection
with that return or other related information submitted to the authorities; and
b. Should consider whether continued association with the client or employer in any
capacity is consistent with professional responsibilities.

5. CROSS BORDER ACTIVITIES

When a professional accountant performs services in a country other than the home country and
differences on specific matters exist between ethical requirements of the two countries, the
following provisions should be applied:
1. When the ethical requirements of the country in which the services are being performed are
LESS STRICT than the Philippine Code of Ethics, then our code should be applied.
2. When the ethical requirements of the country in which the services are being performed are
STRICTER than our code, then the ethical requirements in the country where services are
being performed should be applied.
46
3. When the ethical requirements of the Philippines are mandatory for services performed outside
the Philippines and are stricter than that set out in (1) and (2) above, then the ethical
requirements of the Philippines should be applied.

6. PUBLICITY

In the marketing and promotion of themselves and their work, professional accountants should:
a. Not use means which brings the profession into disrepute.
b. Not make exaggerated claims for the services they are able to offer, the qualifications they
possess, or experience they have gained; and
c. Not denigrate the work of other accountants.

RULES APPLICABLE TO PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE

INDEPENDENCE

a. Independence requires:
1. Independence of mind – The state of mind that permits the provision of an opinion without
being affected by influences that compromise professional judgment, allowing an individual
to act with integrity, and exercise objectivity and professional skepticism.
2. Independence in appearance – The avoidance of facts and circumstances that are so
significant that a reasonable and informed third party, having knowledge of all relevant
information, including safeguards applied, would reasonably conclude a firms, or a member
of the assurance team’s integrity, objectivity or professional skepticism had been
compromised.
b. Members of assurance teams, firms, and network firms should identify THREATS to
independence, evaluate the significance of those threats, and, if the threats are other than
clearly insignificant, identify and apply SAFEGUARDS to eliminate the threats or reduce them
to acceptable level, such that independence of mind and independence in appearance are not
compromised. In situations when no safeguards are available to reduce the threat to an
acceptable level. The only possible actions are to:
1. Eliminate the activities or interest creating the threat; or
2. Refuse to accept or continue the assurance engagement.

INDEPENDENCE REQUIREMENTS IN ASSURANCE ENGAGEMENTS


a. For assurance engagements provided to an audit client, the member of the assurance team, the firm
and network firms are required to be independent of the client
b. For assurance engagements provided to clients that are not audit clients, when the report is not
expressly restricted for use by identified users, the members of the assurance team and firm are
required to be independent of the client
c. For assurance engagements provided to clients that are not audit clients, when the assurance report is
expressly restricted for use by identified users, the members of the assurance team are required to be
independent of the client. N addition, the firm should not have a material direct or indirect financial
interest in the client

Network firm – an entity under common control, ownership or management with the firm or any entity that a
reasonable and informed third party having knowledge of all relevant information would reasonably conclude
as being part of the firm nationally or internationally

Financial interest – an interest in equity or other security, debenture, loan or other debt instrument of an entity
including rights and obligations to acquire such an interest and derivatives directly related to such interest

Direct financial interest – a financial interest:


1. Owned directly by and under the control of an individual or entity; or
2. Beneficially owned through a collective investment vehicle, estate, trust or other intermediary over
which the individual or entity has control
Indirect financial interest – a financial interest beneficially owned through a collective investment vehicle,
estate, trust or other intermediary over which the individual or entity has no control

THREATS TO INDEPENDENCE
1. SELF-INTEREST THREAT
Occurs when a firm or a member of the assurance team could benefit from a financial interest in, or
other self-interest conflict with, an assurance client. Examples:

47
a. A direct financial interest or material indirect financial interest in an assurance client
b. A loan or guarantee to or from an assurance client or any of its directors or officers
c. Undue dependence on total fees from an assurance client
d. Concern about the possibility of losing the engagement
e. Having a close business relationship with an assurance client
f. Potential employment with an assurance client
g. Contingent fees relating to assurance engagements
2. SELF-REVIEWTHREAT
Occurs when:
a. Any product or judgment of a previous assurance engagement or non-assurance engagement
needs to be reevaluated in reaching conclusions on the assurance engagement or;
b. When a member of the assurance team was previously a director or officer of the assurance client,
or was an employee in a position to exert direct and significant influence over the subject matter of
the assurance engagement
3. ADVOCACY THREAT
Occurs when a firm, or a member of the assurance team, promotes, or may be perceived to promote,
an assurance client’s position or opinion to the point that objectivity may, or may be perceived to be
compromised
4. FAMILIARITY THREAT
Occurs when, by virtue of a close relationship with an assurance client, its directors, officers or
employees, a firm or a member of the assurance team becomes too sympathetic to the client’s
interests.
5. INTIMIDATION THREAT
Occurs when a member of the assurance team may be deterred from acting objectively and exercising
professional skepticism by threats, actual or perceived, from the directors, officers or employees of an
assurance client

SAFEGUARDS
1. When the threats are identified, other than those that are clearly insignificant, appropriate safeguards
should be identified and applied to eliminate the threats or reduce them to an acceptable level. This
decision should be documented
2. When the safeguards are available are insufficient to eliminate the threats to independence or to
reduce them to an acceptable level, or when a firm chooses not to eliminate the activities or interest
creating the threat, the only course of action available will be the refusal to perform, or withdrawal from,
the assurance engagement

CATEGORIES OF SAFEGUARDS
1. Safeguards created by the profession, legislation or regulation
2. Safeguards within the assurance client
3. Safeguards within the firm’s own systems and procedures

Safeguards created by the profession, legislation or regulation include:


a. Educational, training and experience requirements for entry into the profession
b. Continuing education requirements
c. Professional standards and monitoring and disciplinary processes
d. External review of a firm’s quality control systems; and
e. Legislation governing the independence requirements of the firm

Safeguards within the assurance client include the following:


a. When the assurance client’s management appoints the firm, persons other than management ratify or
approve the appointment
b. The assurance client has competent employees to make managerial decisions
c. Policies and procedures that emphasize the assurance client’s commitment to fair financial reporting
d. Internal procedures that ensure objective choices in commissioning non-assurance engagements; and
e. A corporate governance structure, such as an audit committee, that provides appropriate oversight and
communications regarding a firm’s services
Safeguards within the firm’s own systems and procedures may include FIRMWIDE safeguards such as
the following:
a. Firm leadership that stresses the importance of independence and the expectation that members of
assurance teams will act in the public interest
b. Policies and procedures to implement and monitor quality control of assurance engagements
c. Documented independence policies
d. Internal policies and procedures to monitor compliance with firm policies and procedures as they relate
to independence
e. Policies and procedures that will enable the identification of interests or relationships between the firm
or members of the assurance team and assurance client
f. Policies and procedures to monitor and, if necessary, mange the reliance on revenue received from a
single assurance client
g. Using different partners and teams with separate reporting lines for the provision of non-assurance
service to an assurance client
h. Policies and procedures to prohibit individuals who are not members of the assurance team from
influencing the outcome of the assurance engagement
48
i. Timely communication of a firm’s policies and procedures, and any changes thereto, to all partners and
professional staff, including appropriate training and education thereon
j. Designating a member of senior management as responsible for overseeing the adequate functioning
of the safeguarding system
k. Means of advising partners and professional staff of those assurance clients and related entities from
which they must be independent
l. A disciplinary mechanism to promote compliance with policies and procedures; and
m. Policies and procedures to empower staff to communicate to senior levels within the firm any issue of
independence and objectivity that concerns them; this includes informing staff of the procedures open
to them

Safeguards within the firm’s own systems and procedures may include ENGAGEMENT SPECIFIC
safeguards such as the following:
a. Involving an additional professional accountant to review the work done or otherwise advise as
necessary. This individual could be someone from outside the firm or network firm, or someone with the
firm or network firm who was not otherwise associated with the assurance team
b. Consulting a third party, such as a committee of independent directors, a professional regulatory body
or another professional accountant
c. Rotation of senior personnel
d. Discussing independence issues with the audit committee or others charged with governance,
e. Disclosing to audit committee, or others charged with governance, the nature of services provided and
extent of fees charged
f. Policies and procedures to ensure members of the assurance team do not make, or assume
responsibility for, management decisions for the assurance client
g. Involving another firm to perform or re-perform part of the assurance engagement
h. Involving another firm to re-perform the non-assurance service to the extent necessary to enable to
take responsibility for that service; and
i. Removing an individual from the assurance team, when that individual’s financial interest or
relationships create a threat to independence

ENGAGEMENT PERIOD
1. The members of the assurance team and the firm should be independent of the assurance client during
the period of the assurance engagement
2. The period of the engagement is expected to recur, the period of the assurance services and ends
when the assurance report is issued, except when the assurance engagements is of a recurring nature
3. If the assurance engagement s expected to recur, the period of the assurance engagement ends with
the notification by either party that the professional relationship has terminated or the issuance of the
final assurance report, whichever is later
4. In the case of an audit engagement, the engagement period includes the period covered by the
financial statements reported on by the firm
5. When an entity becomes an audit client during or after the period covered by the financial statements
that the firm will report on, the firm should consider whether any thretas to independence may be
created by:
a. Financial or business relationships with the audit client during or after the period covered by the
financial statements, but prior to the acceptance of the audit engagement; or
b. Previous services provided to the audit client

Similarly, in the case of an assurance engagement that is not an audit engagement, the firm should
consider whether any financial or business relationships or previous services may create threats to
independence.

49