Академический Документы
Профессиональный Документы
Культура Документы
1|Page
§ Confidentiality, which states that a professional accountant should not use or disclose any information during the course of
performing professional services without proper and specific authority or unless there is a legal or professional right or duty
to disclose; and
§ Professional behavior, which states that a professional accountant should act in a manner consistent with the good
reputation of the profession and refrain from any conduct which might bring discredit to the profession
ASSURANCE ENGAGEMENTS
§ “Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria
§ Assurance, in the context of the Framework, refers to the auditor’s satisfaction as to the reliability of an assertion
being made by one party for use by another party
CLASSIFICATIONS OF ASSURANCE ENGAGEMENTS
ASSERTION-BASED VS. DIRECT REPORTING ENGAGEMENTS
Assertion-based engagements
§ These are assurance engagements on a subject matter that has written assertions or representations.
§ Audits and reviews of financial statements fall under this category.
2|Page
obtaining corroborating evidence through inspection, observation, confirmation, and computation, which are procedures
ordinarily performed during an audit.
§ The level of assurance provided in a review report is correspondingly less than that given in an audit report.
ENGAGEMENT ACCEPTANCE
As provided by the Framework, a practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge
of the engagement circumstances indicate that:
§ Relevant ethical requirements, such as independence and professional competence will be satisfied; and
§ The engagement exhibits all of the following characteristics:
ü The subject matter is appropriate;
ü The criteria to be used are suitable and are available to the intended users;
ü The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion;
ü The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a
limited assurance engagement, is to be contained in a written report; and
ü The practitioner is satisfied that there is a rational purpose for the engagement
INDEPENDENCE: FACT VERSUS APPEARANCE
§ There are two kinds of independence that concerns the practitioner on a personal level: independence in mind (also called
independence in fact) and independence in appearance.
§ Independence in fact is a state of mind – an attitude of impartiality. It is the practitioner’s way of saying that in himself
he knows that he is independent, e.g. free from any conflict of interest with the client.
§ However, because a practitioner’s “state of mind” cannot be observed in quite the same way that a behavior can actually be
observed, the profession has relied on independence in appearance which exemplifies the manifestation that
practitioners remain free of any overt interest in a client that would damage the appearance of independence.
FIRM-WIDE VERSUS TEAM-WIDE INDEPENDENCE
§ In previous practice, the profession has followed the concept of firm-wide independence that operates in this manner: if
a member of an engagement team (the team tasked to provide the assurance service for a client, headed by a lead
engagement partner and his members) is found to be in conflict of interest with the client, the entire firm is prohibited from
entering into the engagement.
§ However, in current practice, the profession is now following the concept of team-wide independence, operating under
the concept that if a member of an engagement team is found to be in conflict of interest with a client, that team or that
member of the team is replaced with another team or team member with the firm still being allowed to conduct the
engagement.
CHANGES FROM ONE ENGAGEMENT TO ANOTHER
§ Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance
engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable
justification.
§ Elaborated in PSA 210 “Agreeing the Terms of Audit Engagements”
THREE-PARTY RELATIONSHIP
§ Assurance engagements are three-party contracts composed of a practitioner, a responsible party, and intended users.
§ Non-assurance engagements only involve two parties.
§ The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report.
3|Page
§ The responsible party can be one of the intended users, but not the only one.
§ Consulting services, as an example of a non-assurance engagement, only involves two parties: the practitioner and the
responsible party.
SUBJECT MATTER
§ The subject matter of an assurance engagement should be appropriate
§ Furthermore, for a subject matter to be appropriate, it should be:
ü Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
ü Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate.
CRITERIA
§ The Framework defines criteria as “the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.”
§ Criteria can be:
ü Formal or Less formal
ü Established or Specifically developed
§ Furthermore, suitable criteria are said to be context sensitive, that is, relevant to the engagement circumstances
§ It should be noted that the practitioner assesses the suitability of criteria for a particular engagement and the relative
importance of each characteristic based on his professional judgment.
v COST-BENEFIT RELATIONSHIP
§ Another important concept which the practitioner has to take into consideration when gathering and evaluating evidence is
the cost-benefit relationship. This concept simply states that “the benefits to be derived from obtaining the particular
type of evidence should exceed the cost of obtaining it”.
§ However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence gathering
procedure for which there is no alternative.
§ The practitioner should use professional judgment and exercises professional skepticism in evaluating the quantity
and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.
4|Page
WRITTEN ASSURANCE REPORT
§ This is the main output of an assurance engagement.
§ The Framework requires that the assurance report should be written as this is the manifestation of the practitioner’s attest
function or the process of communicating the results to the intended users.
§ Furthermore, the Framework provides that the report should be in a form appropriate to either a reasonable assurance
engagement (e.g., audit report) or a limited assurance engagement (e.g., review report).
PROFESSIONAL SKEPTICISM
§ The Framework states that “the practitioner plans and performs an assurance engagement with an attitude of professional
skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material
misstatement.
§ Professional skepticism
ü means that the practitioner recognizes that “circumstances may exist that cause the subject matter information to be
materially misstated.”
ü means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is
alert to evidence that contradicts or brings into question the reliability of documents or representations by the
responsible party.
§ An attitude of professional skepticism is necessary throughout the engagement process for the practitioner
ü to reduce the risk of overlooking suspicious circumstances
ü of over generalizing when drawing conclusions from observations, and
ü of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and
evaluating the results thereof
§ Professional skepticism mainly denotes that the practitioner neither considers information presented to be absolutely
false nor assume that management exhibits unquestioned honesty.
AUTHENTICATION OF DOCUMENTATION
§ An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected
to be an expert in such authentication.
§ However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies,
facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and
maintenance where relevant.
MATERIALITY
§ “Information is material if its omission or misstatement could influence the economic decisions of users taken on the
basis of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances
of its omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary
qualitative characteristic which information must have if it is to be useful.”
§ Materiality is relevant when the practitioner determines the nature, timing and extent of evidence gathering procedures,
and when assessing whether the subject matter information is free of misstatement.
§ The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement
are matters for the practitioner’s judgment.
ASSURANCE ENGAGEMENT RISK
§ The primary reason why assurance engagements cannot provide absolute assurance (only reasonable or moderate
assurance) is primarily because of the concept of assurance engagement risk.
§ The framework defines assurance engagement risk as the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
§ This is the risk that the practitioner might conclude that the subject matter of an assurance engagement is reasonable and
genuine when in fact it is not.
§ In a reasonable assurance engagement (audit), the practitioner reduces assurance engagement risk to an acceptably low
level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of
expression of the practitioner’s conclusion.
§ The level of assurance engagement risk is higher in a limited assurance engagement (review engagement) than in a
reasonable assurance engagement because of the different nature, timing or extent of evidence gathering procedures. Note
that a review engagement only utilizes a limited scope of procedures as compared to an audit.
§ However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering
procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative
form of expression.
§ In general, assurance engagement risk can be represented by the following components, although not all of these
components will necessarily be present or significant for all assurance engagements:
v a. The risk that the subject matter information is materially misstated, which in turn consists of:
ü Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that
there are no related controls; and
ü Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and
corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some
control risk will always exist because of the inherent limitations of the design and operation of internal control; and
v b. Detection risk: the risk that the practitioner will not detect a material misstatement that exists
5|Page
THE CONCEPT OF REASONABLE ASSURANCE
§ Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party
for use by another party.
§ Audits and reviews only provide reasonable and moderate levels of assurance, respectively.
§ It is never possible for any assurance engagement to provide an absolute level of assurance since this tantamount to 100%
guarantee that the subject matter is entirely free of material misstatements which realistically cannot happen.
§ As provided in the Framework, reasonable assurance is less than absolute assurance.
§ Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the
following:
ü The use of selective testing
ü The inherent limitations of internal control
ü The fact that much of the evidence available to the practitioner is persuasive rather than conclusive
ü The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence
ü In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria
§ The concept of reasonable assurance is also related to the cost-benefit relationship that states that “the benefits to be
derived from obtaining the particular type of evidence should exceed the cost of obtaining it”.
INAPPROPRIATE USE OF THE PRACTITIONER’S NAME
§ A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or
consents to the use of the practitioner’s name in a professional connection with that subject matter.
§ If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner.
§ If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter,
the practitioner requires the party to cease doing so.
§ The practitioner also considers what other steps may be needed, such as informing any known third party users of the
inappropriate use of the practitioner’s name or seeking legal advice.
DEFINITION OF AUDITING
The American Accounting Association defines auditing as “a systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between
those assertions and established criteria and communicating the results to interested users”.
Systematic process
ü auditing consists of a structured, logical, and organized series of steps and procedures.
ü the audit process is made up of a sequential series of steps that independent auditors follow to ensure that the audit is
conducted in an organized, effective, and efficient manner
Degree of correspondence
ü the closeness or proximity with which the assertions made by management can be identified with established criteria
Established criteria
ü criteria are “the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for
presentation and disclosure.”
ü in a financial statement audit, criteria are the standards against which the assertions or representations are judged to
warrant degree of correspondence
TRANSACTION CYCLES
§ Various accounts may exist in the financial statements of a company and it would be unrealistic for an auditor to examine all
these accounts and perform a 100% examination on them.
§ This is the reason why auditors usually narrow down the activities of the business under audit into homogeneous classes
called as transaction cycles
§ A transaction cycle is all of the classes of transactions for a group of related business activities.
§ A class of transactions is a group of transactions of similar activities that are processed by the accounting system in a
similar manner and subject to similar control to ensure proper processing
§ The division of the audit into transaction cycles makes the audit more manageable and aids in the assignment of tasks to
different members of the audit team
Expression of an opinion
§ This is the primary responsibility of the auditor in an audit
§ The auditor expresses an opinion as to the fairness or reasonableness of the financial statements and issues a written audit
report as the output of the audit
7|Page
§ Note that the words fair and reasonable are used instead of correct. This is due to the fact that an audit has certain
limitations which preclude the practitioner from giving an absolute guarantee that the financial statements are free from
material misstatement
§ Rather, the auditor only provides reasonable assurance, which is a high but not absolute level of assurance, and vouches as
to the accuracy instead of correctness of the preparation and presentation of the financial statements
Taken as a whole
§ Although this phrase is not included in the objective of an audit, it should be emphasized that the opinion expressed by the
auditor is based on the financial statements taken as a whole, which means the entirety of all the information contained in a
complete set of financial statements
§ It should be noted with emphasis that the primary responsibility of the auditor lies in the expression of an opinion on
the financial statements taken as a whole
§ All other objectives of the auditor other than this is merely secondary
§ This means that an auditor cannot be sued for the identification of all fraud, errors, or noncompliance in the conduct of an
audit because this responsibility is only secondary, unless the auditor is asked to conduct a fraud audit
§ Furthermore, the primary responsibility for the preparation and presentation of financial statements rests with management
INFORMATION RISK
§ the risk that information is misstated or misleading
§ brought about by factors such as:
ü remoteness of information users from information provider
ü potential bias and motives of information provider
ü voluminous data
ü complex exchange transaction
TYPES OF AUDITS
• Audits may be classified according to:
ü the nature of data or assertion being audited, which comprise financial statement audits, operational audits,
and compliance audits; or
ü the type of auditor performing in the engagement, which comprise external audit, internal audit, and
government audit
PRIMARY OBJECTIVE
8|Page
§ (PSA 200) to enable the auditor to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework
SECONDARY OBJECTIVE
§ the auditor’s varied experience in businesses and industries, exposure to diverse management problems, and thorough
understanding gained in conducting an audit enables him to provide assistance to management in terms of improving the
client’s business
§ this collateral audit objective, considered as a by-product of the audit process, involves rendering constructive suggestions
to management
§ the auditor recommends suggestions in various areas such as ways to tighten internal control, suggestions for more efficient
operations, opportunities for cost reductions, tax savings and planning and the like
OPERATIONAL AUDIT
§ an operational audit involves a systematic review of part or all of an organization’s activities in relation to the efficient and
effective use of resources
§ the purpose of an operational audit is to assess performance, identify areas for improvement, and develop
recommendations
§ operational audits are also known as management audits and performance audits
§ Operational implies a focus on operations, as opposed to financial portion
§ Management implies that the information obtained in the audit process is useful to management in decision making
§ Performance implies an evaluation of the performance of persons or units in executing the entity’s objectives
§ Effectiveness is a measure of how well an entity or unit of an entity achieves its goal or purpose
§ Efficiency is achieved by minimizing the cost of accomplishing an objective
CHARACTERISTICS OF AN OPERATIONAL AUDIT
§ Auditors performing the audit are independent of the activity they audit
§ The audit report is directed to an official or department within the organization that employs the auditor
§ The assertion is about the efficiency and effectiveness of the performance of a specific activity
§ The audit report frequently reports problems or deficiencies identified during the audit rather than reporting an overall
conclusion
COMPLIANCE AUDIT
§ A compliance audit determines the extent to which rules, policies, laws, covenants, or government regulations are followed
by the entity being audited
§ It is performed to determine whether the auditee is following specific procedures or rules set down by some higher authority
§ auditors gather and evaluate evidence as to whether a set of imposed requirements is being met
INTERNAL AUDIT
§ The IIA defines internal auditing as “an independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations
§ It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes”
§ Internal auditing has evolved over time from a financial nature to a more operational nature
§ Internal auditors may conduct financial, internal control, compliance, operational, and forensic audits within their
organizations
§ They in some cases may assist the external auditors with the annual financial statements audit. Internal auditors may also
be involved in assurance and consulting engagements for their entities
§ The objective of internal auditing is to assist all members of management in the effective discharge of their responsibilities
by furnishing them with analyses, appraisals, recommendations, and pertinent comments concerning the activities reviewed
§ This involves going beyond the accounting and financial records to obtain a full understanding of the operations under
review
§ Internal auditing complements an external audit
9|Page
§ The work of the internal auditors cannot be substituted for work that should be performed by the independent
auditor
§ Internal audits are typically performed for any one or more of the following purposes:
ü Appraisal of controls
ü Protection of assets
ü Verification of internal management reports
ü Appraisal of performance
ü Recommendations for operating improvement
GOVERNMENT AUDITING
§ Government auditing involves the determination of whether government funds are being handled properly and in
compliance with existing laws and whether the programs are being conducted efficiently and economically
§ Recognizing the need for independence, governments have developed internal audit staffs (Commission on Audit) which
report to the highest practicable official within their governmental bodies
§ Examples of government audit are:
ü Audits for local and national government units to determine whether taxes have been collected and remitted in
accordance with existing laws or regulations
ü Audits of economy and efficiency in the use of resources
ü Program results auditing (audits conducted to determine whether a government project or program has met its
stated objectives)
PROFESSIONAL STANDARDS
§ Professional standards are established to measure the quality of performance of individuals and organizations. In audit,
standards relating to the accounting profession concern themselves with professional qualities that should be possessed by
CPAs, the exercise of professional judgment in the performance of professional engagements, and the quality control
policies and procedures of CPA firms.
§ Generally Accepted Auditing Standards (GAAS) establish the required level of quality for performing financial statement
audits. These standards must be followed by CPAS when auditing financial statements.
§ Philippine Standards on Auditing (PSAs) are issued to clarify the meaning of these ten GAAS
§ Standards that establish and provide guidance for a CPA firm’s quality control policies and procedures are set forth in the
Philippine Standards on Quality Control (PSQC)
GENERAL STANDARD # 1:
“The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.”
§ The first general standard recognizes that an individual must have adequate technical training and proficiency as an auditor.
§ This is gained through formal education, continuing education programs, and experience.
§ This requirement is usually interpreted to mean college or university education in accounting and auditing, participation in
continuing professional education (CPE) programs, seminars, trainings, and substantial public accounting experience.
§ A technical knowledge of the industry in which the client operates is also part of the personal qualifications of the auditor.
GENERAL STANDARD # 2:
“In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or
auditors.”
§ The second general standard requires that the auditor maintain an attitude of independence on an engagement.
§ It is emphasized that independence is one of the most important traits and characteristics that a practitioner must possess,
as this confers in them public trust and public confidence.
§ This standard also distinguishes between independence in fact and independence in appearance.
GENERAL STANDARD # 3:
“Due professional care is to be exercised in the planning and performance of the audit and the preparation of the
report.”
§ The third general standard focuses on due professional care.
§ In simple terms, due care means that the auditor plans and performs his or her duties with a degree of skill commonly
possessed by others in the profession.
§ This standard requires the auditors to plan and carry out every step of the audit engagement in an alert and diligent
manner.
§ However, this standards does not require auditors to be infallible.
10 | P a g e
STANDARDS OF FIELDWORK ( PIE )
§ The three standards of fieldwork relate to the actual conduct of the audit.
§ These standards provide the conceptual background for the audit process.
§ They relate to planning the audit, obtaining an understanding of the entity and its environment, and obtaining sufficient
appropriate audit evidence.
STANDARD OF FIELDWORK # 1:
“The work is to be adequately planned and assistants, if any, are to be properly supervised.”
§ The first standard of fieldwork deals with planning and supervision.
§ This standard also requires that assistants on the engagement be properly supervised.
§ Supervision is also important in the conduct of an audit. Most of the fieldwork of an audit is carried out by staff members
with limited professional experience.
STANDARD OF FIELDWORK # 2:
“A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing,
and extent of tests to be performed”
§ The second standard of fieldwork requires that the auditor gain a sufficient understanding of the auditee’s internal control to
plan the audit.
§ The degree to which the auditor relies on the auditee’s internal control directly affects the nature, timing, and extent of the
work performed by the independent auditor.
§ Internal control provides assurance that the client’s records are reliable.
§ When the auditors find that internal control is effective, the quantity of other evidence required to substantiate the financial
statement amounts is much less than if controls are weak.
§ This emphasizes that the auditor’s assessment of internal control has a substantial impact on the nature of the audit
process.
STANDARD OF FIELDWORK # 3:
“Sufficient, competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations
to afford a reasonable basis for an opinion regarding the financial statements under audit.”
§ The focus of the third standard of fieldwork is sufficient, competent audit evidence.
§ Sufficiency relates to the quantity of audit evidence, while appropriateness relates to the quality of evidence, that is, its
relevance and reliability.
§ When an audit evidence is judged to be both sufficient and appropriate, that evidence is considered competent. These
evidence will be used by auditors to evaluate and support management’s assertions in the financial statements
STANDARD OF REPORTING # 1:
“The report shall state whether the financial statements are presented in accordance with generally accepted
accounting principles.”
STANDARD OF REPORTING # 2:
“The report shall identify those circumstances in which such principles have not been consistently observed in the
current period in relation to the previous period.”
STANDARD OF REPORTING # 3:
“Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise
stated in the report.”
STANDARD OF REPORTING # 4:
“The report shall contain either an expression of an opinion regarding the financial statements, taken as a whole, or an
assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons
therefore should be stated. In all cases where an auditor’s name is associated with financial statements, the report
should contain a clear-cut indication of the character of the auditor’s work, if any, and the degree of responsibility the
auditor is taking.”
GENERAL STANDARDS
§ T echnical training and proficiency
11 | P a g e
§ I ndependence
§ P rofessional care
STANDARDS OF FIELDWORK
§ P lanning
§ I nternal Control
§ E vidential matter
STANDARDS OF REPORTING
§ G enerally Accepted Accounting Principles
§ I nconsistency
§ D isclosure
§ O pinion
OBTAINING CLIENTS
§ Client engagement acceptance and continuance include the following considerations:
ü The integrity of the principal owners, key management, and those charged with governance of the entity;
ü Whether the engagement team is competent to perform the audit engagement and has the necessary time
and resources; and
ü Whether the firm and the engagement team can comply with ethical requirements.
12 | P a g e
§ Communications with the predecessor auditor should include questions as to the:
ü Integrity of management
ü Disagreements with management over accounting and auditing issues
ü Communications with the audit committee or an equivalent group regarding fraud, illegal acts, and
internal-control-related matters
ü The predecessor’s understanding of the reason for the change in auditors
§ Inquiries of the predecessor auditor and responses thereto may help the successor auditor determine whether to accept the
engagement.
§ The predecessor auditor should respond fully to the successor’s requests unless an unusual circumstance such
as a lawsuit exists or if the predecessor’s response is limited, in which case the successor auditor should be
informed.
§ If the prospective client refuses to permit the predecessor auditor to respond, the successor auditor should
have reservations about accepting the engagement. Such a situation should raise serious problems about
management’s motivations and integrity.
RECURRING AUDITS
§ A recurring audit is a form of a repeat or continuing engagement, wherein the auditor audits the same client he has
audited previously.
§ On recurring audits, the auditor should consider whether circumstances require the terms of the engagement
to be revised and whether there is a need to remind the client of the existing terms of the engagement.
13 | P a g e
§ The auditor may decide not to send a new engagement letter each period. However, the following factors may make it
appropriate to send a new letter:
ü Any indication that the client misunderstands the objective and scope of the audit
ü Any revised or special terms of the engagement
ü A recent change of senior management, board of directors or ownership
ü A significant change in nature or size of the client's business
ü Legal requirements and other government agencies’ pronouncements
AUDIT PLANNING
§ involves the establishment of the overall audit strategy for the engagement and developing an audit plan, in order to
reduce audit risk to an acceptably low level
§ involves the engagement partner and other key members of the engagement team to benefit from their experience and
insight and to enhance the effectiveness and efficiency of the planning process
THE NATURE AND EXTENT OF PLANNING ACTIVITIES WILL VARY ACCORDING TO:
§ the size and complexity of the entity
§ the auditor’s previous experience with the entity
§ changes in circumstances that occur during the audit engagement
14 | P a g e
§ It assists in the proper assignment and review of the work of the engagement team members.
§ It helps coordinate the work to be done by auditors of components and other parties involved such as experts, specialists,
etc.
§ Obtain an understanding of the entity and its environment, including internal controls, and assess inherent risk
ü This is to enable the auditor to identify and understand the events, transactions, and practices that, in the auditor’s
judgment, may have a significant effect on the financial statements or on the examination or audit report. A more
elaborate discussion on this is included in “Understanding the Entity and Its Environment”.
§ Estimate reliance on internal controls
ü It is necessary that at the early planning stage of the work, the auditor should obtain an overall “feel” of the
situation by determining on a preliminary basis the major areas where the audit work will assume reliance on
internal controls. This is also necessary to assess control risk in the risk assessment process. A more elaborate
discussion on this is found in “Basic Concepts and Elements of Internal Control”.
§ Establish planning materiality
ü When planning the audit, the auditor considers what would make the financial statements materially misstated.
The auditor’s assessment of materiality, related to specific account balances and classes of transactions, helps the
auditor decide on issues such as what items to examine and to select audit procedure to reduce audit risk to an
acceptably low level. Materiality is discussed more elaborately in “Risk Assessment and Materiality”.
§ Perform analytical procedures
ü Analytical procedures are evaluations of financial information made by a study of plausible relationships among
both financial and nonfinancial data. These include ratio and trend analysis to investigate identified fluctuations and
relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.
PSA 520 provides that analytical procedures are required to be performed at the planning stage and the overall
review stage of the audit. These are discussed more elaborately in “Substantive Testing and Audit Programs” and
“Completing the Audit and Post-Audit Responsibilities”.
§ Identify potential problem areas and source of significant misstatements.
ü Auditors usually plan an audit with the idea that potential areas may exist in the financial statements. These may
concern problems regarding related parties, errors in calculations, etc. The auditors ordinarily plan to spend
additional audit time and effort in these areas.
§ Establish the audit strategy.
ü The audit strategy is concerned with designing optimized audit approaches that seek to achieve the necessary
audit assurance at the lowest cost or within the constraints of information available. This chapter elaborates on the
concept of audit strategy.
§ Prepare the detailed audit plan.
ü An audit plan is more detailed than the overall audit strategy and includes the nature, timing, and extent of audit
procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence
to reduce audit risk to an acceptably low level. This chapter also elaborates on the concept of the audit plan.
§ Draft preliminary audit programs.
ü The audit program is the most important control mechanism in an audit which details the procedures and
instructions in auditing specific accounts. Audit programs are discussed elaborately and illustrated in “Substantive
Testing and Audit Programs”.
§ Schedule the audit work.
ü Efficient scheduling of audit work is key to maximizing the effectiveness and monetary return of an accounting
firm. This would include the timing of significant phases of the audit and tentative deadline dates for completion of
the audit.
15 | P a g e
§ Planning, however, includes consideration of the timing of certain activities and audit procedures that need to be completed
prior to the performance of further audit procedures.
For example, planning includes the need to consider, prior to the auditor’s identification and assessment of the risks of material
misstatement, such matters as:
§ The analytical procedures to be applied as risk assessment procedures.
§ Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is
complying with that framework.
§ The determination of materiality.
§ The involvement of experts.
§ The performance of other risk assessment procedures.
These activities assist the auditor in identifying and evaluating events or circumstances that may adversely affect the
auditor’s ability to plan and perform the audit engagement. Furthermore, performing these preliminary engagement
activities enables the auditor to plan an audit engagement for which, for example:
§ The auditor maintains the necessary independence and ability to perform the engagement.
§ There are no issues with management integrity that may affect the auditor’s willingness to continue the engagement.
§ There is no misunderstanding with the client as to the terms of the engagement.
ESTABLISHING THE OVERALL AUDIT STRATEGY INVOLVES PROCESSES SUCH AS THE FOLLOWING:
§ Identifying the characteristics of the engagement that define its scope.
ü This would include the financial reporting framework, industry specific reporting requirements, and the locations of
the components of the entity.
§ Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the
communications required
ü such as deadlines for interim and final reporting, and key dates for expected communications with management
and those charged with governance.
§ Considering the factors that, in the auditor’s professional judgment, are significant in directing the engagement
team’s efforts.
ü This would include determination of appropriate materiality levels; preliminary identification of areas where there
may be higher risks of material misstatement; preliminary identification of material components and account
balances; evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of internal
control; and identification of recent entity-specific, industry, financial reporting or other relevant developments.
§ Considering the results of preliminary engagement activities and, where applicable, whether knowledge gained
on other engagements performed by the engagement partner for the entity is relevant; and
§ Ascertaining the nature, timing and extent of resources necessary to perform the engagement.
16 | P a g e
(PSA 300, par. A9)
The process of establishing the overall audit strategy assists the auditor to determine, subject to the completion of the
auditor’s risk assessment procedures, such matters as:
§ The resources to deploy for specific audit areas, such as the use of appropriately experienced team members for high risk
areas or the involvement of experts on complex matters.
§ The amount of resources to allocate to specific audit areas, such as the number of team members assigned to observe the
inventory count at material locations, the extent of review of other auditors’ work in the case of group audits, or the audit
budget in hours to allocate to high risk areas, such as the number of team members assigned to perform specific audit
procedures, the extent of review of other auditors’ work in case of group audits, and the audit budget in hours to allocate to
high risk areas.
§ When these resources are to be deployed, such as whether at an interim audit stage or at key cut-off dates; and
§ How such resources are managed, directed and supervised, such as when team briefing and debriefing meetings are
expected to be held, how engagement partner and manager reviews are expected to take place (for example, on-site or off-
site), and whether to complete engagement quality control reviews.
17 | P a g e
– The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA
330, “The Auditor’s Responses to Assessed Risks.”
– Other planned audit procedures that are required to be carried out so that the engagement complies with PSAs.
The nature, timing and extent of the direction and supervision of engagement team members and review of their work vary
depending on many factors, including:
§ The size and complexity of the entity;
§ The area of the audit;
§ The assessed risks of material misstatement (for example, an increase in the assessed risk of material misstatement for a
given area of the audit ordinarily requires a corresponding increase in the extent and timeliness of direction and supervision
of engagement team members, and a more detailed review of their work); and
§ The capabilities and competence of the individual team members performing the audit work
§ The overall audit strategy to be used by the auditor in planning the audit is an abstract idea that somehow occurs in the
brainstorming stage of the audit planning process. These are the main ideas of the auditor on how to plan and conduct the
audit, and sets the scope, timing, and direction of the audit and guides the development of the more detailed audit plan.
§ The audit plan formalizes the audit strategy and is more detailed than the audit strategy and includes the nature, timing,
and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate
audit evidence to reduce risk to an acceptably low level.
§ The audit program is a more detailed plan of the procedures to be used in the audit of specific accounts and transactions.
It includes detailed instructions to audit team members and procedures to be performed in testing specific accounts. The
concept of audit programs is discussed in detail and illustrated in a separate topic.
DOCUMENTATION REQUIREMENTS
18 | P a g e
§ A record of the significant changes to the overall audit strategy and the audit plan, and resulting changes to the planned
nature, timing and extent of audit procedures, explains why the significant changes were made, and the overall strategy
and audit plan finally adopted for the audit. It also reflects the appropriate response to the significant changes occurring
during the audit.
§ PSA 520 “Analytical Procedures” requires the auditor to apply analytical procedures both in the planning and overall
review stage of the audit.
§ It is not, however, required of an auditor to apply analytical procedures as substantive tests in the conduct of the audit
although the auditor may choose to do so.
§ Applying analytical procedures in the planning stage of the audit assists in understanding the business and in identifying
areas of potential risk.
§ It also assists the auditor in planning the nature, time, and extent of audit procedures that will be used to obtain evidential
matter for specific account balances or classes of transactions.
§ The auditor should determine the extent of assistance needed of the company during the audit, and these assistance should
be arranged as early as possible.
§ A listing of schedules and analyses to be provided by the client, with indication of the dates and by whom they are to be
completed should also be prepared.
§ Only useful items should be listed and completion dates should be realistic and consistent with the timing of the audit plan
and the company’s year-end scheduling.
Examples of these schedules which the company can provide are the following:
§ Lead schedules or trial balance
§ Bank reconciliation statements
§ Schedule of accounts receivable, with remarks as to collectability
§ Inventory listings
§ Schedule of fixed assets and related accumulated depreciation
§ Analyses of prepaid and deferred charges
§ Schedule of accounts, notes, and vouchers payable
§ List of stockholders with corresponding number of shares held
§ Insurance policies in force
§ Stock options granted, terminated, exercised, and exercisable
§ Schedule of unmatched delivery receipts with sales invoices
§ Schedule of unmatched receiving reports with supplier’s invoices
§ Acquisitions and retirement of fixed assets
§ Schedule of taxes and licenses paid and accrued during the year
§ It should be noted that the decision as to the audit procedures to be conducted in an audit are the responsibility of the
auditor.
§ Assistance requested from the client and its personnel refer to procedures which are not quite audit sensitive and in the
judgment of the auditor would aid in the quick access to files and other documents of the company which are needed for the
audit.
§ CPAs may lack the qualifications necessary to perform certain technical tasks relating to the audit. Therefore, it is necessary
in these situations that the services of an expert or a specialist be sought in an audit.
§ An expert in the auditing parlance refers to a person, group of persons, or firm who possesses expertise in fields of
discipline other than accounting or auditing.
§ An expert or specialist brings unique knowledge and judgment in a field other than accounting and auditing.
§ Appraising the value of works of art, determining the characteristics of mineral reserves, and actuarial computations are
examples of instances wherein a CPA will need the services of an expert.
§ On the other hand, when a portion of the client (e.g., subsidiary in another geographical location) is audited by another CPA
firm, efforts may be coordinated.
§ An example of this is when the accounts of the subsidiary are to be consolidated with the overall enterprise.
§ If that subsidiary is audited by another CPA firm, the auditors must coordinate timing of necessary reports and procedures
to be performed.
19 | P a g e
CONSIDERING THE WORK OF INTERNAL AUDITING
§ Audit risk
ü the risk that the auditor may unknowingly fail to appropriately modify the opinion on financial statements that are
materially misstated.
ü in simple language, audit risk is the risk that an auditor might issue an unqualified opinion on financial statements
that are in fact materially misstated.
ü this is possible because an audit will always have inherent limitations in it like the use of sampling and limitations
that are inherent in any internal control system among others.
ü a less-than-100% examination of financial transactions that is brought about when the auditor uses sampling bears
the risk that the auditor might select samples that are not representative of the true situation of the financial
statements and therefore cause the auditor to issue an unqualified opinion when in reality the true circumstances
do not warrant it.
ü furthermore, procedures in the audit process always depend on the auditor’s judgment which may or may not be
correct or the same with other auditors
§ Engagement risk
ü is related to an auditor’s exposure to financial loss and damage to his or her professional reputation
ü this may arise when the auditor may be sued by the client or a third party although the auditor has complied with
appropriate auditing standards in the conduct of an audit.
ü the lawsuit may bring about negative publicity that may impair the auditor’s reputation
ü this situation emphasizes the importance of careful acceptance and continuance of clients and in the auditor’s
adherence to the ethical considerations and provisions of his professional Code
20 | P a g e
ü inherent risk,
ü control risk, and
ü detection risk
§ Inherent risk and control risk are the risks that the auditing standards classify as those that arise at the assertion level.
They are the risks of the entity and they exist independently of the audit of financial statements, which means that the
auditor has no control over them or that the auditor cannot manipulate them in any way during the audit
INHERENT RISK
§ Inherent risk
ü the susceptibility of an assertion to material misstatements assuming that there are no related controls.
ü Susceptibility in this definition means the vulnerability of a particular account balance or class of transaction to
error because of the inherent nature of the transaction or account balance.
ü It is important to note that inherent risk is viewed always with the assumption that there are no related controls.
ü To illustrate the concept of inherent risk, let us compare cash and an inventory of coal. We will be able to conclude
at once that cash has a higher inherent risk when it comes to theft because by its nature it is the most liquid of all
assets.
ü Another situation could be comparing the valuation of accounts receivable and employee benefits expense. We can
conclude that employee benefit expense has a higher inherent risk of being miscalculated because by its nature
employee benefits expense involves complex calculations that are more susceptible to error that calculations that
involve accounts receivable
CONTROL RISK
§ Control risk
ü the risk that material misstatements that could occur in an assertion will not be prevented or detected on a timely
basis by internal controls.
ü Emphasis on:
v Prevention
v Detection and Correction
ü This is a function of the effectiveness of the design and operation of internal control in a company.
ü Control risk emphasizes that no matter how effective internal control in a company is, a zero percent (0%)
control risk can never be achieved in an audit because there are inherent limitations of internal control.
ü control risk also acknowledges that internal control can be circumvented and thus be unable to prevent or detect
material misstatements on a timely basis
DETECTION RISK
§ Detection risk
ü the only component of audit risk that can be controlled or manipulated by the auditor through the nature,
timing, and extent of audit procedures that he plans to use in the conduct of the audit.
ü the risk that the auditor will not detect a misstatement that exists in an assertion.
ü relates to the scope of the procedures used by the auditor and as a function of the effectiveness of an audit
procedure and of its application by the auditor
§ If control risk is low, we conclude that detection risk is high (as such is the inverse relationship between the two). But how
is this so?
ü A low control risk means that internal control is very effective and functioning very well in the company.
ü Therefore, the auditor will be able to detect misstatements easily because there is a sound system of internal
control that identifies what is right and what is wrong which enables the auditor to identify errors at once.
ü This is what is meant by the concept of detection risk being related to the ease of detection of errors depending on
the effectiveness of the system of internal control
§ On the other hand, if control risk is high, we conclude that detection risk is low.
ü A high control risk means that internal control in the company is ineffective and functioning poorly, and that there
is no system that will dictate which transactions or balances are done or presented rightly or wrongly.
ü Therefore, the auditor will have a hard time detecting the errors, despite the assumption that there are a number
of errors because of the poor internal control, since to the company the errors “seem to be correct” from the point
of view of the client because there is no system that will see to it that the processes are erroneous and done
wrongly
21 | P a g e
§ It should be noted that the auditor’s assessment of audit risk and its components (inherent risk, control risk, and detection
risk) is a matter of professional judgment.
ü At the completion of the audit, the actual level of audit risk is not known with certainty by the auditor.
ü If the auditor assesses the achieved audit risk as being less than or equal to the planned level of audit risk, the
auditor can issue an unqualified report.
ü If the assessment of the achieved level of audit risk is greater than the planned level, the auditor should either
conduct additional audit work or qualify the audit report
§ Error
§ in the auditing parlance refers to unintentional misstatements or omissions of amounts or disclosures in the
financial statements and may involve:
ü Mistakes in gathering or processing data from which financial statements are prepared
ü Unreasonable accounting estimates arising from oversight or misinterpretation of facts
ü Mistakes in the application of accounting principles relating to amount, classification, manner of
presentation, or disclosure
ü Clerical mistakes due to human error, weakness, or oversight
§ Fraud
ü involves intentional misstatements or omissions that are intended to deceive users of financial information.
ü From the perspective of an auditor, there are two classifications of misstatements arising from fraud:
v (1) misstatements arising from fraudulent financial reporting
v (2) misstatements arising from misappropriation of assets
ü Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts or
disclosures in financial statements intended to deceive financial statement users.
ü Misstatements arising from misappropriation of assets, on the other hand, involve the theft of an entity’s assets
that causes the financial statements to be misstated
§ Inquiries
ü Most of the inquiries in an audit at directed towards management and others within the entity who in the auditor’s
judgment may have information that is likely to assist in identifying risks of material misstatement due to error or
fraud
ü Much of the information obtained by the auditor’s inquiries is obtained from management and those responsible for
financial reporting.
ü However, the auditor may also obtain information, or a different perspective in identifying risks of material
misstatement, through inquiries of others within the entity and other employees with different levels of authority
22 | P a g e
ü Inquiries directed towards those charged with governance may help the auditor understand the environment in
which the financial statements are prepared.
ü Inquiries directed toward internal audit personnel may provide information about internal audit procedures
performed during the year relating to the design and effectiveness of the entity’s internal control and whether
management has satisfactorily responded to findings from those procedures.
ü Inquiries of employees involved in initiating, processing or recording complex or unusual transactions may help
the auditor to evaluate the appropriateness of the selection and application of certain accounting policies.
ü Inquiries directed toward in-house legal counsel may provide information about such matters as litigation,
compliance with laws and regulations, knowledge of fraud or suspected fraud affecting the entity, warranties,
postsales obligations, arrangements (such as joint ventures) with business partners and the meaning of contract
terms.
ü Inquiries directed towards marketing or sales personnel may provide information about changes in the entity’s
marketing strategies, sales trends, or contractual arrangements with its customers
§ Analytical Procedures
ü involve ratio and trends analysis to identify plausible relationships among accounts or classes of transactions
ü may help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might
indicate matters that have audit implications.
ü unusual or unexpected relationships that are identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud
ü required to be performed at both the planning and overall review stage of the audit, but is optional in the
substantive testing phase of the audit
SIGNIFICANT RISKS
§ Significant risks
ü are defined as risks that require special audit attention or special audit consideration
23 | P a g e
ü as part of the risk assessment process, the auditor shall determine whether any of the risks identified are, in the
auditor’s judgment, a significant risk.
ü in exercising this judgment, the auditor shall exclude the effects of identified controls related to the risk
ü In exercising judgment as to which risks are significant risks, the auditor shall consider at least the
following:
Ø Whether the risk is a risk of fraud
Ø Whether the risk is related to recent significant economic, accounting or other developments and,
therefore, requires specific attention
Ø The complexity of transactions
Ø Whether the risk involves significant transactions with related parties
Ø The degree of subjectivity in the measurement of financial information related to the risk, especially those
measurements involving a wide range of measurement uncertainty; and
Ø Whether the risk involves significant transactions that are outside the normal course of business for the
entity, or that otherwise appear to be unusual
ü often relate to significant non-routine transactions or judgmental matters
ü Non-routine transactions are transactions that are unusual, due to either size or nature, and that therefore
occur infrequently
ü Judgmental matters may include the development of accounting estimates for which there is significant
measurement uncertainty
ü Routine, noncomplex transactions that are subject to systematic processing are less likely to give rise to
significant risks
ü Risks of material misstatement may be greater for significant non-routine transactions arising from matters
such as the following:
Ø Greater management intervention to specify the accounting treatment
Ø Greater manual intervention for data collection and processing
Ø Complex calculations or accounting principles
Ø The nature of non-routine transactions, which may make it difficult for the entity to implement effective
controls over the risks
ü Risks of material misstatement may be greater for significant judgmental matters that require the development of
accounting estimates, arising from matters such as the following:
Ø Accounting principles for accounting estimates or revenue recognition may be subject to differing
interpretation
Ø Required judgment may be subjective or complex, or require assumptions about the effects of future
events, for example, judgment about fair value
§ When the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the
entity’s controls, including control activities, relevant to that risk
MATERIALITY
§ As technically defined, materiality is “the magnitude of an omission or misstatement of accounting information that, in the
light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information
would have been changed or influenced by the omission or misstatement”.
§ In simple terms, an item or information is material if knowledge of it and/ or its omission or misstatement would influence a
person in making decisions.
§ Materiality and its consideration in an audit of financial statements is a matter of the professional judgment of the auditor.
§ In establishing materiality for an audit, the auditor should consider both quantitative and qualitative aspects of the
engagement.
§ Although materiality may be planned and implemented using a quantitative approach, the qualitative aspects of
misstatements of small amounts may also materially affect the users of financial statements
§ In most instances, materiality is viewed as a threshold amount which auditors can tolerate and still issue an unqualified
opinion despite misstatements identified in the financial statements.
§ This quantitative assessment is then dependent on the level of materiality set or viewed by the auditor, which serves
as a qualitative assessment in the conduct of the audit
§ Let us take for example an aggregate misstatement in the amount of P100,000 as a base amount to illustrate the difference
between materiality amount and materiality level
§ If the auditor wishes to establish a high level of materiality, the auditor would then have to lower the aggregate amount
of misstatements (materiality amount) from P100,000 to say P50,000
§ This means that the auditor would have to be more strict in the conduct of the audit and employ more extensive audit
procedures.
§ If the aggregate amount of misstatements discovered by the auditor amounts to P50,000 or less, it can be tolerated by the
auditor and still issue an unqualified opinion.
§ If the misstatements amount to greater than P50,000, the auditor would have to revise his assessment if necessary,
perform detailed procedures, and if the actual amount is still greater than the tolerable amount set, issue an other than
unqualified opinion depending on the circumstances
§ Suppose the auditor wishes to establish a low level of materiality, the auditor would then increase the aggregate
misstatements to let’s say P150,000 and be more “lax” in the conduct of the audit.
§ This means that the auditor can tolerate more errors or misstatements since the materiality level is low and still issue an
unqualified opinion
24 | P a g e
§ This also means that even though there are still errors or misstatements, they are already considered immaterial by the
auditor
RELATIONSHIP AMONG AUDIT RISK, MATERIALITY, AUDIT PROCEDURES, AND AUDIT EVIDENCE
25 | P a g e
§ May be accomplished through the following:
ü Manipulation, falsification (including forgery), or alteration of accounting records or supporting documentation from
which the financial statements are prepared
ü Misrepresentation in, or intentional omission from, the financial statements of events, transactions or other
significant information
ü Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or
disclosure
§ Fraudulent financial reporting often involves management override of controls that otherwise may appear to be
operating effectively.
§ Since management has primary responsibility for the design and implementation of internal control, they are in the best
position to override these controls.
§ Management override of controls is one of the inherent limitations of internal control and is a reason why control risk can
never be reduced to zero no matter how effective a system of internal control is
§ Fraud can be committed by management overriding controls using such techniques as:
ü Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate operating
results or achieve other objectives
ü Inappropriately adjusting assumptions and changing judgments used to estimate account balances
ü Omitting, advancing or delaying recognition in the financial statements of events and transactions that have
occurred during the reporting period
ü Concealing, or not disclosing, facts that could affect the amounts recorded in the financial statements
ü Engaging in complex transactions that are structured to misrepresent the financial position or financial performance
of the entity
ü Altering records and terms related to significant and unusual transactions
MISAPPROPRIATION OF ASSETS
§ Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees in relatively small
and immaterial amounts.
§ However, it can also involve management who are usually more able to disguise or conceal misappropriations in ways that
are difficult to detect.
§ Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the fact
that the assets are missing or have been pledged without proper authorization
§ Misappropriation of assets can be accomplished in a variety of ways including:
§ Embezzling receipts (for example, misappropriating collections on accounts receivable or diverting receipts in
respect of written-off accounts to personal bank accounts)
§ Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for sale,
stealing scrap for resale, colluding with a competitor by disclosing technological data in return for payment)
§ Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors,
kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, payments to fictitious
employees)
§ Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or
a loan to a related party)
26 | P a g e
ü Some individuals possess an attitude, character or set of ethical values that allow them knowingly and intentionally
to commit a dishonest act.
ü However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure
on them.
RESPONSIBILITIES OF MANAGEMENT
§ The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the
entity and management.
§ This responsibility is primarily achieved through the design and implementation of an effective system of internal control
within the company.
§ It is important that management, with the oversight of those charged with governance, place a strong emphasis on both
fraud prevention and fraud deterrence.
§ Fraud prevention are ways which may reduce opportunities for fraud to take place.
§ Fraud deterrence, on the other hand, are ways which could persuade individuals not to commit fraud because of the
likelihood of detection and punishment.
27 | P a g e
ü A consideration of circumstances that might be indicative of earnings management and the practices that might be
followed by management to manage earnings that could lead to fraudulent financial reporting
ü A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which
have come to the attention of the engagement team
ü A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the
audit procedures to be performed
ü A consideration of any allegations of fraud that have come to the auditor’s attention
ü A consideration of the risk of management override of controls
IMPORTANT CONSIDERATIONS
§ Treatment as Significant Risks
ü The auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and
accordingly, to the extent not already done so, the auditor shall obtain an understanding of the entity’s related
controls, including control activities, relevant to such risks. Significant risks are risks that necessitate special audit
attention
§ Communication to management
ü If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor
shall communicate these matters on a timely basis to the appropriate level of management in order to inform those
with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities
ü When the auditor has obtained evidence that fraud exists or may exist, it is important that the matter be brought
to the attention of the appropriate level of management as soon as practicable. This is so even if the matter might
be considered inconsequential
ü The determination of which level of management is the appropriate one is a matter of professional judgment and is
affected by such factors as the likelihood of collusion and the nature and magnitude of the suspected fraud.
Ordinarily, the appropriate level of management is at least one level above the persons who appear to be involved
with the suspected fraud
§ Communication with those charged with governance
ü The auditor’s communication with those charged with governance may be made orally or in writing.
ü Due to the nature and sensitivity of fraud involving senior management, or fraud that results in a material
misstatement in the financial statements, the auditor reports such matters on a timely basis and may consider it
necessary to also report such matters in writing.
ü In the exceptional circumstances where the auditor has doubts about the integrity or honesty of management or
those charged with governance, the auditor may consider it appropriate to obtain legal advice to assist in
determining the appropriate course of action
INTERNAL CONTROL
§ the process designed and effected by those charged with governance, management, and other personnel to provide
reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with laws and regulations
§ defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO, which was formed in 1985 in
response to instances of fraudulent financial reporting) as “a process effected by an entity’s board of directors,
management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the
following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws
and regulations”
§ the most important concept in the definition of internal control is that it is intended to provide reasonable assurance about
the achievement of the company’s objectives
Internal control forms a part of and is integrated with the basic business processes conducted within the entity. The presence of
internal control in the planning, execution, and monitoring of these processes provide assurance that they are carried out properly.
However, it should be noted that internal control is a tool used by management in conjunction with its functions and should not be
viewed as a substitute for management.
28 | P a g e
Internal control is effected and accomplished by the people within the organization. They are responsible for putting control
mechanisms in place. Consequently, internal control also affects people’s actions. Internal control should provide for the reality that
people do not always understand, communicate, or perform consistently. In turn, people must also know their responsibilities and
limits of authority. Therefore, the duties and responsibilities of the people within the organization should be clearly associated with
the way they are carried out, as well as the objectives set by the entity.
According to the COSO Framework, According to the COSO Framework, everyone in an organization has responsibility for internal
control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed
to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with
the code of conduct, or other policy violations or illegal actions.
People within the organization responsible for the effective functioning of internal control involve the following:
§ Management. The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and
implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that
affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive
fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the
business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and
procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often
an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief
executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control
activities cut across, as well as up and down, the operating and other units of an enterprise.
§ Board of Directors, or Those Charged with Governance. Management is accountable to the board of directors, which
provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also
have a knowledge of the entity's activities and environment, and commit the time necessary to fulfill their board
responsibilities. Management may be in a position to override controls and ignore or stifle communications from
subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong,
active board, particularly when coupled with effective upward communications channels and capable financial, legal and
internal audit functions, is often best able to identify and correct such a problem.
§ Employees and other personnel. These are the people responsible for the carrying out of the specific internal control
policies and procedures for particular business transactions.
In an audit of financial statements, the emphasis of the auditor is to assess the design of the internal control system in the company
and its implementation. It should be noted that management has the primary responsibility for putting up a system of internal
control in the company, aided by the oversight of those charged with governance and the execution and carrying out of these
policies and procedures by employees and other personnel.
In almost any virtual situation, an internal control system can never be fail proof no matter how well designed and operated it may
be. Therefore, it can never provide absolute assurance but only reasonable assurance regarding the achievement of management’s
objectives. This is because there are inherent limitations that are present in any internal control system. These include:
These inherent limitations present in any internal control system are the reasons why there can never be a zero percent control risk
in the risk assessment process of the auditor.
Internal control and its specific internal control activities are designed to provide reasonable assurance that particular objectives are
achieved or related progress understood. The main objectives to which inherent control relates to are as follows:
§ Effectiveness and Efficiency of Operations. These pertain to the effective and efficient use of the entity’s resources,
effectiveness and efficiency of operations including performance and profitability goals, and safeguarding assets against
losses.
§ Reliability of financial reporting. These relate to the preparation of reliable published financial statements, including the
prevention of fraudulent public financial reporting
29 | P a g e
Compliance with applicable laws and regulations. These relate to compliance with applicable laws and regulations and depend
on external factors such as environmental regulation, and tend to be similar across entities in some cases and across an industry in
others
The Cardinal Principles of Internal Control are a set of guidelines that characterize a sound internal control system within the
company. It does not serve as an absolute guarantee nor does it present a one-size-fits-all requirement for companies in terms of
placing a system of internal control; rather its presence in an internal control system of a company helps in making it more effective,
efficient, and useful.
1. Responsibility for the performance of each duty must be fixed. This principle emphasizes the importance of assigning
fixed responsibilities to personnel and employees to reduce work duplication or redundancy. Furthermore, this helps ensure
that employees only perform functions within their jurisdiction in order to provide for feedback and monitoring of work.
2. Accounting and financial operations must be operated. This principle emphasizes the importance of segregating
incompatible duties. The accounting function is concerned mainly with record-keeping while financial operations are
concerned with the execution of transactions that involve inflows of outflows of economic resources. Fusing both functions in
one person will bring forth possibilities for fraud to be perpetrated since possession of both accounting records and actual
resources will easily enable a person to conceal or misstate a transaction.
3. Proofs of accuracy should be utilized in order to assure correctness of operation and accounting. This principle
emphasizes the importance of an audit trail within the company. An audit trail is a processing sequence or path that allows
for managers and auditors to “walk through” a particular transaction and ascertain as to whether it has been executed
properly following required policies and procedures set by the company. Audit trails are composed of the source documents
and accounting records that are used to track down and support transactions entered into by the company.
4. No one person should be in complete charge of a business transaction. This principle emphasizes the importance of
segregation of duties especially those that are judged to be incompatible. In the study of internal control, four
incompatible duties are required to be separated. These are: (1) authorization; (2) execution; (3) recording; and (4)
custody. The process of authorization involves granting permission that the transaction be entered into by the company
and is usually done by top-level managers. Execution involves the actual performance of the transaction itself, like
entering into a sale or purchase agreement. Recording involves updating the accounting books and records of the company
pursuant to the transaction entered into. Custody involves the safekeeping of the resources of the company as a result of
the transaction entered into. Segregation of duties is achieved when, for example, the person who authorized the
transaction must not also be the one to execute it. Fusing the record-keeping function (like the updating of accounting
books and records) with the custody function (like handling cash receipts) will allow possibilities for the perpetration of
fraud.
5. Employees must be carefully selected and trained. This principle emphasizes the importance of the company’s human
resource policies especially in terms of employee hiring or selection and training. Employees should undergo careful
selection processes to ensure that they are fit for the job and will be able to perform the job well. Training policies, on the
other hand, ensure that employees are equipped with the necessary skills they need to perform their functions and meet
company goals and objectives.
6. Employees should be bonded. This principle emphasizes that employees who are in positions of trust or whose nature of
work includes positions that are sensitive within the company be bonded to ensure that they are accountable for the
resources that their positions may entail. An example of this would be to have employees execute fidelity bonds.
7. Employees should be rotated on a job, if possible; vacations for those in positions of trust should be enforced.
This principle emphasizes the importance of job rotations among employees as this will reduce familiarity threat or the
likelihood that employees become too familiar with the processes related to their field of work that they are able to
manipulate those processes to serve their personal interests. Forced vacations for those in positions of trust are important
in order to check on the accountability of the employee and perform an audit on the performance and trustworthiness of his
work.
8. Operating instructions for each position should be reduced to writing. This principle emphasizes the importance of
the company coming up with written procedures manuals and descriptions of the specific duties and responsibilities of each
employee in order to maximize the efficiency and effectiveness of the performance of their functions and ensure that
processes are performed properly.
9. The protective advantages of a double-entry system of accounting should not be exaggerated. This principle
emphasizes the importance of keeping updated records within the company that enables a cutoff period for transactions
entered into for a particular period of time for purposes of audit.
10. Controlling accounts should be used as extensively as possible. This principle emphasizes the importance of
maintaining control accounts in a company to be able to summarize or categorize common or related accounts and
transactions for easy record keeping and audit purposes.
30 | P a g e
11. Mechanical equipment and/ or electronic equipment should be used, if feasible. This principle emphasizes the
importance of automation in a company that enables processes to be performed more efficiently and accurately
The first stage in the review of internal controls us a fact-finding process. The independent auditor familiarizes himself with the
nature and extent of controls that have been established by management. To assist him in his review, he may use any one or a
combination of the following tools:
An internal control questionnaire is a comprehensive series of questions relating to internal control which the auditor uses as a guide
to his review of the system of internal control. The questions are usually answerable by “Yes” or “No” (or Not Applicable) and space
is provided on the questionnaire for the answers and for additional explanatory comments that the auditor may deem advisable. In
order to facilitate appraisal, the questions are usually framed in such a manner that strong internal control is indicated by “yes”
answers, weak by “no”. The questionnaire is usually standardized and is divided into sections for each of the principal balance sheet
items (i.e., Cash, Receivables, etc.).
Advantages:
§ It serves as an outline of the various phases of internal control that must be covered in the review.
§ Weaknesses in internal control are emphasized.
§ Review of internal control on repeat engagements is facilitated. Any changes that have been made in the system of internal
control since the last audit can simply be checked against the questionnaire.
§ The questionnaire facilitates review of work done by staff members.
§ It aids in writing the report.
Disadvantages:
NARRATIVE
In the narrative approach, the auditor writes down in narrative form the results of his review of existing internal controls. The
narrative may contain a full coverage of the controls in existence, or it may be limited only to weaknesses and shortcomings in the
system. Information on existing controls is obtained by asking questions and observation.
Advantages:
§ It is flexible; it may be tailored to the requirements of the particular business under examination.
§ It explains precisely the controls applicable to the case at hand.
§ It requires penetrating analysis and discourages a tendency toward perfunctory review.
§ It is particularly suitable for use in small-sized businesses where controls are limited.
Disadvantages:
§ The person conducting the review may not have the ability to express himself clearly and concisely in writing.
§ The use of wrong words or erroneous phrasing may give an incomplete or incorrect picture or impression.
§ The narrative material may require a more careful and thorough study.
§ Without a checklist or questionnaire, important aspects that should be reviewed may be overlooked.
§ Preparation of the narrative may be time-consuming.
FLOWCHARTS
A flowchart is a symbolic or pictorial representation of a business procedure. A procedural flow chart shows the flow of paper and the
operating steps required to process it. Each work unit is assigned a column, and the flow of documents is pictured in the proper
columns together with brief descriptions of the processing steps required in each work unit.
Advantages:
§ It permits the auditor to obtain a better over-all view of the system of internal controls because it is presented in graphic or
pictorial form.
§ It facilitates revision of the system.
§ It reduces the need for detailed description of each activity.
31 | P a g e
§ It can be used in a wide variety of situations.
Disadvantages:
§ The auditor may not be familiar with the use of graphic methods.
§ The chart requires frequent redrafting even for minor changes in the client’s procedures.
§ It emphasizes regular and recurrent procedures, and often fails to reveal exceptions. In auditing, exceptions are usually of
importance.
As provided by the PSAs, there are three general controls that are relevant to the audit:
§ Controls over the completeness and accuracy of information produced by the entity. These controls may be
relevant to the audit if the auditor intends to make use of the information in designing and performing further procedures.
§ Controls relating to operations and compliance objectives. These may also be relevant to an audit if they relate to
data the auditor evaluates or uses in applying audit procedures.
§ Internal control over safeguarding of assets. These are controls that guard against unauthorized acquisition, use, or
disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of
such controls is generally limited to those relevant to the reliability of financial reporting.
Internal control consists of five components. These components do not operate in isolation; rather, they are interrelated. These are
derived from the way management runs a business and operates its functions, and are integrated with the management process.
§ Control Environment
§ Entity’s Risk Assessment Process
§ Information System and Related Business Processes Relevant to Financial Reporting and Communication
§ Control Activities
§ Monitoring of Controls
CONTROL ENVIRONMENT
§ sets the tone of an organization, influencing the control consciousness of its people
§ the foundation for all other components of internal control, providing discipline and structure
§ the collective effect on an entity’s board of directors, management, and owners on establishing, enhancing, or mitigating
the effectiveness of specific control policies or procedures
INFORMATION SYSTEM
§ consists of infrastructure (physical and hardware components), software, people, procedures, and data
CONTROL ACTIVITIES
§ Control activities (or control procedures) are the policies and procedures that help ensure that management’s directives are
carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various
organizational and functional levels
32 | P a g e
MONITORING OF CONTROLS
§ is a process that assesses the quality of internal control performance over time. Management should monitor controls to
determine whether they are operating effectively and to provide reasonable assurance that an entity’s objectives will be
achieved
§ Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular
management and supervisory activities
§ In many entities, internal auditors or personnel performing similar functions contribute to the monitoring of an entity’s
activities. These are examples of separate evaluations
The types of material weaknesses in internal control that the auditor may identify when obtaining an understanding of the entity and
its internal controls may include:
§ Risks of material misstatement that the auditor identifies and which the entity has not controlled, or for which the relevant
control is inadequate
§ A weakness in the entity’s risk assessment process that the auditor identifies as material, or the absence of a risk
assessment process in those cases where it would be appropriate for one to have been established
Material weaknesses may also be identified in controls that prevent, or detect and correct, error, or those to prevent and detect
fraud
AUDIT ASSERTIONS
§ Existence
§ Occurrence
§ Completeness
§ Rights and Obligations
§ Valuation or allocation
§ Accuracy
§ Cutoff
§ Classification
§ Presentation and Disclosure
ASSERTIONS ABOUT CLASSES OF TRANSACTIONS AND EVENTS FOR THE PERIOD UNDER AUDIT
These are assertions that pertain to the transactions and events that occurred for the period under audit and include:
§ Occurrence. The occurrence assertion relates as to whether transactions and events that have been recorded have actually
occurred and pertain to the entity. For example, if management presents in its income statement that there have been
P1,000,000 in total sales for the period, they assert that all the sales transactions totaling to P1,000,000 have actually
occurred during the period and were valid transactions.
§ Completeness. The completeness assertion relates as to whether all transactions and events that occurred during the
period and that should have been recorded have bee recorded. Therefore, if a client fails to record a valid revenue
transaction, the revenue account will be understated. It should be noted that the auditor’s concern with the completeness
assertion is the opposite of the concern for the occurrence transaction. If the company fails to meet the completeness
assertion, the result is an understatement. On the other hand, if a company records an invalid transaction (or a transaction
that have not actually occurred), the result is an overstatement.
§ Accuracy. The accuracy assertion addresses whether amounts and other data relating to recorded transactions and events
have been recorded appropriately. Appropriate methods for recording a transaction or event are established by generally
accepted accounting principles. For example, if a company records the acquisition of a new equipment, its costs should
include its purchase price plus all reasonable costs to install it in order to conclude that the item has been recorded
accurately.
§ Cutoff. The cutoff assertion relates to whether transactions and events have been recorded in the correct accounting
period. In order to support this assertion, the auditor’s procedures must ensure that transactions occurring near year-end
are recorded in the financial statements in the proper period. Thus, if the auditor wants to test proper cutoff of revenue
transactions at December 31, 2010, the auditor’s objective is to determine that all 2010 sales have been recorded in 2010.
Additionally, the auditor should also ensure that no 2011 sales have been recorded in 2010 and that no 2010 sales have
been recorded in 2011.
33 | P a g e
§ Classification. The classification assertion is concerned with whether transactions and events have been recorded in the
proper accounts. For example, management asserts that all direct cost transactions related to inventory have been properly
classified in either inventory or part of cost of sales.
These are assertions that pertain to items of assets, liabilities, and equity that are presented in the balance sheet as of the period
end which include:
§ Existence. The existence assertion addresses whether assets, liabilities, and equity interests exist at the date of the
financial statements. For example, management asserts that inventory shown on the balance sheet exists and is available
for sale.
§ Rights and Obligations. The rights and obligations assertion relates whether the entity holds or controls the right to
assets, and liabilities are the obligations of the company. For example, management asserts that the entity has legal title or
ownership to the machinery shown on the balance sheet. Similarly, amounts recorded for loans payable reflect assertions
that the entity has an obligation to pay a loan to the bank or financial institution.
§ Completeness. The completeness assertions addresses whether all assets, liabilities, and equity interests that should have
been recorded have been recorded. For example, management implicitly asserts that the amount shown for accounts
receivable on the balance sheet includes all such rights of the entity with its debtors as of the balance sheet date.
§ Valuation and allocation. The valuation and allocation assertion relates to whether assets, liabilities, and equity interests
are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded. For example, management asserts that the inventory on the balance sheet is properly carried at the
lower of cost or market value, or that the accounts receivable are presented at net realizable value. Similarly, management
asserts that the cost of building and items of property, plant, and equipment is systematically allocated to appropriate
accounting periods through the recognition of depreciation expense.
This classification of transactions relates to the presentation of information in the financial statements and disclosures in the notes to
financial statements that are directly related to a specific transaction or account balance and those that apply to the financial
statements in general.
§ Occurrence and Rights and Obligations. The assertions about occurrence and rights and obligations address whether
disclosed events, transactions, and other matters have occurred and pertain to the entity. For example, when management
presents capitalized lease transactions on the balance sheet as leased assets, the related liabilities as long-term debt, and
the related footnote, it is asserting that a lease transaction occurred, it has a right to the leased asset, and it owes the
related lease obligation to the lessor. Additionally, there is a footnote disclosure that provides additional information on the
lease such as future payments.
§ Completeness. The completeness assertion relates to whether all disclosures that should have been included in the
financial statements have been included. For example, management asserts that no material disclosures have been omitted
from the footnotes and other disclosures accompanying the financial statements.
§ Classification and Understandability. The assertions about classification and understandability relate to whether
financial information is appropriately presented and described, and disclosures are clearly expressed. For example,
management asserts that the portion of a long-term note payable shown as a current liability will mature in the current
year. Similarly, management asserts, through footnote disclosure, that all major restrictions on the entity resulting from
debt covenants are disclosed.
§ Accuracy and Valuation. The accuracy and valuation assertions relate to whether financial and other information are
disclosed fairly and at appropriate amounts. For example, when management discloses the fair value of financial
instruments, it is asserting that these financial instruments are properly valued in accordance with GAAP. In addition,
management may disclose in a footnote other information related to financial instruments
Audit assertions and audit objectives should be congruent with one another. This means that in an audit of financial statements,
audit assertions serve as the starting point of the auditor to identify the specific goals he or she has to accomplish in the conduct of
the audit. This makes audit assertions and audit objectives essentially similar with each other. The table below shows an example of
and the congruence between audit assertions and audit objectives in the audit of receivables.
34 | P a g e
AUDIT ASSERTIONS AND RELATED AUDIT OBJECTIVES
IN THE AUDIT OF RECEIVABLES
Existence To determine that accounts receivables exist at the balance sheet date
Occurrence To prove that all credit sales transactions pertaining to the accounts receivables that were
recorded in the period have actually occurred
Completeness To ensure that all credit sales transactions pertaining to the accounts receivables that
occurred during the period have been recorded completely
Rights (and Obligations) To prove that the company has ownership or rights to the accounts receivables
Valuation or Allocation To determine that the accounts receivables are properly valued at net realizable value
Accuracy To ensure that the computation of the accounts receivables and its valuation are accurate
and appropriately recorded
Cutoff To determine that all credit transactions to which the accounts receivables pertain to have
been recorded in the correct accounting period
Classification To see to it that accounts receivable are properly classified in the financial statements as
current assets
Presentation and Disclosure To find proof that all presentation and disclosure requirements pertaining to accounts
receivables have been presented and disclosed
AUDIT PROCEDURES
§ the scope of an audit refers to the audit procedures that, in the auditor’s judgment and based on the PSAs, are deemed
appropriate in the circumstances to achieve the objective of an audit
§ Audit procedures are the specific methods, techniques, or acts that the auditor uses to gather evidence in order to
determine the validity of the financial statement assertions. Professional judgment must be carefully used in determining
which audit procedure (or procedures) are most appropriate to increase the amount of evidence obtained, its
persuasiveness, and its ability to support or contradict assertions made by management
Audit procedures used to gather audit evidence are generally classified into two:
According to the PSAs, the auditor obtains audit evidence to draw reasonable conclusions on which to base the audit opinion by
performing audit procedures to:
§ Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material
misstatement at the financial statement level and assertion levels, These procedures are called as risk assessment
procedures. These are always performed by the auditor to provide a satisfactory basis for the assessment of risks at the
financial statement and assertion levels. However, risk assessment procedures by themselves do not provide sufficient
appropriate audit evidence on which to base the audit opinion and have to be supplemented by further audit procedures in
the form of tests of controls, when necessary, and substantive procedures. We have already discussed risk assessment
procedures in Risk Assessment and Materiality.
35 | P a g e
§ When necessary or when the auditor has determined to do so, test the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level. These procedures are referred to as tests of
controls. Tests of controls are necessary: (1) when the auditor’s risk assessment includes an expectation of the operating
effectiveness of controls, wherein the auditor is required to test those controls to support the risk assessment; and (2) when
substantive procedures alone do not provide sufficient appropriate audit evidence and the auditor is required to perform
tests of controls to obtain audit evidence about their operating effectiveness.
§ Detect material misstatements at the assertion level. These procedures are termed as substantive tests and include tests
of details of classes of transactions, account balances, and disclosures and substantive analytical procedures. Substantive
procedures are planned and performed by the auditor in order to be responsive to the related assessment of the risks of
material misstatement, which includes the results of tests of controls, if any. However, the auditor’s risk assessment is
judgmental and may not be sufficiently precise to identify all risks of material misstatement. Therefore, substantive
procedures for material classes of transactions, account balances, and disclosures are always required to obtain sufficient
appropriate audit evidence.
§ Inspection. Inspection consists of examining records, documents, or tangible assets. In most audits, inspection of records
or documents makes up the bulk if the evidence gathered by the auditor. The records or documents inspected provides
audit evidence of varying degrees of reliability and persuasiveness depending on their nature and source and the
effectiveness of internal controls over their processing. Documentary evidence may be classified into three: (1)
documentary audit evidence created and held by third parties (purely externally-generated); (2) documentary audit
evidence created by third parties and held by the entity (external-internal evidence); and (3) documentary audit evidence
created and held by the entity (purely internally-generated). Inspection of tangible assets, on the other hand, provides audit
evidence with respect to their existence but no necessarily as to their ownership or value. In this case, other audit
procedures which would serve the objective of the auditor have to be conducted.
§ Observation. Observation consists of looking at a process or procedure being performed by others. The actions being
observed typically do not leave an audit trail that can be tested by examining records or documents. An example of this
audit procedure would be when the auditor observes the counting of inventories by the entity’s personnel.
§ Inquiry. Inquiry consists of seeking information of knowledgeable persons inside or outside the entity. It is an important
audit procedure that is used extensively throughout the audit and often complements other audit procedures. Inquiries may
be directed to management, the company’s personnel, internal auditors, in-house legal counsel, or others outside the entity
like banks, creditors, and the like. Inquiries may also range from formal written inquiries addressed to third parties to
informal inquiries addressed to persons inside the entity. Responses to these inquiries provide the auditor with information
not previously possessed or with corroborative (supporting) audit evidence.
§ Confirmation. Confirmation is a more formal type of inquiry and consists of the response to an inquiry made by a third
party to corroborate information contained in the accounting records. Examples are the confirmation requests sent to the
debtors of the company when auditing accounts receivable or the standard confirmation request sent to the bank when
auditing the company’s cash in bank.
§ Computation or Recalculation. Recalculation consists of checking the mathematical accuracy of documents or records or
account balances. Examples of this audit procedure include recalculation of depreciation expense on fixed assets and
recalculation of accrued interest. Recalculation also includes footing, crossfooting, reconciling subsidiary ledgers to account
balances, and testing postings from journals to ledgers.
§ Reperformance. Reperformance is the auditor’s independent execution of procedures or controls that were originally
performed as part of an entity’s internal control. In simple language, reperformance means repeating a client activity. An
example of this is when the auditor reperforms the aging of accounts receivable to ensure accuracy of performance of client
personnel, or performing a “walkthrough” of a company’s sale or purchasing function.
§ Reconciliation. Reconciliation involves establishing agreements between two sets of independently maintained but related
records. An example of this is the preparation of a bank reconciliation or a more detailed proof of cash to reconcile the
balances in the bank statement and in the books of the entity.
§ Vouching. This procedure involves following a transaction back to supporting documents (“tracing back”) to establish the
existence or occurrence of recorded transactions. For example, a recorded purchase transaction in the purchase journal (an
accounting record) may be vouched with the related purchase invoice, receiving report, and purchase requisition
(supporting documents) to prove that the recorded transaction actually occurred. Note that the direction of audit testing in
vouching is from the accounting records to the supporting documents to support the existence or occurrence assertion.
§ Tracing. Tracing involves following a transaction forward through the accounting records to establish completeness of
transaction processing. The direction of the audit testing is from the supporting documents to the accounting records to
determine that the transactions have been recorded completely. For example, an auditor compares information on receiving
reports (which provides evidence that there were purchase transactions) to the purchases journal to prove that all valid
purchases were recorded completely in the accounting records.
36 | P a g e
§ Analytical Procedures. Analytical procedures consist of comparing relationships or determining the plausible relationships
that exist between data to determine the reasonableness of recorded amounts. It also involves ratio and trends analysis
including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or
deviate from predicted amounts. The auditing standards require that analytical procedures should be applied at the
planning and overall review stage of the audit. The auditor may also choose, but is not required to, use analytical
procedures as substantive tests to provide evidence as to the reasonableness of the specified account balances.
Generally, audit tests performed by an auditor, aside from risk assessment procedures, particularly to obtain and evaluate audit
evidence, depend on the auditor’s purpose and can be classified into two: (1) compliance tests or tests of controls; and (2)
substantive tests.
Tests of controls are conducted to provide reasonable assurance that accounting control procedures are being applied as prescribed.
Furthermore, these are conducted to assess the operating effectiveness of internal controls in the company and whether the control
procedures are being followed. This evaluation identifies the control procedures that can be relied on in the performance of
substantive tests.
Tests of controls may be directed at control procedures that leave no audit trail or those that leave an audit trail. An audit trail is a
processing sequence or path that allows for managers and auditors to “walk through” a particular transaction and ascertain as to
whether it has been executed properly following required policies and procedures set by the company. Audit trails are composed of
the source documents and accounting records that are used to track down and support transactions entered into by the company. If
a particular class of transaction leaves no audit trail, the auditor makes inquiries of personnel and observations of routines to
determine how control procedures are performed and who performs them. On the other hand, if a class of transaction leaves an
audit trail or documentary trail, the auditor inspects the documents to see whether a control procedures, such as approval or other
checking, was performed and who performed it as evidenced by signatures or initials.
SUBSTANTIVE TESTS
An auditor applies substantive tests when the auditor’s purpose is to determine whether the peso amount of an account is properly
stated. Substantive tests have two general categories: (1) Tests of details of transactions or balances; and (2) Analytical procedures.
Tests of details of transactions or balances involve obtaining audit evidence on the items or details involved in a class of
transactions or a particular account balance. Analytical procedures involve the study and comparison of relationships among
accounting data and related information.
§ Comparing inventory levels for the current year to that of prior years
§ Comparing research and development expense with the budgeted amount
§ Comparing interest expense with the average outstanding balance of the interest-bearing debt
§ Comparing client’s gross profit percentage to published industry averages
§ Comparing production records in units with sales
Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based. This is
how audit evidence is defined as per the new auditing standards. In the old auditing standards, audit evidence only constitute
accounting records and other corroborating information that the auditor obtains and evaluates to support a basis for the audit
opinion. The new auditing standards have expanded the definition of audit evidence which includes all the information obtained and
evaluated by the auditor in the audit, provided they are both relevant and reliable. Audit evidence comprises both information that
supports and corroborates management’s assertions, and any information that contradicts such assertions.
37 | P a g e
AUDIT EVIDENCE IS NECESSARY TO SUPPORT THE AUDIT OPINION
Always bear in mind that without audit evidence, the auditor will have no basis for the audit opinion in the audit report. Most of the
auditor’s work in forming the audit opinion consists of obtaining and evaluating audit evidence. This is why obtaining and evaluating
audit evidence is considered to be the bulk of the auditor’s work since through this the auditor will be able to gather proof that
supports or contradicts the assertions in the financial statements and express an opinion on the fairness with which the financial
statements are prepared and presented.
Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It
may, however, also include information obtained from, e.g., previous audits and a firm’s quality control procedures for client
acceptance and continuance. The entity’s accounting records are an important source of audit evidence along with other sources
inside and outside the entity.
Management is responsible for the preparation of the financial statements based upon the accounting records of the entity. Some
audit evidence is obtained by performing audit procedures to test the accounting records, e.g., through analysis and review,
reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same
information. Through the performance of such audit procedures, the auditor may determine that the accounting records are
internally consistent and agree to the financial statements.
More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature
than from items of audit evidence considered individually. For example, corroborating information obtained from a source
independent of the entity may increase the assurance the auditor obtains from evidence existing within the accounting records or
from representations made by management.
Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from
third parties, analysts’ reports, and comparable data about competitors (benchmarking data)
As provided by the Framework for Assurance Engagements, evidence should possess two qualities in an audit: sufficiency and
appropriateness. Note that both of these characteristics should be present. That is why in audit we always use the phrase sufficient
appropriate audit evidence. A great number of evidence may be obtained by the auditor but these might not be appropriate.
Similarly, the auditor might be able to gather very appropriate evidence but not enough to substantially support or contradict an
assertion. When evidence is both sufficient and appropriate, that evidence is said to be competent.
Another general characteristic that makes evidence competent is its persuasiveness. Persuasiveness is the evidence’s ability to
enable the auditor to make a decision regarding the reasonableness of the information in the assertions being represented by
management that would potentially affect the opinion to be included in the audit report
Generally, when we consider documentary evidence, the most persuasive type of evidence are those that are purely externally-
generated, while the least persuasive are those that are purely internally-generated
Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the risks of
misstatement and also by the quality of such audit evidence. Therefore, the greater the risk of material misstatement, the more
audit evidence is likely to be required to reduce audit risk to an acceptably low level. Similarly, the higher the quality of audit
evidence, the less evidence may be required to meet the audit test. Obtaining more audit evidence, however, may not compensate
for its poor quality
Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for,
or detecting misstatements in, the financial statements. The reliability of evidence is influenced by its source and by its nature, and
is dependent on the individual circumstances under which it is obtained. Evidence, regardless of its form, is considered competent
when it provides information that is both relevant and reliable.
In order for audit evidence to be appropriate and competent, it has to satisfy certain factors:
§ Relevance of the evidence to the assertion being tested. The audit evidence must be relevant to and must either be
able to support or contradict the assertion being tested.
§ Objectivity of the evidence. Evidence can be objective or subjective. In general, the more objective the evidence is, the
more competent and reliable it is. The greater the amount of judgment required on the part of the provider of the
information, the more subjective the information will be, and generally, the more subjective the evidence is, the less reliable
it is.
38 | P a g e
§ Qualifications of the provider of the evidence. The source of the evidence or information should also be taken into
consideration in determining the competence or reliability of the evidence.
§ Timeliness of the evidence. The evidence must be able to provide information about the assertion during the period
under audit. Audit evidence must be able to provide evidence about an assertion in the time period that evidence is needed
AUDIT DOCUMENTATION
Audit documentation serves as the auditor’s principal record of the work performed and the basis for conclusions in the audit report.
This serves as proof that the auditor indeed has conducted the audit and also contains supporting evidence on how the auditor was
able to arrive at the conclusions and opinion in the audit report. Audit documentation also facilitates the planning, performance, and
supervision of the audit and provides the basis for the review of the quality of work by providing the reviewer with written
documentation of the evidence supporting the auditor’s significant conclusions
PERMANENT FILE
The permanent file consists of working papers that are intended to contain historical or continuing nature or information pertinent to
the current audit. These files provide a convenient source of information about the audit that is of continuing interest from year to
year.
CURRENT FILE
The current file consists of working papers that contain evidence gathered, descriptions of auditing procedures performed, and
conclusions reached relevant to the audit of a particular year.
The current file working papers are usually arranged in the following order:
§ Working (Top) Trial Balance. This includes a list of all financial statements account balances before adjustments, as well
as proposed adjusting and reclassifying entries, relating those balance to the audited financial statements.
§ Proposed adjusting and reclassifying entries. When the auditor discovers material misstatements in the accounting
records, the financial statements must be corrected. However, the auditor will not be the one to automatically correct them;
the client must approve the corrections because management has primary responsibility for the fair presentation of the
financial statements. Reclassification entries are frequently made in the statements to present accounting information
properly, even when the general ledger balances are correct.
§ Lead schedule. These are working papers prepared to combine similar accounts. For example, the company’s accounts
with three different banks are summarized in the lead schedule and forwarded to the working trial balance as a single
account – Cash in bank.
§ Supporting schedules. The largest portion of the working papers includes the detailed schedules prepared by auditors in
support of the specific amounts in the financial statements
Section 29 of RA 9298 or the Philippine Accountancy Act of 2004 specifies the legal provisions on the ownership and custody of audit
working papers:
39 | P a g e
“All working papers, schedules and memoranda made by a certified public accountant in public practice and his staff in the course of
an examination, including those prepared and submitted by the client, incident to or in the course of an examination, by such
certified public accountant, except reports submitted by a certified public accountant to a client shall be treated confidential and
privileged and remain the property of such certified public accountant in the absence of a written agreement between the certified
public accountant and the client, to the contrary, unless such documents are required to be produced through subpoena issued by
any court, tribunal, or government regulatory or administrative body.”
UNMODIFIED OPINION
This is an opinion in which the auditor concludes that the financial statements present fairly the financial position, results of
operations, and cash flows consistently in all material respects, in accordance with the identified financial reporting framework.
This is an opinion in which the auditor states that “except for” the effect of the matter to which the qualification relates, the
financial statements present fairly the financial position, results of operations, and changes in financial position in conformity with the
applicable financial reporting framework consistently applied.
This opinion is issued when the auditor concludes that an unmodified opinion cannot be expressed but that the effect of any
disagreement with management, or limitation on scope is not so material and pervasive as to require an adverse opinion or a
disclaimer of opinion. Note that the PSAs specify that the phrase “except for” should be used when the auditor qualifies an opinion.
In summary, a qualified opinion is expressed when the following situations are met, and when they are judged to be material but
not pervasive (or immaterial):
This opinion states that the financial statements do not present fairly the financial position, results of operation, or changes in
financial position of the company in conformity with the applicable financial reporting framework.
This opinion is expressed when the effect of a departure from GAAP or a disagreement with management is so material and
pervasive to the financial statements that the auditor concludes that a qualification of a report is not adequate to disclose the
misleading or incomplete nature of the financial statements.
In summary, an adverse opinion is expressed when the following situations are met, and when they are judged to be highly
material and pervasive (or material):
DISCLAIMER OF OPINION
This opinion is a statement by the auditor that an opinion cannot be expressed on the financial statements. This opinion is expressed
when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain
sufficient appropriate audit evidence and accordingly is unable to express an opinion on the financial statements. Another
circumstance that leads to a disclaimer of opinion is when the auditor is not entirely independent of the client.
PIECEMEAL OPINION
A piecemeal opinion is an expression of opinion as to certain identified items in the financial statements when the auditor either
disclaimed an opinion or expressed an adverse opinion on the financial statements taken as a whole.
It should be emphasized that the expression of a piecemeal opinion is now prohibited since in an audit, the audit opinion is
expressed on the financial statements taken as a whole. Furthermore, a piecemeal opinion tends to overshadow or contradict a
disclaimer of opinion or an adverse opinion. Therefore, it is considered inappropriate and should not be issued in any situation
40 | P a g e
DEVIATIONS FROM AN UNMODIFIED OPINION: MATERIALITY AND PERVASIVENESS
From the types of opinion discussed above, we will notice that there four general situations that would preclude the auditor from
issuing an unqualified opinion. These are:
§ Departure from GAAP, or deviations from a particular accounting standard or treatment as provided by the Philippine
Financial Reporting Standards (PFRS)
§ Disagreement with management, or inconsistencies in accounting treatments made by management from those
suggested by the auditor or the PFRS
§ Limitation on scope, which may be client-imposed or imposed by the circumstances; this exists when the auditor is
unable to accumulate all the evidence required by GAAS and therefore precludes the auditor from conducting an effective
audit and issuing an unqualified opinion
§ Lack of independence, when the auditor believes or is viewed that there are conflicts of interest that precludes him from
being entirely independent of the client
Drawing on the four instances mentioned, an auditor decides to issue a modified opinion – qualified or adverse, or a
disclaimer of opinion depending on two factors: materiality and pervasiveness.
As discussed previously, materiality is viewed as a threshold or cutoff point rather than a mere quantitative figure that aids
users in making decisions. It should be noted that materiality is a matter of professional judgment.
In the issuance of an audit report, the auditor determines the materiality and pervasiveness of a particular deviation from an
unqualified opinion before issuing a modified opinion or a disclaimer of opinion.
A particular information, situation, or circumstance is said to be pervasive when it renders the financial statements misleading
when taken as a whole. Pervasiveness greatly affects the materiality or immateriality of a particular item or situation which leads
to a modified opinion or disclaimer of an opinion
PSA 705 “Modifications to the Opinion in the Independent Auditor’s Report” deals with the auditor’s responsibility to issue an
appropriate report in circumstances when a modification to the auditor’s opinion on the financial statements is required. The
requirements and guidance in this PSA are established in the context of engagements to report on general purpose financial
statements prepared and presented in accordance with a fair presentation framework. However, in the context of an engagement to
report on special purpose financial statements or specific elements, accounts or items of a financial statement, or when the
applicable financial reporting framework is a compliance framework, these requirements and guidance equally apply, adapted as
necessary.
In the course of performing an audit, the auditor may encounter conditions that may require modification of the audit report. An
auditor’s report is considered to be modified in the following situations:
In certain circumstances, an auditor’s report may be modified by including an additional paragraph to highlight an item that is
usually disclosed in the notes to financial statements. However, it should be emphasized that the addition of such paragraph
does not negate the auditor’s unqualified opinion. Instead, it is used only to draw the attention of financial statement readers on an
important matter affecting the financial statements.
If the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in the financial statements that, in
the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the financial statements, the auditor
shall include an emphasis of matter paragraph in the auditor’s report provided the auditor has obtained sufficient appropriate
audit evidence that the matter is not materially misstated in the financial statements. Such a paragraph shall refer only to
information presented or disclosed in the financial statements.
When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
1. Include it immediately after the opinion paragraph in the auditor’s report;
2. Use the heading “Emphasis of Matter” or other appropriate heading;
3. Include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures that fully
describe the matter can be found in the financial statements; and
4. Indicate that the auditor’s opinion is not modified in respect of the matter emphasized
41 | P a g e
The rationale of placing the emphasis of matter after the opinion paragraph is to emphasize that the additional information or
disclosure notwithstanding, the report is still unqualified as what audit clients ordinarily would expect and want the report to be.
Moreover, PSA 706 requires the auditor’s report to include an emphasis of matter paragraph under the following circumstances:
If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed in the
financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities
or the auditor’s report and this is not prohibited by law or regulation, the auditor shall do so in a paragraph in the auditor’s report,
with the heading “Other Matter” or other appropriate heading. The auditor shall include this paragraph immediately after the
opinion paragraph and any Emphasis of Matter paragraph, or elsewhere in the auditor’s report if the content of the Other Matter
paragraph is relevant to the Other Reporting Responsibilities section.
Moreover, PSA 706 requires the auditor’s report to include an other matter paragraph under the following circumstances:
The unmodified opinion may be issued only when the following conditions have been met:
Material departure from these conditions would result to a modification of the auditor’s opinion.
According to PSA 705 “Modifications to the Opinion in the Independent Auditor’s Report”, an auditor may not be able to express an
unmodified opinion when there is a disagreement with management regarding accounting policies or when there is a limitation on
the scope of the auditor’s examination.
Specifically, PSA 705 provides that the auditor shall modify the opinion in the auditor’s report when:
a. The auditor concludes that, based on the audit evidence obtained, the financial statements as a whole are not free from
material misstatement; or
b. The auditor is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are
free from material misstatement
When the auditor expresses an opinion that is other than unmodified, a separate paragraph called the basis for modified
opinion paragraph should be included and placed before the opinion paragraph in the audit report. The rationale for this
placement is that the audit client is first informed of the necessary circumstance that warranted a modified opinion before the
modified opinion if expressed
SCOPE LIMITATION
Scope limitations arise when the auditor is unable to perform necessary audit procedures or the auditor is unable to gather
sufficient appropriate evidence about an assertion.
§ imposed by the entity, for example, when the client prevents the auditor from carrying out the necessary audit
procedures; or
§ imposed by circumstances, for example, inadequacy of the client’s accounting records
A limitation of the scope of the auditor’s examination will result to either qualified or a disclaimer of opinion depending on the
materiality and pervasiveness of the scope limitation.
42 | P a g e
c. Degree of wrongdoing
d. Lack of privileged communication
e. Liability for acts of others
There is agreement within the profession and courts that the auditor is not a guarantor of statements’ accuracy. Auditors are not
infallible and can make errors in judgment. But auditors are expected to exercise the same reasonable care with which others in the
profession would perform in similar circumstances. This is frequently referred to as exercising due professional care. This standard of
due care to which the auditor is expected to be held is often referred to as prudent person concepts.
SOURCES OF RESPONSIBILITY
The auditor’s legal responsibilities to others are established by their common law or statutory law.
Common laws are laws that have been developed through court decisions rather than through government statutes. An example is
an auditor’s liability to a bank related to the auditor’s failure to discover material misstatements in financial statements that was
relied on in issuing a loan.
Statutory laws refer to the body of laws passed by legislative bodies such as CONGRESS. For example, auditors for an entity selling
securities under the Securities Act owe a statutory duty to a purchaser of those securities.
DEGREE OF WRONGDOING
At one extreme, auditors perform an appropriate audit and issue an appropriate report. Hence, the auditors have no degree of
wrongdoing. Auditors who commit fraud are at the other extreme because they know the financial statements are misstated but do
not take appropriate action to report the misstatements. Courts consider fraud as maximum wrong that auditor’s can do. Courts
traditionally use the legal concept of scienter or the knowledge of the falsity on the part of the person making the statement, to
differentiate fraud from other degree of wrong doing.
The courts have identified 2 degrees of wrong doing – negligence (ordinary) and gross negligence. Ordinary negligence implies
absence of reasonable care that can be expected of a person in a set of circumstances. Auditors are guilty of ordinary negligence if
they do not do what reasonably prudent auditors should do in the circumstances. Auditors are guilty of gross negligence if they
consistently fail to follow the standards of profession on an engagement.
CPAs shall not disclose any confidential information without the specific consent of the client. Permission however is not required
from the client if the working papers are subpoenaed by a court.
Legally, information is called privileged if legal proceedings cannot require a person to provide the information, even if there is a
subpoena.
Under common law, information obtained by a CPA from client is not privileged.
The partners of CPA firm are jointly liable for civil actions against a partner. They are also liable for work of others such as their
employees, other CPA firms engaged to do part of the work and specialists called upon to provide technical information.
A CPA is obliged to exercise due professional care during the engagement including adherence to professional standards and ethics.
Failure by the CPA to exercise this degree of care may constitute negligence and breach of contracts to render professional service.
An honest error does not constitute negligence on the part of a CPA so long as he has exercised due professional care.
While the basic purpose of an audit render an opinion on the fairness of the financial statements and not to detect fraudulent acts by
employees, if an undetected fraud is so widespread and of such magnitude as to cause the financial statement to be materially
misstated, the argument may be advanced that the auditor’s procedures were clearly inadequate and that the auditor was negligent.
In the event that the auditor is found negligent, a client is entitled to recover any losses to which the auditor’s negligence was
proximate cause. The client may also recover the audit fee because of the auditor’s breach of contract.
43 | P a g e
Auditor’s Defense:
Under common law, CPA firm can use one or a combination of five defenses when there are legal claims by clients. These are:
1. The CPA firm can claim there was no implied or expressed contract to perform the service. This is referred to as lack of duty
to perform the services.
2. The audit was performed using reasonable care or lack of reasonable care did not cause damages.
3. The reliance on the financial statements did not cause the loss. This is also referred to as absence of causal connection
4. In cases in which a tort is involved, auditors in some jurisdiction can claim contributory negligence (that the client’s own
actions contributed to the loss)
5. The statute of limitations on the action has expired.
Creditors, investors and other third parties also rely upon the auditor’s work when they place confidence in audited FS. Independent
auditors are liable to all foreseeable third parties for losses which are caused by the auditor’s fraud or gross negligence. Failure of the
auditor to detect a widespread fraud also constitutes negligence.
Auditor’s Defense:
Auditors have four defenses in third party lawsuits. These are:
1. The preferred defense in third party lawsuits is nonnegligent performance. If the audit was conducted in accordance with
GAAS, the other defenses are unnecessary.
2. A lack of duty defense can also be used. This defense contends lack of privity of contract. Privity of contract means
limitations of liability to the parties to a given contract. Under privity, the CPA is not liable to third parties for ordinary
negligence.
3. Absence of causal connection. This means that third party must be able to prove that there is a close causal connection
between the auditor’s breach of standard of due care and the damages suffered by the third party. This could also be
construed as nonreliance on the FS by the user.
4. The statute of limitations on the action has expired.
In the light of the auditor’s extensive exposure to obligation, public accounting firms must take positive action to withstand the
threat of legal liability. Among these actions are:
1. Emphasize compliance with GAAS, CPE and where appropriate GAAP.
2. Thoroughly investigate prospective clients. Avoid taking on clients when there are indications of deliberate management
misrepresentation. Evaluate whether a client has the necessary integrity.
3. Avoid companies and industries in which the risk of litigation is high.
4. Exercise extreme care in the audit of clients in financial difficulties.
5. Establishing and following appropriate quality control procedures over all audit work.
6. Use engagement letters which clearly point out to the client the scope of the auditor’s services and responsibilities on a
particular engagement
7. Conduct audit with appropriate professional skepticism
8. Provide the opportunity for auditor to consult with more experienced auditors about difficult issues.
9. Maintain adequate professional liability insurance coverage. This is however not a common practice in the Phils.
10. Seek legal counsel whenever serious problems occur.
A. THE NATURE OF THE REVENUE/RECEIPT CYCLE, INCLUDING THE FLOW OF INFORMATION THROUGH CUSTOMER ORDER,
CREDIT, INVENTORY CONTROL, SHIPPING, BILLING, RECORDING, AND CASH COLLECTION
1. The nature of the revenue/receipt cycle
• This cycle encompasses both the sale of goods or services, and the collection of cash
• The cycle is related to each of the other three transaction cycles since it
Ø Receives resources and information provided by the financing and conversion cycles, and
Ø Provides resources and information to the expenditure/disbursement cycle
• Common activities
Ø Customer order, the cycle begins when the customer’s order is received by fax, mail, e-mail, telephone, or EDI
ü A prenumbered sales order describing the goods, price, quantity, and terms is prepared by the order
department
Ø Credit approval
ü The customer’s credit is reviewed prior to approval by the credit department
Ø Inventory control
ü Goods are released for shipment and are accompanied by a copy of the sales order, approved by an employee
authorized to release goods from inventory
Ø Shipping
ü Goods received from inventory are compared with the sales order and a shipping document is prepared
ü When the shipper picks up the goods, shipping department personnel receive a receipt
Ø Recording
ü A copy of the shipping document and sales order are sent to Billing and an invoice is generated
ü Invoices are sent to the customer, Inventory Accounting, General Accounting, and Accounts Receivable for
recording
44 | P a g e
ü Sometimes a remittance advice will be prepared and included with the customer copy of the invoice; used by
the customer when remitting payment
Ø Cash collection
ü Incoming checks are listed immediately and restrictively endorsed
ü One copy of the listing is sent to Accounts Receivable for posting to individual customer accounts
ü The checks and another copy of the list are sent to Cash Receipts for deposit and updating of cash records
Ø Sales return
ü Personnel independent of cash collection and recording should review customer requests for adjustments on
returned goods
ü An approved request is documented as a credit memorandum
ü Returned goods are handled through the Receiving department and returned to the warehouse along with a
receiving report
ü Inventory Control personnel match the receiving report with a copy of the credit memorandum
Ø Allowance for uncollectible accounts
ü Delinquent accounts should be reviewed periodically by personnel who report to the treasurer and are
independent of recording functions
B. AN AUDITOR’S ASSESSMENT OF CONTROL RISK AND AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING FOR SALES
AND CASH RECEIPTS TRANSACTIONS
1. Considering internal control in a financial statement audit
• An auditor’s consideration of internal control includes understanding the controls, performing tests of controls, and
assessing control risk
• An auditor obtains this understanding to
Ø Plan the audit
Ø If the company is public, to audit internal control over financial reporting
• Perform a review of Section 404 (Sarbanes-Oxley) documentation
Ø Section 404 documentation is prepared by management to document internal control
Ø Section 404 documentation is extensive
Ø Non-public companies are not required to prepare this documentation
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
45 | P a g e
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
2. Tests of controls: Credit sales and cash collections
• Considerable effort is usually directed at testing controls over sales, receivables, and cash receipts since this represents a
large volume of transactions for most entities
• Tests of sales activity focus on whether sales are properly authorized, executed, and recorded
• Tests of cash collections focus on whether cash receipts are properly recorded and promptly deposited
• Tests of controls over returns, allowances, and uncollectible accounts focus on proper authorization and recording
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
• Shipping presents two major risks for errors or fraud
Ø Goods may be shipped without authorization, or
Ø Shipped goods may not be billed and recorded at all
Ø Tests of controls are intended to determine whether shipments are made only in accordance with approved sales
orders and whether shipments have been billed and recorded properly
• Billing
Ø Tests of controls focus on whether billed goods have actually been shipped and whether bills are accurate
• Recording
Ø Tests of controls focus on whether details are summarized, periodically reconciled, and accurately posted to sales
journals, to the accounts receivable ledgers, and to the general ledger
• Cash collection is particularly susceptible to frauds
Ø Tests of controls over cash collections are designed to detect misappropriation of cash receipts and lapping
ü Lapping is a fraud that conceals cash shortages resulting from delays in recording cash collections
• Sales returns and allowances
Ø Tests of controls focus on whether credit memoranda are approved and recorded properly
• Uncollectible accounts
Ø Tests of controls focus on whether write-offs are properly authorized and recorded
3. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests of sales, receivables, and cash,
or
Ø Assess control risk at the maximum and expand substantive testing
THE RELATIONSHIP BETWEEN FINANCIAL STATEMENT ASSERTIONS AND AUDIT PROCEDURES IN THE AUDIT OF RECEIVABLES AND
CASH BALANCES
1. Each assertion can be translated into an audit objective for which auditors design procedures to obtain evidence
• Existence (whether all recorded sales, receivables, and cash balances actually exist and whether all recorded transactions
actually occurred) is tested by
o Confirming accounts receivable with customers
o Confirming bank balances
o Physically observing and counting cash on hand
§ Completeness (all transactions that should be presented are included) is tested by
o Cutoff testing
o Application of analytical procedures (for example comparing sales and receivables)
o Examining bank reconciliations
• Rights and obligations (represent the true rights or obligations of the entity) is tested by
o Confirmations with debtors and banks
• Valuation (valued or allocated appropriately in accordance to GAAP) is tested by
o Verifying mathematical accuracy
o Confirmations with debtors and a review of the collectibility of the receivables
o Adequacy of allowance for doubtful accounts and verifying the accuracy of the aged trial balance
• Presentation and disclosure (presented and disclosed properly within the financial statements) is tested by
o Comparison of client financial statements with authoritative guidelines
• The audit procedures applied to each area and account in the revenue/receipt cycle are summarized in Figure 11-1
THE RELATIONSHIP AMONG AUDIT RISK, CLIENT STRATEGIES, AND THE NATURE, TIMING, AND EXTENT OF SUBSTANTIVE TESTS
1. The nature, timing, and extent of the substantive work
• Substantive tests are planned based on the evaluation of the tests of controls of the revenue/receipt cycle and the
relationship between inherent, control, and detection risk
• Detection risk is the likelihood that error could occur and not be detected by audit procedures, which is based on the
auditor’s interim assessments of two other risks
Ø Control risk is the likelihood that material error could occur and not be detected by internal control, and
46 | P a g e
Ø Inherent risk is the susceptibility of an account balance to material error for which there is no related internal
control
• Given a certain level of control risk and inherent risk, and a desire to hold audit risk at a minimum, the auditor will
determine the level of detection risk and design audit procedures to reach that level
Ø For example, if detection risk is set at 10% on the current year audit, versus it being set at 5% for the prior year,
the auditor will need to collect relatively less audit evidence in the current year since he is willing to take more risk
of errors occurring and not being detected by audit tests
C SUBSTANTIVE TESTS APPLICABLE TO ASSERTIONS ABOUT SALES, ACCOUNTS RECEIVABLE, AND CASH BALANCES
A. THE NATURE OF THE EXPENDITURE/DISBURSEMENT CYCLE, INCLUDING THE FLOW OF INFORMATION THROUGH PURCHASING,
RECEIVING, ACCOUNTS PAYABLE, AND CASH DISBURSEMENTS
1. The expenditure/disbursement cycle
• Encompasses both the acquisition of goods and services and the payment of cash for the goods and services acquired
• The cycle is related to each of the three other cycles since it
Ø Uses resources and information provided by the revenue/receipt cycle, and
Ø Provides resources and information for the financing and conversion cycles
• Two major business functions are associated with the cycle
Ø Goods and services are acquired from vendors and employees in exchange for obligations to pay.
Ø Obligations to vendors and employees are paid
• Paper or computer image documents affecting the expenditure/disbursement cycle include
Ø Purchase requisition is a request from an employee or department supervisor that goods be purchased
Ø Purchaser order is a request issued by the Purchasing department to a vendor to purchase goods
Ø Receiving report identifies information about goods received from a vendor
Ø Vendor’s invoice identifies goods purchased and represents formal notice about the amount and terms of payment
(often called the bill)
Ø Voucher package – the purchase requisition, purchase order, receiving report, and invoice
2. Common activities
• Purchasing involves the acquisition of goods and services from vendors
Ø Goods include tangible resources, such as inventory, supplies, and equipment
Ø Services include nontangible resources, such as advertising, repairs and maintenance, utilities, and insurance
47 | P a g e
Ø An employee of the department that requests the purchase prepares a purchase requisition, which is submitted to
a supervisor for approval
Ø Approved purchase requisitions are forwarded to Purchasing, where the request is reviewed, a vendor selected, and
a purchase order prepared
Ø A purchase order describes the goods or services requested, specifying the price, quantity, shipping terms, and
catalog numbers
Ø Purchasing sends copies of purchase orders to the vendor and to the requisitioning department, to Receiving, and
to Accounts Payable
• Receiving is where goods ordered from vendors are delivered, where the goods are compared with the purchase order and a
receiving report is prepared
Ø The Receiving department maintains a receiving log cross-referenced to related receiving reports
Ø A copy of the receiving report is forwarded to Purchasing and to Accounts Payable
• Accounts Payable compares purchase requisition, purchase order, receiving report, and vendor’s invoice
Ø Accounts Payable prepares the voucher upon receipt of a vendor’s invoice
Ø A voucher package is filed in an unpaid vouchers file by due date
Ø A copy of the daily summary of vouchers is forwarded to General Accounting for recording in a voucher register
Ø Column totals in the voucher register are posted to general ledger accounts
• Cash disbursements
Ø Should be authorized and executed personnel who report to the treasurer and are independent of purchasing and
recording
Ø Voucher packages in the unpaid voucher file are forwarded to the Treasury department, prior to the date payment
is due
Ø The Treasury department reviews voucher packages for accuracy and authenticity before approving vouchers for
payment and submitting vouchers for check printing
ü Blank checks should be prenumbered and voided checks should be retained and accounted for
ü Unused checks should be controlled physically; limiting access to authorized personnel only
ü Drawn checks and approved supporting vouchers should be reviewed by an individual not otherwise involved in
either processing or recording payables
ü Signed checks should be mailed directly to the payee without intervention by employees responsible for
approving, recording, or processing the transaction
Ø Paid voucher packages should be canceled immediately, preventing duplicate payments
Ø A daily summary of all remittances should be prepared and forwarded to Accounts Payable for posting to subsidiary
payables ledger and to General Accounting for recording in the voucher register
3. Control objectives
• Transaction authorization
Ø All purchases should be initiated by user departments and approved by authorized supervisors
Ø Goods or services should not be ordered in the absence of authorized purchase requisitions
Ø Management should approve vendors before Purchasing executes an order
Ø Management should also establish policies for the types, quantities, payment terms, and prices of good and
services purchased
ü Management should maintain current price lists and actively seek suppliers whose goods or services optimize
price and quantity
ü Where applicable, competitive bids or formal price quotations should be obtained from suppliers
• Transaction execution
Ø Management should require that Receiving personnel inspect and count all received goods before releasing the
carrier
Ø Management should institute policies to assure that cash is disbursed only for bona fide liabilities, protecting
against disbursements for goods not received, payment to unauthorized parties, and duplicate payments
Ø To control against improper disbursements, management could prenumber and control vouchers and checks,
require a second manual signature for checks exceeding prespecified amounts, and cancel paid voucher packages
immediately upon payment
• Recording
Ø To protect against inaccurate account balances and against misstated financial statements, management should
institute policies to assure that all purchases and cash disbursements are recorded properly and in the proper
period
Ø To control against inaccurate vendor accounts, management could establish validation procedures to verify
postings, and reconcile input totals to processed and output totals
Ø Authorized personnel should investigate correspondence from vendors, particularly collection notices
• Access to assets
Ø Management should establish procedures to safeguard assets by restricting access to purchasing and cash
disbursement records and forms
An auditor’s assessment of control risk and audit of internal control over financial reporting for purchases and cash disbursements
transactions
48 | P a g e
• Perform a review of Section 404 (Sarbanes-Oxley) documentation
Ø Section 404 documentation is prepared by management to document internal control
Ø Section 404 documentation is extensive
Ø Non-public companies are not required to prepare this documentation
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
2. Tests of controls: Purchasing and cash disbursements
• Considerable effort is usually directed at testing controls over purchases and cash disbursements since this represents a
large volume of transactions for most entities
• Tests of purchases activity focus on whether purchases are properly authorized, executed, and recorded
• Tests of cash disbursements focus on whether cash disbursements are properly authorized and recorded
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
• Significant resources are expended for goods and services, auditors focus on whether all purchases are properly authorized
Ø Purchases could be made from unauthorized vendors
Ø Unnecessary goods may be purchased
Ø Goods may be purchased at noncompetitive prices
Ø Tests of controls are intended to determine that necessary purchases are from authorized vendors at competitive
prices
• Recording
Ø Goods may be received but not reported
Ø Account balances may be inaccurate resulting in misstated financial statements
Ø Tests of controls are intended to determine that all receiving reports are recorded, and that processing and
recording procedures are adequate
• Access to assets
Ø Forms and checks may be misused or diverted for personal use by employees
Ø Tests of controls are intended to determine that physical control is maintained over documents and that there is
adequate segregation of duties
3. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests of purchases and cash disbursements, or
Ø Assess control risk at the maximum and expand substantive testing
A. THE RELATIONSHIP BETWEEN FINANCIAL STATEMENT ASSERTIONS AND AUDIT PROCEDURES IN THE AUDIT OF PAYABLES,
PREPAIDS, AND ACCRUED LIABILITIES
2. Each assertion can be translated into an audit objective for which auditors design procedures to obtain evidence
• Existence (whether all recorded payables exist at the balance sheet date and whether all recorded purchase transactions
occurred during the period) is tested by
a. Confirming balances with creditors
b. Examining documents that support recorded payables such as purchase orders and receiving reports
c. Testing cutoff to determine whether purchases are recorded in the proper period
• Completeness (whether all purchases transactions and payables balances that should be presented are actually presented)
is tested by
Ø Reviewing post-balance sheet events
Ø Analytical procedures
Ø Testing cutoff
• Rights and obligations (represent the true obligations of the entity) is tested by
Ø Confirming recorded balances with creditors
Ø Performing the search for unrecorded liabilities
• Valuation (reported in the financial statements at appropriate dollar amounts) is tested by
Ø Verifying mathematical accuracy
Ø Confirmations with creditors
Ø Performing the search for unrecorded liabilities
• Presentation and disclosure (whether recorded payables are properly classified, described, and disclosed in the financial
statements) is tested by
Ø Comparing a client’s financial disclosures with those required by GAAP
49 | P a g e
B. THE RELATIONSHIP AMONG AUDIT RISK, NONFINANCIAL MEASURES, AND THE NATURE, TIMING, AND EXTENT OF
SUBSTANTIVE TESTS
3. The nature, timing, and extent of the substantive work
• Substantive tests are planned based on the evaluation of the tests of controls of the expenditure/disbursement cycle and
the relationship between inherent, control, and detection risk
• Detection risk is the likelihood that error could occur and not be detected by audit procedures, which is based on the
auditor’s interim assessments of two other risks
Ø Control risk is the likelihood that material error could occur and not be detected by internal control, and
Ø Inherent risk is the susceptibility of an account balance to material error for which there is no related internal
control
• Given a certain level of control risk and inherent risk, and a desire to hold audit risk at a minimum, the auditor will
determine the level of detection risk and design audit procedures to reach that level
Ø For example, if detection risk is set at 10% on the current year audit, versus it being set at 5% for the prior year,
the auditor will need to collect relatively less audit evidence in the current year since he is willing to take more risk
of errors occurring and not being detected by audit tests
C. SUBSTANTIVE TESTS APPLICABLE TO ASSERTIONS ABOUT ACCOUNTS PAYABLE, PREPAID EXPENSES AND ACCRUED
LIABILITIES
Accounts payable
• Verify mathematical accuracy of accounts payable to substantiate the assertion of valuation
• Confirm payables to test assertions of existence, obligations and valuation
Ø The primary risk with payables is understatement, and confirmation is not generally effective in testing for
unrecorded payables (the payable would not be listed in the trial balance and a confirmation request would not be
sent)
Ø An entity may overstate payables in an attempt to avoid taxes by understating income
Ø When confirmation of payables is considered necessary, balances are usually confirmed as of the balance sheet
date rather than at interim and are confirmed through direct communication with vendors (a request for an
itemized statement of account to be sent directly to the auditor)
• Testing of cutoff is performed to determine whether purchases and the corresponding payables are recorded in the
appropriate period
• A search for unrecorded liabilities is closely related to tests of cutoff and may result in the detection of items recorded in the
wrong accounting period
Ø Four basic sources are used to search for unrecorded payables
ü A year-end accounts payable trial balance
ü The cash disbursements journal
ü Canceled (paid) voucher packages
ü The file of unmatched receiving reports (filed in an unpaid vouchers file)
• Analytical procedures are performed to direct attention to unusual, unreasonable, or otherwise unexplainable relationships
among accounts or account components
• A review of financial statement presentation and disclosure is performed to ensure that payables, accrued liabilities, and
related purchase and expense accounts are classified and disclosed in accordance with GAAP
Ø Payables and accrued liabilities are usually classified as current if due within one year or expected to be paid either
with existing current assets or by incurring additional current liabilities
Ø Depending on materiality, individual liabilities such as trade accounts payable or dividends payable, etc. should be
disclosed separately
50 | P a g e
AN AUDITOR’S CONSIDERATION OF INTERNAL CONTROL OVER INVENTORY AND FIXED ASSETS
1. Internal control over inventory
• Controls over inventory for a retailer relate to acquiring goods from vendors and holding inventory prior to sale
• Controls over inventory for a manufacturer are more complex since raw materials are transformed and costs such as direct
labor and manufacturing overhead must be accumulated and classified
• A materials requisition form is prepared by production personnel to request materials and supplies for use in production
Ø Requisitions should be approved by a supervisor and forwarded to Inventory Control
Ø Inventory Control personnel should not release materials and supplies in the absence of an approved requisition
Ø Raw materials and finished goods should be controlled by personnel not involved in purchasing, receiving, shipping,
production, or recording
Ø Access to storage areas should be limited to authorized personnel
• Inventory accounting involves two major sets of records: perpetual inventory records and cost records
Ø Perpetual Inventory Records maintain inventory quantities, physical locations, and selected unit cost information
for a variety of major inventory classifications, including supplies, raw materials, and finished goods
ü Work-in-process inventory should also be controlled on perpetual records
ü Off-premises inventory (accounted for and controlled by the outside parties holding the goods) should be
periodically counted or confirmed and reconciled with internal perpetual records
Ø Cost records maintain inventory costs, which may be allocated on a FIFO, LIFO, average cost, or other acceptable
basis
ü Cost accounting records and reports should be updated continually, thereby providing an up-to-date record of
accumulated costs
ü Cost accounting records should be maintained by personnel independent of perpetual records, general
accounting, purchasing, production, and inventory control
2. Internal control objectives and potential errors or frauds
• Transaction authorization is achieved when management establishes criteria for producing goods, thereby reducing the
possibility of producing excess or unusable inventory
Ø Management should establish written statements of criteria for determining which products to produce and in what
quantities
• Transaction execution is achieved when management authorizes procedures for using and physically transferring inventory
Ø Inventory processing manuals could include procedures for controlling inventory movement, and restrict access to
inventory
• Recording procedures ensure that inventory transfers and use are properly recorded
§ Management should establish processing and recording procedures, prenumber and control materials release
forms, and maintain logs of inventory movement
• Access to assets to prevent lost or diverted assets requires instituting policies that establish physical control over inventory,
maintain insurance, and segregate incompatible duties
3. Internal control over fixed assets
• Land, building, machinery, and equipment should be documented in detailed records that account separately for each
individual asset
Ø Detailed records might include the purchase date, historical cost, depreciation method, estimated useful life,
salvage value, and accumulated depreciation
Ø Records should be maintained by personnel not responsible for physically controlling fixed assets
Ø Periodically, but no less than annually, detailed records should be reconciled with fixed asset general ledger control
accounts
Ø Responsible personnel independent of fixed asset recording and physical control should periodically determine that
recorded assets actually exist by observing machinery and equipment and by comparing identification numbers and
general descriptions with detailed records
Ø Fixed assets should be insured against fire or other potential casualties. Assets should be appraised periodically to
determine that insurance coverage reasonably approximates replacement cost
• Fixed asset additions are often material, necessitating specific authorization by the board of directors or by senior
management
Ø Formal authorization is required for major repairs or improvements, and management should assess the
desirability of replacing, rather than repairing and improving, existing assets
Ø Authorizations should be documented in writing
Ø Procedures should require that actual costs be compared with amounts authorized, and cost overruns reported to
senior management for authorization
Ø Constructed additions should also be authorized, and additional controls should be implemented that allow the
entity to inspect and approve both actual production and detailed cost records as construction progresses
• Fixed asset disposal authorizations should be documented, and copies forwarded to accounting personnel to assure that
assets disposed of are subsequently removed from fixed asset accounts
Ø Asset disposals should be reported to insurance companies and premiums adjusted accordingly
Ø Controls should be established to assure that proceeds are deposited and gains or losses are recorded
• Depreciation expense can significantly impact reported net income, and an entity should maintain formal policies for
determining depreciation methods, estimated useful lives and salvage values
Ø Periodically, the policies should be reviewed to determine whether they reasonably approximate actual experience
4. Internal control objectives and potential errors or frauds
• Transaction authorization is achieved when fixed asset additions, disposals, and retirements are authorized in accordance
with management’s criteria
Ø Management should develop written procedures for all additions, disposals, and retirements
• Transaction execution is achieved when management establishes procedures for operating, using, physically moving, assets
and for restricting access to movable fixed assets
51 | P a g e
• Recording procedures ensure no unreported transactions, and that fixed asset additions, disposals, and retirements are
recorded at the correct amount, in the proper period, and are classified properly
Ø Management can establish procedures for processing and recording fixed asset transactions and for identifying
fixed assets eligible for sale or retirement
Ø Detailed fixed asset records should be maintained and periodically reconciled with existing accounts
Ø The expiration of future service potential (depreciation and amortization) should be calculated in accordance with
management’s authorization and be recorded in the proper period
Ø Management should establish polices for determining depreciation methods and for calculating depreciation on all
fixed assets
• Access to assets should be restricted to personnel authorized by management to prevent stolen or lost fixed assets
Ø Management should establish physical controls over unused assets, maintain adequate insurance coverage, and
segregate the physical custody of fixed assets from recording and general accounting
Ø To control fixed assets records, management should establish controls over unused forms and records or could
perform periodic compliance audits, reconciling recorded assets with existing assets
5. Considering internal control for inventory
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
6. Tests of control for inventory
• Tests of controls over an entity’s perpetual records focus on physical transfers of inventory to and from raw materials, work
in process, and finished goods
Ø For sampled purchase transactions, compare quantities and unit costs from the vendor invoice with perpetual
records
Ø For sampled transfers of raw materials from inventory control, compare to materials requisition, work in process,
and general ledger accounts
Ø For sampled transfers from work in process, compare to finished goods records and general ledger accounts
Ø For sampled transfers from finished goods, compare to shipping documents, and coordinate with tests in the
revenue/receipt cycle
ü Inaccurate recording of transfers could suggest that control procedures are neither compiled with, nor
operating as planned, casting doubt on the reliability of the records
ü Inaccurate recording could suggest the possibility of double-counted inventory quantities
• Tests of cost records must be performed for the flow of inventory costs from raw materials to work in process, finished
goods, and cost of goods sold
Ø Tests tend to vary widely from company to company, but the focus is generally on accumulated labor and overhead
charged to work in process
• Assessing control risk to determine whether existing control procedures can be relied on to assess control risk below the
maximum and restrict substantive tests of inventory is based on four issues:
Ø The types of errors or frauds that could occur,
Ø Necessary control procedures that should prevent or detect the errors or frauds,
Ø Whether the necessary procedures exist and are followed, and
Ø Any deficiencies in internal control
7. Considering internal control for fixed assets
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
52 | P a g e
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
8. Tests of control for fixed assets
• Due to the nature of fixed assets, fewer transactions for larger dollar amounts, when the number of fixed asset transactions
is limited, an auditor may forego or limit tests of controls,
Ø In this case, the auditor assesses control risk at the maximum and relies on substantive tests of details
• Tests of fixed asset records focus on the relationship between detailed records and the general ledger and on the existence
of, and insurance coverage for, recorded assets
Ø Reconcile fixed asset detailed records with the general ledger
Ø Physically inspect sampled assets
Ø Review adequacy of insurance coverage
• Tests of additions focus on ensuring that the addition is authorized and properly recorded
Ø For sampled additions, examine authorization, evidence of cash payment or obligation for payment, determine
classification as a fixed asset rather than repair and maintenance expense
• Tests of disposals focus on ensuring that the disposal is authorized and properly recorded
Ø For sampled disposals, examine authorization, evidence of cash receipt or note receivable, and calculate gain or
loss and trace to general ledger
• Tests of depreciation involve calculations and the review of recorded amounts, useful lives, and salvage values; similar tests
are performed for the amortization of intangible assets and the depletion of wasting assets
• Assessing control risk to determine whether existing control procedures can be relied on to assess control risk below the
maximum and restrict substantive tests of fixed assets is based on four issues:
Ø The types of errors or frauds that could occur,
Ø Necessary control procedures that should prevent or detect the errors or frauds,
Ø Whether the necessary procedures exist and are followed, and
Ø Any deficiencies in internal control
• Existence or occurrence assertion addresses whether all recorded inventory and fixed assets existed at the balance sheet
date and whether all recorded inventory and fixed asset transactions occurred during the period
• Completeness assertion addresses whether all inventory and fixed assets transactions that should be presented in the
financial statements are actually presented
• Right and obligations assertion addresses whether an entity has property rights to inventory and to fixed assets
• Valuation or allocation assertion addresses whether existing inventory and fixed assets are carried in the financial
statements at appropriate amounts
• Presentation and disclosure assertion addresses whether recorded inventory and fixed assets are properly classified,
described, and disclosed in the financial statements
2. Substantive tests of inventory
• Observing physical inventory count
Ø Observation of a client’s procedures for physically counting inventories contributes to both the existence and
completeness assertions
Ø Client personnel count inventory and document inventory quantities, and the auditor observes the client’s
procedures
Ø For periodic inventory systems, the physical counts serve as the only measure of quantities on hand and as a test
of the perpetual records
• Off-premise inventory held by consignees or in public warehouses ordinarily need not by observed by an auditor, but counts
of inventory need to be confirmed
Ø If inventory in public warehouses is significant in relation to current or total assets, an auditor should also make
supplemental inquiries including observations of physical counts whenever practical and reasonable
• Test final priced inventory since observing the physical count only provides evidence regarding quantities
Ø Employees not otherwise responsible for inventory record keeping or control should extend the quantities by unit
costs in spreadsheets, resulting in a final priced inventory by item number, product line, and inventory
classification
Ø Quantities and the final priced inventory should be reconciled by client personnel with perpetual records and control
accounts, and necessary adjustments should be recorded
Ø An auditor performs tests of clerical accuracy on the final priced inventory, including extending, footing, and cross-
footing the final priced inventory, agreeing test counts with priced quantities, dollar amounts to control accounts,
and required adjustments to general ledger entries
Ø Unit prices per the final priced inventory should be agreed with source documents on a sample basis, giving
consideration to the cost flow methods adopted
• Tests of cutoff are performed during the physical inventory observation
Ø The documentation obtained includes shipping documents and receiving reports
• Perform analytical procedures to address completeness and to determine whether conclusions drawn from substantive tests
of details are reasonable
53 | P a g e
• Review financial statement disclosures to assess whether inventory and cost of sales are properly classified, described, and
disclosed in accordance with generally accepted accounting principles
Ø Inventories are usually stated at the lower of cost or market, according to a cost flow assumption, and may be
classified as supplies, raw materials, work in process and finished goods
Ø Accrued losses should be disclosed for any purchase commitments made at unfavorable prices
3. Substantive tests of fixed assets
• Since fixed assets are less susceptible to frauds than other assets, some testing of financial statement assertions is done at
interim
• Verify accuracy of recorded fixed assets by obtaining a client-prepared schedule summarizing detailed asset records and
testing the schedule for mathematical accuracy and agreeing totals to general ledger accounts
• Test additions and disposals since interim
Ø If relatively few assets have been acquired since interim an auditor may physically inspect all recorded additions;
otherwise, a randomly selected sample of additions should be observed
• Test cutoff to ensure additions and disposals near year end are recorded in the proper accounting period
Ø Since acquisitions are processed through the expenditure/disbursement cycle and disposals through the
revenue/receipt cycle, fixed asset cutoff can be tested in conjunction with cutoff tests for purchases and payables
and for sales and receivables
Ø Retired assets that are not sold should be tested separately
• Verify accuracy of depreciation expense by obtaining a client-prepared summary schedule of depreciation organized by
asset class
Ø The auditor would test the schedule’s accuracy by footing and cross-footing and by agreeing totals with general
ledger accounts
Ø Depreciation expense for selected assets should be recalculated
• Perform analytical procedures
Ø To address completeness, an auditor uses analytical procedures such as ratio and trend analysis and comparison of
relationship between and among related accounts
• Review financial statement disclosures
Ø The balance sheet should be read to determine whether fixed assets and related accumulated depreciation
balances are properly classified and described
Ø An auditor should examine all lease agreements, assuring that the transactions are accounted for properly under
FASB Statements of Financial Accounting Standards No. 13, “Accounting for Leases,” and other related statements
and interpretations
• The income statement should be reviewed to determine whether depreciation expense is properly reported; depreciation
expense included in cost of sales should be disclosed separately in the income statement or in notes to the statements
THE NATURE OF THE PERSONNEL MANAGEMENT AND PAYROLL FUNCTIONS WITHIN THE EXPENDITURE/DISBURSEMENT CYCLE
1. The expenditure/disbursement cycle associated with personnel and payroll
• The cycle includes obtaining the services of employees in exchange for obligations to pay, and paying those obligations
• Personnel and payroll are critical for at least three reasons
Ø Salaries and wages are a major expenditure for most service, manufacturing, and nonprofit entities
Ø In manufacturing companies, labor is an important component in valuing inventory and, if misclassified, both
inventory and cost of goods sold could be misstated materially
Ø Payroll typically includes several categories of employee compensation and bonuses, overtime, vacation pay, and
employee benefits such as pensions, health care, and profit sharing
• Personnel and payroll activities include
Ø Hiring and terminations
Ø Payroll preparation and recording, and
Ø Distribution of payroll checks to employees
• Journal entries are made for wage and salary payments and end-of-period accruals
• Documents utilized in the cycle include
Ø Personnel records for each employee, including date of employment, job classification, salary or hourly pay rate,
promotions, payroll deductions, terminations
Ø Time record of hours worked by an employee during a pay period
Ø Payroll register recording gross pay, withholdings, deductions, and net pay for each employee for a pay period
Ø Employee earnings record which is a cumulative, year-to-date summary of total earnings, withholdings, and
deductions for each employee
• All action taken by management on behalf of an employee should be approved by both department supervisors and by the
Personnel department, and should be documented in an employee’s personnel records
• To minimize the chance of fraud, personnel records should not be accessible to employees who are responsible for
preparing, approving, or distributing payroll
• When employees are terminated, the Payroll department should be notified immediately of the settlement and termination
2. Payroll preparation and distribution
• The main source to prepare hourly workers payroll is created each time the employee “punches in or out” on computers that
interface with the company’s computer
Ø Creates an internally stored time record that is merged with pay rate data and deduction data to compile payroll
for the period
• Facsimile-signed checks are printed and forwarded to Treasury along with a copy of the payroll register
• A copy of the payroll register is also copied to General Accounting
54 | P a g e
• A person independent of both the operating department and Payroll should distribute checks to employees (not always
possible in smaller companies)
• At year-end, W-2 forms are mailed to all employees; undeliverable W-2 forms should be investigated
• A separate bank account should be maintained for payroll, and controls should be in place to limit access to blank checks
55 | P a g e
Ø Assess control risk at the maximum and expand substantive testing
56 | P a g e
Ø All issuances and retirements should be approved both in price and in quantity by the board of directors either
specifically or generally, as in the case of authorized stock option plans
Ø Stock certificates should be prenumbered consecutively, signed by authorized officers when issued, and promptly
canceled when surrendered for retirement
Ø Unissued certificates should be physically safeguarded with access limited to authorized individuals
Ø Treasury shares that have not been retired and canceled should be accounted for and controlled
Ø Periodically an independent employee should reconcile the shareholder’s ledger with the transfer journal
Ø An independent employee not otherwise responsible for maintaining shareholder records or processing dividend
payments should reconcile the dividend bank account periodically
B. CONTROLS OVER THE CUSTODY, RECORDING, VALUATION, ACQUISITION, AND SALE OF INVESTMENTS AND OVER THE
57 | P a g e
D. SUBSTANTIVE TESTS OF INVESTMENTS, LONG-TERM DEBT, AND EQUITY BALANCES
1. Assertions
• Existence or occurrence assertion addresses whether all recorded investments, debt, and capital stock exist at the balance
sheet date and whether all recorded transactions occurred during the period
Ø Investments can be tested by physical inspection or by confirming with an independent broker or trustee; and by
testing cutoff
Ø Debt is tested by confirmation with creditors, physical examination of bond indentures, and inspection of unissued
instruments
Ø Capital stock can be tested by verifying recorded balances, and confirmation if external agents are used
• Completeness assertion addresses whether all investments, debt, and capital stock that should be presented in the financial
statements is actually presented
Ø Investments are tested by testing cutoff
Ø Debt and capital stock are tested primarily through analytical procedures
• Right and obligations assertion addresses whether an entity has property rights to investments, and whether debt and
capital stock represent bona fide obligations
Ø Investments are confirmed or physically inspected
Ø Debt obligations are confirmed with creditors, capital stock balances are verified by auditors
• Valuation or allocation assertion addresses whether existing investments, debt, and capital stock are carried in the financial
statements at appropriate amounts
Ø Investment valuation is addressed by verifying securities transactions and prices
Ø Debt is confirmed with creditors and interest is recalculated
Ø Capital stock is tested by verifying recorded shareholder equity balances (also the primary way of testing
existence, completeness, and rights and obligations)
• Presentation and disclosure assertion addresses whether recorded investments, debt, and capital stock are properly
classified, described, and disclosed in the financial statements
Ø Tested by comparing client financial statements with GAAP for each reported account
2. SUBSTANTIVE TESTS OF INVESTMENTS IN MARKETABLE SECURITIES
• Verify mathematical accuracy and examine documentation
Ø The working paper for securities trading activity is the auditor’s primary source for testing acquisitions, sales, and
the recognition of dividend and interest income
Ø The auditor tests the schedule’s mathematical accuracy and reconciles balances with the general ledger
• Confirm or physically inspect securities
Ø For securities held off-premises, an auditor confirms details with the custodian
Ø For securities held internally, an auditor should physically inspect and count the securities on hand and compare
the certificate numbers, quantity, and description of securities with detailed records
• Test cutoff to determine that securities transactions near the balance sheet date are recorded in the proper accounting
period
Ø Tests of cutoff should also be performed for investment revenue transactions near the balance sheet date, and
accruals for interest revenue should be reviewed for reasonableness
• Review valuation to assure that marketable equity securities are reported at the lower of aggregate cost or market, and that
marketable debt securities are reported at the lower of cost or cost less permanent declines in market value
• Perform analytical procedures to test completeness and to determine whether conclusions drawn from substantive tests are
reasonable
• Review financial statement disclosures to determine that investments are properly classified and described in the balance
sheet and that gains and losses and investment revenue are properly presented in the income statement
3. Substantive tests of long-term debt
• Verify mathematical accuracy and examine documentation
Ø If debt instruments are maintained internally, review a sample of entries in detailed bond records and physically
inspect and account for unissued instruments
Ø If debt instruments are handled by independent trustees, the auditor would confirm directly with trustees
• Confirm bonds, loans, and notes payable
Ø Bonds and interest payments should be confirmed directly with trustees, loans and other notes payable are
confirmed directly with creditors
• Examine bond indentures and other long-term indebtedness agreements to determine that transactions were executed in
accordance with board of directors’ authorizations, including the subsequent use of borrowed funds
• Recalculate interest and amortizations
• Perform analytical procedures such as ratio analysis and comparisons of relationships among related accounts or
transactions
• Review financial statement disclosures.
Ø The currently maturing portion of long-term debt should be generally classified as a current liability
Ø Disclosures should include information regarding maturities, interest rates, and other terms and conditions; assets
pledged as collateral, debt conversion features, and troubled debt restructuring
4. Substantive tests of capital stock, retained earnings, and earnings per share
• Verify shareholders’ equity balances including capital stock and related premium accounts for each class of stock
outstanding, treasury stock accounts, and retained earnings
Ø The schedule is footed and cross-footed by the auditor and the totals are reconciled with the general ledger
• Review stock issuances, stock dividends, and stock splits to determine that the general ledger entries accurately reflect the
number of shares and selling price per share authorized by the board of directors
58 | P a g e
Ø In the case of par or stated value stock, the auditor should determine that the selling price is properly allocated to
capital stock and related premium accounts
• Review treasury stock transactions
Ø Determine that the accounting methods used to record treasury stock transactions comply with generally accepted
accounting principles and that general ledger entries accurately reflect the method used by the company
• Verify recorded dividends
• Recalculate earnings per share to determine that all increases and decreases in shares outstanding are reflected properly in
earnings per share
• Analytical procedures are not typically used for equity accounts unless the volume and breadth of transactions are extensive
• Review financial statement disclosures to determine that all shareholders’ equity balances are properly classified and
described in the balance sheet and whether earnings per share are properly presented in the income statement
59 | P a g e