DIVINE WORD COLLEGE OF LEGAZPI

School of Business, Management, and Accountancy

Junior Philippine Institute of Accountants
CPA Exam Pre-Review

AUDITING THEORY MARK FRANCIS G. NG, CPA, MBA

LECTURE AUDITING THEORY – SUMMARY FOCUS NOTES
NOTES

THE CONCEPT OF ASSURANCE

§ To give assurance to something means giving confidence or believability to it so that other people could use it and “add
value” to whatever purpose the decision maker intends to use it
THE SPECTRUM OF ASSURANCE, ATTESTATION, AND AUDITING
§ Assurance services are independent professional services that improve the quality of information, or its
context, for decision makers
§ Independence, in the auditing parlance, generally refers to a freedom from conflicts of interest that might impair one’s
objectivity and integrity in the conduct of services allowed by the profession.
§ It is the characteristic of independence that instills public confidence in the practitioners and the services that they render
§ Attestation services occur when a practitioner is engaged to issue or does issue a report on a subject matter, or
an assertion about a subject matter that is the responsibility of another party.
§ The issuance of a report is said to be the manifestation of a practitioner’s attest function wherein he attaches his
credibility and integrity as to the genuineness of the information in an assurance service The practitioner reports about the
reasonableness of a subject matter often termed as an assertion which are representations being made by a
responsible party. The attest function formalizes the reporting responsibility that is inherent in an assurance service
§ Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of correspondence between those assertions and
established criteria and communicating the results to interested users”
§ Assurance services encompass both attestation and audit. Therefore, we can conclude that all attestation services are
assurance services and that audits are also assurance services. However, not all assurance services are attestation services
and, in the same manner, not all assurance services are audits.
§ Attestation encompasses audit. Therefore, we can conclude that all audits are attestation services; however, not all
attestation services are audits.
§ Audits are the simplest type of assurance services. From the spectrum, we can conclude that an audit is an assurance
service (since it improves the quality of information and lends credibility to it) and that it is also an attestation service (its
attest function being manifested in the issuance of an audit report which is the main output of the audit process)
THE PHILIPPINE FRAMEWORK FOR ASSURANCE ENGAGEMENTS
§ The Philippine Framework for Assurance Engagements (hereinafter referred to as the Framework):
ü defines and describes the elements and objectives of an assurance engagement, and
ü identifies engagements to which Philippine Standards on Auditing (PSAs) apply. (Framework, par. 1)
§ However, it is emphasized that the Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements. (Framework, par. 2)
§ The Framework consists of the following parts:(Framework, par. 3)
ü Definition and objective of an assurance engagement
ü Scope of the Framework
ü Engagement acceptance
ü Elements of an assurance engagement
ü Inappropriate use of the practitioner’s name
ETHICAL PRINCIPLES AND CONSIDERATIONS
The Framework acknowledges the provisions of the Code of Ethics for Professional Accountants in the Philippines, which is adopted
from the IFAC Code of Ethics for Professional Accountants. The Code sets out the fundamental ethical principles that all professional
accountants are required to observe, including:
§ Integrity, which implies not merely honesty but fair dealing and truthfulness
§ Objectivity, which imposes the obligation on all professional accountants to be fair, intellectually honest, and free of
conflicts of interest
§ Professional competence and due care, which provides that a professional accountant should continually strive to
improve his knowledge and skills to ensure that a client or employer receives the advantage of competent professional
service based on up-to-date developments in practice, legislation, and techniques, and that the professional accountant
should have the responsibility to perform professional services in accordance with technical and professional standards,
carefully, thoroughly, and on a timely basis

1|Page
 § Confidentiality, which states that a professional accountant should not use or disclose any information during the course of
performing professional services without proper and specific authority or unless there is a legal or professional right or duty
to disclose; and
§ Professional behavior, which states that a professional accountant should act in a manner consistent with the good
reputation of the profession and refrain from any conduct which might bring discredit to the profession

ASSURANCE ENGAGEMENTS
§ “Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance
the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or
measurement of a subject matter against criteria
§ Assurance, in the context of the Framework, refers to the auditor’s satisfaction as to the reliability of an assertion
being made by one party for use by another party
CLASSIFICATIONS OF ASSURANCE ENGAGEMENTS
ASSERTION-BASED VS. DIRECT REPORTING ENGAGEMENTS
Assertion-based engagements
§ These are assurance engagements on a subject matter that has written assertions or representations.
§ Audits and reviews of financial statements fall under this category.

Direct reporting engagements

§ These are assurance engagements on a subject matter regardless of whether or not a written assertion was made on it.
§ The practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a
representation from the responsible party that has performed the evaluation or measurement that is not available to
the intended users.
REASONABLE ASSURANCE VS. LIMITED ASSURANCE ENGAGEMENTS
REASONABLE ASSURANCE ENGAGEMENTS
§ The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an
acceptably low level in the circumstances of the engagement as the basis for a positive form of expression
of the practitioner’s conclusion.
§ These engagements make use of a broad range and scope of procedures to substantiate the reasonableness
and genuineness of information.
§ In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, for
example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria.” This form
of expression conveys “reasonable assurance.”
§ Audits of financial statements is an example of a reasonable assurance engagement.
LIMITED ASSURANCE ENGAGEMENTS
§ The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level
that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable
assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
§ These engagements make use of only a limited scope of procedures that are deliberately limited relative to a
reasonable assurance engagement.
§ Engagement risk is said to be greater in a limited assurance engagement rather than in a reasonable
assurance engagement primarily because of the limited scope of procedures that are utilized in a limited
assurance engagement.
§ In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, for
example, “Based on our work described in this report, nothing has come to our attention that causes us to
believe that internal control is not effective, in all material respects, based on XYZ criteria.” This form of
expression conveys a level of “limited assurance”.
§ A review of financial statements is an example of a limited assurance engagement.

EXAMPLES OF ASSURANCE ENGAGEMENTS (A-R-O)

Audits (PSA 120, par. 7; 11-13)
§ The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with an identified financial reporting framework. Audits
provide reasonable assurance, or a high, but not absolute, level of assurance that the information subject to audit is free of
material misstatement.
§ The phrases used to express the auditor’s objective is “present fairly, in all material respects”.
§ In forming the audit opinion, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on
which to base the opinion
Reviews (PSA 120, par. 14-16)
§ The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the auditor's attention that causes
the auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an
identified financial reporting framework.
§ Reviews provide a moderate level of assurance and comprises inquiry and analytical procedures.
§ While a review involves the application of audit skills and techniques and the gathering of evidence, it does not ordinarily
involve (1) an assessment of accounting and internal control systems, (2) tests of records and of responses to inquiries by

2|Page
 obtaining corroborating evidence through inspection, observation, confirmation, and computation, which are procedures
ordinarily performed during an audit.
§ The level of assurance provided in a review report is correspondingly less than that given in an audit report.

Other Assurance Engagements

EXAMPLES OF NON-ASSURANCE ENGAGEMENTS (A-C-P-M-O)

Agreed-upon procedures (PSA 120, par. 17)

§ In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those procedures of an audit
nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings.
§ The recipients of the report must form their own conclusions from the report by the auditor.
§ The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the
reasons for the procedures, may misinterpret the results.
Compilation (PSA 120, par. 18)
§ In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to
collect, classify and summarize financial information.

Preparation of tax returns, with no opinion expressed.

Management consulting, which are two-party contracts in which a consultant recommends uses for information
Other non-assurance engagements

ENGAGEMENT ACCEPTANCE
As provided by the Framework, a practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge
of the engagement circumstances indicate that:
§ Relevant ethical requirements, such as independence and professional competence will be satisfied; and
§ The engagement exhibits all of the following characteristics:
ü The subject matter is appropriate;
ü The criteria to be used are suitable and are available to the intended users;
ü The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion;
ü The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a
limited assurance engagement, is to be contained in a written report; and
ü The practitioner is satisfied that there is a rational purpose for the engagement
INDEPENDENCE: FACT VERSUS APPEARANCE
§ There are two kinds of independence that concerns the practitioner on a personal level: independence in mind (also called
independence in fact) and independence in appearance.
§ Independence in fact is a state of mind – an attitude of impartiality. It is the practitioner’s way of saying that in himself
he knows that he is independent, e.g. free from any conflict of interest with the client.
§ However, because a practitioner’s “state of mind” cannot be observed in quite the same way that a behavior can actually be
observed, the profession has relied on independence in appearance which exemplifies the manifestation that
practitioners remain free of any overt interest in a client that would damage the appearance of independence.
FIRM-WIDE VERSUS TEAM-WIDE INDEPENDENCE
§ In previous practice, the profession has followed the concept of firm-wide independence that operates in this manner: if
a member of an engagement team (the team tasked to provide the assurance service for a client, headed by a lead
engagement partner and his members) is found to be in conflict of interest with the client, the entire firm is prohibited from
entering into the engagement.
§ However, in current practice, the profession is now following the concept of team-wide independence, operating under
the concept that if a member of an engagement team is found to be in conflict of interest with a client, that team or that
member of the team is replaced with another team or team member with the firm still being allowed to conduct the
engagement.
CHANGES FROM ONE ENGAGEMENT TO ANOTHER
§ Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance
engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable
justification.
§ Elaborated in PSA 210 “Agreeing the Terms of Audit Engagements”

ELEMENTS OF AN ASSURANCE ENGAGEMENT

The Framework provides that for a particular engagement to be considered an assurance engagement, it must possess all of the
following elements:
§ A three party relationship involving a practitioner, a responsible party, and intended users;
§ An appropriate subject matter;
§ Suitable criteria;
§ Sufficient appropriate evidence; and
§ A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance
engagement

THREE-PARTY RELATIONSHIP
§ Assurance engagements are three-party contracts composed of a practitioner, a responsible party, and intended users.
§ Non-assurance engagements only involve two parties.
§ The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report.

3|Page
 § The responsible party can be one of the intended users, but not the only one.
§ Consulting services, as an example of a non-assurance engagement, only involves two parties: the practitioner and the
responsible party.

SUBJECT MATTER
§ The subject matter of an assurance engagement should be appropriate
§ Furthermore, for a subject matter to be appropriate, it should be:
ü Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
ü Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate.
CRITERIA
§ The Framework defines criteria as “the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.”
§ Criteria can be:
ü Formal or Less formal
ü Established or Specifically developed
§ Furthermore, suitable criteria are said to be context sensitive, that is, relevant to the engagement circumstances
§ It should be noted that the practitioner assesses the suitability of criteria for a particular engagement and the relative
importance of each characteristic based on his professional judgment.

SUFFICIENT APPROPRIATE EVIDENCE

§ The bulk of the work of a practitioner in an assurance engagement (more specifically, an auditor in the conduct of an audit
of financial statements) lies in obtaining and evaluating evidence.
§ A practitioner cannot provide an expression of assurance without obtaining and evaluating evidence.
§ As provided by the Framework, evidence should possess two qualities in an assurance engagement: sufficiency and
appropriateness.
§ When these two qualities are present, the evidence is considered to be competent evidence.
§ Sufficiency is the measure of the quantity of evidence.
§ Appropriateness is the measure of the quality of evidence, that is, its relevance and reliability.
§ In the conduct of an assurance engagement (let’s say, an audit for example), the practitioner is not required to gather all
evidence that could be gathered; the practitioner only gathers evidence that he deems relevant and useful for the particular
engagement.
§ The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the
greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality,
the less may be required).
§ Accordingly, the sufficiency and appropriateness of evidence are interrelated.
§ However, it should be noted that merely obtaining more evidence may not compensate for its poor quality.
§ The reliability of evidence supporting its appropriateness is influenced by its source and by its nature, and is dependent on
the individual circumstances under which it is obtained.
§ GENERALIZATIONS ABOUT THE RELIABILITY OF EVIDENCE
ü Evidence is more reliable when it is obtained from independent sources outside the entity.
ü Evidence that is generated internally is more reliable when the related controls are effective.
ü Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable
than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
ü Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a
contemporaneously written record of a meeting is more reliable than a subsequent oral representation of what was
discussed).
ü Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.

v PERSUASIVENESS OF AVAILABLE EVIDENCE

§ Aside from considering sufficiency and appropriateness as characteristics, evidence is also said to be competent when it is
persuasive.
§ Persuasiveness of evidence, in the audit parlance, means that the evidence is capable of enabling the practitioner or
auditor to make a decision regarding the reasonableness of the information in the assertions being represented by the
responsible party, that would potentially affect the practitioner’s opinion to be included in the assurance report.
§ Following the concept of reliability of evidence as influenced by its source and by its nature as illustrated by the
generalization on the reliability of evidence, the following conclusions relating to persuasiveness of evidence may be
derived:
ü the most persuasive type of evidence are those that are purely externally-generated
ü the least persuasive type of evidence are those that are purely internally-generated
§ However, it should be noted that the persuasiveness of evidence is still a matter of the practitioner’s professional judgment.

v COST-BENEFIT RELATIONSHIP
§ Another important concept which the practitioner has to take into consideration when gathering and evaluating evidence is
the cost-benefit relationship. This concept simply states that “the benefits to be derived from obtaining the particular
type of evidence should exceed the cost of obtaining it”.
§ However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an evidence gathering
procedure for which there is no alternative.
§ The practitioner should use professional judgment and exercises professional skepticism in evaluating the quantity
and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.

4|Page
WRITTEN ASSURANCE REPORT
§ This is the main output of an assurance engagement.
§ The Framework requires that the assurance report should be written as this is the manifestation of the practitioner’s attest
function or the process of communicating the results to the intended users.
§ Furthermore, the Framework provides that the report should be in a form appropriate to either a reasonable assurance
engagement (e.g., audit report) or a limited assurance engagement (e.g., review report).

PROFESSIONAL SKEPTICISM
§ The Framework states that “the practitioner plans and performs an assurance engagement with an attitude of professional
skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material
misstatement.
§ Professional skepticism
ü means that the practitioner recognizes that “circumstances may exist that cause the subject matter information to be
materially misstated.”
ü means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is
alert to evidence that contradicts or brings into question the reliability of documents or representations by the
responsible party.
§ An attitude of professional skepticism is necessary throughout the engagement process for the practitioner
ü to reduce the risk of overlooking suspicious circumstances
ü of over generalizing when drawing conclusions from observations, and
ü of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and
evaluating the results thereof
§ Professional skepticism mainly denotes that the practitioner neither considers information presented to be absolutely
false nor assume that management exhibits unquestioned honesty.
AUTHENTICATION OF DOCUMENTATION
§ An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected
to be an expert in such authentication.
§ However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies,
facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and
maintenance where relevant.
MATERIALITY
§ “Information is material if its omission or misstatement could influence the economic decisions of users taken on the
basis of the financial statements. Materiality depends on the size of the item or error judged in the particular circumstances
of its omission or misstatement. Thus, materiality provides a threshold or cut-off point rather than being a primary
qualitative characteristic which information must have if it is to be useful.”
§ Materiality is relevant when the practitioner determines the nature, timing and extent of evidence gathering procedures,
and when assessing whether the subject matter information is free of misstatement.
§ The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement
are matters for the practitioner’s judgment.
ASSURANCE ENGAGEMENT RISK
§ The primary reason why assurance engagements cannot provide absolute assurance (only reasonable or moderate
assurance) is primarily because of the concept of assurance engagement risk.
§ The framework defines assurance engagement risk as the risk that the practitioner expresses an inappropriate
conclusion when the subject matter information is materially misstated.
§ This is the risk that the practitioner might conclude that the subject matter of an assurance engagement is reasonable and
genuine when in fact it is not.
§ In a reasonable assurance engagement (audit), the practitioner reduces assurance engagement risk to an acceptably low
level in the circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of
expression of the practitioner’s conclusion.
§ The level of assurance engagement risk is higher in a limited assurance engagement (review engagement) than in a
reasonable assurance engagement because of the different nature, timing or extent of evidence gathering procedures. Note
that a review engagement only utilizes a limited scope of procedures as compared to an audit.
§ However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering
procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative
form of expression.
§ In general, assurance engagement risk can be represented by the following components, although not all of these
components will necessarily be present or significant for all assurance engagements:
v a. The risk that the subject matter information is materially misstated, which in turn consists of:
ü Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that
there are no related controls; and
ü Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and
corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some
control risk will always exist because of the inherent limitations of the design and operation of internal control; and
v b. Detection risk: the risk that the practitioner will not detect a material misstatement that exists

5|Page
THE CONCEPT OF REASONABLE ASSURANCE
§ Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party
for use by another party.
§ Audits and reviews only provide reasonable and moderate levels of assurance, respectively.
§ It is never possible for any assurance engagement to provide an absolute level of assurance since this tantamount to 100%
guarantee that the subject matter is entirely free of material misstatements which realistically cannot happen.
§ As provided in the Framework, reasonable assurance is less than absolute assurance.
§ Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the
following:
ü The use of selective testing
ü The inherent limitations of internal control
ü The fact that much of the evidence available to the practitioner is persuasive rather than conclusive
ü The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence
ü In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria
§ The concept of reasonable assurance is also related to the cost-benefit relationship that states that “the benefits to be
derived from obtaining the particular type of evidence should exceed the cost of obtaining it”.
INAPPROPRIATE USE OF THE PRACTITIONER’S NAME
§ A practitioner is associated with a subject matter when the practitioner reports on information about that subject matter or
consents to the use of the practitioner’s name in a professional connection with that subject matter.
§ If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner.
§ If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a subject matter,
the practitioner requires the party to cease doing so.
§ The practitioner also considers what other steps may be needed, such as informing any known third party users of the
inappropriate use of the practitioner’s name or seeking legal advice.

THE PHILOSOPHY OF AN AUDIT

§ Auditing lends credibility to the financial statements.
§ When financial statements are audited, they more believable, credible, or reliable because of the assurance given by
auditing.
§ Auditing instills public confidence on the financial information.

DEFINITION OF AUDITING

The American Accounting Association defines auditing as “a systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between
those assertions and established criteria and communicating the results to interested users”.

Systematic process
ü auditing consists of a structured, logical, and organized series of steps and procedures.
ü the audit process is made up of a sequential series of steps that independent auditors follow to ensure that the audit is
conducted in an organized, effective, and efficient manner

Objectively obtaining and evaluating evidence

ü the bulk of the work of the auditor in the conduct of the audit
ü the auditor has to obtain or gather sufficient appropriate audit evidence and evaluate them through audit tests and
procedures to warrant the expression of an opinion
ü the auditor has to examine the bases for the assertions or representations made by management and judiciously evaluate
the results without bias or prejudice either in favor of or against the individual or entity making the representations

Assertions about economic actions and events

ü assertions are the representations made by the individual or entity under audit and comprise the subject matter
(information) of auditing
ü these include information contained in the financial statements, internal operating reports, and tax returns and are
representations made by management as to the fairness of the financial statements

Degree of correspondence
ü the closeness or proximity with which the assertions made by management can be identified with established criteria

Established criteria
ü criteria are “the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for
presentation and disclosure.”
ü in a financial statement audit, criteria are the standards against which the assertions or representations are judged to
warrant degree of correspondence

Communicating the results

ü the manifestation of an auditor’s attest function in an audit.
ü the final stage in the audit process is the issuance of the audit report or the communication of the audit findings to the
users
ü the auditor attests as to the degree of correspondence between the assertions of management with the established criteria
and thereby enhances and lends (or weakens) credibility of the representations or claims made by management in the
financial statements
6|Page
Interested users
ü these are the individuals or entities which use or rely on the auditor’s findings.
ü in the business environment, these users may include the stockholders, management, creditors, investors, government
agencies, and the public in general

FINANCIAL STATEMENT ASSERTIONS

§ To assert means “to tell the whole world”
§ In a financial statement audit, the auditor establishes the degree of correspondence between assertions and established
criteria
§ These assertions are in the form of representations made by management and are contained in the financial statements.
§ the responsibility for the preparation and presentation of the financial statements ultimately rests with
management
§ management either expressly or impliedly makes representations in the financial statements in the form of assertions
§ the task of the auditor is to test the fairness or reasonableness of these assertions and determine whether they comply with
the provisions of the Philippine Financial Reporting Standards (PFRS)

CLASSIFICATIONS OF FINANCIAL STATEMENT ASSERTIONS

• Existence. Assets, liabilities, and equity interests exist.
• Occurrence. Transactions and events that have been recorded have occurred and pertain to the entity.
• Completeness. All transactions and events that should have been recorded have been recorded.
• Rights and obligations. Assets are the rights, and liabilities are the obligations, of the entity.
• Valuation or allocation. Assets, liabilities, equities, revenues, and expenses are included in the financial statements at
appropriate amounts; revenues, costs, and expenses are allocated to the proper accounting periods; and any resulting
valuation or allocation adjustments are appropriately recorded.
• Accuracy. Amounts and other data relating to recorded transactions and events have been recorded appropriately.
• Cutoff. Transactions and events have been recorded in the correct accounting period.
• Classification. Transactions and events have been recorded in the proper accounts.
• Presentation and disclosure. Financial statement components are properly classified, described, and disclosed

TRANSACTION CYCLES
§ Various accounts may exist in the financial statements of a company and it would be unrealistic for an auditor to examine all
these accounts and perform a 100% examination on them.
§ This is the reason why auditors usually narrow down the activities of the business under audit into homogeneous classes
called as transaction cycles
§ A transaction cycle is all of the classes of transactions for a group of related business activities.
§ A class of transactions is a group of transactions of similar activities that are processed by the accounting system in a
similar manner and subject to similar control to ensure proper processing
§ The division of the audit into transaction cycles makes the audit more manageable and aids in the assignment of tasks to
different members of the audit team

CLASSIFICATIONS OF TRANSACTION CYCLES

• Revenue/ Receipt Cycle
ü includes procedures and policies for obtaining orders from customers, approving credit, shipping merchandise,
preparing sales invoices, recording revenue and accounts receivable, and handling and recording cash receipts
• Expenditure/ Disbursement Cycle
ü includes procedures for initiating purchases of raw materials, other assets or services; placing purchase orders;
inspecting goods upon receipt and preparing receiving reports; recording liabilities to suppliers; authorizing payment;
and making and recording cash disbursements
• Conversion Cycle
ü includes procedures for storing materials, placing materials into production, assigning production costs to inventories,
and accounting for the cost of goods sold
• Personnel/ Payroll Cycle
ü includes procedures for hiring, terminating, and determining pay rates; timekeeping; computing gross payroll, payroll
taxes and amounts withheld from gross pay; maintaining payroll records and preparing and distributing paychecks
• Financing Cycle
ü includes procedures for authorizing, executing, and recording transactions involving purchase and sale of marketable
equity securities, temporary as well as long-term; fixed tangible assets (excluding inventory); bank loans; leases;
bonds payable; and capital stock

OBJECTIVE AND SCOPE OF A FINANCIAL STATEMENT AUDIT

(PSA 120, par. 11)

“The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial
statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.”

Expression of an opinion
§ This is the primary responsibility of the auditor in an audit
§ The auditor expresses an opinion as to the fairness or reasonableness of the financial statements and issues a written audit
report as the output of the audit

7|Page
 § Note that the words fair and reasonable are used instead of correct. This is due to the fact that an audit has certain
limitations which preclude the practitioner from giving an absolute guarantee that the financial statements are free from
material misstatement
§ Rather, the auditor only provides reasonable assurance, which is a high but not absolute level of assurance, and vouches as
to the accuracy instead of correctness of the preparation and presentation of the financial statements

In all material respects

§ This phrase emphasizes that the concept of materiality is recognized in the conduct of an audit
§ Materiality is viewed as a threshold or cutoff point instead of a mere quantitative figure which makes information useful for
decision making

Applicable financial reporting framework

§ This is the framework through which the financial statements are prepared
§ In the case of an audit, the applicable financial reporting framework is specifically the Philippine Financial Reporting
Standards (PFRS)

Taken as a whole
§ Although this phrase is not included in the objective of an audit, it should be emphasized that the opinion expressed by the
auditor is based on the financial statements taken as a whole, which means the entirety of all the information contained in a
complete set of financial statements
§ It should be noted with emphasis that the primary responsibility of the auditor lies in the expression of an opinion on
the financial statements taken as a whole
§ All other objectives of the auditor other than this is merely secondary
§ This means that an auditor cannot be sued for the identification of all fraud, errors, or noncompliance in the conduct of an
audit because this responsibility is only secondary, unless the auditor is asked to conduct a fraud audit
§ Furthermore, the primary responsibility for the preparation and presentation of financial statements rests with management

SCOPE OF A FINANCIAL STATEMENT AUDIT

§ refers to the audit procedures or tests the auditor decides to perform
§ in the observance of Generally Accepted Auditing Standards or GAAS, the auditor must exercise his judgment in determining
which auditing procedures are necessary in the circumstances to afford a reasonable basis for his opinion

INFORMATION RISK
§ the risk that information is misstated or misleading
§ brought about by factors such as:
ü remoteness of information users from information provider
ü potential bias and motives of information provider
ü voluminous data
ü complex exchange transaction

REDUCING INFORMATION RISK

§ Allow users to verify information
§ User shares information risk with management
§ Have the financial statements audited

CONCEPT OF THE AUDIT REPORT

§ the end product or output of the financial statement audit is the independent auditor’s report
§ the means through which the auditor provides reasonable assurance that the financial statements are fairly stated
§ the manifestation of the practitioner’s attest function of communicating the results of the audit to interested users
§ this report is uniform in format and suitably titled to avoid confusion regarding the level of assurance being provided and to
differentiate it from other reports which client management might include with the financial statements
§ addressed to intended users, usually to the Board of Directors and/ or stockholders of the company under audit

TYPES OF AUDITS
• Audits may be classified according to:
ü the nature of data or assertion being audited, which comprise financial statement audits, operational audits,
and compliance audits; or
ü the type of auditor performing in the engagement, which comprise external audit, internal audit, and
government audit

FINANCIAL STATEMENT AUDIT

§ Financial statements audit are also referred to as independent audit or external audit
§ involves the examination of financial statements to determine whether they are stated in accordance with specified criteria
§ the auditor gathers and evaluates evidence on the assertions being embodied in the financial statements of an entity and
expresses an opinion of the fairness or reasonableness of the preparation and presentation of the financial statements
§ the financial statements commonly audited include the balance sheet, the income statement, the statement of cash flows,
and the statement of stockholders’ equity including all accompanying notes

PRIMARY OBJECTIVE

8|Page
 § (PSA 200) to enable the auditor to express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework

SECONDARY OBJECTIVE
§ the auditor’s varied experience in businesses and industries, exposure to diverse management problems, and thorough
understanding gained in conducting an audit enables him to provide assistance to management in terms of improving the
client’s business
§ this collateral audit objective, considered as a by-product of the audit process, involves rendering constructive suggestions
to management
§ the auditor recommends suggestions in various areas such as ways to tighten internal control, suggestions for more efficient
operations, opportunities for cost reductions, tax savings and planning and the like

BASIC CHARACTERISTICS OF A FINANCIAL STATEMENT AUDIT

• Financial statement audits only provide reasonable assurance which is a high, but not absolute, level of assurance, owing to
the inherent limitations of an audit
• The concepts of materiality, audit risk, audit evidence, professional judgment, professional skepticism, and independence all
apply and are relevant to a financial statement audit
• The primary responsibility for the preparation and presentation of the financial statements rests with management
• The primary responsibility of the auditor is to express an opinion on the fairness and reasonableness of the preparation and
presentation of the financial statements
• Auditors who perform financial statement audits are independent of management and financial statement users
• Auditors base their opinion on a sample of financial data rather than on every item that makes up the financial statements
• Auditors express an opinion on the financial statements taken as a whole and not on the individual items within the financial
statements
• Auditors issue their report to a variety of financial statement users

OPERATIONAL AUDIT
§ an operational audit involves a systematic review of part or all of an organization’s activities in relation to the efficient and
effective use of resources
§ the purpose of an operational audit is to assess performance, identify areas for improvement, and develop
recommendations
§ operational audits are also known as management audits and performance audits
§ Operational implies a focus on operations, as opposed to financial portion
§ Management implies that the information obtained in the audit process is useful to management in decision making
§ Performance implies an evaluation of the performance of persons or units in executing the entity’s objectives
§ Effectiveness is a measure of how well an entity or unit of an entity achieves its goal or purpose
§ Efficiency is achieved by minimizing the cost of accomplishing an objective
CHARACTERISTICS OF AN OPERATIONAL AUDIT
§ Auditors performing the audit are independent of the activity they audit
§ The audit report is directed to an official or department within the organization that employs the auditor
§ The assertion is about the efficiency and effectiveness of the performance of a specific activity
§ The audit report frequently reports problems or deficiencies identified during the audit rather than reporting an overall
conclusion

COMPLIANCE AUDIT
§ A compliance audit determines the extent to which rules, policies, laws, covenants, or government regulations are followed
by the entity being audited
§ It is performed to determine whether the auditee is following specific procedures or rules set down by some higher authority
§ auditors gather and evaluate evidence as to whether a set of imposed requirements is being met

CHARACTERISTICS OF A COMPLIANCE AUDIT

• The party employing the auditor frequently determines the item(s) audited and the standards followed
• The auditors are on the payroll of the entity interested in determining whether the standards are being met
• The audit reports are directed to an official or department within the organization that employs the auditor

INTERNAL AUDIT
§ The IIA defines internal auditing as “an independent, objective assurance and consulting activity designed to add value
and improve an organization’s operations
§ It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve
the effectiveness of risk management, control, and governance processes”
§ Internal auditing has evolved over time from a financial nature to a more operational nature
§ Internal auditors may conduct financial, internal control, compliance, operational, and forensic audits within their
organizations
§ They in some cases may assist the external auditors with the annual financial statements audit. Internal auditors may also
be involved in assurance and consulting engagements for their entities
§ The objective of internal auditing is to assist all members of management in the effective discharge of their responsibilities
by furnishing them with analyses, appraisals, recommendations, and pertinent comments concerning the activities reviewed
§ This involves going beyond the accounting and financial records to obtain a full understanding of the operations under
review
§ Internal auditing complements an external audit

9|Page
 § The work of the internal auditors cannot be substituted for work that should be performed by the independent
auditor
§ Internal audits are typically performed for any one or more of the following purposes:
ü Appraisal of controls
ü Protection of assets
ü Verification of internal management reports
ü Appraisal of performance
ü Recommendations for operating improvement

GOVERNMENT AUDITING
§ Government auditing involves the determination of whether government funds are being handled properly and in
compliance with existing laws and whether the programs are being conducted efficiently and economically
§ Recognizing the need for independence, governments have developed internal audit staffs (Commission on Audit) which
report to the highest practicable official within their governmental bodies
§ Examples of government audit are:
ü Audits for local and national government units to determine whether taxes have been collected and remitted in
accordance with existing laws or regulations
ü Audits of economy and efficiency in the use of resources
ü Program results auditing (audits conducted to determine whether a government project or program has met its
stated objectives)

PROFESSIONAL STANDARDS
§ Professional standards are established to measure the quality of performance of individuals and organizations. In audit,
standards relating to the accounting profession concern themselves with professional qualities that should be possessed by
CPAs, the exercise of professional judgment in the performance of professional engagements, and the quality control
policies and procedures of CPA firms.
§ Generally Accepted Auditing Standards (GAAS) establish the required level of quality for performing financial statement
audits. These standards must be followed by CPAS when auditing financial statements.
§ Philippine Standards on Auditing (PSAs) are issued to clarify the meaning of these ten GAAS
§ Standards that establish and provide guidance for a CPA firm’s quality control policies and procedures are set forth in the
Philippine Standards on Quality Control (PSQC)

GENERALLY ACCEPTED AUDITING STANDARDS (GAAS)

§ The Generally Accepted Auditing Standards (GAAS) represent measures of the quality of the auditor’s performance.
§ These standards should be looked at as a minimum standard of performance that auditors should follow.
§ The ten GAAS are grouped into three classifications:
ü General Standards (3);
ü Standards of Fieldwork (3); and
ü Standards of Reporting (4)

GENERAL STANDARDS ( TIP )

§ The three general standards are concerned with the auditor’s qualifications and the quality of his or her work.
§ These standards are personal in nature in that they deal with auditor training and proficiency, auditor independence, and
the need for due professional care.
§ These standards apply to all parts of the audit, including fieldwork and reporting.

GENERAL STANDARD # 1:
“The audit is to be performed by a person or persons having adequate technical training and proficiency as an auditor.”
§ The first general standard recognizes that an individual must have adequate technical training and proficiency as an auditor.
§ This is gained through formal education, continuing education programs, and experience.
§ This requirement is usually interpreted to mean college or university education in accounting and auditing, participation in
continuing professional education (CPE) programs, seminars, trainings, and substantial public accounting experience.
§ A technical knowledge of the industry in which the client operates is also part of the personal qualifications of the auditor.

GENERAL STANDARD # 2:
“In all matters relating to the assignment, an independence in mental attitude is to be maintained by the auditor or
auditors.”
§ The second general standard requires that the auditor maintain an attitude of independence on an engagement.
§ It is emphasized that independence is one of the most important traits and characteristics that a practitioner must possess,
as this confers in them public trust and public confidence.
§ This standard also distinguishes between independence in fact and independence in appearance.

GENERAL STANDARD # 3:
“Due professional care is to be exercised in the planning and performance of the audit and the preparation of the
report.”
§ The third general standard focuses on due professional care.
§ In simple terms, due care means that the auditor plans and performs his or her duties with a degree of skill commonly
possessed by others in the profession.
§ This standard requires the auditors to plan and carry out every step of the audit engagement in an alert and diligent
manner.
§ However, this standards does not require auditors to be infallible.

10 | P a g e
STANDARDS OF FIELDWORK ( PIE )
§ The three standards of fieldwork relate to the actual conduct of the audit.
§ These standards provide the conceptual background for the audit process.
§ They relate to planning the audit, obtaining an understanding of the entity and its environment, and obtaining sufficient
appropriate audit evidence.

STANDARD OF FIELDWORK # 1:
“The work is to be adequately planned and assistants, if any, are to be properly supervised.”
§ The first standard of fieldwork deals with planning and supervision.
§ This standard also requires that assistants on the engagement be properly supervised.
§ Supervision is also important in the conduct of an audit. Most of the fieldwork of an audit is carried out by staff members
with limited professional experience.

STANDARD OF FIELDWORK # 2:
“A sufficient understanding of internal control is to be obtained to plan the audit and to determine the nature, timing,
and extent of tests to be performed”
§ The second standard of fieldwork requires that the auditor gain a sufficient understanding of the auditee’s internal control to
plan the audit.
§ The degree to which the auditor relies on the auditee’s internal control directly affects the nature, timing, and extent of the
work performed by the independent auditor.
§ Internal control provides assurance that the client’s records are reliable.
§ When the auditors find that internal control is effective, the quantity of other evidence required to substantiate the financial
statement amounts is much less than if controls are weak.
§ This emphasizes that the auditor’s assessment of internal control has a substantial impact on the nature of the audit
process.

STANDARD OF FIELDWORK # 3:
“Sufficient, competent evidential matter is to be obtained through inspection, observation, inquiries, and confirmations
to afford a reasonable basis for an opinion regarding the financial statements under audit.”
§ The focus of the third standard of fieldwork is sufficient, competent audit evidence.
§ Sufficiency relates to the quantity of audit evidence, while appropriateness relates to the quality of evidence, that is, its
relevance and reliability.
§ When an audit evidence is judged to be both sufficient and appropriate, that evidence is considered competent. These
evidence will be used by auditors to evaluate and support management’s assertions in the financial statements

STANDARDS OF REPORTING ( GIDO )

§ The four standards of reporting establish some specific directives for the preparation of the audit report.
§ These standards require that the auditor consider each of the following issues before rendering the audit report:
ü whether the financial statements are presented in accordance with generally accepted accounting principles (GAAP);
ü whether those principles are consistently applied;
ü whether all informative disclosures have been made; and
ü what degree of responsibility the auditor is taking and the character of the auditor’s work

STANDARD OF REPORTING # 1:
“The report shall state whether the financial statements are presented in accordance with generally accepted
accounting principles.”

STANDARD OF REPORTING # 2:
“The report shall identify those circumstances in which such principles have not been consistently observed in the
current period in relation to the previous period.”

STANDARD OF REPORTING # 3:
“Informative disclosures in the financial statements are to be regarded as reasonably adequate unless otherwise
stated in the report.”

STANDARD OF REPORTING # 4:
“The report shall contain either an expression of an opinion regarding the financial statements, taken as a whole, or an
assertion to the effect that an opinion cannot be expressed. When an overall opinion cannot be expressed, the reasons
therefore should be stated. In all cases where an auditor’s name is associated with financial statements, the report
should contain a clear-cut indication of the character of the auditor’s work, if any, and the degree of responsibility the
auditor is taking.”

GAAS: “TIP – PIE – GIDO”

§ TIP pertains to the general standard; PIE pertains to the standards of fieldwork; and GIDO pertains to the standards of
reporting.

GENERAL STANDARDS
§ T echnical training and proficiency

11 | P a g e
 § I ndependence
§ P rofessional care

STANDARDS OF FIELDWORK
§ P lanning
§ I nternal Control
§ E vidential matter

STANDARDS OF REPORTING
§ G enerally Accepted Accounting Principles
§ I nconsistency
§ D isclosure
§ O pinion

STANDARDS IN THE ACCOUNTING PROFESSION

§ Philippine Standards on Auditing (PSAs) for audits of historical financial information
§ Philippine Standards on Assurance Engagements (PSAEs) for assurance engagements that deal with subject matters
other than historical information
§ Philippine Standards on Review Engagements (PSREs) for the review of historical financial information
§ Philippine Standards on Related Services (PSRSs) for compilation engagements, engagements to apply agreed-upon
procedures to information and other related services engagements as specified by the AASC

PHILIPPINE STANDARDS ON QUALITY CONTROL (PSQC)

§ PSQC 1 provides that a firm should establish a system of quality control designed to provide it with reasonable assurance
that the firm and its personnel comply with professional standards and regulatory and legal requirements, and that the
report issued by the firm are appropriate in the circumstances.

ELEMENTS OF A SYSTEM OF QUALITY CONTROL

§ A system of quality control consists of:
ü policies designed to achieve the objectives of compliance with professional standards and issuance of appropriate
reports; and
ü procedures necessary to implement and monitor compliance with those policies
§ As provided in PSQC 1, the firm’s system of quality control should include policies and procedures addressing each of the
following elements:
ü Leadership responsibilities for quality within the firm
ü Ethical requirements
ü Acceptance and continuance of client relationships and specific engagements
ü Human resources
ü Engagement performance
ü Monitoring

OBTAINING CLIENTS
§ Client engagement acceptance and continuance include the following considerations:
ü The integrity of the principal owners, key management, and those charged with governance of the entity;
ü Whether the engagement team is competent to perform the audit engagement and has the necessary time
and resources; and
ü Whether the firm and the engagement team can comply with ethical requirements.

PROSPECTIVE CLIENT ACCEPTANCE

§ Some procedures which a firm might conduct in evaluating a prospective client include the following:
ü Obtain and review available financial information (annual reports, interim financial statements, income tax
returns, etc.)
ü Inquire of third parties about any information concerning the integrity of the prospective client and its
management. These inquiries may be directed toward the prospective client’s banks, attorneys, credit
agencies, and other members of the business community who may have such knowledge.
ü Communicate with the predecessor auditor about whether there were any disagreements about accounting
principles, audit procedures, or similar significant matters.
ü Consider whether the prospective client has any circumstances that will require special attention or that
may represent unusual business or audit risks, such as litigation or going-concern problems.
ü Determine if the firm is independent of the client and able to provide the desired service.
ü Determine if the firm has the necessary technical skills and knowledge of the industry to complete the
engagement.
ü Determine if acceptance of the client would violate any applicable regulatory agency requirements of the
Code of Ethics

INQUIRIES OF THE PREDECESSOR AUDITOR

§ When the prospective client has already been audited previously, auditing standards require that the successor auditor
make certain inquiries of the predecessor auditor before accepting the engagement.
§ However, it should be noted that the successor auditor should first request permission from the prospective client before
contacting the predecessor auditor.

12 | P a g e
 § Communications with the predecessor auditor should include questions as to the:
ü Integrity of management
ü Disagreements with management over accounting and auditing issues
ü Communications with the audit committee or an equivalent group regarding fraud, illegal acts, and
internal-control-related matters
ü The predecessor’s understanding of the reason for the change in auditors
§ Inquiries of the predecessor auditor and responses thereto may help the successor auditor determine whether to accept the
engagement.
§ The predecessor auditor should respond fully to the successor’s requests unless an unusual circumstance such
as a lawsuit exists or if the predecessor’s response is limited, in which case the successor auditor should be
informed.
§ If the prospective client refuses to permit the predecessor auditor to respond, the successor auditor should
have reservations about accepting the engagement. Such a situation should raise serious problems about
management’s motivations and integrity.

AUDIT ENGAGEMENT LETTERS

§ After deciding to accept or continue an engagement, an agreement should be reached with the client, preferably through
the audit committee, about the professional services to be rendered.
§ The auditor and the client must agree on the terms of the engagement, including the type, scope, and timing of
the engagement.
§ This understanding reduces the risk that either party may misinterpret what is expected or required of the
other party.
§ This understanding should be documented in writing.
§ PSA 210 “Agreeing the Terms of Audit Engagements” establishes standards and provides guidance on agreeing the
terms of the engagement with the client and the auditor's response to a request by a client to change the terms of an
engagement to one that provides a lower level of assurance.
§ This standard provides that the auditor and the client should agree on the terms of the engagement and that these agreed
terms be recorded in an audit engagement letter or other suitable form of contract
§ The audit engagement letter documents and confirms the auditor's acceptance of the appointment, the objective and
scope of the audit, the extent of the auditor's responsibilities to the client and the form of any reports.
§ Documenting the terms of agreement between the client and the auditor recognizes that it is in the interest of
both client and auditor that the auditor sends an engagement letter, preferably before the commencement of
the engagement, to help in avoiding misunderstandings with respect to the engagement.

PRINCIPAL CONTENTS OF THE AUDIT ENGAGEMENT LETTER

The form and content of audit engagement letters may vary for each client, but they would generally include reference to:

§ The objective of the audit of financial statements.

§ Management's responsibility for the financial statements.
§ The scope of the audit, including reference to applicable legislation, regulations, or pronouncements of
professional bodies to which the auditor adheres
§ The form of any reports or other communication of results of the engagement.
§ The fact that because of the test nature and other inherent limitations of an audit, together with the inherent
limitations of any accounting and internal control system, there is an unavoidable risk that even some material
misstatement may remain undiscovered.
§ Unrestricted access to whatever records, documentation and other information requested in connection with
the audit.

The auditor may also wish to include in the letter:

§ Arrangements regarding the planning of the audit.
§ Expectation of receiving from management written confirmation concerning representations made in
connection with the audit.
§ Request for the client to confirm the terms of the engagement by acknowledging receipt of the engagement
letter or by affixing the client’s signature on the space provided for in the engagement letter for his conforme
for the convenience of both the auditor and client.
§ Description of any other letters or reports the auditor expects to issue to the client
§ Basis on which fees are computed and any billing arrangements.

When relevant, the following points could also be made:

§ Arrangements concerning the involvement of other auditors and experts in some aspects of the audit
§ Arrangements concerning the involvement of internal auditors and other client staff
§ Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit
§ Any restriction of the auditor's liability when such possibility exists
§ A reference to any further agreements between the auditor and the client

RECURRING AUDITS
§ A recurring audit is a form of a repeat or continuing engagement, wherein the auditor audits the same client he has
audited previously.
§ On recurring audits, the auditor should consider whether circumstances require the terms of the engagement
to be revised and whether there is a need to remind the client of the existing terms of the engagement.

13 | P a g e
 § The auditor may decide not to send a new engagement letter each period. However, the following factors may make it
appropriate to send a new letter:
ü Any indication that the client misunderstands the objective and scope of the audit
ü Any revised or special terms of the engagement
ü A recent change of senior management, board of directors or ownership
ü A significant change in nature or size of the client's business
ü Legal requirements and other government agencies’ pronouncements

ACCEPTANCE OF A CHANGE IN ENGAGEMENT

§ An auditor who, before the completion of the engagement, is requested to change the engagement to one which provides a
lower level of assurance, should consider the appropriateness of doing so.
§ A request from the client for the auditor to change the engagement may result from:
ü a change in circumstances affecting the need for the service;
ü a misunderstanding as to the nature of an audit or related service originally requested; or
ü a restriction on the scope of the engagement, whether imposed by management or caused by circumstances
§ A change in circumstances that affects the entity's requirements or a misunderstanding concerning the nature of service
originally requested would ordinarily be considered a reasonable basis for requesting a change in the engagement.
§ In contrast a change would not be considered reasonable if it appeared that the change relates to information that is
incorrect, incomplete or otherwise unsatisfactory.
§ If the auditor concludes, that there is reasonable justification to change the engagement and if the audit work
performed complies with the PSAs applicable to the changed engagement, the report issued would be that appropriate for
the revised terms of engagement.
§ In order to avoid confusing the reader, the report would not include reference to:
ü the original engagement; or
ü any procedures that may have been performed in the original engagement, except where the engagement is changed
to an engagement to undertake agreed-upon procedures and thus reference to the procedures performed is a normal
part of the report
§ Where the terms of the engagement are changed, the auditor and the client should agree on the new terms.
§ The auditor should not agree to a change of engagement where there is no reasonable justification for doing so. An
example might be an audit engagement where the auditor is unable to obtain sufficient appropriate audit evidence
regarding receivables and the client asks for the engagement to be changed to a review engagement to avoid a qualified
audit opinion or a disclaimer of opinion.
§ If the auditor is unable to agree to a change of the engagement and is not permitted to continue the original
engagement, the auditor should withdraw and consider whether there is any obligation, either contractual or otherwise,
to report to other parties, such as the board of directors or shareholders, the circumstances necessitating the withdrawal.

THE NEED FOR AUDIT PLANNING

§ Upon acceptance of the client engagement and the engagement letter and terms agreed upon by both the client and the
auditor, there is now a need to plan the audit.
§ The planning process intensifies as the auditors concentrate their efforts in obtaining a detailed understanding of the entity
and its environment in order to develop an overall audit strategy and assess the risks of material misstatements in the
financial statements.
§ PSA 200 provides that “the auditor should plan and perform an audit with an attitude of professional skepticism recognizing
that circumstances may exist that cause the financial statements to be materially misstated”. This provision recognizes the
need and importance of audit planning in the audit process.
§ Generally, it is necessary for an auditor to plan the audit so that the audit will be conducted in an effective and efficient
manner. Without planning, the audit might be conducted in a sporadic manner and might not be finished within the allotted
time since auditors only have a limited period of time to complete the audit.
§ PSA 300 “Planning an Audit of Financial Statements”, which establishes standards and provides guidance on the
consideration and activities applicable to planning an audit of financial statements. It states that the auditor should plan the
audit so that the engagement will be performed in an effective manner.

NATURE AND SCOPE OF AUDIT PLANNING

AUDIT PLANNING
§ involves the establishment of the overall audit strategy for the engagement and developing an audit plan, in order to
reduce audit risk to an acceptably low level
§ involves the engagement partner and other key members of the engagement team to benefit from their experience and
insight and to enhance the effectiveness and efficiency of the planning process

THE NATURE AND EXTENT OF PLANNING ACTIVITIES WILL VARY ACCORDING TO:
§ the size and complexity of the entity
§ the auditor’s previous experience with the entity
§ changes in circumstances that occur during the audit engagement

BENEFITS OF AUDIT PLANNING

PLANNING BENEFITS AN AUDIT IN A VARIETY OF WAYS WHICH INCLUDE THE FOLLOWING:

§ It helps ensure that appropriate attention is devoted to important areas of the audit.
§ It aids in identifying potential problems and resolving them on a timely basis.
§ It helps ensure that the audit is properly organized, managed, and performed in an effective and efficient manner.

14 | P a g e
 § It assists in the proper assignment and review of the work of the engagement team members.
§ It helps coordinate the work to be done by auditors of components and other parties involved such as experts, specialists,
etc.

MAJOR AUDIT PLANNING ACTIVITIES

§ Obtain an understanding of the entity and its environment, including internal controls, and assess inherent risk
ü This is to enable the auditor to identify and understand the events, transactions, and practices that, in the auditor’s
judgment, may have a significant effect on the financial statements or on the examination or audit report. A more
elaborate discussion on this is included in “Understanding the Entity and Its Environment”.
§ Estimate reliance on internal controls
ü It is necessary that at the early planning stage of the work, the auditor should obtain an overall “feel” of the
situation by determining on a preliminary basis the major areas where the audit work will assume reliance on
internal controls. This is also necessary to assess control risk in the risk assessment process. A more elaborate
discussion on this is found in “Basic Concepts and Elements of Internal Control”.
§ Establish planning materiality
ü When planning the audit, the auditor considers what would make the financial statements materially misstated.
The auditor’s assessment of materiality, related to specific account balances and classes of transactions, helps the
auditor decide on issues such as what items to examine and to select audit procedure to reduce audit risk to an
acceptably low level. Materiality is discussed more elaborately in “Risk Assessment and Materiality”.
§ Perform analytical procedures
ü Analytical procedures are evaluations of financial information made by a study of plausible relationships among
both financial and nonfinancial data. These include ratio and trend analysis to investigate identified fluctuations and
relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts.
PSA 520 provides that analytical procedures are required to be performed at the planning stage and the overall
review stage of the audit. These are discussed more elaborately in “Substantive Testing and Audit Programs” and
“Completing the Audit and Post-Audit Responsibilities”.
§ Identify potential problem areas and source of significant misstatements.
ü Auditors usually plan an audit with the idea that potential areas may exist in the financial statements. These may
concern problems regarding related parties, errors in calculations, etc. The auditors ordinarily plan to spend
additional audit time and effort in these areas.
§ Establish the audit strategy.
ü The audit strategy is concerned with designing optimized audit approaches that seek to achieve the necessary
audit assurance at the lowest cost or within the constraints of information available. This chapter elaborates on the
concept of audit strategy.
§ Prepare the detailed audit plan.
ü An audit plan is more detailed than the overall audit strategy and includes the nature, timing, and extent of audit
procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence
to reduce audit risk to an acceptably low level. This chapter also elaborates on the concept of the audit plan.
§ Draft preliminary audit programs.
ü The audit program is the most important control mechanism in an audit which details the procedures and
instructions in auditing specific accounts. Audit programs are discussed elaborately and illustrated in “Substantive
Testing and Audit Programs”.
§ Schedule the audit work.
ü Efficient scheduling of audit work is key to maximizing the effectiveness and monetary return of an accounting
firm. This would include the timing of significant phases of the audit and tentative deadline dates for completion of
the audit.

PSA 300 (Redrafted) “Planning an Audit of Financial Statements”

(PSA 300, par. 1-3)

§ PSA 300 “Planning an Audit of Financial Statements” establishes standards and provides guidance on the consideration and
activities applicable to planning an audit of financial statements.
§ It states that the auditor should plan the audit so that the engagement will be performed in an effective manner.
§ It also deals with the auditor’s responsibility to plan an audit of financial statements.

(PSA 300, par. A1)

§ Planning an audit involves
ü establishing the overall audit strategy for the engagement; and
ü developing an audit plan
§ Adequate planning benefits the audit of financial statements in several ways, which all lead to the audit being conducted in
an effective and efficient manner.

PLANNING IS NOT A DISCRETE PHASE OF AN AUDIT

(PSA 300, par. A3)

§ It should be emphasized that planning is not a discrete phase of an audit, which means that it is not a step in the audit
process that stands alone or that when completed precludes modification or viewed in finality.
§ Rather, it is a continual and iterative (repetitive, until a goal is achieved) process that often begins shortly after (or
in connection with) the completion of the previous audit and continues until the completion of the current audit
engagement.

15 | P a g e
 § Planning, however, includes consideration of the timing of certain activities and audit procedures that need to be completed
prior to the performance of further audit procedures.

For example, planning includes the need to consider, prior to the auditor’s identification and assessment of the risks of material
misstatement, such matters as:
§ The analytical procedures to be applied as risk assessment procedures.
§ Obtaining a general understanding of the legal and regulatory framework applicable to the entity and how the entity is
complying with that framework.
§ The determination of materiality.
§ The involvement of experts.
§ The performance of other risk assessment procedures.

INCORPORATING AN ELEMENT OF UNPREDICTABILITY

(PSA 300, par. A4)

§ The auditor may decide to discuss elements of planning with the entity’s management to facilitate the conduct and
management of the audit engagement (for example, to coordinate some of the planned audit procedures with the work of
the entity's personnel).
§ Although these discussions often occur, the overall audit strategy and the audit plan remain the auditor's responsibility.
§ When discussing matters included in the overall audit strategy or audit plan, care is required in order not to compromise the
effectiveness of the audit.
§ For example, discussing the nature and timing of detailed audit procedures with management may compromise the
effectiveness of the audit by making the audit procedures too predictable.
§ This is what is meant by incorporating an element of unpredictability in the audit procedures.

PRELIMINARY ENGAGEMENT ACTIVITIES

(PSA 300, par. 4; A5)

INVOLVEMENT OF KEY ENGAGEMENT TEAM MEMBERS
§ The engagement partner and other key members of the engagement team shall be involved in planning the audit, including
planning and participating in the discussion among engagement team members.
§ The involvement of the engagement partner and other key members of the engagement team in planning the audit draws
on their experience and insight, thereby enhancing the effectiveness and efficiency of the planning process.

(PSA 300, par. 5; A6-A8)

The auditor shall undertake the following activities at the beginning of the current audit engagement:
§ Performing procedures regarding the continuance of the client relationship and the specific audit engagement;
§ Evaluating compliance with ethical requirements, including independence; and
§ Establishing an understanding of the terms of the engagement

These activities assist the auditor in identifying and evaluating events or circumstances that may adversely affect the
auditor’s ability to plan and perform the audit engagement. Furthermore, performing these preliminary engagement
activities enables the auditor to plan an audit engagement for which, for example:
§ The auditor maintains the necessary independence and ability to perform the engagement.
§ There are no issues with management integrity that may affect the auditor’s willingness to continue the engagement.
§ There is no misunderstanding with the client as to the terms of the engagement.

THE OVERALL AUDIT STRATEGY

(PSA 300, par. 6-7)

§ PSA 300 (Redrafted) requires that the auditor establish an overall audit strategy.
§ The overall audit strategy sets the scope, timing, and direction of the audit, and guides the development of the audit
plan.

ESTABLISHING THE OVERALL AUDIT STRATEGY INVOLVES PROCESSES SUCH AS THE FOLLOWING:
§ Identifying the characteristics of the engagement that define its scope.
ü This would include the financial reporting framework, industry specific reporting requirements, and the locations of
the components of the entity.
§ Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the
communications required
ü such as deadlines for interim and final reporting, and key dates for expected communications with management
and those charged with governance.
§ Considering the factors that, in the auditor’s professional judgment, are significant in directing the engagement
team’s efforts.
ü This would include determination of appropriate materiality levels; preliminary identification of areas where there
may be higher risks of material misstatement; preliminary identification of material components and account
balances; evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of internal
control; and identification of recent entity-specific, industry, financial reporting or other relevant developments.
§ Considering the results of preliminary engagement activities and, where applicable, whether knowledge gained
on other engagements performed by the engagement partner for the entity is relevant; and
§ Ascertaining the nature, timing and extent of resources necessary to perform the engagement.

16 | P a g e
(PSA 300, par. A9)

The process of establishing the overall audit strategy assists the auditor to determine, subject to the completion of the
auditor’s risk assessment procedures, such matters as:
§ The resources to deploy for specific audit areas, such as the use of appropriately experienced team members for high risk
areas or the involvement of experts on complex matters.
§ The amount of resources to allocate to specific audit areas, such as the number of team members assigned to observe the
inventory count at material locations, the extent of review of other auditors’ work in the case of group audits, or the audit
budget in hours to allocate to high risk areas, such as the number of team members assigned to perform specific audit
procedures, the extent of review of other auditors’ work in case of group audits, and the audit budget in hours to allocate to
high risk areas.
§ When these resources are to be deployed, such as whether at an interim audit stage or at key cut-off dates; and
§ How such resources are managed, directed and supervised, such as when team briefing and debriefing meetings are
expected to be held, how engagement partner and manager reviews are expected to take place (for example, on-site or off-
site), and whether to complete engagement quality control reviews.

(PSA 300, Appendix)

§ The Appendix of PSA 300 (Redrafted) lists examples of considerations in establishing the overall audit strategy. Many of
these matters will also influence the auditor’s detailed audit plan. The examples provided cover a broad range of matters
applicable to many engagements. While some of the matters referred to below may be required by other PSAs, not all
matters are relevant to every audit engagement and the list is not necessarily complete.
ü Characteristics of the engagement
ü Reporting Objectives, Timing of the Audit, and Nature of Communications
ü Significant Factors, Preliminary Engagement Activities, and Knowledge Gained on Other Engagements
ü Nature, Timing, and Extent of Resources

SOME EXAMPLES OF AUDIT STRATEGY

BUSINESS RISK APPROACH

§ this strategy is used when concentrating on the business environment and the various external factors that govern the audit
§ this approach is influenced by various external factors – like political situations, legal barriers, demographics, topography,
etc. of the audit client that the auditor judges would significantly affect the way the financial statements are prepared
RISK-BASED AUDIT APPROACH
§ this approach is the most widely-used in most audits
§ the auditor concentrates on the risks of material misstatement, both at the overall FS level and the assertion levels, in
identifying the nature, timing, and extent of audit procedures to be conducted
§ the auditor makes use of the audit risk model, which emphasizes more on the risks internal to the company rather than
those that are brought up by the business environment, external factors, and the industry in which the client operates
FRAUD-BASED APPROACH
§ this approach is used when the auditor suspects that fraud and illegalities are the basis in which the financial statements
may become materially misstated
§ the auditor concentrates more on the effectiveness of internal controls and on the assumption that fraudulent activities may
exist, which increases risk assessment in the audit
ETHICS-DRIVEN STRATEGY
§ this approach is used mostly in audits that involve corporate governance
§ the overall organizational structure, hierarchy, and lines of reporting are given emphasis by the auditor, and how duties are
seen as either compatible or incompatible

THE AUDIT PLAN

(PSA 300, par. A11; A13)

§ Once the overall audit strategy has been established, an audit plan can be developed to address the various matters
identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use
of the auditor’s resources.
§ The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential
processes, but are closely inter-related since changes in one may result in consequential changes to the other.
§ The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and extent of
audit procedures to be performed by engagement team members.
§ Planning for these audit procedures takes place over the course of the audit as the audit plan for the engagement develops.
§ For example, planning of the auditor's risk assessment procedures occurs early in the audit process.
§ However, planning the nature, timing and extent of specific further audit procedures depends on the outcome of those risk
assessment procedures.
§ In addition, the auditor may begin the execution of further audit procedures for some classes of transactions, account
balances and disclosures before planning all remaining further audit procedures.

(PSA 300, par. A11; A13)

The auditor shall develop an audit plan that shall include a description of:
– The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315, “Identifying
and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment.”

17 | P a g e
 – The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA
330, “The Auditor’s Responses to Assessed Risks.”
– Other planned audit procedures that are required to be carried out so that the engagement complies with PSAs.

CHANGES TO PLANNING DECISIONS DURING THE COURSE OF THE AUDIT

(PSA 300, par. 9, A14)

§ The auditor should update and change the overall audit strategy and the audit plan as necessary during the course of an
audit.
§ This recognizes the concept discussed earlier that planning is not a discrete phase of an audit but rather a continual and
iterative process throughout the audit engagement.
§ As a result of unexpected events, changes in conditions, or the audit evidence obtained from the results of audit
procedures, the auditor may need to modify the overall audit strategy and audit plan and thereby the resulting planned
nature, timing and extent of further audit procedures, based on the revised consideration of assessed risks.
§ This may be the case when information comes to the auditor’s attention that differs significantly from the information
available when the auditor planned the audit procedures. For example, audit evidence obtained through the performance of
substantive procedures may contradict the audit evidence obtained through tests of controls.

DIRECTION, SUPERVISION, AND REVIEW

(PSA 300, par. 10, A15)

§ It is necessary that the auditor plan the nature, timing, and extent of direction and supervision of engagement team
members and review of their work.
§ Direction and supervision mean the extent of instruction to team members about what procedures to undertake in the
audit as well as supervising how these procedures are undertaken.
§ Reviewing the work of team members is necessary in order to determine whether team members have conducted the
procedures properly and effectively.

The nature, timing and extent of the direction and supervision of engagement team members and review of their work vary
depending on many factors, including:
§ The size and complexity of the entity;
§ The area of the audit;
§ The assessed risks of material misstatement (for example, an increase in the assessed risk of material misstatement for a
given area of the audit ordinarily requires a corresponding increase in the extent and timeliness of direction and supervision
of engagement team members, and a more detailed review of their work); and
§ The capabilities and competence of the individual team members performing the audit work

OVERALL AUDIT STRATEGY, AUDIT PLAN, AND AUDIT PROGRAM DISTINGUISHED

§ The overall audit strategy to be used by the auditor in planning the audit is an abstract idea that somehow occurs in the
brainstorming stage of the audit planning process. These are the main ideas of the auditor on how to plan and conduct the
audit, and sets the scope, timing, and direction of the audit and guides the development of the more detailed audit plan.
§ The audit plan formalizes the audit strategy and is more detailed than the audit strategy and includes the nature, timing,
and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate
audit evidence to reduce risk to an acceptably low level.
§ The audit program is a more detailed plan of the procedures to be used in the audit of specific accounts and transactions.
It includes detailed instructions to audit team members and procedures to be performed in testing specific accounts. The
concept of audit programs is discussed in detail and illustrated in a separate topic.

DOCUMENTATION REQUIREMENTS

(PSA 300, par. 11)

PSA 300 (Redrafted) requires that the auditor should document the following:
• The overall audit strategy;
• The audit plan; and
• Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the
reasons for such changes

(PSA 300, par. A17-A19)

§ The documentation of the overall audit strategy is a record of the key decisions considered necessary to properly plan the
audit and to communicate significant matters to the engagement team.
§ For example, the auditor may summarize the overall audit strategy in the form of a memorandum that contains key
decisions regarding the overall scope, timing and conduct of the audit.

(PSA 300, par. A17-A19)

§ The documentation of the audit plan is a record of the planned nature, timing and extent of risk assessment procedures
and further audit procedures at the assertion level in response to the assessed risks. It also serves as a record of the proper
planning of the audit procedures that can be reviewed and approved prior to their performance. The auditor may use
standard audit programs or audit completion checklists, tailored as needed to reflect the particular engagement
circumstances.

18 | P a g e
 § A record of the significant changes to the overall audit strategy and the audit plan, and resulting changes to the planned
nature, timing and extent of audit procedures, explains why the significant changes were made, and the overall strategy
and audit plan finally adopted for the audit. It also reflects the appropriate response to the significant changes occurring
during the audit.

OTHER PLANNING CONSIDERATIONS

§ Application of Analytical Procedures – PSA 520

§ Arrangements for Company Assistance
§ Using the Work of Experts – PSA 620
§ Using the Work of Other Auditors – PSA 600
§ Using the Work of Internal Auditors – PSA 610

APPLICATION OF ANALYTICAL PROCEDURES

§ PSA 520 “Analytical Procedures” requires the auditor to apply analytical procedures both in the planning and overall
review stage of the audit.
§ It is not, however, required of an auditor to apply analytical procedures as substantive tests in the conduct of the audit
although the auditor may choose to do so.
§ Applying analytical procedures in the planning stage of the audit assists in understanding the business and in identifying
areas of potential risk.
§ It also assists the auditor in planning the nature, time, and extent of audit procedures that will be used to obtain evidential
matter for specific account balances or classes of transactions.

ARRANGEMENTS FOR COMPANY ASSISTANCE

§ The auditor should determine the extent of assistance needed of the company during the audit, and these assistance should
be arranged as early as possible.
§ A listing of schedules and analyses to be provided by the client, with indication of the dates and by whom they are to be
completed should also be prepared.
§ Only useful items should be listed and completion dates should be realistic and consistent with the timing of the audit plan
and the company’s year-end scheduling.

Examples of these schedules which the company can provide are the following:
§ Lead schedules or trial balance
§ Bank reconciliation statements
§ Schedule of accounts receivable, with remarks as to collectability
§ Inventory listings
§ Schedule of fixed assets and related accumulated depreciation
§ Analyses of prepaid and deferred charges
§ Schedule of accounts, notes, and vouchers payable
§ List of stockholders with corresponding number of shares held
§ Insurance policies in force
§ Stock options granted, terminated, exercised, and exercisable
§ Schedule of unmatched delivery receipts with sales invoices
§ Schedule of unmatched receiving reports with supplier’s invoices
§ Acquisitions and retirement of fixed assets
§ Schedule of taxes and licenses paid and accrued during the year

§ It should be noted that the decision as to the audit procedures to be conducted in an audit are the responsibility of the
auditor.
§ Assistance requested from the client and its personnel refer to procedures which are not quite audit sensitive and in the
judgment of the auditor would aid in the quick access to files and other documents of the company which are needed for the
audit.

USING THE WORK OF EXPERTS AND OTHER AUDITORS

§ CPAs may lack the qualifications necessary to perform certain technical tasks relating to the audit. Therefore, it is necessary
in these situations that the services of an expert or a specialist be sought in an audit.
§ An expert in the auditing parlance refers to a person, group of persons, or firm who possesses expertise in fields of
discipline other than accounting or auditing.
§ An expert or specialist brings unique knowledge and judgment in a field other than accounting and auditing.
§ Appraising the value of works of art, determining the characteristics of mineral reserves, and actuarial computations are
examples of instances wherein a CPA will need the services of an expert.
§ On the other hand, when a portion of the client (e.g., subsidiary in another geographical location) is audited by another CPA
firm, efforts may be coordinated.
§ An example of this is when the accounts of the subsidiary are to be consolidated with the overall enterprise.
§ If that subsidiary is audited by another CPA firm, the auditors must coordinate timing of necessary reports and procedures
to be performed.

19 | P a g e
CONSIDERING THE WORK OF INTERNAL AUDITING

§ Internal auditing complements an external audit.

§ It is therefore necessary to determine the effect of the internal audit function on the nature, timing, and extent of the
auditor’s own audit procedures by reviewing and evaluating the objectivity and competence of the internal auditors and the
effectiveness of their procedures.
§ The work of internal auditors can affect the audit in two ways.
ü First, they can enhance internal control.
Ø Internal auditing deals with evaluating the effectiveness and efficiency with which operations of the
company are conducted.
Ø Through this, the independent auditors would be able to reduce the extent of substantive testing by
considering the materiality of the amount, the risk of misstatement, and the degree of subjectivity
involved in evaluating the accumulated audit evidence.
§ Second, internal auditors assist independent auditors in performing specific audit procedures, such as:
ü Observation of inventory count
ü Confirmation of receivables
ü Review of fixed assets additions and disposals
ü Review of depreciation provisions
ü Bank reconciliation preparation
ü Review of loss events

THE CONCEPT OF RISK IN AN FS AUDIT

§ In a general sense, risk is anything that poses a level of uncertainty.
§ Investors always face risks when they put in money in shares of stock – there may be a possibility that they will incur a loss
on their investment if the investee will not be able to perform its business operations well.
§ Business ventures always face a risk of loss as equally as they have hopes of earning profits.
§ In higher finance and finance-related subjects, risk management is one of the fundamental topics discussed in reducing risk
especially when it comes to investments.
§ In auditing, risk is one of the fundamental concepts that underlie the audit process
§ When asked to perform a financial statement audit, an auditor always faces two types of risk:
ü audit risk; and
ü engagement risk

AUDIT RISK VS. ENGAGEMENT RISK

§ Audit risk
ü the risk that the auditor may unknowingly fail to appropriately modify the opinion on financial statements that are
materially misstated.
ü in simple language, audit risk is the risk that an auditor might issue an unqualified opinion on financial statements
that are in fact materially misstated.
ü this is possible because an audit will always have inherent limitations in it like the use of sampling and limitations
that are inherent in any internal control system among others.
ü a less-than-100% examination of financial transactions that is brought about when the auditor uses sampling bears
the risk that the auditor might select samples that are not representative of the true situation of the financial
statements and therefore cause the auditor to issue an unqualified opinion when in reality the true circumstances
do not warrant it.
ü furthermore, procedures in the audit process always depend on the auditor’s judgment which may or may not be
correct or the same with other auditors

§ Engagement risk
ü is related to an auditor’s exposure to financial loss and damage to his or her professional reputation
ü this may arise when the auditor may be sued by the client or a third party although the auditor has complied with
appropriate auditing standards in the conduct of an audit.
ü the lawsuit may bring about negative publicity that may impair the auditor’s reputation
ü this situation emphasizes the importance of careful acceptance and continuance of clients and in the auditor’s
adherence to the ethical considerations and provisions of his professional Code

§ Engagement risk cannot be directly controlled by the auditor

§ Audit risk can be directly controlled through the scope of the auditor’s procedures, that is, their nature, timing,
and extent

AUDIT RISK MODEL

§ The auditing standards do not really specify any clear-cut provisions on how to determine what an acceptable level of audit
risk is.
§ This and the use of the audit risk model is for the auditor’s professional judgment to decide for so long as the objective of
reducing audit risk to an acceptably low level is achieved.
§ The audit risk model acts as a guide for auditors to determine the scope of audit work and the auditing procedures that are
to be conducted for a particular class of transactions or account balance
§ The audit risk model is expressed as
ü Audit Risk (AR) = Inherent Risk (IR) x Control Risk (CR) x Detection Risk (DR)
§ From the audit risk model we can see that audit risk has three components:

20 | P a g e
 ü inherent risk,
ü control risk, and
ü detection risk
§ Inherent risk and control risk are the risks that the auditing standards classify as those that arise at the assertion level.
They are the risks of the entity and they exist independently of the audit of financial statements, which means that the
auditor has no control over them or that the auditor cannot manipulate them in any way during the audit

INHERENT RISK

§ Inherent risk
ü the susceptibility of an assertion to material misstatements assuming that there are no related controls.
ü Susceptibility in this definition means the vulnerability of a particular account balance or class of transaction to
error because of the inherent nature of the transaction or account balance.
ü It is important to note that inherent risk is viewed always with the assumption that there are no related controls.
ü To illustrate the concept of inherent risk, let us compare cash and an inventory of coal. We will be able to conclude
at once that cash has a higher inherent risk when it comes to theft because by its nature it is the most liquid of all
assets.
ü Another situation could be comparing the valuation of accounts receivable and employee benefits expense. We can
conclude that employee benefit expense has a higher inherent risk of being miscalculated because by its nature
employee benefits expense involves complex calculations that are more susceptible to error that calculations that
involve accounts receivable

CONTROL RISK

§ Control risk
ü the risk that material misstatements that could occur in an assertion will not be prevented or detected on a timely
basis by internal controls.
ü Emphasis on:
v Prevention
v Detection and Correction
ü This is a function of the effectiveness of the design and operation of internal control in a company.
ü Control risk emphasizes that no matter how effective internal control in a company is, a zero percent (0%)
control risk can never be achieved in an audit because there are inherent limitations of internal control.
ü control risk also acknowledges that internal control can be circumvented and thus be unable to prevent or detect
material misstatements on a timely basis

DETECTION RISK

§ Detection risk
ü the only component of audit risk that can be controlled or manipulated by the auditor through the nature,
timing, and extent of audit procedures that he plans to use in the conduct of the audit.
ü the risk that the auditor will not detect a misstatement that exists in an assertion.
ü relates to the scope of the procedures used by the auditor and as a function of the effectiveness of an audit
procedure and of its application by the auditor

ü DETECTION RISK: DEFINITION VS. CONCEPT

§ While the definition of detection risk relates to non-detection of misstatement in an assertion, the concept
of detection risk when studying the audit risk model actually relates to the ease of detection of
misstatements depending on the effectiveness of the design and operation of internal control (that
eventually assesses control risk)

RELATIONSHIP OF RISK COMPONENTS IN THE AUDT RISK MODEL

§ Detection risk has an inverse relationship to the combined elements of inherent risk and control risk
§ For ease of discussion and as is used in actual practice, inherent risk and control risk are viewed in combination as one
single component, often called as auditee risk since both of them relate to the entity’s environment and cannot be directly
controlled by the auditor

§ If control risk is low, we conclude that detection risk is high (as such is the inverse relationship between the two). But how
is this so?
ü A low control risk means that internal control is very effective and functioning very well in the company.
ü Therefore, the auditor will be able to detect misstatements easily because there is a sound system of internal
control that identifies what is right and what is wrong which enables the auditor to identify errors at once.
ü This is what is meant by the concept of detection risk being related to the ease of detection of errors depending on
the effectiveness of the system of internal control
§ On the other hand, if control risk is high, we conclude that detection risk is low.
ü A high control risk means that internal control in the company is ineffective and functioning poorly, and that there
is no system that will dictate which transactions or balances are done or presented rightly or wrongly.
ü Therefore, the auditor will have a hard time detecting the errors, despite the assumption that there are a number
of errors because of the poor internal control, since to the company the errors “seem to be correct” from the point
of view of the client because there is no system that will see to it that the processes are erroneous and done
wrongly

21 | P a g e
 § It should be noted that the auditor’s assessment of audit risk and its components (inherent risk, control risk, and detection
risk) is a matter of professional judgment.
ü At the completion of the audit, the actual level of audit risk is not known with certainty by the auditor.
ü If the auditor assesses the achieved audit risk as being less than or equal to the planned level of audit risk, the
auditor can issue an unqualified report.
ü If the assessment of the achieved level of audit risk is greater than the planned level, the auditor should either
conduct additional audit work or qualify the audit report

USE AND LIMITATIONS OF THE AUDIT RISK MODEL

§ USES OF THE AUDIT RISK MODEL

ü The audit risk model should not be viewed as a precise formula that includes all factors and considerations when
assessing audit risk.
ü It simply acts as a guide and shows the general relationship of audit risk and its components.
ü Nevertheless, auditors will find it useful when planning risk levels for audit procedures.
ü Through the audit risk model, auditors would be able to determine the planned level of audit risk and compare it
with the achieved level of audit risk throughout the audit.
ü Comparing the two assessments would enable the auditor to determine whether auditing procedures should be
modified as necessary or whether an unqualified opinion or a qualification of the opinion is necessary

§ LIMITATIONS OF THE AUDIT RISK MODEL

ü Firstly, the audit risk model is a planning tool. If it will be used by the auditor as a basis on which an audit plan is
to be revised or audit results are to be evaluated, the actual level of audit risk may be greater than the audit risk
indicated by the formula
ü The assessment by the auditor is based on his professional judgment. Because of this, such assessments may be
higher or lower than the actual inherent and control risk that exist for the client. Such differences can affect the
determination of detection risk and the scope of the audit procedures to be conducted
ü Furthermore, the audit risk model does not specifically consider the possibility of auditor error in the assessment

TYPES OF MISSTATEMENTS: FRAUD VS. ERROR

§ In the process of risk assessment, an auditor should identify the causes of those misstatements.
§ Generally, a misstatement in the financial statements may consist of any of the following:
ü A difference between the amount, classification, or presentation of a reported financial statement element,
account, or item and the amount, classification, or presentation that would have been reported under generally
accepted accounting principles
ü The omission of a financial statement element, account, or item
ü A financial statement disclosure that is not presented in accordance with generally accepted accounting principles
ü The omission of information required to be disclosed in accordance with generally accepted accounting principles
§ In these and other similar cases, the auditor should be able to determine and distinguish as to whether these misstatements
result from error or fraud

§ Error
§ in the auditing parlance refers to unintentional misstatements or omissions of amounts or disclosures in the
financial statements and may involve:
ü Mistakes in gathering or processing data from which financial statements are prepared
ü Unreasonable accounting estimates arising from oversight or misinterpretation of facts
ü Mistakes in the application of accounting principles relating to amount, classification, manner of
presentation, or disclosure
ü Clerical mistakes due to human error, weakness, or oversight

§ Fraud
ü involves intentional misstatements or omissions that are intended to deceive users of financial information.
ü From the perspective of an auditor, there are two classifications of misstatements arising from fraud:
v (1) misstatements arising from fraudulent financial reporting
v (2) misstatements arising from misappropriation of assets
ü Misstatements arising from fraudulent financial reporting are intentional misstatements or omissions of amounts or
disclosures in financial statements intended to deceive financial statement users.
ü Misstatements arising from misappropriation of assets, on the other hand, involve the theft of an entity’s assets
that causes the financial statements to be misstated

RISK ASSESSMENT PROCEDURES

§ Inquiries
ü Most of the inquiries in an audit at directed towards management and others within the entity who in the auditor’s
judgment may have information that is likely to assist in identifying risks of material misstatement due to error or
fraud
ü Much of the information obtained by the auditor’s inquiries is obtained from management and those responsible for
financial reporting.
ü However, the auditor may also obtain information, or a different perspective in identifying risks of material
misstatement, through inquiries of others within the entity and other employees with different levels of authority

22 | P a g e
 ü Inquiries directed towards those charged with governance may help the auditor understand the environment in
which the financial statements are prepared.
ü Inquiries directed toward internal audit personnel may provide information about internal audit procedures
performed during the year relating to the design and effectiveness of the entity’s internal control and whether
management has satisfactorily responded to findings from those procedures.
ü Inquiries of employees involved in initiating, processing or recording complex or unusual transactions may help
the auditor to evaluate the appropriateness of the selection and application of certain accounting policies.
ü Inquiries directed toward in-house legal counsel may provide information about such matters as litigation,
compliance with laws and regulations, knowledge of fraud or suspected fraud affecting the entity, warranties,
postsales obligations, arrangements (such as joint ventures) with business partners and the meaning of contract
terms.
ü Inquiries directed towards marketing or sales personnel may provide information about changes in the entity’s
marketing strategies, sales trends, or contractual arrangements with its customers

§ Analytical Procedures
ü involve ratio and trends analysis to identify plausible relationships among accounts or classes of transactions
ü may help identify the existence of unusual transactions or events, and amounts, ratios, and trends that might
indicate matters that have audit implications.
ü unusual or unexpected relationships that are identified may assist the auditor in identifying risks of material
misstatement, especially risks of material misstatement due to fraud
ü required to be performed at both the planning and overall review stage of the audit, but is optional in the
substantive testing phase of the audit

§ Observation and Inspection

ü There is a slight difference between observation and inspection.
ü Observation means looking at a process or at how a process is done.
ü Inspection means examination or a study of documents or files about a particular transaction, balance, or related
information.
ü In the auditing parlance, one cannot observe a document inasmuch as one cannot inspect a process.
ü Observation and inspection may support inquiries of management and others, and may also provide information
about the entity and its environment
ü Examples of such audit procedures include observation or inspection of the following:
Ø The entity’s operations
Ø Documents (such as business plans and strategies), records, and internal control manuals
Ø Reports prepared by management (such as quarterly management reports and interim financial
statements) and those charged with governance (such as minutes of board of directors’ meetings)
Ø The entity’s premises and plant facilities

LEVELS OF RISKS OF MATERIAL MISSTATEMENT

§ PSA 315 provides that the auditor shall identify and assess the risks of material misstatement at two levels:
ü (1) the financial statement level
ü (2) the assertion level for classes of transactions, account balances and disclosures, to provide a basis for
designing and performing further audit procedures

§ Risks of Material Misstatement at the Financial Statement Level

ü risks that are outside of the account balances or transaction classes of individual accounts or transactions and
relate directly to the financial statements as a whole
ü risks that relate pervasively to the financial statements as a whole and potentially affect many assertions
ü Risks of this nature are not necessarily risks identifiable with specific assertions at the class of transactions,
account balance, or disclosure level
ü Rather, they represent circumstances that may increase the risks of material misstatement at the assertion level,
for example, through management override of internal control.
ü Financial statement level risks may be especially relevant to the auditor’s consideration of the risks of material
misstatement arising from fraud
ü Risks at the financial statement level may derive in particular from a weak control environment (although these
risks may also relate to other factors, such as declining economic conditions).
ü For example, weaknesses such as management’s lack of competence may have a more pervasive effect on the
financial statements and may require an overall response by the auditor

§ Risks of Material Misstatement at the Assertion Level

ü risks that relate to the individual account balances or classes of transactions within the financial statements
ü need to be considered because such consideration directly assists in determining the nature, timing, and extent of
further audit procedures at the assertion level necessary to obtain sufficient appropriate audit evidence
ü in identifying and assessing risks of material misstatement at the assertion level, the auditor may conclude that the
identified risks relate more pervasively to the financial statements as a whole and potentially affect many
assertions

SIGNIFICANT RISKS

§ Significant risks
ü are defined as risks that require special audit attention or special audit consideration

23 | P a g e
 ü as part of the risk assessment process, the auditor shall determine whether any of the risks identified are, in the
auditor’s judgment, a significant risk.
ü in exercising this judgment, the auditor shall exclude the effects of identified controls related to the risk
ü In exercising judgment as to which risks are significant risks, the auditor shall consider at least the
following:
Ø Whether the risk is a risk of fraud
Ø Whether the risk is related to recent significant economic, accounting or other developments and,
therefore, requires specific attention
Ø The complexity of transactions
Ø Whether the risk involves significant transactions with related parties
Ø The degree of subjectivity in the measurement of financial information related to the risk, especially those
measurements involving a wide range of measurement uncertainty; and
Ø Whether the risk involves significant transactions that are outside the normal course of business for the
entity, or that otherwise appear to be unusual
ü often relate to significant non-routine transactions or judgmental matters
ü Non-routine transactions are transactions that are unusual, due to either size or nature, and that therefore
occur infrequently
ü Judgmental matters may include the development of accounting estimates for which there is significant
measurement uncertainty
ü Routine, noncomplex transactions that are subject to systematic processing are less likely to give rise to
significant risks
ü Risks of material misstatement may be greater for significant non-routine transactions arising from matters
such as the following:
Ø Greater management intervention to specify the accounting treatment
Ø Greater manual intervention for data collection and processing
Ø Complex calculations or accounting principles
Ø The nature of non-routine transactions, which may make it difficult for the entity to implement effective
controls over the risks
ü Risks of material misstatement may be greater for significant judgmental matters that require the development of
accounting estimates, arising from matters such as the following:
Ø Accounting principles for accounting estimates or revenue recognition may be subject to differing
interpretation
Ø Required judgment may be subjective or complex, or require assumptions about the effects of future
events, for example, judgment about fair value
§ When the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the
entity’s controls, including control activities, relevant to that risk

MATERIALITY
§ As technically defined, materiality is “the magnitude of an omission or misstatement of accounting information that, in the
light of surrounding circumstances, makes it probable that the judgment of a reasonable person relying on the information
would have been changed or influenced by the omission or misstatement”.
§ In simple terms, an item or information is material if knowledge of it and/ or its omission or misstatement would influence a
person in making decisions.
§ Materiality and its consideration in an audit of financial statements is a matter of the professional judgment of the auditor.
§ In establishing materiality for an audit, the auditor should consider both quantitative and qualitative aspects of the
engagement.
§ Although materiality may be planned and implemented using a quantitative approach, the qualitative aspects of
misstatements of small amounts may also materially affect the users of financial statements

MATERIALITY: AMOUNT VS. LEVEL

§ In most instances, materiality is viewed as a threshold amount which auditors can tolerate and still issue an unqualified
opinion despite misstatements identified in the financial statements.
§ This quantitative assessment is then dependent on the level of materiality set or viewed by the auditor, which serves
as a qualitative assessment in the conduct of the audit
§ Let us take for example an aggregate misstatement in the amount of P100,000 as a base amount to illustrate the difference
between materiality amount and materiality level
§ If the auditor wishes to establish a high level of materiality, the auditor would then have to lower the aggregate amount
of misstatements (materiality amount) from P100,000 to say P50,000
§ This means that the auditor would have to be more strict in the conduct of the audit and employ more extensive audit
procedures.
§ If the aggregate amount of misstatements discovered by the auditor amounts to P50,000 or less, it can be tolerated by the
auditor and still issue an unqualified opinion.
§ If the misstatements amount to greater than P50,000, the auditor would have to revise his assessment if necessary,
perform detailed procedures, and if the actual amount is still greater than the tolerable amount set, issue an other than
unqualified opinion depending on the circumstances
§ Suppose the auditor wishes to establish a low level of materiality, the auditor would then increase the aggregate
misstatements to let’s say P150,000 and be more “lax” in the conduct of the audit.
§ This means that the auditor can tolerate more errors or misstatements since the materiality level is low and still issue an
unqualified opinion

24 | P a g e
 § This also means that even though there are still errors or misstatements, they are already considered immaterial by the
auditor

REQUIREMENTS OF THE REVISED PSA 320

§ PSA 320 (Revised and Redrafted)

“Materiality in Planning and Performing an Audit”
ü deals with the determination of materiality and its application in planning and performing an audit of financial
statements
ü the objective of the auditor in accordance with this standard is to determine, and reconsider as the audit
progresses, an appropriate materiality level or levels to enable the auditor to plan and perform the audit
ü The auditor’s determination of a materiality level or levels is a matter of professional judgment, and is affected by
the auditor’s perception of the financial information needs of users of the financial statements
ü The revised PSA 320 includes a requirement for the auditor to determine:
ü Materiality level for the financial statement as a whole
ü Materiality level(s) for one or more particular classes of transactions, account balances, or disclosures (if
required by considering the specific circumstances of the entity)
ü Performance materiality for the purposes of assessing the risk of material misstatement and determining the
nature, timing, and extent of further audit procedures
ü Performance Materiality
ü the amount or amounts set by the auditor at less than materiality for the financial statements as a whole to reduce
to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements
exceeds materiality for the financial statements as a whole
ü the amount or amounts set by the auditor at less than the materiality level or levels for particular classes of
transactions, account balances, or disclosures

RELATIONSHIP AMONG AUDIT RISK, MATERIALITY, AUDIT PROCEDURES, AND AUDIT EVIDENCE

§ If control risk is low

ü detection risk is high
ü internal control is effective and the auditor can easily detect material misstatements
ü therefore, the auditor may choose to set a:
Ø low level of materiality and
Ø a high materiality amount (high tolerable misstatement)
ü conduct the audit less strictly
ü make the audit procedures not too extensive
ü and gather only a few audit evidence

§ If control risk is high

ü detection risk is low
ü internal control is ineffective and the auditor will not be able to easily detect errors in the financial statements
despite the assumption that there are a number of errors because of poor internal control
ü therefore, the auditor will have to conduct the audit more strictly
ü establish a
ü high level of materiality and
ü a low tolerable amount
ü the auditor will also conduct more extensive audit procedures
ü and obtain more evidence

THE NATURE AND CONCEPT OF FRAUD

§ Error
ü unintentional misstatements or omissions of amounts or disclosures in the financial statements
ü
§ Fraud
ü intentional misstatements or omissions that are intended to deceive users of financial information
ü the main objective of fraud is deception through misstatements or omissions in order to present information that is
false or misleading or otherwise hide information deliberately
ü Fraud is a broad legal concept. However, in an audit of financial statements, we only include those types of fraud
that is relevant to an audit
ü there are two types of fraud or intentional misstatements that are relevant: misstatements resulting from
fraudulent financial reporting and misstatements resulting from misappropriation of assets.
ü Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make
legal determinations of whether fraud has actually occurred in an audit of financial statements since the objective
of the auditor is to express an opinion on the financial statements.
ü However, this does not mean that the auditor completely ignores the possibility of fraud in an audit.

FRAUDULENT FINANCIAL REPORTING

§ Involves intentional misstatements including omissions of amounts or disclosures in financial statements to deceive financial
statement users.
§ It can be caused by the efforts of management to manage earnings in order to deceive financial statement users by
influencing their perceptions as to the entity’s performance and profitability

25 | P a g e
 § May be accomplished through the following:
ü Manipulation, falsification (including forgery), or alteration of accounting records or supporting documentation from
which the financial statements are prepared
ü Misrepresentation in, or intentional omission from, the financial statements of events, transactions or other
significant information
ü Intentional misapplication of accounting principles relating to amounts, classification, manner of presentation, or
disclosure
§ Fraudulent financial reporting often involves management override of controls that otherwise may appear to be
operating effectively.
§ Since management has primary responsibility for the design and implementation of internal control, they are in the best
position to override these controls.
§ Management override of controls is one of the inherent limitations of internal control and is a reason why control risk can
never be reduced to zero no matter how effective a system of internal control is
§ Fraud can be committed by management overriding controls using such techniques as:
ü Recording fictitious journal entries, particularly close to the end of an accounting period, to manipulate operating
results or achieve other objectives
ü Inappropriately adjusting assumptions and changing judgments used to estimate account balances
ü Omitting, advancing or delaying recognition in the financial statements of events and transactions that have
occurred during the reporting period
ü Concealing, or not disclosing, facts that could affect the amounts recorded in the financial statements
ü Engaging in complex transactions that are structured to misrepresent the financial position or financial performance
of the entity
ü Altering records and terms related to significant and unusual transactions

MISAPPROPRIATION OF ASSETS
§ Misappropriation of assets involves the theft of an entity’s assets and is often perpetrated by employees in relatively small
and immaterial amounts.
§ However, it can also involve management who are usually more able to disguise or conceal misappropriations in ways that
are difficult to detect.
§ Misappropriation of assets is often accompanied by false or misleading records or documents in order to conceal the fact
that the assets are missing or have been pledged without proper authorization
§ Misappropriation of assets can be accomplished in a variety of ways including:
§ Embezzling receipts (for example, misappropriating collections on accounts receivable or diverting receipts in
respect of written-off accounts to personal bank accounts)
§ Stealing physical assets or intellectual property (for example, stealing inventory for personal use or for sale,
stealing scrap for resale, colluding with a competitor by disclosing technological data in return for payment)
§ Causing an entity to pay for goods and services not received (for example, payments to fictitious vendors,
kickbacks paid by vendors to the entity’s purchasing agents in return for inflating prices, payments to fictitious
employees)
§ Using an entity’s assets for personal use (for example, using the entity’s assets as collateral for a personal loan or
a loan to a related party)

THE FRAUD TRIANGLE

§ Fraud, whether fraudulent financial reporting or misappropriation of assets, necessitates three elements in order to be
perpetrated.
§ These three elements are called as the fraud triangle
ü Incentives or pressures to commit fraud
ü Perceived opportunity to do so
ü Rationalizations
ü The combined elements of incentives or pressures to commit fraud and a perceived opportunity to do so are called
as fraud risk factors
§ Incentives or pressures to commit fraud
ü The fraudulent act should have benefits for the perpetrator to be enticed, or pressures exist that would leave the
perpetrator no choice but to commit fraud.
ü Incentive or pressure to commit fraudulent financial reporting may exist when management is under pressure,
from sources outside or inside the entity, to achieve an expected (and perhaps unrealistic) earnings target or
financial outcome – particularly since the consequences to management for failing to meet financial goals can be
significant.
ü Similarly, individuals may have an incentive to misappropriate assets, for example, because the individuals are
living beyond their means
§ Perceived opportunity to do so
ü A loophole or weakness must be present in the system to allow or give opportunity to the perpetrator to commit
fraud.
ü A perceived opportunity to commit fraud may exist when an individual believes internal control can be overridden,
for example, because the individual is in a position of trust or has knowledge of specific weaknesses in internal
control.
§ Rationalizations
ü These are the specific reasons why the perpetrator chose to commit fraud.
ü Of the three elements in the fraud triangle, this is the most difficult to justify or determine directly since the
reasons for committing the fraud are relative from one person to another.
ü Individuals may be able to rationalize committing a fraudulent act.

26 | P a g e
 ü Some individuals possess an attitude, character or set of ethical values that allow them knowingly and intentionally
to commit a dishonest act.
ü However, even otherwise honest individuals can commit fraud in an environment that imposes sufficient pressure
on them.

RESPONSIBILITIES OF MANAGEMENT
§ The primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the
entity and management.
§ This responsibility is primarily achieved through the design and implementation of an effective system of internal control
within the company.
§ It is important that management, with the oversight of those charged with governance, place a strong emphasis on both
fraud prevention and fraud deterrence.
§ Fraud prevention are ways which may reduce opportunities for fraud to take place.
§ Fraud deterrence, on the other hand, are ways which could persuade individuals not to commit fraud because of the
likelihood of detection and punishment.

RESPONSIBILITIES OF THE AUDITOR

§ The primary responsibility of the auditor in an audit of financial statements is to express an opinion on the financial
statements.
§ The auditor’s responsibility relating to fraud is only a secondary responsibility or an auxiliary responsibility in the conduct of
an audit.
§ An auditor is not engaged to primarily detect all fraud that have happened.
§ This does not necessarily mean that the auditor ignores fraud in an audit of financial statements; the auditor merely
considers possibilities that fraud could happen and includes this in the risk assessment process of the audit in determining
the causes of material misstatements.
§ This is the reason why auditors cannot be sued for the non-detection of fraud in an audit since his or her primarily
responsibility is restricted to the expression of an opinion on the financial statements.
§ The auditor will be responsible for fully considering and detecting fraud if he or she is engaged to perform a fraud audit or a
fraud examination.
§ An auditor conducting an audit of financial statements is responsible for obtaining reasonable assurance that the financial
statements taken as a whole are free from material misstatement, whether caused by fraud or error.

RISK OF FRAUD VS. RISK OF ERROR

§ The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not detecting one resulting
from error.
§ This is because fraud may involve sophisticated and carefully organized schemes designed to conceal it, such as forgery,
deliberate failure to record transactions, or intentional misrepresentations being made to the auditor.
§ Such attempts at concealment may be even more difficult to detect when accompanied by collusion.
§ Collusion may cause the auditor to believe that audit evidence is persuasive when it is, in fact, false.
§ The auditor’s ability to detect a fraud depends on factors such as:
ü the skillfulness of the perpetrator;
ü the frequency and extent of manipulation;
ü the degree of collusion involved;
ü the relative size of individual amounts manipulated; and
ü the seniority of those individuals involved.
§ While the auditor may be able to identify potential opportunities for fraud to be perpetrated, it is difficult for the auditor to
determine whether misstatements in judgment areas such as accounting estimates are caused by fraud or error

MANAGEMENT FRAUD VS. EMPLOYEE FRAUD

§ The risk of the auditor not detecting a material misstatement resulting from management fraud is greater than for
employee fraud, because management is frequently in a position to directly or indirectly manipulate accounting records,
present fraudulent financial information or override control procedures designed to prevent similar frauds by other
employees
§ When obtaining reasonable assurance, the auditor is responsible for maintaining an attitude of professional skepticism
throughout the audit, considering the potential for management override of controls and recognizing the fact that audit
procedures that are effective for detecting error may not be effective in detecting fraud.
§ The auditor should also recognize the possibility that a material misstatement due to fraud could exist, notwithstanding the
auditor’s past experience of the honesty and integrity of the entity’s management and those charged with governance.

DISCUSSION AMONG THE ENGAGEMENT TEAM

§ The PSAs require a discussion among the engagement team members and a determination by the engagement partner of
which matters are to be communicated to those team members not involved in the discussion.
§ This discussion shall place particular emphasis on how and where the entity’s financial statements may be susceptible to
material misstatement due to fraud, including how fraud might occur.
§ The discussion shall occur setting aside beliefs that the engagement team members may have that management and those
charged with governance are honest and have integrity
§ Some matters which can be included in the discussion:
ü An exchange of ideas among engagement team members about how and where they believe the entity’s financial
statements may be susceptible to material misstatement due to fraud, how management could perpetrate and
conceal fraudulent financial reporting, and how assets of the entity could be misappropriated

27 | P a g e
 ü A consideration of circumstances that might be indicative of earnings management and the practices that might be
followed by management to manage earnings that could lead to fraudulent financial reporting
ü A consideration of any unusual or unexplained changes in behavior or lifestyle of management or employees which
have come to the attention of the engagement team
ü A consideration of how an element of unpredictability will be incorporated into the nature, timing and extent of the
audit procedures to be performed
ü A consideration of any allegations of fraud that have come to the auditor’s attention
ü A consideration of the risk of management override of controls

IMPORTANT CONSIDERATIONS
§ Treatment as Significant Risks
ü The auditor shall treat those assessed risks of material misstatement due to fraud as significant risks and
accordingly, to the extent not already done so, the auditor shall obtain an understanding of the entity’s related
controls, including control activities, relevant to such risks. Significant risks are risks that necessitate special audit
attention

§ Communication to management
ü If the auditor has identified a fraud or has obtained information that indicates that a fraud may exist, the auditor
shall communicate these matters on a timely basis to the appropriate level of management in order to inform those
with primary responsibility for the prevention and detection of fraud of matters relevant to their responsibilities
ü When the auditor has obtained evidence that fraud exists or may exist, it is important that the matter be brought
to the attention of the appropriate level of management as soon as practicable. This is so even if the matter might
be considered inconsequential
ü The determination of which level of management is the appropriate one is a matter of professional judgment and is
affected by such factors as the likelihood of collusion and the nature and magnitude of the suspected fraud.
Ordinarily, the appropriate level of management is at least one level above the persons who appear to be involved
with the suspected fraud
§ Communication with those charged with governance
ü The auditor’s communication with those charged with governance may be made orally or in writing.
ü Due to the nature and sensitivity of fraud involving senior management, or fraud that results in a material
misstatement in the financial statements, the auditor reports such matters on a timely basis and may consider it
necessary to also report such matters in writing.
ü In the exceptional circumstances where the auditor has doubts about the integrity or honesty of management or
those charged with governance, the auditor may consider it appropriate to obtain legal advice to assist in
determining the appropriate course of action

FRAUD RISK FACTORS

§ Fraud Risk Factors (PSA 240, Appendix 1)
ü refer to the combined elements of incentives and pressures to commit fraud and a perceived opportunity to do so
in the fraud triangle
ü are present in both fraudulent financial reporting and misappropriation of assets
ü although the risk factors cover a broad range of situations, they are only examples and, accordingly, the auditor
may identify additional or different risk factors
ü not all of these examples are relevant in all circumstances, and some may be of greater or lesser significance in
entities of different size or with different ownership characteristics or circumstances
ü also, the order of the examples of risk factors provided is not intended to reflect their relative importance or
frequency of occurrence

INTERNAL CONTROL
§ the process designed and effected by those charged with governance, management, and other personnel to provide
reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting,
effectiveness and efficiency of operations, and compliance with laws and regulations
§ defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO, which was formed in 1985 in
response to instances of fraudulent financial reporting) as “a process effected by an entity’s board of directors,
management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the
following categories: effectiveness and efficiency of operations, reliability of financial reporting, and compliance with laws
and regulations”
§ the most important concept in the definition of internal control is that it is intended to provide reasonable assurance about
the achievement of the company’s objectives

SIGNIFICANT CONCEPTS RELATING TO INTERNAL CONTROL

Internal Control is a Process

Internal control forms a part of and is integrated with the basic business processes conducted within the entity. The presence of
internal control in the planning, execution, and monitoring of these processes provide assurance that they are carried out properly.
However, it should be noted that internal control is a tool used by management in conjunction with its functions and should not be
viewed as a substitute for management.

Internal Control Involves People

28 | P a g e
Internal control is effected and accomplished by the people within the organization. They are responsible for putting control
mechanisms in place. Consequently, internal control also affects people’s actions. Internal control should provide for the reality that
people do not always understand, communicate, or perform consistently. In turn, people must also know their responsibilities and
limits of authority. Therefore, the duties and responsibilities of the people within the organization should be clearly associated with
the way they are carried out, as well as the objectives set by the entity.

According to the COSO Framework, According to the COSO Framework, everyone in an organization has responsibility for internal
control to some extent. Virtually all employees produce information used in the internal control system or take other actions needed
to effect control. Also, all personnel should be responsible for communicating upward problems in operations, noncompliance with
the code of conduct, or other policy violations or illegal actions.

People within the organization responsible for the effective functioning of internal control involve the following:

§ Management. The Chief Executive Officer (the top manager) of the organization has overall responsibility for designing and
implementing effective internal control. More than any other individual, the chief executive sets the "tone at the top" that
affects integrity and ethics and other factors of a positive control environment. In a large company, the chief executive
fulfills this duty by providing leadership and direction to senior managers and reviewing the way they're controlling the
business. Senior managers, in turn, assign responsibility for establishment of more specific internal control policies and
procedures to personnel responsible for the unit's functions. In a smaller entity, the influence of the chief executive, often
an owner-manager, is usually more direct. In any event, in a cascading responsibility, a manager is effectively a chief
executive of his or her sphere of responsibility. Of particular significance are financial officers and their staffs, whose control
activities cut across, as well as up and down, the operating and other units of an enterprise.

§ Board of Directors, or Those Charged with Governance. Management is accountable to the board of directors, which
provides governance, guidance and oversight. Effective board members are objective, capable and inquisitive. They also
have a knowledge of the entity's activities and environment, and commit the time necessary to fulfill their board
responsibilities. Management may be in a position to override controls and ignore or stifle communications from
subordinates, enabling a dishonest management which intentionally misrepresents results to cover its tracks. A strong,
active board, particularly when coupled with effective upward communications channels and capable financial, legal and
internal audit functions, is often best able to identify and correct such a problem.

§ Employees and other personnel. These are the people responsible for the carrying out of the specific internal control
policies and procedures for particular business transactions.

EMPHASIS ON DESIGN AND IMPLEMENTATION OF INTERNAL CONTROL

In an audit of financial statements, the emphasis of the auditor is to assess the design of the internal control system in the company
and its implementation. It should be noted that management has the primary responsibility for putting up a system of internal
control in the company, aided by the oversight of those charged with governance and the execution and carrying out of these
policies and procedures by employees and other personnel.

Internal Control Provides Reasonable Assurance, not Absolute Assurance

In almost any virtual situation, an internal control system can never be fail proof no matter how well designed and operated it may
be. Therefore, it can never provide absolute assurance but only reasonable assurance regarding the achievement of management’s
objectives. This is because there are inherent limitations that are present in any internal control system. These include:

§ faulty judgments in decision making

§ consideration of relative costs and benefits
§ breakdowns because of human failures, simple errors or mistakes
§ controls can be circumvented by collusion of two or more people
§ management override of internal control system

These inherent limitations present in any internal control system are the reasons why there can never be a zero percent control risk
in the risk assessment process of the auditor.

Internal Control is Geared Towards the Achievement of the Entity’s Objectives

Internal control and its specific internal control activities are designed to provide reasonable assurance that particular objectives are
achieved or related progress understood. The main objectives to which inherent control relates to are as follows:

§ Effectiveness and Efficiency of Operations. These pertain to the effective and efficient use of the entity’s resources,
effectiveness and efficiency of operations including performance and profitability goals, and safeguarding assets against
losses.

§ Reliability of financial reporting. These relate to the preparation of reliable published financial statements, including the
prevention of fraudulent public financial reporting

29 | P a g e
Compliance with applicable laws and regulations. These relate to compliance with applicable laws and regulations and depend
on external factors such as environmental regulation, and tend to be similar across entities in some cases and across an industry in
others

CARDINAL PRINCIPLES OF INTERNAL CONTROL

The Cardinal Principles of Internal Control are a set of guidelines that characterize a sound internal control system within the
company. It does not serve as an absolute guarantee nor does it present a one-size-fits-all requirement for companies in terms of
placing a system of internal control; rather its presence in an internal control system of a company helps in making it more effective,
efficient, and useful.

The Cardinal Principles of Internal Control are as follows:

1. Responsibility for the performance of each duty must be fixed. This principle emphasizes the importance of assigning
fixed responsibilities to personnel and employees to reduce work duplication or redundancy. Furthermore, this helps ensure
that employees only perform functions within their jurisdiction in order to provide for feedback and monitoring of work.

2. Accounting and financial operations must be operated. This principle emphasizes the importance of segregating
incompatible duties. The accounting function is concerned mainly with record-keeping while financial operations are
concerned with the execution of transactions that involve inflows of outflows of economic resources. Fusing both functions in
one person will bring forth possibilities for fraud to be perpetrated since possession of both accounting records and actual
resources will easily enable a person to conceal or misstate a transaction.

3. Proofs of accuracy should be utilized in order to assure correctness of operation and accounting. This principle
emphasizes the importance of an audit trail within the company. An audit trail is a processing sequence or path that allows
for managers and auditors to “walk through” a particular transaction and ascertain as to whether it has been executed
properly following required policies and procedures set by the company. Audit trails are composed of the source documents
and accounting records that are used to track down and support transactions entered into by the company.

4. No one person should be in complete charge of a business transaction. This principle emphasizes the importance of
segregation of duties especially those that are judged to be incompatible. In the study of internal control, four
incompatible duties are required to be separated. These are: (1) authorization; (2) execution; (3) recording; and (4)
custody. The process of authorization involves granting permission that the transaction be entered into by the company
and is usually done by top-level managers. Execution involves the actual performance of the transaction itself, like
entering into a sale or purchase agreement. Recording involves updating the accounting books and records of the company
pursuant to the transaction entered into. Custody involves the safekeeping of the resources of the company as a result of
the transaction entered into. Segregation of duties is achieved when, for example, the person who authorized the
transaction must not also be the one to execute it. Fusing the record-keeping function (like the updating of accounting
books and records) with the custody function (like handling cash receipts) will allow possibilities for the perpetration of
fraud.

5. Employees must be carefully selected and trained. This principle emphasizes the importance of the company’s human
resource policies especially in terms of employee hiring or selection and training. Employees should undergo careful
selection processes to ensure that they are fit for the job and will be able to perform the job well. Training policies, on the
other hand, ensure that employees are equipped with the necessary skills they need to perform their functions and meet
company goals and objectives.

6. Employees should be bonded. This principle emphasizes that employees who are in positions of trust or whose nature of
work includes positions that are sensitive within the company be bonded to ensure that they are accountable for the
resources that their positions may entail. An example of this would be to have employees execute fidelity bonds.

7. Employees should be rotated on a job, if possible; vacations for those in positions of trust should be enforced.
This principle emphasizes the importance of job rotations among employees as this will reduce familiarity threat or the
likelihood that employees become too familiar with the processes related to their field of work that they are able to
manipulate those processes to serve their personal interests. Forced vacations for those in positions of trust are important
in order to check on the accountability of the employee and perform an audit on the performance and trustworthiness of his
work.

8. Operating instructions for each position should be reduced to writing. This principle emphasizes the importance of
the company coming up with written procedures manuals and descriptions of the specific duties and responsibilities of each
employee in order to maximize the efficiency and effectiveness of the performance of their functions and ensure that
processes are performed properly.

9. The protective advantages of a double-entry system of accounting should not be exaggerated. This principle
emphasizes the importance of keeping updated records within the company that enables a cutoff period for transactions
entered into for a particular period of time for purposes of audit.

10. Controlling accounts should be used as extensively as possible. This principle emphasizes the importance of
maintaining control accounts in a company to be able to summarize or categorize common or related accounts and
transactions for easy record keeping and audit purposes.

30 | P a g e
 11. Mechanical equipment and/ or electronic equipment should be used, if feasible. This principle emphasizes the
importance of automation in a company that enables processes to be performed more efficiently and accurately

DOCUMENTING INTERNAL CONTROL

The first stage in the review of internal controls us a fact-finding process. The independent auditor familiarizes himself with the
nature and extent of controls that have been established by management. To assist him in his review, he may use any one or a
combination of the following tools:

1. Internal Control Questionnaire (ICQ)

2. Narrative statements of internal controls
3. Flowcharts

INTERNAL CONTROL QUESTIONNAIRE

An internal control questionnaire is a comprehensive series of questions relating to internal control which the auditor uses as a guide
to his review of the system of internal control. The questions are usually answerable by “Yes” or “No” (or Not Applicable) and space
is provided on the questionnaire for the answers and for additional explanatory comments that the auditor may deem advisable. In
order to facilitate appraisal, the questions are usually framed in such a manner that strong internal control is indicated by “yes”
answers, weak by “no”. The questionnaire is usually standardized and is divided into sections for each of the principal balance sheet
items (i.e., Cash, Receivables, etc.).

Advantages:

§ It serves as an outline of the various phases of internal control that must be covered in the review.
§ Weaknesses in internal control are emphasized.
§ Review of internal control on repeat engagements is facilitated. Any changes that have been made in the system of internal
control since the last audit can simply be checked against the questionnaire.
§ The questionnaire facilitates review of work done by staff members.
§ It aids in writing the report.

Disadvantages:

§ It tends to restrict independence of thought and to encourage avoidance of responsibility.

§ Answers are suggested without a real understanding of the problem.
§ Answers are limited to the size of the space allocated on the questionnaire.

NARRATIVE

In the narrative approach, the auditor writes down in narrative form the results of his review of existing internal controls. The
narrative may contain a full coverage of the controls in existence, or it may be limited only to weaknesses and shortcomings in the
system. Information on existing controls is obtained by asking questions and observation.

Advantages:

§ It is flexible; it may be tailored to the requirements of the particular business under examination.
§ It explains precisely the controls applicable to the case at hand.
§ It requires penetrating analysis and discourages a tendency toward perfunctory review.
§ It is particularly suitable for use in small-sized businesses where controls are limited.

Disadvantages:

§ The person conducting the review may not have the ability to express himself clearly and concisely in writing.
§ The use of wrong words or erroneous phrasing may give an incomplete or incorrect picture or impression.
§ The narrative material may require a more careful and thorough study.
§ Without a checklist or questionnaire, important aspects that should be reviewed may be overlooked.
§ Preparation of the narrative may be time-consuming.

FLOWCHARTS

A flowchart is a symbolic or pictorial representation of a business procedure. A procedural flow chart shows the flow of paper and the
operating steps required to process it. Each work unit is assigned a column, and the flow of documents is pictured in the proper
columns together with brief descriptions of the processing steps required in each work unit.

Advantages:

§ It permits the auditor to obtain a better over-all view of the system of internal controls because it is presented in graphic or
pictorial form.
§ It facilitates revision of the system.
§ It reduces the need for detailed description of each activity.

31 | P a g e
 § It can be used in a wide variety of situations.

Disadvantages:

§ The auditor may not be familiar with the use of graphic methods.
§ The chart requires frequent redrafting even for minor changes in the client’s procedures.
§ It emphasizes regular and recurrent procedures, and often fails to reveal exceptions. In auditing, exceptions are usually of
importance.

CONTROLS RELEVANT TO AN AUDIT

As provided by the PSAs, there are three general controls that are relevant to the audit:

§ Controls over the completeness and accuracy of information produced by the entity. These controls may be
relevant to the audit if the auditor intends to make use of the information in designing and performing further procedures.

§ Controls relating to operations and compliance objectives. These may also be relevant to an audit if they relate to
data the auditor evaluates or uses in applying audit procedures.

§ Internal control over safeguarding of assets. These are controls that guard against unauthorized acquisition, use, or
disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of
such controls is generally limited to those relevant to the reliability of financial reporting.

COMPONENTS OF INTERNAL CONTROL

Internal control consists of five components. These components do not operate in isolation; rather, they are interrelated. These are
derived from the way management runs a business and operates its functions, and are integrated with the management process.

The five components of internal control are: (C-R-I-C-M)

§ Control Environment
§ Entity’s Risk Assessment Process
§ Information System and Related Business Processes Relevant to Financial Reporting and Communication
§ Control Activities
§ Monitoring of Controls

CONTROL ENVIRONMENT
§ sets the tone of an organization, influencing the control consciousness of its people
§ the foundation for all other components of internal control, providing discipline and structure
§ the collective effect on an entity’s board of directors, management, and owners on establishing, enhancing, or mitigating
the effectiveness of specific control policies or procedures

The control environment encompasses the following elements:

§ Communication and enforcement of integrity and ethical values.
§ Commitment to competence.
§ Participation by those charged with governance.
§ Management’s philosophy and operating style.
§ Organizational structure.
§ Assignment of authority and responsibility.
§ Human resource policies and practices.

ENTITY’S RISK ASSESSMENT PROCESS

§ forms the basis for how management determines the risks to be managed. If that process is appropriate to the
circumstances, including the nature, size and complexity of the entity, it assists the auditor in identifying risks of material
misstatement

INFORMATION SYSTEM
§ consists of infrastructure (physical and hardware components), software, people, procedures, and data

CONTROL ACTIVITIES
§ Control activities (or control procedures) are the policies and procedures that help ensure that management’s directives are
carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various
organizational and functional levels

Examples of specific control activities include those relating to the following:

§ Authorization
§ Performance reviews.
§ Information processing.
§ Physical controls.
§ Segregation of duties.

32 | P a g e
MONITORING OF CONTROLS
§ is a process that assesses the quality of internal control performance over time. Management should monitor controls to
determine whether they are operating effectively and to provide reasonable assurance that an entity’s objectives will be
achieved
§ Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular
management and supervisory activities
§ In many entities, internal auditors or personnel performing similar functions contribute to the monitoring of an entity’s
activities. These are examples of separate evaluations

MATERIAL WEAKNESS IN INTERNAL CONTROL

§ The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has identified a material weakness
in the design, implementation or maintenance of internal control

The types of material weaknesses in internal control that the auditor may identify when obtaining an understanding of the entity and
its internal controls may include:

§ Risks of material misstatement that the auditor identifies and which the entity has not controlled, or for which the relevant
control is inadequate
§ A weakness in the entity’s risk assessment process that the auditor identifies as material, or the absence of a risk
assessment process in those cases where it would be appropriate for one to have been established

Material weaknesses may also be identified in controls that prevent, or detect and correct, error, or those to prevent and detect
fraud

AUDIT ASSERTIONS

The general financial statement assertions in an audit of financial statements include:

§ Existence
§ Occurrence
§ Completeness
§ Rights and Obligations
§ Valuation or allocation
§ Accuracy
§ Cutoff
§ Classification
§ Presentation and Disclosure

CLASSIFICATIONS OF AUDIT ASSERTIONS

ASSERTIONS ABOUT CLASSES OF TRANSACTIONS AND EVENTS FOR THE PERIOD UNDER AUDIT

These are assertions that pertain to the transactions and events that occurred for the period under audit and include:

§ Occurrence. The occurrence assertion relates as to whether transactions and events that have been recorded have actually
occurred and pertain to the entity. For example, if management presents in its income statement that there have been
P1,000,000 in total sales for the period, they assert that all the sales transactions totaling to P1,000,000 have actually
occurred during the period and were valid transactions.

§ Completeness. The completeness assertion relates as to whether all transactions and events that occurred during the
period and that should have been recorded have bee recorded. Therefore, if a client fails to record a valid revenue
transaction, the revenue account will be understated. It should be noted that the auditor’s concern with the completeness
assertion is the opposite of the concern for the occurrence transaction. If the company fails to meet the completeness
assertion, the result is an understatement. On the other hand, if a company records an invalid transaction (or a transaction
that have not actually occurred), the result is an overstatement.

§ Accuracy. The accuracy assertion addresses whether amounts and other data relating to recorded transactions and events
have been recorded appropriately. Appropriate methods for recording a transaction or event are established by generally
accepted accounting principles. For example, if a company records the acquisition of a new equipment, its costs should
include its purchase price plus all reasonable costs to install it in order to conclude that the item has been recorded
accurately.

§ Cutoff. The cutoff assertion relates to whether transactions and events have been recorded in the correct accounting
period. In order to support this assertion, the auditor’s procedures must ensure that transactions occurring near year-end
are recorded in the financial statements in the proper period. Thus, if the auditor wants to test proper cutoff of revenue
transactions at December 31, 2010, the auditor’s objective is to determine that all 2010 sales have been recorded in 2010.
Additionally, the auditor should also ensure that no 2011 sales have been recorded in 2010 and that no 2010 sales have
been recorded in 2011.

33 | P a g e
 § Classification. The classification assertion is concerned with whether transactions and events have been recorded in the
proper accounts. For example, management asserts that all direct cost transactions related to inventory have been properly
classified in either inventory or part of cost of sales.

ASSERTIONS ABOUT ACCOUNT BALANCES AT PERIOD END

These are assertions that pertain to items of assets, liabilities, and equity that are presented in the balance sheet as of the period
end which include:

§ Existence. The existence assertion addresses whether assets, liabilities, and equity interests exist at the date of the
financial statements. For example, management asserts that inventory shown on the balance sheet exists and is available
for sale.

§ Rights and Obligations. The rights and obligations assertion relates whether the entity holds or controls the right to
assets, and liabilities are the obligations of the company. For example, management asserts that the entity has legal title or
ownership to the machinery shown on the balance sheet. Similarly, amounts recorded for loans payable reflect assertions
that the entity has an obligation to pay a loan to the bank or financial institution.

§ Completeness. The completeness assertions addresses whether all assets, liabilities, and equity interests that should have
been recorded have been recorded. For example, management implicitly asserts that the amount shown for accounts
receivable on the balance sheet includes all such rights of the entity with its debtors as of the balance sheet date.

§ Valuation and allocation. The valuation and allocation assertion relates to whether assets, liabilities, and equity interests
are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded. For example, management asserts that the inventory on the balance sheet is properly carried at the
lower of cost or market value, or that the accounts receivable are presented at net realizable value. Similarly, management
asserts that the cost of building and items of property, plant, and equipment is systematically allocated to appropriate
accounting periods through the recognition of depreciation expense.

ASSERTIONS ABOUT PRESENTATION AND DISCLOSURE

This classification of transactions relates to the presentation of information in the financial statements and disclosures in the notes to
financial statements that are directly related to a specific transaction or account balance and those that apply to the financial
statements in general.

§ Occurrence and Rights and Obligations. The assertions about occurrence and rights and obligations address whether
disclosed events, transactions, and other matters have occurred and pertain to the entity. For example, when management
presents capitalized lease transactions on the balance sheet as leased assets, the related liabilities as long-term debt, and
the related footnote, it is asserting that a lease transaction occurred, it has a right to the leased asset, and it owes the
related lease obligation to the lessor. Additionally, there is a footnote disclosure that provides additional information on the
lease such as future payments.

§ Completeness. The completeness assertion relates to whether all disclosures that should have been included in the
financial statements have been included. For example, management asserts that no material disclosures have been omitted
from the footnotes and other disclosures accompanying the financial statements.

§ Classification and Understandability. The assertions about classification and understandability relate to whether
financial information is appropriately presented and described, and disclosures are clearly expressed. For example,
management asserts that the portion of a long-term note payable shown as a current liability will mature in the current
year. Similarly, management asserts, through footnote disclosure, that all major restrictions on the entity resulting from
debt covenants are disclosed.

§ Accuracy and Valuation. The accuracy and valuation assertions relate to whether financial and other information are
disclosed fairly and at appropriate amounts. For example, when management discloses the fair value of financial
instruments, it is asserting that these financial instruments are properly valued in accordance with GAAP. In addition,
management may disclose in a footnote other information related to financial instruments

RELATIONSHIP BETWEEN AUDIT ASSERTIONS AND AUDIT OBJECTIVES

Audit assertions and audit objectives should be congruent with one another. This means that in an audit of financial statements,
audit assertions serve as the starting point of the auditor to identify the specific goals he or she has to accomplish in the conduct of
the audit. This makes audit assertions and audit objectives essentially similar with each other. The table below shows an example of
and the congruence between audit assertions and audit objectives in the audit of receivables.

34 | P a g e
 AUDIT ASSERTIONS AND RELATED AUDIT OBJECTIVES
IN THE AUDIT OF RECEIVABLES

AUDIT ASSERTIONS AUDIT OBJECTIVES

Existence To determine that accounts receivables exist at the balance sheet date

Occurrence To prove that all credit sales transactions pertaining to the accounts receivables that were
recorded in the period have actually occurred

Completeness To ensure that all credit sales transactions pertaining to the accounts receivables that
occurred during the period have been recorded completely

Rights (and Obligations) To prove that the company has ownership or rights to the accounts receivables

Valuation or Allocation To determine that the accounts receivables are properly valued at net realizable value

Accuracy To ensure that the computation of the accounts receivables and its valuation are accurate
and appropriately recorded

Cutoff To determine that all credit transactions to which the accounts receivables pertain to have
been recorded in the correct accounting period

Classification To see to it that accounts receivable are properly classified in the financial statements as
current assets

Presentation and Disclosure To find proof that all presentation and disclosure requirements pertaining to accounts
receivables have been presented and disclosed

AUDIT PROCEDURES
§ the scope of an audit refers to the audit procedures that, in the auditor’s judgment and based on the PSAs, are deemed
appropriate in the circumstances to achieve the objective of an audit
§ Audit procedures are the specific methods, techniques, or acts that the auditor uses to gather evidence in order to
determine the validity of the financial statement assertions. Professional judgment must be carefully used in determining
which audit procedure (or procedures) are most appropriate to increase the amount of evidence obtained, its
persuasiveness, and its ability to support or contradict assertions made by management

NATURE, TIMING, AND EXTENT OF AUDIT PROCEDURES

§ The nature of an audit procedure refers to its innate applicability in relation to the audit objective set for a particular
assertion. Professional judgment and common-sensical notion usually dictate what type of audit procedure (s) is (are)
applicable to gather evidence about a particular assertion
§ The timing of an audit procedure indicates when the audit procedure is likely to be performed by the auditor. If the auditor
assesses the risk of material misstatement as high and plans to conduct the audit more strictly, then audit procedures
would probably be conducted near the balance sheet date. Conversely, if the auditor expects a lower risk of material
misstatement and plans to conduct the audit less strictly, some audit procedures could be conducted at interim dates
§ The extent of the audit procedures relates to its ability to substantiate a particular assertion or class of transaction or
account balance. A stricter audit would necessitate more extensive audit procedures. Less extensive audit procedures would
be needed for an audit that is planned to be conducted less strictly

AUDIT PROCEDURES FOR GATHERING EVIDENCE

Audit procedures used to gather audit evidence are generally classified into two:

§ Audit procedures according to purpose; and

§ Audit procedures according to nature

AUDIT PROCEDURES ACCORDING TO PURPOSE

According to the PSAs, the auditor obtains audit evidence to draw reasonable conclusions on which to base the audit opinion by
performing audit procedures to:

§ Obtain an understanding of the entity and its environment, including its internal control, to assess the risks of material
misstatement at the financial statement level and assertion levels, These procedures are called as risk assessment
procedures. These are always performed by the auditor to provide a satisfactory basis for the assessment of risks at the
financial statement and assertion levels. However, risk assessment procedures by themselves do not provide sufficient
appropriate audit evidence on which to base the audit opinion and have to be supplemented by further audit procedures in
the form of tests of controls, when necessary, and substantive procedures. We have already discussed risk assessment
procedures in Risk Assessment and Materiality.

35 | P a g e
 § When necessary or when the auditor has determined to do so, test the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level. These procedures are referred to as tests of
controls. Tests of controls are necessary: (1) when the auditor’s risk assessment includes an expectation of the operating
effectiveness of controls, wherein the auditor is required to test those controls to support the risk assessment; and (2) when
substantive procedures alone do not provide sufficient appropriate audit evidence and the auditor is required to perform
tests of controls to obtain audit evidence about their operating effectiveness.

§ Detect material misstatements at the assertion level. These procedures are termed as substantive tests and include tests
of details of classes of transactions, account balances, and disclosures and substantive analytical procedures. Substantive
procedures are planned and performed by the auditor in order to be responsive to the related assessment of the risks of
material misstatement, which includes the results of tests of controls, if any. However, the auditor’s risk assessment is
judgmental and may not be sufficiently precise to identify all risks of material misstatement. Therefore, substantive
procedures for material classes of transactions, account balances, and disclosures are always required to obtain sufficient
appropriate audit evidence.

AUDIT PROCEDURES ACCORDING TO NATURE

§ Inspection. Inspection consists of examining records, documents, or tangible assets. In most audits, inspection of records
or documents makes up the bulk if the evidence gathered by the auditor. The records or documents inspected provides
audit evidence of varying degrees of reliability and persuasiveness depending on their nature and source and the
effectiveness of internal controls over their processing. Documentary evidence may be classified into three: (1)
documentary audit evidence created and held by third parties (purely externally-generated); (2) documentary audit
evidence created by third parties and held by the entity (external-internal evidence); and (3) documentary audit evidence
created and held by the entity (purely internally-generated). Inspection of tangible assets, on the other hand, provides audit
evidence with respect to their existence but no necessarily as to their ownership or value. In this case, other audit
procedures which would serve the objective of the auditor have to be conducted.

§ Observation. Observation consists of looking at a process or procedure being performed by others. The actions being
observed typically do not leave an audit trail that can be tested by examining records or documents. An example of this
audit procedure would be when the auditor observes the counting of inventories by the entity’s personnel.

§ Inquiry. Inquiry consists of seeking information of knowledgeable persons inside or outside the entity. It is an important
audit procedure that is used extensively throughout the audit and often complements other audit procedures. Inquiries may
be directed to management, the company’s personnel, internal auditors, in-house legal counsel, or others outside the entity
like banks, creditors, and the like. Inquiries may also range from formal written inquiries addressed to third parties to
informal inquiries addressed to persons inside the entity. Responses to these inquiries provide the auditor with information
not previously possessed or with corroborative (supporting) audit evidence.

§ Confirmation. Confirmation is a more formal type of inquiry and consists of the response to an inquiry made by a third
party to corroborate information contained in the accounting records. Examples are the confirmation requests sent to the
debtors of the company when auditing accounts receivable or the standard confirmation request sent to the bank when
auditing the company’s cash in bank.

§ Computation or Recalculation. Recalculation consists of checking the mathematical accuracy of documents or records or
account balances. Examples of this audit procedure include recalculation of depreciation expense on fixed assets and
recalculation of accrued interest. Recalculation also includes footing, crossfooting, reconciling subsidiary ledgers to account
balances, and testing postings from journals to ledgers.

§ Reperformance. Reperformance is the auditor’s independent execution of procedures or controls that were originally
performed as part of an entity’s internal control. In simple language, reperformance means repeating a client activity. An
example of this is when the auditor reperforms the aging of accounts receivable to ensure accuracy of performance of client
personnel, or performing a “walkthrough” of a company’s sale or purchasing function.

§ Reconciliation. Reconciliation involves establishing agreements between two sets of independently maintained but related
records. An example of this is the preparation of a bank reconciliation or a more detailed proof of cash to reconcile the
balances in the bank statement and in the books of the entity.

§ Vouching. This procedure involves following a transaction back to supporting documents (“tracing back”) to establish the
existence or occurrence of recorded transactions. For example, a recorded purchase transaction in the purchase journal (an
accounting record) may be vouched with the related purchase invoice, receiving report, and purchase requisition
(supporting documents) to prove that the recorded transaction actually occurred. Note that the direction of audit testing in
vouching is from the accounting records to the supporting documents to support the existence or occurrence assertion.

§ Tracing. Tracing involves following a transaction forward through the accounting records to establish completeness of
transaction processing. The direction of the audit testing is from the supporting documents to the accounting records to
determine that the transactions have been recorded completely. For example, an auditor compares information on receiving
reports (which provides evidence that there were purchase transactions) to the purchases journal to prove that all valid
purchases were recorded completely in the accounting records.

36 | P a g e
 § Analytical Procedures. Analytical procedures consist of comparing relationships or determining the plausible relationships
that exist between data to determine the reasonableness of recorded amounts. It also involves ratio and trends analysis
including the resulting investigation of fluctuations and relationships that are inconsistent with other relevant information or
deviate from predicted amounts. The auditing standards require that analytical procedures should be applied at the
planning and overall review stage of the audit. The auditor may also choose, but is not required to, use analytical
procedures as substantive tests to provide evidence as to the reasonableness of the specified account balances.

SUMMARY OF AUDIT PROCEDURES BY CLASSIFICATION

AUDIT PROCEDURE RISK ASSESSMENT TESTS OF CONTROLS SUBSTANTIVE TESTS

PROCEDURES
Inquiry ● ● ●
Inspection ● ● ●
Observation ● ● ●
Reperformance ●
Confirmation ●
Recalculation ● ●
Analytical procedures ● ●

CLASSIFICATIONS OF AUDIT TESTS

Generally, audit tests performed by an auditor, aside from risk assessment procedures, particularly to obtain and evaluate audit
evidence, depend on the auditor’s purpose and can be classified into two: (1) compliance tests or tests of controls; and (2)
substantive tests.

COMPLIANCE TESTS OR TESTS OF CONTROLS

Tests of controls are conducted to provide reasonable assurance that accounting control procedures are being applied as prescribed.
Furthermore, these are conducted to assess the operating effectiveness of internal controls in the company and whether the control
procedures are being followed. This evaluation identifies the control procedures that can be relied on in the performance of
substantive tests.

Tests of controls may be directed at control procedures that leave no audit trail or those that leave an audit trail. An audit trail is a
processing sequence or path that allows for managers and auditors to “walk through” a particular transaction and ascertain as to
whether it has been executed properly following required policies and procedures set by the company. Audit trails are composed of
the source documents and accounting records that are used to track down and support transactions entered into by the company. If
a particular class of transaction leaves no audit trail, the auditor makes inquiries of personnel and observations of routines to
determine how control procedures are performed and who performs them. On the other hand, if a class of transaction leaves an
audit trail or documentary trail, the auditor inspects the documents to see whether a control procedures, such as approval or other
checking, was performed and who performed it as evidenced by signatures or initials.

SUBSTANTIVE TESTS

An auditor applies substantive tests when the auditor’s purpose is to determine whether the peso amount of an account is properly
stated. Substantive tests have two general categories: (1) Tests of details of transactions or balances; and (2) Analytical procedures.

Tests of details of transactions or balances involve obtaining audit evidence on the items or details involved in a class of
transactions or a particular account balance. Analytical procedures involve the study and comparison of relationships among
accounting data and related information.

Examples of analytical procedures are as follows:

§ Comparing inventory levels for the current year to that of prior years
§ Comparing research and development expense with the budgeted amount
§ Comparing interest expense with the average outstanding balance of the interest-bearing debt
§ Comparing client’s gross profit percentage to published industry averages
§ Comparing production records in units with sales

CONCEPTS ON AUDIT EVIDENCE

DEFINITION OF AUDIT EVIDENCE

Audit evidence is all the information used by the auditor in arriving at the conclusions on which the audit opinion is based. This is
how audit evidence is defined as per the new auditing standards. In the old auditing standards, audit evidence only constitute
accounting records and other corroborating information that the auditor obtains and evaluates to support a basis for the audit
opinion. The new auditing standards have expanded the definition of audit evidence which includes all the information obtained and
evaluated by the auditor in the audit, provided they are both relevant and reliable. Audit evidence comprises both information that
supports and corroborates management’s assertions, and any information that contradicts such assertions.
37 | P a g e
AUDIT EVIDENCE IS NECESSARY TO SUPPORT THE AUDIT OPINION

Always bear in mind that without audit evidence, the auditor will have no basis for the audit opinion in the audit report. Most of the
auditor’s work in forming the audit opinion consists of obtaining and evaluating audit evidence. This is why obtaining and evaluating
audit evidence is considered to be the bulk of the auditor’s work since through this the auditor will be able to gather proof that
supports or contradicts the assertions in the financial statements and express an opinion on the fairness with which the financial
statements are prepared and presented.

AUDIT EVIDENCE IS CUMULATIVE IN NATURE

Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It
may, however, also include information obtained from, e.g., previous audits and a firm’s quality control procedures for client
acceptance and continuance. The entity’s accounting records are an important source of audit evidence along with other sources
inside and outside the entity.

SOURCES OF AUDIT EVIDENCE

Management is responsible for the preparation of the financial statements based upon the accounting records of the entity. Some
audit evidence is obtained by performing audit procedures to test the accounting records, e.g., through analysis and review,
reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same
information. Through the performance of such audit procedures, the auditor may determine that the accounting records are
internally consistent and agree to the financial statements.

More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature
than from items of audit evidence considered individually. For example, corroborating information obtained from a source
independent of the entity may increase the assurance the auditor obtains from evidence existing within the accounting records or
from representations made by management.

Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from
third parties, analysts’ reports, and comparable data about competitors (benchmarking data)

COMPETENCE AND PERSUASIVENESS OF AUDIT EVIDENCE

As provided by the Framework for Assurance Engagements, evidence should possess two qualities in an audit: sufficiency and
appropriateness. Note that both of these characteristics should be present. That is why in audit we always use the phrase sufficient
appropriate audit evidence. A great number of evidence may be obtained by the auditor but these might not be appropriate.
Similarly, the auditor might be able to gather very appropriate evidence but not enough to substantially support or contradict an
assertion. When evidence is both sufficient and appropriate, that evidence is said to be competent.

Another general characteristic that makes evidence competent is its persuasiveness. Persuasiveness is the evidence’s ability to
enable the auditor to make a decision regarding the reasonableness of the information in the assertions being represented by
management that would potentially affect the opinion to be included in the audit report

Generally, when we consider documentary evidence, the most persuasive type of evidence are those that are purely externally-
generated, while the least persuasive are those that are purely internally-generated

SUFFICIENCY OF AUDIT EVIDENCE

Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the risks of
misstatement and also by the quality of such audit evidence. Therefore, the greater the risk of material misstatement, the more
audit evidence is likely to be required to reduce audit risk to an acceptably low level. Similarly, the higher the quality of audit
evidence, the less evidence may be required to meet the audit test. Obtaining more audit evidence, however, may not compensate
for its poor quality

APPROPRIATENESS OF AUDIT EVIDENCE

Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for,
or detecting misstatements in, the financial statements. The reliability of evidence is influenced by its source and by its nature, and
is dependent on the individual circumstances under which it is obtained. Evidence, regardless of its form, is considered competent
when it provides information that is both relevant and reliable.

In order for audit evidence to be appropriate and competent, it has to satisfy certain factors:

§ Relevance of the evidence to the assertion being tested. The audit evidence must be relevant to and must either be
able to support or contradict the assertion being tested.

§ Objectivity of the evidence. Evidence can be objective or subjective. In general, the more objective the evidence is, the
more competent and reliable it is. The greater the amount of judgment required on the part of the provider of the
information, the more subjective the information will be, and generally, the more subjective the evidence is, the less reliable
it is.

38 | P a g e
 § Qualifications of the provider of the evidence. The source of the evidence or information should also be taken into
consideration in determining the competence or reliability of the evidence.

§ Timeliness of the evidence. The evidence must be able to provide information about the assertion during the period
under audit. Audit evidence must be able to provide evidence about an assertion in the time period that evidence is needed

AUDIT DOCUMENTATION

Audit documentation serves as the auditor’s principal record of the work performed and the basis for conclusions in the audit report.
This serves as proof that the auditor indeed has conducted the audit and also contains supporting evidence on how the auditor was
able to arrive at the conclusions and opinion in the audit report. Audit documentation also facilitates the planning, performance, and
supervision of the audit and provides the basis for the review of the quality of work by providing the reviewer with written
documentation of the evidence supporting the auditor’s significant conclusions

CLASSIFICATION OF WORKING PAPERS

PERMANENT FILE

The permanent file consists of working papers that are intended to contain historical or continuing nature or information pertinent to
the current audit. These files provide a convenient source of information about the audit that is of continuing interest from year to
year.

Examples of information which may be included in the permanent file are:

§ Copies of, or excerpts from, the corporate charter

§ Chart of accounts
§ Organizational chart
§ Accounting manual
§ Copies of important contracts
§ Documentation of internal control (for example, flowchart)
§ Terms of stock and bond issues
§ Prior years’ analytical procedure results

CURRENT FILE

The current file consists of working papers that contain evidence gathered, descriptions of auditing procedures performed, and
conclusions reached relevant to the audit of a particular year.

The current file working papers are usually arranged in the following order:

§ Working (Top) Trial Balance. This includes a list of all financial statements account balances before adjustments, as well
as proposed adjusting and reclassifying entries, relating those balance to the audited financial statements.

§ Proposed adjusting and reclassifying entries. When the auditor discovers material misstatements in the accounting
records, the financial statements must be corrected. However, the auditor will not be the one to automatically correct them;
the client must approve the corrections because management has primary responsibility for the fair presentation of the
financial statements. Reclassification entries are frequently made in the statements to present accounting information
properly, even when the general ledger balances are correct.

§ Lead schedule. These are working papers prepared to combine similar accounts. For example, the company’s accounts
with three different banks are summarized in the lead schedule and forwarded to the working trial balance as a single
account – Cash in bank.

§ Supporting schedules. The largest portion of the working papers includes the detailed schedules prepared by auditors in
support of the specific amounts in the financial statements

ASSEMBLY OF THE FINAL AUDIT FILE

§ The auditor should complete the assembly of the final audit file on a timely basis after the date of the auditor’s report
§ The Philippine Standards on Quality Control (PSQC 1) requires firms to establish policies and procedures for timely
completion of audit files. As PSQC 1 indicates, sixty (60) days after the date of the auditor’s report is ordinarily an
appropriate time limit within which to complete the assembly of the final audit file
§ After the assembly of the final audit file has been completed, the auditor should not delete or discard audit documentation
before the end of its retention period. As PSQC 1 indicates, the retention period for audit engagements ordinarily is no
shorter than five years from the date of the auditor’s report, or, if later, the date of the group auditor’s report

OWNERSHIP AND CUSTODY OF WORKING PAPERS

Section 29 of RA 9298 or the Philippine Accountancy Act of 2004 specifies the legal provisions on the ownership and custody of audit
working papers:

39 | P a g e
“All working papers, schedules and memoranda made by a certified public accountant in public practice and his staff in the course of
an examination, including those prepared and submitted by the client, incident to or in the course of an examination, by such
certified public accountant, except reports submitted by a certified public accountant to a client shall be treated confidential and
privileged and remain the property of such certified public accountant in the absence of a written agreement between the certified
public accountant and the client, to the contrary, unless such documents are required to be produced through subpoena issued by
any court, tribunal, or government regulatory or administrative body.”

TYPES OF OPINION AND REQUISITE CIRCUMSTANCES

UNMODIFIED OPINION

This is an opinion in which the auditor concludes that the financial statements present fairly the financial position, results of
operations, and cash flows consistently in all material respects, in accordance with the identified financial reporting framework.

This opinion is issued when:

§ The audit has been performed in accordance with GAAS

§ The financial statements are presented fairly and in conformity with the applicable financial reporting framework and include
all disclosures necessary to make the statements not misleading

QUALIFIED OPINION (Modified Opinion)

This is an opinion in which the auditor states that “except for” the effect of the matter to which the qualification relates, the
financial statements present fairly the financial position, results of operations, and changes in financial position in conformity with the
applicable financial reporting framework consistently applied.

This opinion is issued when the auditor concludes that an unmodified opinion cannot be expressed but that the effect of any
disagreement with management, or limitation on scope is not so material and pervasive as to require an adverse opinion or a
disclaimer of opinion. Note that the PSAs specify that the phrase “except for” should be used when the auditor qualifies an opinion.

In summary, a qualified opinion is expressed when the following situations are met, and when they are judged to be material but
not pervasive (or immaterial):

§ Departure from the applicable financial reporting framework

§ Disagreement with management
§ Limitation on scope

ADVERSE OPINION (Modified Opinion)

This opinion states that the financial statements do not present fairly the financial position, results of operation, or changes in
financial position of the company in conformity with the applicable financial reporting framework.

This opinion is expressed when the effect of a departure from GAAP or a disagreement with management is so material and
pervasive to the financial statements that the auditor concludes that a qualification of a report is not adequate to disclose the
misleading or incomplete nature of the financial statements.

In summary, an adverse opinion is expressed when the following situations are met, and when they are judged to be highly
material and pervasive (or material):

§ Departure from the applicable financial reporting framework

§ Disagreement with management

DISCLAIMER OF OPINION

This opinion is a statement by the auditor that an opinion cannot be expressed on the financial statements. This opinion is expressed
when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain
sufficient appropriate audit evidence and accordingly is unable to express an opinion on the financial statements. Another
circumstance that leads to a disclaimer of opinion is when the auditor is not entirely independent of the client.

PIECEMEAL OPINION

A piecemeal opinion is an expression of opinion as to certain identified items in the financial statements when the auditor either
disclaimed an opinion or expressed an adverse opinion on the financial statements taken as a whole.

It should be emphasized that the expression of a piecemeal opinion is now prohibited since in an audit, the audit opinion is
expressed on the financial statements taken as a whole. Furthermore, a piecemeal opinion tends to overshadow or contradict a
disclaimer of opinion or an adverse opinion. Therefore, it is considered inappropriate and should not be issued in any situation

40 | P a g e
DEVIATIONS FROM AN UNMODIFIED OPINION: MATERIALITY AND PERVASIVENESS

From the types of opinion discussed above, we will notice that there four general situations that would preclude the auditor from
issuing an unqualified opinion. These are:

§ Departure from GAAP, or deviations from a particular accounting standard or treatment as provided by the Philippine
Financial Reporting Standards (PFRS)
§ Disagreement with management, or inconsistencies in accounting treatments made by management from those
suggested by the auditor or the PFRS
§ Limitation on scope, which may be client-imposed or imposed by the circumstances; this exists when the auditor is
unable to accumulate all the evidence required by GAAS and therefore precludes the auditor from conducting an effective
audit and issuing an unqualified opinion
§ Lack of independence, when the auditor believes or is viewed that there are conflicts of interest that precludes him from
being entirely independent of the client

Drawing on the four instances mentioned, an auditor decides to issue a modified opinion – qualified or adverse, or a
disclaimer of opinion depending on two factors: materiality and pervasiveness.

MATERIALITY AND PERVASIVENESS

As discussed previously, materiality is viewed as a threshold or cutoff point rather than a mere quantitative figure that aids
users in making decisions. It should be noted that materiality is a matter of professional judgment.

In the issuance of an audit report, the auditor determines the materiality and pervasiveness of a particular deviation from an
unqualified opinion before issuing a modified opinion or a disclaimer of opinion.

A particular information, situation, or circumstance is said to be pervasive when it renders the financial statements misleading
when taken as a whole. Pervasiveness greatly affects the materiality or immateriality of a particular item or situation which leads
to a modified opinion or disclaimer of an opinion

MODIFICATIONS TO THE INDEPENDENT AUDITOR’S REPORT

PSA 705 “Modifications to the Opinion in the Independent Auditor’s Report” deals with the auditor’s responsibility to issue an
appropriate report in circumstances when a modification to the auditor’s opinion on the financial statements is required. The
requirements and guidance in this PSA are established in the context of engagements to report on general purpose financial
statements prepared and presented in accordance with a fair presentation framework. However, in the context of an engagement to
report on special purpose financial statements or specific elements, accounts or items of a financial statement, or when the
applicable financial reporting framework is a compliance framework, these requirements and guidance equally apply, adapted as
necessary.

In the course of performing an audit, the auditor may encounter conditions that may require modification of the audit report. An
auditor’s report is considered to be modified in the following situations:

1. Matters that Do Not Affect the Auditor’s Unmodified Opinion

2. Matters that Affect the Auditor’s Unmodified Opinion or Circumstances Requiring Modification of Auditor’s Report

MATTERS THAT DO NOT AFFECT THE AUDITOR’S UNMODIFIED OPINION

In certain circumstances, an auditor’s report may be modified by including an additional paragraph to highlight an item that is
usually disclosed in the notes to financial statements. However, it should be emphasized that the addition of such paragraph
does not negate the auditor’s unqualified opinion. Instead, it is used only to draw the attention of financial statement readers on an
important matter affecting the financial statements.

EMPHASIS OF MATTER PARAGRAPH

If the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in the financial statements that, in
the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the financial statements, the auditor
shall include an emphasis of matter paragraph in the auditor’s report provided the auditor has obtained sufficient appropriate
audit evidence that the matter is not materially misstated in the financial statements. Such a paragraph shall refer only to
information presented or disclosed in the financial statements.

When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
1. Include it immediately after the opinion paragraph in the auditor’s report;
2. Use the heading “Emphasis of Matter” or other appropriate heading;
3. Include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures that fully
describe the matter can be found in the financial statements; and
4. Indicate that the auditor’s opinion is not modified in respect of the matter emphasized

41 | P a g e
The rationale of placing the emphasis of matter after the opinion paragraph is to emphasize that the additional information or
disclosure notwithstanding, the report is still unqualified as what audit clients ordinarily would expect and want the report to be.

Moreover, PSA 706 requires the auditor’s report to include an emphasis of matter paragraph under the following circumstances:

§ Early application of a new accounting standard

§ A major catastrophe with significant effect on the entity’s financial position
§ Going concern uncertainty and other uncertainties relating to exceptional litigation or regulatory action (PSA 570)
§ Financial statements prepared using Special Purpose Financial Reporting Frameworks (PSA 800)

OTHER MATTER PARAGRAPH

If the auditor considers it necessary to communicate a matter other than those that are presented or disclosed in the
financial statements that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities
or the auditor’s report and this is not prohibited by law or regulation, the auditor shall do so in a paragraph in the auditor’s report,
with the heading “Other Matter” or other appropriate heading. The auditor shall include this paragraph immediately after the
opinion paragraph and any Emphasis of Matter paragraph, or elsewhere in the auditor’s report if the content of the Other Matter
paragraph is relevant to the Other Reporting Responsibilities section.

Moreover, PSA 706 requires the auditor’s report to include an other matter paragraph under the following circumstances:

§ Reporting on comparatives (PSA 710)

§ Material inconsistency exists between other information and the audited financial statements (PSA 720)
§ Restriction on distribution or use of the auditor’s report (PSA 800, 805, 810)
§ Reporting on financial statements prepared using more than one financial reporting frameworks

MATTERS THAT AFFECT THE AUDITOR’S UNMODIFIED OPINION

The unmodified opinion may be issued only when the following conditions have been met:

1. The financial statements are fairly stated in accordance with PFRS.

2. The audit was performed in accordance with PSA, with no significant scope limitations that prevented the auditor from
obtaining sufficient appropriate evidence.

Material departure from these conditions would result to a modification of the auditor’s opinion.

According to PSA 705 “Modifications to the Opinion in the Independent Auditor’s Report”, an auditor may not be able to express an
unmodified opinion when there is a disagreement with management regarding accounting policies or when there is a limitation on
the scope of the auditor’s examination.

Specifically, PSA 705 provides that the auditor shall modify the opinion in the auditor’s report when:
a. The auditor concludes that, based on the audit evidence obtained, the financial statements as a whole are not free from
material misstatement; or
b. The auditor is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are
free from material misstatement

BASIS FOR MODIFIED OPINION PARAGRAPH

When the auditor expresses an opinion that is other than unmodified, a separate paragraph called the basis for modified
opinion paragraph should be included and placed before the opinion paragraph in the audit report. The rationale for this
placement is that the audit client is first informed of the necessary circumstance that warranted a modified opinion before the
modified opinion if expressed

SCOPE LIMITATION

Scope limitations arise when the auditor is unable to perform necessary audit procedures or the auditor is unable to gather
sufficient appropriate evidence about an assertion.

A limitation on the scope of the auditor’s work may be:

§ imposed by the entity, for example, when the client prevents the auditor from carrying out the necessary audit
procedures; or
§ imposed by circumstances, for example, inadequacy of the client’s accounting records

A limitation of the scope of the auditor’s examination will result to either qualified or a disclaimer of opinion depending on the
materiality and pervasiveness of the scope limitation.

BASIC CONCEPTS TO AN UNDERSTANDING OF AUDITORS’ LIABILITY INCLUDES

a. Due professional care
b. Sources of responsibility

42 | P a g e
 c. Degree of wrongdoing
d. Lack of privileged communication
e. Liability for acts of others

DUE PROFESSIONAL CARE

There is agreement within the profession and courts that the auditor is not a guarantor of statements’ accuracy. Auditors are not
infallible and can make errors in judgment. But auditors are expected to exercise the same reasonable care with which others in the
profession would perform in similar circumstances. This is frequently referred to as exercising due professional care. This standard of
due care to which the auditor is expected to be held is often referred to as prudent person concepts.

SOURCES OF RESPONSIBILITY

The auditor’s legal responsibilities to others are established by their common law or statutory law.

Common laws are laws that have been developed through court decisions rather than through government statutes. An example is
an auditor’s liability to a bank related to the auditor’s failure to discover material misstatements in financial statements that was
relied on in issuing a loan.

Statutory laws refer to the body of laws passed by legislative bodies such as CONGRESS. For example, auditors for an entity selling
securities under the Securities Act owe a statutory duty to a purchaser of those securities.

DEGREE OF WRONGDOING

<----------------------- DEGREE OF WRONGDOING ----------------------->

NONE NEGLIGENCE GROSS NEGLIGENCE OR FRAUD
CONSTRUCTIVE FRAUD
Auditors perform Auditors issue report on
appropriate audit and issue financial statements with the
appropriate report intent to deceive

At one extreme, auditors perform an appropriate audit and issue an appropriate report. Hence, the auditors have no degree of
wrongdoing. Auditors who commit fraud are at the other extreme because they know the financial statements are misstated but do
not take appropriate action to report the misstatements. Courts consider fraud as maximum wrong that auditor’s can do. Courts
traditionally use the legal concept of scienter or the knowledge of the falsity on the part of the person making the statement, to
differentiate fraud from other degree of wrong doing.

The courts have identified 2 degrees of wrong doing – negligence (ordinary) and gross negligence. Ordinary negligence implies
absence of reasonable care that can be expected of a person in a set of circumstances. Auditors are guilty of ordinary negligence if
they do not do what reasonably prudent auditors should do in the circumstances. Auditors are guilty of gross negligence if they
consistently fail to follow the standards of profession on an engagement.

LACK OF PRIVILEGED COMMUNICATION

CPAs shall not disclose any confidential information without the specific consent of the client. Permission however is not required
from the client if the working papers are subpoenaed by a court.

Legally, information is called privileged if legal proceedings cannot require a person to provide the information, even if there is a
subpoena.
Under common law, information obtained by a CPA from client is not privileged.

LIABILITY FOR ACTS OF OTHERS

The partners of CPA firm are jointly liable for civil actions against a partner. They are also liable for work of others such as their
employees, other CPA firms engaged to do part of the work and specialists called upon to provide technical information.

LEGAL LIABILITY OF THE INDEPENDENT AUDITOR

AUDITOR’S LIABILITY TO CLIENTS

A CPA is obliged to exercise due professional care during the engagement including adherence to professional standards and ethics.
Failure by the CPA to exercise this degree of care may constitute negligence and breach of contracts to render professional service.

An honest error does not constitute negligence on the part of a CPA so long as he has exercised due professional care.

While the basic purpose of an audit render an opinion on the fairness of the financial statements and not to detect fraudulent acts by
employees, if an undetected fraud is so widespread and of such magnitude as to cause the financial statement to be materially
misstated, the argument may be advanced that the auditor’s procedures were clearly inadequate and that the auditor was negligent.

In the event that the auditor is found negligent, a client is entitled to recover any losses to which the auditor’s negligence was
proximate cause. The client may also recover the audit fee because of the auditor’s breach of contract.

43 | P a g e
Auditor’s Defense:
Under common law, CPA firm can use one or a combination of five defenses when there are legal claims by clients. These are:
1. The CPA firm can claim there was no implied or expressed contract to perform the service. This is referred to as lack of duty
to perform the services.
2. The audit was performed using reasonable care or lack of reasonable care did not cause damages.
3. The reliance on the financial statements did not cause the loss. This is also referred to as absence of causal connection
4. In cases in which a tort is involved, auditors in some jurisdiction can claim contributory negligence (that the client’s own
actions contributed to the loss)
5. The statute of limitations on the action has expired.

AUDITOR’S LIABILITY TO THIRD PARTIES

Creditors, investors and other third parties also rely upon the auditor’s work when they place confidence in audited FS. Independent
auditors are liable to all foreseeable third parties for losses which are caused by the auditor’s fraud or gross negligence. Failure of the
auditor to detect a widespread fraud also constitutes negligence.

Auditor’s Defense:
Auditors have four defenses in third party lawsuits. These are:
1. The preferred defense in third party lawsuits is nonnegligent performance. If the audit was conducted in accordance with
GAAS, the other defenses are unnecessary.
2. A lack of duty defense can also be used. This defense contends lack of privity of contract. Privity of contract means
limitations of liability to the parties to a given contract. Under privity, the CPA is not liable to third parties for ordinary
negligence.
3. Absence of causal connection. This means that third party must be able to prove that there is a close causal connection
between the auditor’s breach of standard of due care and the damages suffered by the third party. This could also be
construed as nonreliance on the FS by the user.
4. The statute of limitations on the action has expired.

MINIMIZING EXPOSURE TO LEGAL LIABILITY

In the light of the auditor’s extensive exposure to obligation, public accounting firms must take positive action to withstand the
threat of legal liability. Among these actions are:
1. Emphasize compliance with GAAS, CPE and where appropriate GAAP.
2. Thoroughly investigate prospective clients. Avoid taking on clients when there are indications of deliberate management
misrepresentation. Evaluate whether a client has the necessary integrity.
3. Avoid companies and industries in which the risk of litigation is high.
4. Exercise extreme care in the audit of clients in financial difficulties.
5. Establishing and following appropriate quality control procedures over all audit work.
6. Use engagement letters which clearly point out to the client the scope of the auditor’s services and responsibilities on a
particular engagement
7. Conduct audit with appropriate professional skepticism
8. Provide the opportunity for auditor to consult with more experienced auditors about difficult issues.
9. Maintain adequate professional liability insurance coverage. This is however not a common practice in the Phils.
10. Seek legal counsel whenever serious problems occur.

SALES AND CASH RECEIPTS TRANSACTIONS

A. THE NATURE OF THE REVENUE/RECEIPT CYCLE, INCLUDING THE FLOW OF INFORMATION THROUGH CUSTOMER ORDER,
CREDIT, INVENTORY CONTROL, SHIPPING, BILLING, RECORDING, AND CASH COLLECTION
1. The nature of the revenue/receipt cycle
• This cycle encompasses both the sale of goods or services, and the collection of cash
• The cycle is related to each of the other three transaction cycles since it
Ø Receives resources and information provided by the financing and conversion cycles, and
Ø Provides resources and information to the expenditure/disbursement cycle
• Common activities
Ø Customer order, the cycle begins when the customer’s order is received by fax, mail, e-mail, telephone, or EDI
ü A prenumbered sales order describing the goods, price, quantity, and terms is prepared by the order
department
Ø Credit approval
ü The customer’s credit is reviewed prior to approval by the credit department
Ø Inventory control
ü Goods are released for shipment and are accompanied by a copy of the sales order, approved by an employee
authorized to release goods from inventory
Ø Shipping
ü Goods received from inventory are compared with the sales order and a shipping document is prepared
ü When the shipper picks up the goods, shipping department personnel receive a receipt
Ø Recording
ü A copy of the shipping document and sales order are sent to Billing and an invoice is generated
ü Invoices are sent to the customer, Inventory Accounting, General Accounting, and Accounts Receivable for
recording

44 | P a g e
 ü Sometimes a remittance advice will be prepared and included with the customer copy of the invoice; used by
the customer when remitting payment
Ø Cash collection
ü Incoming checks are listed immediately and restrictively endorsed
ü One copy of the listing is sent to Accounts Receivable for posting to individual customer accounts
ü The checks and another copy of the list are sent to Cash Receipts for deposit and updating of cash records
Ø Sales return
ü Personnel independent of cash collection and recording should review customer requests for adjustments on
returned goods
ü An approved request is documented as a credit memorandum
ü Returned goods are handled through the Receiving department and returned to the warehouse along with a
receiving report
ü Inventory Control personnel match the receiving report with a copy of the credit memorandum
Ø Allowance for uncollectible accounts
ü Delinquent accounts should be reviewed periodically by personnel who report to the treasurer and are
independent of recording functions

1. Internal control objectives and potential errors or frauds

• Transaction Authorization
Ø Before accepting a customer’s sales order, the customer’s credit should be approved, guarding against shipments
made to poor credit risk customers, potentially resulting in uncollectible receivables
Ø Management should establish unit prices and sales terms that are consistent with the company’s revenue
objectives and cash flow needs
Ø Management should establish written policies for sales-related deductions and adjustments
Ø Forms should be numbered and controlled
• Transaction Execution
Ø Goods should be shipped on a timely basis
Ø Following shipment, customers should be billed promptly avoiding losses arising from unbilled shipments or from
delayed cash collections
Ø Management should establish policies for scheduling prompt shipment and for verifying that ordered products are
in stock
Ø Management should establish procedures to investigate unbilled shipments promptly
Ø Management should require prenumbered shipping documents, periodically assuring that all sequentially numbered
documents result in timely billing
• Recording
Ø All sales, cash receipts, and related transactions should be recorded at correct amounts, in the proper period, and
be classified properly within the accounts
Ø Management can control the recording function by establishing written procedures, reconciling control totals and
periodically comparing actual results with budgets, if available
Ø Management should also establish procedures to assure that recorded receivables balances fairly reflect the
underlying transactions and events they represent
Ø To control the recording of receivables, management could periodically substantiate and evaluate individual
customer balances and reconcile supporting detailed ledgers to the general ledger
• Access to Assets
Ø Within the revenue/receipt cycle, management attempts to safeguard assets by restricting access to cash and
cash-related records, controlling against loss or diversion and against misstated cash balances
Ø Management could establish procedures to prenumber and control remittance advices, prepare separate lists of
incoming mail receipts, and periodically reconcile cash receipts records to deposit slips and bank statements
Ø Management should also limit physical access within Shipping, Billing, and Inventory Control, primarily to avoid the
misappropriation of assets between or among related departments

B. AN AUDITOR’S ASSESSMENT OF CONTROL RISK AND AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING FOR SALES
AND CASH RECEIPTS TRANSACTIONS
1. Considering internal control in a financial statement audit
• An auditor’s consideration of internal control includes understanding the controls, performing tests of controls, and
assessing control risk
• An auditor obtains this understanding to
Ø Plan the audit
Ø If the company is public, to audit internal control over financial reporting
• Perform a review of Section 404 (Sarbanes-Oxley) documentation
Ø Section 404 documentation is prepared by management to document internal control
Ø Section 404 documentation is extensive
Ø Non-public companies are not required to prepare this documentation
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through

45 | P a g e
 Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
2. Tests of controls: Credit sales and cash collections
• Considerable effort is usually directed at testing controls over sales, receivables, and cash receipts since this represents a
large volume of transactions for most entities
• Tests of sales activity focus on whether sales are properly authorized, executed, and recorded
• Tests of cash collections focus on whether cash receipts are properly recorded and promptly deposited
• Tests of controls over returns, allowances, and uncollectible accounts focus on proper authorization and recording
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
• Shipping presents two major risks for errors or fraud
Ø Goods may be shipped without authorization, or
Ø Shipped goods may not be billed and recorded at all
Ø Tests of controls are intended to determine whether shipments are made only in accordance with approved sales
orders and whether shipments have been billed and recorded properly
• Billing
Ø Tests of controls focus on whether billed goods have actually been shipped and whether bills are accurate
• Recording
Ø Tests of controls focus on whether details are summarized, periodically reconciled, and accurately posted to sales
journals, to the accounts receivable ledgers, and to the general ledger
• Cash collection is particularly susceptible to frauds
Ø Tests of controls over cash collections are designed to detect misappropriation of cash receipts and lapping
ü Lapping is a fraud that conceals cash shortages resulting from delays in recording cash collections
• Sales returns and allowances
Ø Tests of controls focus on whether credit memoranda are approved and recorded properly
• Uncollectible accounts
Ø Tests of controls focus on whether write-offs are properly authorized and recorded
3. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests of sales, receivables, and cash,
or
Ø Assess control risk at the maximum and expand substantive testing

ACCOUNTS RECEIVABLES AND CASH BALANCES

THE RELATIONSHIP BETWEEN FINANCIAL STATEMENT ASSERTIONS AND AUDIT PROCEDURES IN THE AUDIT OF RECEIVABLES AND
CASH BALANCES
1. Each assertion can be translated into an audit objective for which auditors design procedures to obtain evidence
• Existence (whether all recorded sales, receivables, and cash balances actually exist and whether all recorded transactions
actually occurred) is tested by
o Confirming accounts receivable with customers
o Confirming bank balances
o Physically observing and counting cash on hand
§ Completeness (all transactions that should be presented are included) is tested by
o Cutoff testing
o Application of analytical procedures (for example comparing sales and receivables)
o Examining bank reconciliations
• Rights and obligations (represent the true rights or obligations of the entity) is tested by
o Confirmations with debtors and banks
• Valuation (valued or allocated appropriately in accordance to GAAP) is tested by
o Verifying mathematical accuracy
o Confirmations with debtors and a review of the collectibility of the receivables
o Adequacy of allowance for doubtful accounts and verifying the accuracy of the aged trial balance
• Presentation and disclosure (presented and disclosed properly within the financial statements) is tested by
o Comparison of client financial statements with authoritative guidelines
• The audit procedures applied to each area and account in the revenue/receipt cycle are summarized in Figure 11-1

THE RELATIONSHIP AMONG AUDIT RISK, CLIENT STRATEGIES, AND THE NATURE, TIMING, AND EXTENT OF SUBSTANTIVE TESTS
1. The nature, timing, and extent of the substantive work
• Substantive tests are planned based on the evaluation of the tests of controls of the revenue/receipt cycle and the
relationship between inherent, control, and detection risk
• Detection risk is the likelihood that error could occur and not be detected by audit procedures, which is based on the
auditor’s interim assessments of two other risks
Ø Control risk is the likelihood that material error could occur and not be detected by internal control, and

46 | P a g e
 Ø Inherent risk is the susceptibility of an account balance to material error for which there is no related internal
control
• Given a certain level of control risk and inherent risk, and a desire to hold audit risk at a minimum, the auditor will
determine the level of detection risk and design audit procedures to reach that level
Ø For example, if detection risk is set at 10% on the current year audit, versus it being set at 5% for the prior year,
the auditor will need to collect relatively less audit evidence in the current year since he is willing to take more risk
of errors occurring and not being detected by audit tests

C SUBSTANTIVE TESTS APPLICABLE TO ASSERTIONS ABOUT SALES, ACCOUNTS RECEIVABLE, AND CASH BALANCES

1. Accounts receivable and sales

• Verify mathematical accuracy to support the valuation assertion
• Confirm year-end accounts and notes receivable balances with debtors to support the existence and rights and obligations
assertions
Ø Negative Confirmations request a customer/debtor respond to the auditor only if the balance in an attached
statement is incorrect
ü Appropriate when internal control is adequate, balances are small, and the auditor has no reason to believe
that debtors will not return the confirmation request
Ø Positive Confirmations request a customer/debtor to review the account balance listed on the confirmation and
respond to the auditor directly whether the balance is correct or incorrect
ü Appropriate when individual account balances are relatively large or when substantial numbers of inaccuracies
or frauds are expected
Ø Confirmations should be mailed in the auditor’s envelope with the auditor’s return address to assure the envelope
would be returned to sender (the auditor) if undeliverable
Ø The return self-addressed envelope that accompanies the confirmation should be addressed to the auditor, not the
client, to preclude the client from tampering with the returned confirmations
• Test cutoff to determine whether sales and receivables are recorded in the proper accounting period to support the
existence or occurrence and completeness assertions
• Review collectibility of receivables and determine the adequacy of the allowance for doubtful accounts to support the
valuation and rights and obligations assertions
• Perform analytical procedures to determine whether recorded sales and receivables balances appear reasonable to support
the existence or occurrence, completeness, valuation assertions
• Review financial statement presentation and disclosure to support the presentation and disclosure assertion
2. Cash balances
• Confirm year-end cash balances with all banks and other depositaries to support the existence, rights, and valuation
assertions
• Verify mathematical accuracy of recorded cash balances to support the valuation assertion
• Test cutoff by obtaining cutoff statements directly from banks to support the existence, completeness, and valuation
assertions
Ø Internal auditors typically prepare a form of reconciliation called a proof of cash at one or more times during the
year to verify the reliability of monthly bank reconciliations
ü The independent auditor may decide to prepare a proof of cash for one or more periods if there is no internal
audit department or if the auditor notes discrepancies in year-end bank reconciliations
•...... Overstating cash through interbank transfers is called kiting and auditors test by examining transactions near the
year-end date
• Review financial statements to determine whether cash balances are properly classified and described, and disclosures are
adequate to support the presentation and disclosure assertion

PURCHASES AND CASH DISBURSEMENTS TRANSACTIONS

A. THE NATURE OF THE EXPENDITURE/DISBURSEMENT CYCLE, INCLUDING THE FLOW OF INFORMATION THROUGH PURCHASING,
RECEIVING, ACCOUNTS PAYABLE, AND CASH DISBURSEMENTS
1. The expenditure/disbursement cycle
• Encompasses both the acquisition of goods and services and the payment of cash for the goods and services acquired
• The cycle is related to each of the three other cycles since it
Ø Uses resources and information provided by the revenue/receipt cycle, and
Ø Provides resources and information for the financing and conversion cycles
• Two major business functions are associated with the cycle
Ø Goods and services are acquired from vendors and employees in exchange for obligations to pay.
Ø Obligations to vendors and employees are paid
• Paper or computer image documents affecting the expenditure/disbursement cycle include
Ø Purchase requisition is a request from an employee or department supervisor that goods be purchased
Ø Purchaser order is a request issued by the Purchasing department to a vendor to purchase goods
Ø Receiving report identifies information about goods received from a vendor
Ø Vendor’s invoice identifies goods purchased and represents formal notice about the amount and terms of payment
(often called the bill)
Ø Voucher package – the purchase requisition, purchase order, receiving report, and invoice
2. Common activities
• Purchasing involves the acquisition of goods and services from vendors
Ø Goods include tangible resources, such as inventory, supplies, and equipment
Ø Services include nontangible resources, such as advertising, repairs and maintenance, utilities, and insurance
47 | P a g e
 Ø An employee of the department that requests the purchase prepares a purchase requisition, which is submitted to
a supervisor for approval
Ø Approved purchase requisitions are forwarded to Purchasing, where the request is reviewed, a vendor selected, and
a purchase order prepared
Ø A purchase order describes the goods or services requested, specifying the price, quantity, shipping terms, and
catalog numbers
Ø Purchasing sends copies of purchase orders to the vendor and to the requisitioning department, to Receiving, and
to Accounts Payable
• Receiving is where goods ordered from vendors are delivered, where the goods are compared with the purchase order and a
receiving report is prepared
Ø The Receiving department maintains a receiving log cross-referenced to related receiving reports
Ø A copy of the receiving report is forwarded to Purchasing and to Accounts Payable
• Accounts Payable compares purchase requisition, purchase order, receiving report, and vendor’s invoice
Ø Accounts Payable prepares the voucher upon receipt of a vendor’s invoice
Ø A voucher package is filed in an unpaid vouchers file by due date
Ø A copy of the daily summary of vouchers is forwarded to General Accounting for recording in a voucher register
Ø Column totals in the voucher register are posted to general ledger accounts
• Cash disbursements
Ø Should be authorized and executed personnel who report to the treasurer and are independent of purchasing and
recording
Ø Voucher packages in the unpaid voucher file are forwarded to the Treasury department, prior to the date payment
is due
Ø The Treasury department reviews voucher packages for accuracy and authenticity before approving vouchers for
payment and submitting vouchers for check printing
ü Blank checks should be prenumbered and voided checks should be retained and accounted for
ü Unused checks should be controlled physically; limiting access to authorized personnel only
ü Drawn checks and approved supporting vouchers should be reviewed by an individual not otherwise involved in
either processing or recording payables
ü Signed checks should be mailed directly to the payee without intervention by employees responsible for
approving, recording, or processing the transaction
Ø Paid voucher packages should be canceled immediately, preventing duplicate payments
Ø A daily summary of all remittances should be prepared and forwarded to Accounts Payable for posting to subsidiary
payables ledger and to General Accounting for recording in the voucher register
3. Control objectives
• Transaction authorization
Ø All purchases should be initiated by user departments and approved by authorized supervisors
Ø Goods or services should not be ordered in the absence of authorized purchase requisitions
Ø Management should approve vendors before Purchasing executes an order
Ø Management should also establish policies for the types, quantities, payment terms, and prices of good and
services purchased
ü Management should maintain current price lists and actively seek suppliers whose goods or services optimize
price and quantity
ü Where applicable, competitive bids or formal price quotations should be obtained from suppliers
• Transaction execution
Ø Management should require that Receiving personnel inspect and count all received goods before releasing the
carrier
Ø Management should institute policies to assure that cash is disbursed only for bona fide liabilities, protecting
against disbursements for goods not received, payment to unauthorized parties, and duplicate payments
Ø To control against improper disbursements, management could prenumber and control vouchers and checks,
require a second manual signature for checks exceeding prespecified amounts, and cancel paid voucher packages
immediately upon payment
• Recording
Ø To protect against inaccurate account balances and against misstated financial statements, management should
institute policies to assure that all purchases and cash disbursements are recorded properly and in the proper
period
Ø To control against inaccurate vendor accounts, management could establish validation procedures to verify
postings, and reconcile input totals to processed and output totals
Ø Authorized personnel should investigate correspondence from vendors, particularly collection notices
• Access to assets
Ø Management should establish procedures to safeguard assets by restricting access to purchasing and cash
disbursement records and forms

An auditor’s assessment of control risk and audit of internal control over financial reporting for purchases and cash disbursements
transactions

2. Considering internal control in a financial statement audit

• An auditor’s consideration of internal control includes understanding the controls, performing tests of controls, and
assessing control risk
• An auditor obtains this understanding to
Ø Plan the audit
Ø If the company is public, to audit internal control over financial reporting

48 | P a g e
 • Perform a review of Section 404 (Sarbanes-Oxley) documentation
Ø Section 404 documentation is prepared by management to document internal control
Ø Section 404 documentation is extensive
Ø Non-public companies are not required to prepare this documentation
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
2. Tests of controls: Purchasing and cash disbursements
• Considerable effort is usually directed at testing controls over purchases and cash disbursements since this represents a
large volume of transactions for most entities
• Tests of purchases activity focus on whether purchases are properly authorized, executed, and recorded
• Tests of cash disbursements focus on whether cash disbursements are properly authorized and recorded
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
• Significant resources are expended for goods and services, auditors focus on whether all purchases are properly authorized
Ø Purchases could be made from unauthorized vendors
Ø Unnecessary goods may be purchased
Ø Goods may be purchased at noncompetitive prices
Ø Tests of controls are intended to determine that necessary purchases are from authorized vendors at competitive
prices
• Recording
Ø Goods may be received but not reported
Ø Account balances may be inaccurate resulting in misstated financial statements
Ø Tests of controls are intended to determine that all receiving reports are recorded, and that processing and
recording procedures are adequate
• Access to assets
Ø Forms and checks may be misused or diverted for personal use by employees
Ø Tests of controls are intended to determine that physical control is maintained over documents and that there is
adequate segregation of duties
3. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests of purchases and cash disbursements, or
Ø Assess control risk at the maximum and expand substantive testing

ACCOUNTS PAYABLE, PREPAIDS, AND ACCRUED LIABILITIES

A. THE RELATIONSHIP BETWEEN FINANCIAL STATEMENT ASSERTIONS AND AUDIT PROCEDURES IN THE AUDIT OF PAYABLES,
PREPAIDS, AND ACCRUED LIABILITIES
2. Each assertion can be translated into an audit objective for which auditors design procedures to obtain evidence
• Existence (whether all recorded payables exist at the balance sheet date and whether all recorded purchase transactions
occurred during the period) is tested by
a. Confirming balances with creditors
b. Examining documents that support recorded payables such as purchase orders and receiving reports
c. Testing cutoff to determine whether purchases are recorded in the proper period
• Completeness (whether all purchases transactions and payables balances that should be presented are actually presented)
is tested by
Ø Reviewing post-balance sheet events
Ø Analytical procedures
Ø Testing cutoff
• Rights and obligations (represent the true obligations of the entity) is tested by
Ø Confirming recorded balances with creditors
Ø Performing the search for unrecorded liabilities
• Valuation (reported in the financial statements at appropriate dollar amounts) is tested by
Ø Verifying mathematical accuracy
Ø Confirmations with creditors
Ø Performing the search for unrecorded liabilities
• Presentation and disclosure (whether recorded payables are properly classified, described, and disclosed in the financial
statements) is tested by
Ø Comparing a client’s financial disclosures with those required by GAAP

49 | P a g e
B. THE RELATIONSHIP AMONG AUDIT RISK, NONFINANCIAL MEASURES, AND THE NATURE, TIMING, AND EXTENT OF
SUBSTANTIVE TESTS
3. The nature, timing, and extent of the substantive work
• Substantive tests are planned based on the evaluation of the tests of controls of the expenditure/disbursement cycle and
the relationship between inherent, control, and detection risk
• Detection risk is the likelihood that error could occur and not be detected by audit procedures, which is based on the
auditor’s interim assessments of two other risks
Ø Control risk is the likelihood that material error could occur and not be detected by internal control, and
Ø Inherent risk is the susceptibility of an account balance to material error for which there is no related internal
control
• Given a certain level of control risk and inherent risk, and a desire to hold audit risk at a minimum, the auditor will
determine the level of detection risk and design audit procedures to reach that level
Ø For example, if detection risk is set at 10% on the current year audit, versus it being set at 5% for the prior year,
the auditor will need to collect relatively less audit evidence in the current year since he is willing to take more risk
of errors occurring and not being detected by audit tests

C. SUBSTANTIVE TESTS APPLICABLE TO ASSERTIONS ABOUT ACCOUNTS PAYABLE, PREPAID EXPENSES AND ACCRUED
LIABILITIES
Accounts payable
• Verify mathematical accuracy of accounts payable to substantiate the assertion of valuation
• Confirm payables to test assertions of existence, obligations and valuation
Ø The primary risk with payables is understatement, and confirmation is not generally effective in testing for
unrecorded payables (the payable would not be listed in the trial balance and a confirmation request would not be
sent)
Ø An entity may overstate payables in an attempt to avoid taxes by understating income
Ø When confirmation of payables is considered necessary, balances are usually confirmed as of the balance sheet
date rather than at interim and are confirmed through direct communication with vendors (a request for an
itemized statement of account to be sent directly to the auditor)
• Testing of cutoff is performed to determine whether purchases and the corresponding payables are recorded in the
appropriate period
• A search for unrecorded liabilities is closely related to tests of cutoff and may result in the detection of items recorded in the
wrong accounting period
Ø Four basic sources are used to search for unrecorded payables
ü A year-end accounts payable trial balance
ü The cash disbursements journal
ü Canceled (paid) voucher packages
ü The file of unmatched receiving reports (filed in an unpaid vouchers file)
• Analytical procedures are performed to direct attention to unusual, unreasonable, or otherwise unexplainable relationships
among accounts or account components
• A review of financial statement presentation and disclosure is performed to ensure that payables, accrued liabilities, and
related purchase and expense accounts are classified and disclosed in accordance with GAAP
Ø Payables and accrued liabilities are usually classified as current if due within one year or expected to be paid either
with existing current assets or by incurring additional current liabilities
Ø Depending on materiality, individual liabilities such as trade accounts payable or dividends payable, etc. should be
disclosed separately

Prepaid expenses and accrued liabilities

• Prepaid expenses and accrued liabilities result from timing differences between when cash is expended and an asset or
liability is recorded
• Because the volume of transactions underlying prepaid expenses and accrued liabilities is often small, auditors usually test
all of the transactions and events underlying individual prepaid expense and accrued liability accounts or rely on analytical
procedures

INVENTORY AND FIXED ASSETS

THE NATURE OF THE CONVERSION CYCLE

1. The conversion cycle
• The conversion cycle encompasses the production of finished products for sale, and relates directly to two other cycles
Ø It uses resources and information provided by the expenditure/disbursement cycle
Ø Provides resources and information to the revenue/receipt cycle
• Common activities in this cycle include
Ø Inventory, which requires the following documents
ü Labor charge report summarizes labor costs to be applied to work in-process inventory
ü Materials requisition is a formal request for materials
ü Perpetual inventory record is a cumulative record of quantities on hand for an item or a class of inventory
Ø Fixed assets, which requires the following documents
ü Depreciation schedule used to compute and summarize depreciation
ü Overhead application report used to summarize overhead applied to work-in-process inventory

50 | P a g e
AN AUDITOR’S CONSIDERATION OF INTERNAL CONTROL OVER INVENTORY AND FIXED ASSETS
1. Internal control over inventory
• Controls over inventory for a retailer relate to acquiring goods from vendors and holding inventory prior to sale
• Controls over inventory for a manufacturer are more complex since raw materials are transformed and costs such as direct
labor and manufacturing overhead must be accumulated and classified
• A materials requisition form is prepared by production personnel to request materials and supplies for use in production
Ø Requisitions should be approved by a supervisor and forwarded to Inventory Control
Ø Inventory Control personnel should not release materials and supplies in the absence of an approved requisition
Ø Raw materials and finished goods should be controlled by personnel not involved in purchasing, receiving, shipping,
production, or recording
Ø Access to storage areas should be limited to authorized personnel
• Inventory accounting involves two major sets of records: perpetual inventory records and cost records
Ø Perpetual Inventory Records maintain inventory quantities, physical locations, and selected unit cost information
for a variety of major inventory classifications, including supplies, raw materials, and finished goods
ü Work-in-process inventory should also be controlled on perpetual records
ü Off-premises inventory (accounted for and controlled by the outside parties holding the goods) should be
periodically counted or confirmed and reconciled with internal perpetual records
Ø Cost records maintain inventory costs, which may be allocated on a FIFO, LIFO, average cost, or other acceptable
basis
ü Cost accounting records and reports should be updated continually, thereby providing an up-to-date record of
accumulated costs
ü Cost accounting records should be maintained by personnel independent of perpetual records, general
accounting, purchasing, production, and inventory control
2. Internal control objectives and potential errors or frauds
• Transaction authorization is achieved when management establishes criteria for producing goods, thereby reducing the
possibility of producing excess or unusable inventory
Ø Management should establish written statements of criteria for determining which products to produce and in what
quantities
• Transaction execution is achieved when management authorizes procedures for using and physically transferring inventory
Ø Inventory processing manuals could include procedures for controlling inventory movement, and restrict access to
inventory
• Recording procedures ensure that inventory transfers and use are properly recorded
§ Management should establish processing and recording procedures, prenumber and control materials release
forms, and maintain logs of inventory movement
• Access to assets to prevent lost or diverted assets requires instituting policies that establish physical control over inventory,
maintain insurance, and segregate incompatible duties
3. Internal control over fixed assets
• Land, building, machinery, and equipment should be documented in detailed records that account separately for each
individual asset
Ø Detailed records might include the purchase date, historical cost, depreciation method, estimated useful life,
salvage value, and accumulated depreciation
Ø Records should be maintained by personnel not responsible for physically controlling fixed assets
Ø Periodically, but no less than annually, detailed records should be reconciled with fixed asset general ledger control
accounts
Ø Responsible personnel independent of fixed asset recording and physical control should periodically determine that
recorded assets actually exist by observing machinery and equipment and by comparing identification numbers and
general descriptions with detailed records
Ø Fixed assets should be insured against fire or other potential casualties. Assets should be appraised periodically to
determine that insurance coverage reasonably approximates replacement cost
• Fixed asset additions are often material, necessitating specific authorization by the board of directors or by senior
management
Ø Formal authorization is required for major repairs or improvements, and management should assess the
desirability of replacing, rather than repairing and improving, existing assets
Ø Authorizations should be documented in writing
Ø Procedures should require that actual costs be compared with amounts authorized, and cost overruns reported to
senior management for authorization
Ø Constructed additions should also be authorized, and additional controls should be implemented that allow the
entity to inspect and approve both actual production and detailed cost records as construction progresses
• Fixed asset disposal authorizations should be documented, and copies forwarded to accounting personnel to assure that
assets disposed of are subsequently removed from fixed asset accounts
Ø Asset disposals should be reported to insurance companies and premiums adjusted accordingly
Ø Controls should be established to assure that proceeds are deposited and gains or losses are recorded
• Depreciation expense can significantly impact reported net income, and an entity should maintain formal policies for
determining depreciation methods, estimated useful lives and salvage values
Ø Periodically, the policies should be reviewed to determine whether they reasonably approximate actual experience
4. Internal control objectives and potential errors or frauds
• Transaction authorization is achieved when fixed asset additions, disposals, and retirements are authorized in accordance
with management’s criteria
Ø Management should develop written procedures for all additions, disposals, and retirements
• Transaction execution is achieved when management establishes procedures for operating, using, physically moving, assets
and for restricting access to movable fixed assets

51 | P a g e
• Recording procedures ensure no unreported transactions, and that fixed asset additions, disposals, and retirements are
recorded at the correct amount, in the proper period, and are classified properly
Ø Management can establish procedures for processing and recording fixed asset transactions and for identifying
fixed assets eligible for sale or retirement
Ø Detailed fixed asset records should be maintained and periodically reconciled with existing accounts
Ø The expiration of future service potential (depreciation and amortization) should be calculated in accordance with
management’s authorization and be recorded in the proper period
Ø Management should establish polices for determining depreciation methods and for calculating depreciation on all
fixed assets
• Access to assets should be restricted to personnel authorized by management to prevent stolen or lost fixed assets
Ø Management should establish physical controls over unused assets, maintain adequate insurance coverage, and
segregate the physical custody of fixed assets from recording and general accounting
Ø To control fixed assets records, management should establish controls over unused forms and records or could
perform periodic compliance audits, reconciling recorded assets with existing assets
5. Considering internal control for inventory
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
6. Tests of control for inventory
• Tests of controls over an entity’s perpetual records focus on physical transfers of inventory to and from raw materials, work
in process, and finished goods
Ø For sampled purchase transactions, compare quantities and unit costs from the vendor invoice with perpetual
records
Ø For sampled transfers of raw materials from inventory control, compare to materials requisition, work in process,
and general ledger accounts
Ø For sampled transfers from work in process, compare to finished goods records and general ledger accounts
Ø For sampled transfers from finished goods, compare to shipping documents, and coordinate with tests in the
revenue/receipt cycle
ü Inaccurate recording of transfers could suggest that control procedures are neither compiled with, nor
operating as planned, casting doubt on the reliability of the records
ü Inaccurate recording could suggest the possibility of double-counted inventory quantities
• Tests of cost records must be performed for the flow of inventory costs from raw materials to work in process, finished
goods, and cost of goods sold
Ø Tests tend to vary widely from company to company, but the focus is generally on accumulated labor and overhead
charged to work in process
• Assessing control risk to determine whether existing control procedures can be relied on to assess control risk below the
maximum and restrict substantive tests of inventory is based on four issues:
Ø The types of errors or frauds that could occur,
Ø Necessary control procedures that should prevent or detect the errors or frauds,
Ø Whether the necessary procedures exist and are followed, and
Ø Any deficiencies in internal control
7. Considering internal control for fixed assets
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls

52 | P a g e
 ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
8. Tests of control for fixed assets
• Due to the nature of fixed assets, fewer transactions for larger dollar amounts, when the number of fixed asset transactions
is limited, an auditor may forego or limit tests of controls,
Ø In this case, the auditor assesses control risk at the maximum and relies on substantive tests of details
• Tests of fixed asset records focus on the relationship between detailed records and the general ledger and on the existence
of, and insurance coverage for, recorded assets
Ø Reconcile fixed asset detailed records with the general ledger
Ø Physically inspect sampled assets
Ø Review adequacy of insurance coverage
• Tests of additions focus on ensuring that the addition is authorized and properly recorded
Ø For sampled additions, examine authorization, evidence of cash payment or obligation for payment, determine
classification as a fixed asset rather than repair and maintenance expense
• Tests of disposals focus on ensuring that the disposal is authorized and properly recorded
Ø For sampled disposals, examine authorization, evidence of cash receipt or note receivable, and calculate gain or
loss and trace to general ledger
• Tests of depreciation involve calculations and the review of recorded amounts, useful lives, and salvage values; similar tests
are performed for the amortization of intangible assets and the depletion of wasting assets
• Assessing control risk to determine whether existing control procedures can be relied on to assess control risk below the
maximum and restrict substantive tests of fixed assets is based on four issues:
Ø The types of errors or frauds that could occur,
Ø Necessary control procedures that should prevent or detect the errors or frauds,
Ø Whether the necessary procedures exist and are followed, and
Ø Any deficiencies in internal control

C. SUBSTANTIVE TESTS APPLICABLE TO INVENTORY AND FIXED ASSETS

1. Assertions

• Existence or occurrence assertion addresses whether all recorded inventory and fixed assets existed at the balance sheet
date and whether all recorded inventory and fixed asset transactions occurred during the period
• Completeness assertion addresses whether all inventory and fixed assets transactions that should be presented in the
financial statements are actually presented
• Right and obligations assertion addresses whether an entity has property rights to inventory and to fixed assets
• Valuation or allocation assertion addresses whether existing inventory and fixed assets are carried in the financial
statements at appropriate amounts
• Presentation and disclosure assertion addresses whether recorded inventory and fixed assets are properly classified,
described, and disclosed in the financial statements
2. Substantive tests of inventory
• Observing physical inventory count
Ø Observation of a client’s procedures for physically counting inventories contributes to both the existence and
completeness assertions
Ø Client personnel count inventory and document inventory quantities, and the auditor observes the client’s
procedures
Ø For periodic inventory systems, the physical counts serve as the only measure of quantities on hand and as a test
of the perpetual records
• Off-premise inventory held by consignees or in public warehouses ordinarily need not by observed by an auditor, but counts
of inventory need to be confirmed
Ø If inventory in public warehouses is significant in relation to current or total assets, an auditor should also make
supplemental inquiries including observations of physical counts whenever practical and reasonable
• Test final priced inventory since observing the physical count only provides evidence regarding quantities
Ø Employees not otherwise responsible for inventory record keeping or control should extend the quantities by unit
costs in spreadsheets, resulting in a final priced inventory by item number, product line, and inventory
classification
Ø Quantities and the final priced inventory should be reconciled by client personnel with perpetual records and control
accounts, and necessary adjustments should be recorded
Ø An auditor performs tests of clerical accuracy on the final priced inventory, including extending, footing, and cross-
footing the final priced inventory, agreeing test counts with priced quantities, dollar amounts to control accounts,
and required adjustments to general ledger entries
Ø Unit prices per the final priced inventory should be agreed with source documents on a sample basis, giving
consideration to the cost flow methods adopted
• Tests of cutoff are performed during the physical inventory observation
Ø The documentation obtained includes shipping documents and receiving reports
• Perform analytical procedures to address completeness and to determine whether conclusions drawn from substantive tests
of details are reasonable
53 | P a g e
 • Review financial statement disclosures to assess whether inventory and cost of sales are properly classified, described, and
disclosed in accordance with generally accepted accounting principles
Ø Inventories are usually stated at the lower of cost or market, according to a cost flow assumption, and may be
classified as supplies, raw materials, work in process and finished goods
Ø Accrued losses should be disclosed for any purchase commitments made at unfavorable prices
3. Substantive tests of fixed assets
• Since fixed assets are less susceptible to frauds than other assets, some testing of financial statement assertions is done at
interim
• Verify accuracy of recorded fixed assets by obtaining a client-prepared schedule summarizing detailed asset records and
testing the schedule for mathematical accuracy and agreeing totals to general ledger accounts
• Test additions and disposals since interim
Ø If relatively few assets have been acquired since interim an auditor may physically inspect all recorded additions;
otherwise, a randomly selected sample of additions should be observed
• Test cutoff to ensure additions and disposals near year end are recorded in the proper accounting period
Ø Since acquisitions are processed through the expenditure/disbursement cycle and disposals through the
revenue/receipt cycle, fixed asset cutoff can be tested in conjunction with cutoff tests for purchases and payables
and for sales and receivables
Ø Retired assets that are not sold should be tested separately
• Verify accuracy of depreciation expense by obtaining a client-prepared summary schedule of depreciation organized by
asset class
Ø The auditor would test the schedule’s accuracy by footing and cross-footing and by agreeing totals with general
ledger accounts
Ø Depreciation expense for selected assets should be recalculated
• Perform analytical procedures
Ø To address completeness, an auditor uses analytical procedures such as ratio and trend analysis and comparison of
relationship between and among related accounts
• Review financial statement disclosures
Ø The balance sheet should be read to determine whether fixed assets and related accumulated depreciation
balances are properly classified and described
Ø An auditor should examine all lease agreements, assuring that the transactions are accounted for properly under
FASB Statements of Financial Accounting Standards No. 13, “Accounting for Leases,” and other related statements
and interpretations
• The income statement should be reviewed to determine whether depreciation expense is properly reported; depreciation
expense included in cost of sales should be disclosed separately in the income statement or in notes to the statements

PERSONNEL AND PAYROLL

THE NATURE OF THE PERSONNEL MANAGEMENT AND PAYROLL FUNCTIONS WITHIN THE EXPENDITURE/DISBURSEMENT CYCLE
1. The expenditure/disbursement cycle associated with personnel and payroll
• The cycle includes obtaining the services of employees in exchange for obligations to pay, and paying those obligations
• Personnel and payroll are critical for at least three reasons
Ø Salaries and wages are a major expenditure for most service, manufacturing, and nonprofit entities
Ø In manufacturing companies, labor is an important component in valuing inventory and, if misclassified, both
inventory and cost of goods sold could be misstated materially
Ø Payroll typically includes several categories of employee compensation and bonuses, overtime, vacation pay, and
employee benefits such as pensions, health care, and profit sharing
• Personnel and payroll activities include
Ø Hiring and terminations
Ø Payroll preparation and recording, and
Ø Distribution of payroll checks to employees
• Journal entries are made for wage and salary payments and end-of-period accruals
• Documents utilized in the cycle include
Ø Personnel records for each employee, including date of employment, job classification, salary or hourly pay rate,
promotions, payroll deductions, terminations
Ø Time record of hours worked by an employee during a pay period
Ø Payroll register recording gross pay, withholdings, deductions, and net pay for each employee for a pay period
Ø Employee earnings record which is a cumulative, year-to-date summary of total earnings, withholdings, and
deductions for each employee
• All action taken by management on behalf of an employee should be approved by both department supervisors and by the
Personnel department, and should be documented in an employee’s personnel records
• To minimize the chance of fraud, personnel records should not be accessible to employees who are responsible for
preparing, approving, or distributing payroll
• When employees are terminated, the Payroll department should be notified immediately of the settlement and termination
2. Payroll preparation and distribution
• The main source to prepare hourly workers payroll is created each time the employee “punches in or out” on computers that
interface with the company’s computer
Ø Creates an internally stored time record that is merged with pay rate data and deduction data to compile payroll
for the period
• Facsimile-signed checks are printed and forwarded to Treasury along with a copy of the payroll register
• A copy of the payroll register is also copied to General Accounting

54 | P a g e
 • A person independent of both the operating department and Payroll should distribute checks to employees (not always
possible in smaller companies)
• At year-end, W-2 forms are mailed to all employees; undeliverable W-2 forms should be investigated
• A separate bank account should be maintained for payroll, and controls should be in place to limit access to blank checks

CONTROLS OVER PERSONNEL AND PAYROLL

1. Internal controls over personnel and payroll
• Internal controls over personnel and payroll include consideration of transaction authorization, transaction execution,
transaction recording, access to assets, and segregation of duties
• If unqualified employees are hired, excessive training costs, unnecessary relocation costs, or penalties for violating equal
opportunity laws can result
• Transaction authorization is achieved when management establishes criteria for hiring line and staff employees, thereby
minimizing the chances of hiring unqualified employees
Ø Management should establish written hiring policies
Ø All information included in employment applications should be verified
Ø Updated personnel records should be maintained for all employees
Ø Compensation and payroll deductions should be authorized
Ø Written policies for pay rate adjustments should be established and communicated to the Personnel department
and to operating department supervisors
• Transaction execution is achieved when unauthorized payroll disbursements are prevented
Ø To prevent unauthorized payroll disbursements, a second, manual signature may be required for all unusual or
excessive paycheck amounts
Ø Personnel and payroll procedures manuals should be established
Ø Available job openings should be widely advertised throughout the company
• Recording all amounts owed, in the proper amount and period, requires that management establish procedures regarding
labor cost allocations and reconcile appropriate ledgers and journals
• Access to assets to prevent unauthorized labor costs or misapplied cash requires instituting policies that restrict access to
personnel and payroll records to authorized personnel only
• Segregation of duties is ensured by separating Personnel department responsibilities from payroll preparation, and both of
these functions from cash disbursements and operating departments

THE AUDITOR’S CONSIDERATION OF CONTROLS OVER PERSONNEL AND PAYROLL

1. Considering internal control in a financial statement audit
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
2. Tests of controls: Personnel and payroll
• Considerable effort is usually directed at testing controls over payroll
Ø Generally only internal evidence generated by the client is available for testing payroll
Ø Substantive testing is usually limited to analytical procedures such as ratio analysis
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
• Tests of controls include
Ø Verify the mathematical accuracy of the payroll register
Ø Test accuracy of postings by reconciling payroll register totals with summary schedules, the general ledger, and
inventory accounting records
Ø Test accuracy of personnel records by reconciling the payroll register with personnel records for authorized pay
rates, payroll deductions, and hours worked
Ø The existence and authenticity of employees is tested by tracing details of sampled checks to the payroll register
and personally distributing checks to employees on a surprise basis
3. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests of payroll, or

55 | P a g e
 Ø Assess control risk at the maximum and expand substantive testing

SUBSTANTIVE TESTS APPLICABLE TO PAYROLL ACCOUNTS

1. Substantive tests of payroll usually focus on analytical procedures
• Analytical procedures for payroll include
Ø Compare both direct labor and payroll to budgets and to prior years
Ø Compare the ratios of payroll to total expenses and payroll to sales with prior years
Ø Compare the ratios of direct labor to cost of sales and direct labor to sales with prior years
Ø Compare commissioned sales payroll to sales times average commission rates
Ø Compare payroll to prior-year payroll adjusted for pay rate changes and the number of employees
Ø Compare the ratio of payroll tax expense to payroll with prior years
Ø Compare accrued payroll and accrued payroll tax expense with prior years
• Auditors should also review the financial statements to ensure that
Ø Payroll accounts are properly classified
Ø Appropriate disclosures regarding stock options or deferred compensation are included in the footnotes

INVESTMENTS, DEBT, AND EQUITY

A. THE NATURE OF THE FINANCING CYCLE

1. The financing cycle
• The financing cycle processes transactions and events that generate capital funds, and is directly related to two other
cycles, the expenditure/disbursement cycle, and the revenue/receipt cycle
• Two major business functions associated with the cycle are receiving capital funds from investors, and using capital funds
for operations or investing those funds temporarily until needed for operations
• Common forms and documents include
Ø A bond certificate is a debt security document representing a stated amount of corporate debt
Ø Commercial paper is a general category of commercial loan instruments, due and payable in accordance with terms
described on the instrument
Ø Stock certificates are equity security documents representing ownership of a stated number of shares of capital
stock
Ø A Treasury bill is a debt instrument issued by the U.S. Treasury Department
2. Investments
• The financing cycle directs resources into private- and public-sector equity and debt instruments, with the objective of
optimizing financial return on idle cash
• Major functions and controls include
Ø Custody, Recording, and Valuation
ü If securities are maintained internally, at least two officials should be held jointly responsible, thereby
minimizing the likelihood of unauthorized sales
ü If maintained internally, employees who do not otherwise have custody or access should count securities
periodically on a surprise basis
ü An employee independent of the custodial function should maintain detailed records for securities held
ü If maintained externally, securities listings should be prepared by the custodian at least monthly, mailed to the
company, and reconciled with internal records
Ø Acquisitions, Sales, and Income
ü All acquisitions and sales of securities should be authorized by the board of directors or an authorized
investment committee
ü Recorded acquisition and selling prices should be compared with published price quotations assuring that
transactions were recorded at accurate prices
ü Dividend income should be recognized when declared, interest income accrued when earned, and employees
not otherwise responsible for the custody, acquisition, or sale of securities should recalculate gains and losses
3. Debt
• Debt incurrence and retirement transactions are relatively few in number
• Major functions and controls include
Ø Extensive supporting documents, such as SEC filings and bond issuance authorizations from shareholders and the
board of directors, should be available
Ø The board of directors should authorize all long-term debt, and authorizations should be expressly documented in
the board’s minutes, clearly indicating maximum indebtedness and the names of officers authorized to negotiate
each transaction
Ø Unissued bonds and notes should be prenumbered consecutively and controlled by an employee who neither
maintains detailed debt records nor has access to general accounting records
Ø Periodically, an independent employee should physically inspect unissued debt instruments and account for the
numerical sequence
Ø Retired debt instruments should be either canceled or destroyed; periodically, an independent employee should
reconcile bond or note register with the general ledger
Ø An authorized employee should calculate interest expense in accordance with the terms of each instrument, and
the resulting payments should be processed through the expenditure/disbursement cycle
4. Equity
• Like debt incurrence, equity issuance and retirement transactions are relatively few in number
• Major functions and controls include
Ø All transactions relating to equity securities should be authorized by the board of directors and documented

56 | P a g e
 Ø All issuances and retirements should be approved both in price and in quantity by the board of directors either
specifically or generally, as in the case of authorized stock option plans
Ø Stock certificates should be prenumbered consecutively, signed by authorized officers when issued, and promptly
canceled when surrendered for retirement
Ø Unissued certificates should be physically safeguarded with access limited to authorized individuals
Ø Treasury shares that have not been retired and canceled should be accounted for and controlled
Ø Periodically an independent employee should reconcile the shareholder’s ledger with the transfer journal
Ø An independent employee not otherwise responsible for maintaining shareholder records or processing dividend
payments should reconcile the dividend bank account periodically

B. CONTROLS OVER THE CUSTODY, RECORDING, VALUATION, ACQUISITION, AND SALE OF INVESTMENTS AND OVER THE

ISSUANCE AND RETIREMENT OF LONG-TERM DEBT AND EQUITY SECURITIES

1. Control objectives are summarized in the following categories

• Transaction authorization and execution
Ø Ensures that all investment acquisitions and sales are authorized in accordance with management’s criteria; lacking
authorization, investments could be made in violation of company policies
Ø Journal entries that adjust investment carrying values and debt obligations should be authorized in accordance with
management’s criteria
Ø To control adjustments, management could establish processing procedures, prenumber and control adjustment
forms, and require specific authorization for adjustments exceeding preestablished amounts
• Recording
Ø All investment, debt, and equity transactions should be recorded at the correct amounts, in the proper period, and
classified properly
Ø Management establishes processing and recording procedures, regularly reviews board minutes for financing cycle
resolutions, and prepares schedules of interest and loan payment due dates
• Access to Assets
Ø Access to securities should be restricted to personnel and authorized by management
Ø Personnel responsible for approving investments should not be responsible for recording or for maintaining custody
of securities
Ø Access to accounting records and forms should be restricted to personnel authorized by management
Ø Management controls access by establishing physical barriers over prenumbered forms and records and by carrying
insurance and fidelity bonds
Ø Officials responsible for unissued, issued, and retired securities should not be responsible for physically controlling
securities or for performing accounting or cash activities

C. An auditor’s consideration of internal control in the financing cycle

1. Considering internal control in a financial statement audit
• An auditor’s consideration of internal control includes performing a preliminary review, documenting the system, performing
a transaction walk-through, and determining whether controls are potentially reliable
• A preliminary review entails the auditor obtaining a general understanding of
Ø The client’s control environment
Ø The flow of transactions and records through the system, and
Ø The control procedures management has implemented
• Documenting the system
Ø Auditors typically document an entity’s internal controls with flowcharts, questionnaires, and/or written narratives
ü Questionnaires are designed to detect control deficiencies and typically require one of three responses for each
question; yes, no or N/A
ü Narratives describe in prose one or more phases of management’s controls
ü Flowcharts provide concise, informative, and unambiguous descriptions of internal controls and are used when
an entity’s system is complex and processes large volumes of transactions
• Performing a transaction walk-through
Ø An auditor tests his or her understanding of a system by performing a transaction walk-through
• Identification of control activities
Ø If controls are potentially reliable, the auditor will
ü Identify the system’s control objectives
ü Consider the potential errors or frauds
ü Determine what control activities management uses to prevent or detect potentially material errors or frauds
ü Design tests of controls
• Only those control procedures relevant to management’s financial statement assertions, and which are believed by the
auditor to be reliable, are subjected to tests of controls
2. Assess control risk
• Auditor reviews documentation and results of tests of controls and decides to either
Ø Assess control risk below the maximum and therefore to restrict substantive tests, or
Ø Assess control risk at the maximum and expand substantive testing

57 | P a g e
D. SUBSTANTIVE TESTS OF INVESTMENTS, LONG-TERM DEBT, AND EQUITY BALANCES
1. Assertions
• Existence or occurrence assertion addresses whether all recorded investments, debt, and capital stock exist at the balance
sheet date and whether all recorded transactions occurred during the period
Ø Investments can be tested by physical inspection or by confirming with an independent broker or trustee; and by
testing cutoff
Ø Debt is tested by confirmation with creditors, physical examination of bond indentures, and inspection of unissued
instruments
Ø Capital stock can be tested by verifying recorded balances, and confirmation if external agents are used
• Completeness assertion addresses whether all investments, debt, and capital stock that should be presented in the financial
statements is actually presented
Ø Investments are tested by testing cutoff
Ø Debt and capital stock are tested primarily through analytical procedures
• Right and obligations assertion addresses whether an entity has property rights to investments, and whether debt and
capital stock represent bona fide obligations
Ø Investments are confirmed or physically inspected
Ø Debt obligations are confirmed with creditors, capital stock balances are verified by auditors
• Valuation or allocation assertion addresses whether existing investments, debt, and capital stock are carried in the financial
statements at appropriate amounts
Ø Investment valuation is addressed by verifying securities transactions and prices
Ø Debt is confirmed with creditors and interest is recalculated
Ø Capital stock is tested by verifying recorded shareholder equity balances (also the primary way of testing
existence, completeness, and rights and obligations)
• Presentation and disclosure assertion addresses whether recorded investments, debt, and capital stock are properly
classified, described, and disclosed in the financial statements
Ø Tested by comparing client financial statements with GAAP for each reported account
2. SUBSTANTIVE TESTS OF INVESTMENTS IN MARKETABLE SECURITIES
• Verify mathematical accuracy and examine documentation
Ø The working paper for securities trading activity is the auditor’s primary source for testing acquisitions, sales, and
the recognition of dividend and interest income
Ø The auditor tests the schedule’s mathematical accuracy and reconciles balances with the general ledger
• Confirm or physically inspect securities
Ø For securities held off-premises, an auditor confirms details with the custodian
Ø For securities held internally, an auditor should physically inspect and count the securities on hand and compare
the certificate numbers, quantity, and description of securities with detailed records
• Test cutoff to determine that securities transactions near the balance sheet date are recorded in the proper accounting
period
Ø Tests of cutoff should also be performed for investment revenue transactions near the balance sheet date, and
accruals for interest revenue should be reviewed for reasonableness
• Review valuation to assure that marketable equity securities are reported at the lower of aggregate cost or market, and that
marketable debt securities are reported at the lower of cost or cost less permanent declines in market value
• Perform analytical procedures to test completeness and to determine whether conclusions drawn from substantive tests are
reasonable
• Review financial statement disclosures to determine that investments are properly classified and described in the balance
sheet and that gains and losses and investment revenue are properly presented in the income statement
3. Substantive tests of long-term debt
• Verify mathematical accuracy and examine documentation
Ø If debt instruments are maintained internally, review a sample of entries in detailed bond records and physically
inspect and account for unissued instruments
Ø If debt instruments are handled by independent trustees, the auditor would confirm directly with trustees
• Confirm bonds, loans, and notes payable
Ø Bonds and interest payments should be confirmed directly with trustees, loans and other notes payable are
confirmed directly with creditors
• Examine bond indentures and other long-term indebtedness agreements to determine that transactions were executed in
accordance with board of directors’ authorizations, including the subsequent use of borrowed funds
• Recalculate interest and amortizations
• Perform analytical procedures such as ratio analysis and comparisons of relationships among related accounts or
transactions
• Review financial statement disclosures.
Ø The currently maturing portion of long-term debt should be generally classified as a current liability
Ø Disclosures should include information regarding maturities, interest rates, and other terms and conditions; assets
pledged as collateral, debt conversion features, and troubled debt restructuring
4. Substantive tests of capital stock, retained earnings, and earnings per share
• Verify shareholders’ equity balances including capital stock and related premium accounts for each class of stock
outstanding, treasury stock accounts, and retained earnings
Ø The schedule is footed and cross-footed by the auditor and the totals are reconciled with the general ledger
• Review stock issuances, stock dividends, and stock splits to determine that the general ledger entries accurately reflect the
number of shares and selling price per share authorized by the board of directors

58 | P a g e
 Ø In the case of par or stated value stock, the auditor should determine that the selling price is properly allocated to
capital stock and related premium accounts
• Review treasury stock transactions
Ø Determine that the accounting methods used to record treasury stock transactions comply with generally accepted
accounting principles and that general ledger entries accurately reflect the method used by the company
• Verify recorded dividends
• Recalculate earnings per share to determine that all increases and decreases in shares outstanding are reflected properly in
earnings per share
• Analytical procedures are not typically used for equity accounts unless the volume and breadth of transactions are extensive
• Review financial statement disclosures to determine that all shareholders’ equity balances are properly classified and
described in the balance sheet and whether earnings per share are properly presented in the income statement

59 | P a g e