Audit Manual Part1

PICPA Audit Guide for
Small and Medium-Sized Practitioners
The Philippine Institute of Certified Public Accountants (PICPA) is committed to supporting its
members engaged in public practice by providing them with guidelines to help them perform their
professional engagements in accordance with auditing standards.
In this context, PICPA developed this Guide for small and medium-sized practitioners (SMPs) for
their use as reference in conducting high quality and cost-effective audits. This Guide was developed using
the current Philippine Standards on Auditing (PSAs); the Philippine Standards on Quality Control 1; the
IFAC’s Guide to Using ISAs in the Audits of Small-and Medium-Sized Entities, Volumes 1 and 2; the IFAC’s
Guide to Quality Control for Small-and Medium-Sized Practices; and sample work programs and audit
documentation formats adopted from the practices of established audit practitioners.
This Guide provides guidance on applying PSAs and is not a substitute for reading the PSAs. These
are only audit guidelines intended to help the SMPs in their audit practice contributing to their skills
development and for building sustainable capacity for audits. Practitioners should solely be responsible
for their own continuing professional development in studying and applying the prescribed auditing
standards in the PSAs for application and use in their professional practice.
In utilizing this Guide, the practitioner is expected to apply professional judgment and consider
the facts and circumstances that could be unique to a particular audit. PICPA disclaims any responsibility
or liability that may occur, directly or indirectly, as a consequence of the use and application of this Guide.
The Guide does not address all aspects of the PSAs and should not be used for the purpose of determining
or demonstrating compliance with the PSAs.
This Guide is currently undergoing review and evaluation by the PICPA Technical Working Group,
VQAR Committee and the Auditing and Assurance Standards Council (AASC), which will issue authoritative
guidance for its usage considering current developments on professional standards and best practices of
SMPs.
This Guide may be downloaded for individual non-commercial use from the PICPA website:
www.picpa.com.ph.
Ma. Asuncion M. Golez

National President
May 2019
Small and Medium-sized Practitioners
Table of Contents
Sec. 100 – Introduction 100-1 - 100-9
Organization of the Guide
Overview of the PICPA Audit Methodology
Pre-engagement Procedures
Audit Planning
Study and Evaluation of Client’s Internal Control System
Perform Audit Tests
Substantive Tests
Completing the Audit Engagement
Issuance of the Audit Report
Post-audit Responsibilities
Audit Risk Management
Sec. 200 – Concepts and Principles 200-1 - 200-26

Audit Risks
Inherent
Control
Detection
Residual Risk of Material Misstatement
Accounting Processes
Routine
Non-routine
Accounting estimates
Risk of Material Misstatement
Financial Statement Assertions and Audit Objectives
Financial statement assertions
PICPA Audit Guide Table of Contents - 1

Audit objectives
Critical audit objectives
Materiality
Audit evidence
Obtaining audit evidence
Sufficiency of audit evidence
Appropriateness of audit evidence
Nature
Timing
Techniques to obtain audit evidence
Inspection
Observation
Inquiry
External confirmation
Recalculation
Analytical Procedures
Reperformance
Risk Assessment Procedures
Further audit procedures: tests of control and substantive procedures
Subsequent Events
Going concern
Sec. 300 – Audit Planning 300-1 - 300-34

Developing the overall audit strategy
Developing the detailed audit plan
Performing risk assessment procedures
Inquiries
Observation and inspection
Analytical procedures
PICPA Audit Guide Table of contents - 2

Obtain an understanding of the client and its environment
Assessing the risk of fraud and non-compliance
Types and characteristics of fraud
The fraud triangle
Establishing materiality and assessing risk
The effect of materiality on audit procedures
Consideration of materiality towards the end of an engagement
Other considerations – consolidated financial statements
Other considerations – multi-location audits
Other considerations – insignificant amounts
Assessing risks of material misstatements
The effect of audit risk on audit procedures
The relationship between audit risk and materiality
Materiality and audit risk in evaluating audit evidence
Identifying related parties
Performing analytical review procedures
Analytical procedures during the planning stage
Determining the Need for Auditor’s Expert
Developing the Preliminary Audit Program
Timing of the audit work
Audit team discussions
Other Planning Considerations
Arrangements for company assistance
Consider the Work of Internal Auditors
Direction, Supervision and Review
Sec. 400 – Audit Process 400-1 - 400-55

Definition of internal control
Purpose of internal control
Limitations of internal control
Pervasive and specific internal controls
Division of internal control into components
Control environment

The entity’s risk assessment process
The information systems, including the related business
processes, relevant to financial reporting and
communication
Control activities
Monitoring controls
Internal control in smaller entities
Absence of internal controls
Controls to prevent fraud (anti-fraud controls)
Controls relevant to the audit
Studying and evaluating internal control
Obtain and document an understanding of client’s internal
control system
Make a preliminary assessment of control risk
Determine the auditor’s response to the risk assessment
Reassess control risk
Determine the nature, extent and timing of substantive test
Characteristics of manual and automated elements of internal control
relevant to the auditor’s risk assessment
Risks arising from IT
Auditing in an IT environment
Communicating deficiencies in internal control
Substantive testing
Substantive analytical procedures
Documentation and conclusion
Substantive test of details of balances and transactions
Other test procedures
Accounting estimates
Completing the audit engagement
Performs final analytical procedures
Reads minutes of recent board and committee meetings
Litigations and claims
Commitment and contingencies
Makes final materiality judgments

Summarizes and evaluates the audit findings
Audit issues and resolution
Audit differences
Audit differences from prior periods
Evaluate audit differences and determine significance
Disposition of audit differences
Reviews of the working papers
Reviews of the financial statement presentation and disclosures for adequacy
Going concern
Considers subsequent events
Reporting date to the audit report date
Report date to date signed audit report released to client
Management report
Written representations
Sec. 500 – Audit Reports 500-1 - 500-26

Basic sections of the auditor’s report
Title
Addressee
Opinion section
Basis for opinion section
Going concern
Key audit matters
Responsibilities for the Financial Statements
Auditor’s Responsibilities for the audit of the Financial Statements
Other reporting responsibilities
Name of the engagement partner
Signature of the auditor
Auditor’s address
Date of the Auditor’s Report
Supplementary information presented with the Financial Statements

Forms of the Audit Opinion
The unqualified opinion
Modified opinions
Determining the type of modification to the auditor’s opinion
Qualified Opinion
Adverse Opinion
Disclaimer of Opinion
Inability to obtain sufficient appropriate audit evidence
Additional paragraphs to the auditor’s report
Emphasis of matter paragraph
Other matter paragraph
Comparative information
Audit of group Financial Statements
Using the work of an auditor’s expert
Initial audit engagements – opening balances
Other information in documents containing audited Financial Statements
Material inconsistencies
Material misstatements of fact
Sec. 600 – Engagement Management 600-1 - 600-26

Audit engagement acceptance and continuance
Evaluation of prospective clients
Engagement risks
Who Performs the Evaluation
Re-evaluation of existing client
Independence Issues
Annual independence declaration
Who performs the evaluation
Professional skepticism
Withdrawing from engagement
Defining the terms of the audit engagement
Preconditions for an Audit

Obtaining an engagement letter
Contents of an engagement letter
Signing, addressing and confirming an engagement letter
Professional skepticism
Resource management
Engagement briefing and de-briefing
Client and staff forecasting
Information gathering and maintenance
Sources of information for auditing
Managing audit documentation
Guide in preparing working papers
Standard audit working papers
Electronic format working papers
Working paper organization and indexing
Current files
Permanent files
Report files
Other files
Working paper indexing
Restricting access to working papers
Availability of working papers to clients
Availability of working papers to principal auditors
Availability of working papers to successor auditors
Copying of working papers
Assembly of the Final Audit File
Sec. 700 – Quality Controls 700-1 - 700-17

Objectives – Quality Control for Audit Engagement
Quality Controls
Leadership Responsibilities for Quality Within the Firm
Relevant Ethical Requirements
Independence Requirements
Familiarity Threats

Acceptance and Continuance Procedures
Firm Capability, Competence, Time and Resources
Policies and Procedures on Auditor Withdrawal
Human Resources
Performance Evaluation
Assignment of Engagement Teams
Engagement Performance
Consultation
External Consultants
Documentation of Consultation
Differences of Opinion
Supervision and Review
Review of Working Papers
Engagement Quality Control Review
When is a Non-audit Engagement Subject to Quality Control Review
Nature, Timing and Extent of the Engagement Quality Control Review
Criteria for the Eligibility of Engagement Quality Control Reviewers
Sufficient and appropriate technical expertise
Objectivity of the Engagement Quality Control Reviewer
Consultation with the Engagement Quality Control Reviewer
Suitably Qualified External Persons
Completion of the Assembly of Final engagement Files
Confidentiality, Safe Custody, Integrity, Accessibility and Retrievability of
Engagement Documentation
Retention of Engagement Documentation
Ownership of Engagement Documentation
Monitoring of Quality Controls
Inspections
Disposition of deficiencies noted
Communication of the Results of Monitoring
Complaints and Allegations
Documentation
List of Exhibits

100 Introduction
100.1 This section describes the organization of the audit guidelines and describes the
framework of the audit process for audits of financial statements of small and medium-
sized enterprises as defined in this Guide.
Organization of the manual
100.2 The PICPA Audit Guide (the “Guide”) was developed using the Philippine Standards on
Auditing (“PSAs”) which is the benchmark in conducting financial statement audits; the
Philippine Standards on Quality Control 1, which deals with the practitioner’s
responsibilities for its system of quality control for audits of financial statements; and
the IFAC’s Guide to Using ISAs in the Audits of Small-and Medium-Sized Entities Volumes
1 and 2 (the “IFAC Guides”). Relevant PSAs and the specific paragraph numbers (e.g.,
PSA 300.4) are quoted in bold letters enclosed in a box.
100.3 The Guide defines the standards and procedures to be used as guidelines in the audits
of financial statements of small and medium-sized entities. The Guide would provide
the audit team with a tool to consistently provide quality service to clients.
100.4 In certain instances, it may be necessary to deviate from the standards set in this Guide.
In such instances, the judgment of the engagement partner and the team has to be used
with the end in mind of providing better set of procedures in performing the audit
service.
100.5 The Sections of the Guide contain excerpts from the PSAs which are used as the policy
statement on the subject matter being covered and, from IFAC Guide as illustration of
the practical application of the statements.
100.6 The sample work programs, audit documentation formats and illustrative reports
presented as exhibits for each section are for illustration purposes only. They were
adopted from related PSAs, illustrations from “IFAC Guides” and patterned from the
practices of well-established audit practitioners and, are intended only as reference for
the users of this Guide. As such, they shall be modified depending on the specific
conditions and situations of the auditor.
Overview of the PICPA Audit Methodology
100.7 The Audit Process described in this Guide is divided into seven phases, as follows:
▪ Pre-engagement Procedures
▪ Audit Planning
▪ Study and Evaluation of Client’s Internal Control System
▪ Substantive Tests
▪ Completing the Audit Engagement
Introduction 100 - 1
▪ Issuance of the Audit Report
▪ Post-audit responsibilities
100.8 The seven-phase audit process defines, in chronological order, the major activities being
done for each audit of the financial statements. This means that major activities in each
phase have to be performed before the next phase could be started. Also, output from
the activities previously done becomes the input to the next phase activities.
100.9 Note, however, that there are certain activities in each phase which may be performed
not necessarily sequentially depending on the circumstances. Also, there are certain
audit administration and management activities which are performed throughout the
audit engagement.
Pre-engagement Procedures
100.10 Before a new client or a recurring engagement is accepted, appropriate information is
gathered and evaluated as a basis for deciding whether to accept a new client or retain
an existing client. Auditors shall avoid associating with clients whose management lacks
integrity and with questionable reputation in evaluating a prospective client or in
deciding to continue servicing an existing client.
The engagement partner should be satisfied that appropriate procedures regarding the
acceptance and continuance of client relationships and specific audit engagements have
been followed and that conclusions reached in this regard are appropriate and have been
documented.
The engagement partner shall initiate the decision-making process for acceptance or
continuance regarding the audit engagement. Regardless of whether the engagement
partner initiated that process, the partner determines whether the most recent decision
of accepting an existing client remains appropriate.
The engagement partner shall determine who to accept or retain as a client. A poor
decision can lead to unbillable time, unpaid fees, additional stress on members of the
engagement team, loss of reputation, or – worst of all – potential lawsuits. Philippine
Standard on Quality Control (PSQC 1) and Philippine Standard on Auditing (PSA) 220
require firms and individual practitioners to develop, implement, and document their
quality control procedures in regard to client acceptance and retention policies.
Audit Planning
PSA 300.4
The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.
100.11 Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in
several ways, including the following:
▪ Helping the auditor to devote appropriate attention to important areas of the audit.
▪ Helping the auditor identify and resolve potential problems on a timely basis.
▪ Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.
▪ Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper
assignment of work to them.
▪ Facilitating the direction and supervision of engagement team members and the
review of their work.
▪ Assisting, where applicable, in coordination of work done by auditors of components
and experts.
The nature and extent of planning activities will vary according to the size and complexity
of the audit client, the key engagement team members’ previous experience with the
audit client, and changes in circumstances that occur during the audit engagement.
Audit planning involves obtaining an understanding of the client and its environment,
determining the need for experts, establishing materiality and audit risk, assessing the
possibility of non-compliance, identifying related parties, performing preliminary
analytical procedures, and the development of the overall audit strategy, the detailed
audit plan, and preliminary audit programs.
Study and Evaluation of Internal Controls
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatements,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity’s internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
100.12 The auditor shall obtain an understanding of the client’s internal control structure. There
are five steps in the study and evaluation of client’s internal controls:
1. Obtain and document an understanding of client’s internal control system.
2. Make a preliminary assessment of control risk.
3. Determine the auditor’s response to the risk assessment.
4. Reassess control risk.
5. Determine the nature, extent and timing of substantive tests.
The output of consideration of client’s internal controls would be finalized versions of
the audit strategy, audit plan and audit programs previously developed during audit
planning.
On a recurring engagement, the auditor should focus on aspects of the control structure
that have been added, changed or assumed increased importance since the previous
audit.
100.13 This phase describes the auditor’s approach in understanding and evaluating the client’s
internal control structure as they relate to accounting processes. The purposes of the
evaluation are:
▪ identify where errors and irregularities could occur
▪ determine whether there appears to be potential for reliance on internal controls
▪ design appropriate direct tests of transactions and balances.
100.14 The auditor should evaluate the control environment and obtain a general understanding
of the accounting processes. Based on evaluation and understanding, the auditor should
decide whether or not to rely on client’s internal controls.
100.15 When an auditor evaluates the accounting system to establish reliance on controls, the
auditor identifies and documents both key attributes that provide reasonable assurance
that the system design achieves control objectives, and system deficiencies that result in
objectives not being achieved. Significant internal control deficiencies are summarized
and reported to management on a timely basis.
100.16 The system evaluation allows us to capitalize on our understanding of the accounting
system and the related control procedures to design the most efficient and effective
combination of audit procedures responsive to the risk of material misstatement.
100.17 The evaluation of the client’s accounting system and the related internal control
structure must be performed with the end in view of determining its effect on the
nature, extent and timing of the direct test to be performed in auditing the accounts.
100.18 The auditor integrates and interprets the information gathered during the earlier stages
of the audit and designs an approach to audit each significant account or group of
accounts in the client’s financial statements, including the significant information in the
notes and any supplemental financial information.
100.19 The auditor designs an audit approach - a strategy by which the auditor intends to
achieve the overall audit objective of acquiring sufficient, competent and reliable
evidential matter to be able to express an opinion on the financial statements.
100.20 An approach plan is prepared whether reliance is to be placed (i.e., reliance approach)
on any or all of a client’s controls or whether satisfaction regarding the reliability of the
relevant data and judgments is to be sought (i.e., no-reliance approach) by more
extensive tests of transactions and account balances. The auditor considers the audit
approach each year to determine whether the prior approach continues to be effective
and efficient.
Perform Audit Tests
Test of Controls
100.21 When the auditor intends to rely on a client’s controls (i.e., reliance approach) for one or
more audit objectives, the auditor satisfies himself/herself that those controls were in
use and functioning effectively as intended throughout the period of reliance. The
auditor shall test the effectiveness of those controls he/she intends to rely. The audit
procedures used to achieve this satisfaction are referred to as "tests of controls.”
100.22 The objectives in performing tests of controls is to have a basis in making a conclusion
that the preliminary assessment of control risk, being less than high is well supported;
and also, to assist the auditor in determining whether or not, for the period of reliance, it
is likely that the controls being tested:
▪ Operated effectively.
▪ Was applied throughout the period covered by the audit.
▪ Was performed on a timely basis.
▪ Covered all applicable transactions.
100.23 When the auditor tests controls, the auditor uses professional judgment to determine
the extent of testing. The auditor considers a number of factors in deciding the extent of
tests of controls, including: how frequent the control procedure is performed, the
degree to which the auditor intends to rely on the control as a basis for limiting the
substantive tests, the persuasiveness of the evidence produced by the control, and the
existence of a combination of controls that may reduce the level of assurance that might
be needed from any one of the controls.
100.24 If the tests of controls confirm that the client’s internal controls are operating effectively,
the nature, extent and timing of the substantive test procedures selected to test the
related account balances are those that were initially decided upon when the reliance
approach was planned. If the test results do not confirm the initial assessment of control
risk, we revise the risk assessment and the planned audit approach. For example, if the
tests of controls indicate that certain controls are not as effective as originally believed or
have not functioned as prescribed and compensating controls are not available or were
not effective, we revise our risk assessment, reduce or eliminate our intended reliance,
and design more extensive substantive test procedures to detect misstatements in the
related account balances.
100.25 Control exceptions are investigated to determine, to the extent practical, their causes
(e.g., whether they may be indicative of a pattern or similar exceptions), the monetary
amounts involved, the financial statement accounts affected, and their potential effect
on other audit procedures.
100.26 If the auditor decided, based on the study and evaluation of the client’s internal control
structure, that control risk is assessed to be high and therefore there is a risk of
significant misstatement in the financial statements, and a no-reliance audit approach is
more appropriate, then the auditor performs a direct test of the account balance (i.e.,
direct substantive test procedures)
Substantive Tests
100.27 Substantive test procedures are audit procedures designed to obtain direct evidence as
to the completeness, accuracy, and validity of data and as to the reasonableness of the
estimates and other information contained in the financial statements. Substantive
procedures include inquiry, observation, inspection, confirmation, re-performance tests,
analyses of many types, and analytical reviews.
100.28 The nature, timing, and extent of substantive test procedures are responsive to the
auditor’s risk assessments for each of the relevant sources of information affecting a
significant account.
100.29 The auditor selects the substantive test procedures that, in the auditor’s judgment and
based on the auditor’s risk assessments, are required by the specific circumstances.

100.30 After all the previous steps in the audit process have been accomplished, the auditor:
▪ performs final analytical procedures,
▪ reads minutes of recent board and committee meetings,
▪ obtains management representation letters.
▪ makes final materiality judgments,
▪ summarizes and evaluates the audit findings,
▪ reviews the working papers,
▪ reviews the financial statement presentation and disclosures for adequacy, and
▪ considers subsequent events.
The above procedures require the exercise of considerable professional judgment and
thus are generally performed by the more senior members of the engagement team.
At this stage, the auditor communicates the updated list of findings to management
and, depending on the circumstances, to those charged with governance.
PSA 265.5
The objective of the auditor is to communicate appropriately to those charged with
governance and management deficiencies in internal control that the auditor has identified
during the audit and that, in the auditor’s professional judgment, are of sufficient importance
to merit their respective attention
100.31 The auditor shall promptly communicate to management and to those charge with
governance, the following:
▪ The auditor’s views about significant qualitative aspects of the entity’s accounting
practices, including accounting policies, accounting estimates and financial statement
disclosures. When applicable, the auditor shall explain to those charged with
governance why the auditor considers a significant accounting practice, that is
acceptable under the applicable financial reporting framework, not appropriate to
the particular circumstances of the entity;
▪ Significant difficulties, if any, encountered during the audit;
▪ Material weaknesses, if any, in the design, implementation or operating effectiveness
of internal control that have come to the auditor’s attention and have been
communicated to management;
▪ Significant matters, if any, arising from the audit that were discussed, or subject to
correspondence with management.
100.32 In deciding to whom within the entity to report the auditor’s findings, consider the
circumstances. If there are irregularities, the auditor should consider the likelihood of
management involvement. In most cases, it is appropriate to report the matter to a level
in the client’s organization above that responsible for the persons we believe are
implicated. If the auditor doubts those persons ultimately responsible for the
preparation and presentation of the entity’s financial statements and, for the overall
direction of the entity, the auditor normally seeks legal advice to determine the
procedures to follow.
100.33 The auditor discusses audit differences with the client and encourages adjustment of the
financial statements for known errors and other misstatements, unless the auditor finds
them clearly insignificant. The auditor encourages the client to investigate probable
errors to determine the appropriate adjustment.
100.34 The auditor prepares a summary of unadjusted differences (ie., adjusting journal entries
passed on to the client) and evaluates the over-all impact of these adjustments. See
discussion on materiality paragraphs 300.49 to 300.59.
Issuance of the Audit Report

100.35 Finally, the auditor prepares the audit report, which describes the scope of the audit and
states the auditor’s conclusion regarding the fairness of the financial statements and
generally also communicates to management and the audit committee significant control
structure deficiencies noted during the course of the audit.
Post-audit Responsibilities
100.36 This phase of the audit process involves assessing and evaluating the quality of delivery
of the auditor. An assessment is made regarding the audit team’s performance in the
current year to identify successes, areas where improvements are possible and
recommendations for the following year’s audit.
100.37 The engagement process begins with briefing, where members of the audit team are
appraised of the specific output of each phase; and ends on debriefing where members
of the audit team review the conduct of the audit to identify areas for improvement – all
for purposes of enhancing the quality of services to clients.
Audit Risk Management

100.38 Audit risk (ie., the possibility that the financial statements under audit may contain
significant misstatements, coupled by the possibility that the auditor may not be able to
detect those misstatements) management process should be considered on a continuing
basis, that is, from the start to the final stage of the audit process. Any significant issues
that come to the attention of the auditor should be communicated promptly to the
engagement partner.
Philippine Institute of Certified Public Accountants
Audit Methodology Framework
• Gather information about prospective client
• Perform client acceptance and continuance procedures
• Agree with the client on the terms of engagement
Pre-engagement
A • Brief engagement team members E
U N
D • Set the audit scope G
• Schedule timing and deadlines
I • Identify and assign audit team A
Audit Planning • Set audit time and cost budgets
T • Review and approve audit plan G
• Communicate audit plan
E
• Understand and evaluate:
R - Internal control structure
M
Study & - Accounting processes (routine, non-routine, accounting estimates)
I Evaluation of • Test of controls
E
Internal Control
S N
K T
• Design work programs
• Perform substantive test procedures
• Consider other audit procedures
M Substantive M
Testing
A A
N • Perform final analytical procedures N
• Summarize and evaluate audit differences and findings
A • Review audit documentation A
Completing the • Review subsequent events
G Audit G
E E
M • Discuss and agree with client on audit conclusions
M
•
E Issuance of the •
Review financial statement presentation and disclosures
Prepare audit report
E
Audit Report
N N
T T
• Perform engagement quality control review
• Assemble final audit files
Post-audit • Debrief engagement team members
Responsibilities
200 Concepts and Principles
PSA 200.3
The purpose of an audit is to enhance the degree of confidence of intended users in the
financial statements. This is achieved by the expression of an opinion by the auditor on
whether the financial statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework. In the case of most general purpose frameworks,
that opinion is on whether the financial statements are presented fairly, in all material
respects, in accordance with the framework. An audit conducted in accordance with PSAs and
relevant ethical requirements enables the auditor to form that opinion.
200.1 The auditor obtains sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the auditor’s audit opinion after performing the phases of
the audit process: pre-engagement procedures, audit planning, study and evaluation of
internal control, substantive testing, audit completion, issuance of the audit report, and
post-audit responsibilities.
200.2 This section provides a description of some audit concepts that the auditor uses
throughout the audit process to help the auditor plan and perform the audit in
accordance with PSAs.
200.3 The audit concepts described in this section include:

❑ audit risks
❑ residual risk of material misstatements
❑ accounting processes
❑ risk of material misstatement
❑ financial statement assertions and audit objectives
❑ materiality
❑ audit evidence
❑ risk assessment procedures
❑ further audit procedures: tests of control and substantive procedures
❑ subsequent events
❑ going concern
Audit Risks
200.4 Audit risk is the possibility that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. The objective of the audit is to
reduce this audit risk to an acceptably low level.
Concepts and Principles 200 - 1

200.5 Audit risk is a function of the following risks:
❑ Risk of material misstatement – the possibility that the financial statements are
materially misstated prior to audit due to the nature of the accounts and business of
the client, absence of internal controls (i.e., inherent risk), or having internal
controls which are not operating effectively (i.e., control risk).
❑ Detection risk – the possibility that the auditor’s substantive procedures may not be
able to detect material misstatements in the financial statements.
Inherent risk
200.6 Inherent risk is the susceptibility of an assertion about a class of transaction, account
balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, because of absence of controls. Inherent
risk results from various external and internal factors, pressures and forces brought to
bear on the entity. Factors at the financial statement level include the integrity of
management; management experience and knowledge; and changes in management
during the period. It also includes factors at the account balance level, such as the
presence of financial statement accounts likely to be susceptible to misstatement.
Examples:
▪ The inexperience of new management may affect the preparation of the financial
statements of the entity.
▪ A company selling perishable goods has a higher risk of loss due to spoilage as
compared to a company selling construction materials.
▪ A sales clerk has to decide what price to charge for a product that is on sale.
Although clearly marked P500.00, the clerk is uncertain if the item is part of a 10
percent off sale. If the clerk grants the discount when the item is not really on sale, a
pricing error occurs. This is an example of inherent risk. [Auditing, Assurance and
Risk by W. Robert Knechel]
▪ A company with accounts which require adjustment in the prior period, or which
involve a high degree of estimation has considerable inherent risk.
Control risk
200.7 Control risk is the possibility that a misstatement that could occur in an assertion about
a class of transaction, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control.
Examples:
▪ Controls may be circumvented by collusion involving managerial level and employee
level personnel.

▪ A credit manager is responsible for reviewing credit applications from potential
customers in order to reduce the risk of uncollectible accounts. After receiving full
documentation on the customer, including credit reports, the credit manager fails to
notice that the customer has previously defaulted on multiple obligations and
approves a line of credit. Subsequently, the company has to write off the customer’s
balance. [Auditing, Assurance and Risk by W. Robert Knechel]
200.8 The PSAs do not ordinarily refer to inherent risk and control risk separately, but rather to
a combined assessment of the “risks of material misstatement.” However, the auditor
may make separate or combined assessments of inherent and control risk depending on
preferred audit techniques or methodologies and practical considerations. The
assessment of the risks of material misstatement may be expressed in quantitative
terms, such as in percentages, or in non-quantitative terms. In any case, the need for the
auditor to make appropriate risk assessments is more important than the different
approaches by which they may be made.
Detection risk
200.9 Detection risk is the possibility that the procedures performed by the auditor (i.e.,
substantive procedures) to reduce audit risk to an acceptably low level will not detect a
misstatement that exists and that could be material, either individually or when
aggregated with other misstatements.
Examples:
▪ An auditor frequently uses sampling in performing audit procedures, giving rise to
the risk that the misstatement that should have been detected is not included in the
samples selected.
▪ An auditor performing inventory counts at a client’s warehouse is rarely able to
count or observe everything so it is possible that he or she may not notice that some
inventory listed on the financial statements may not actually exist. [Auditing,
Assurance and Risk by W. Robert Knechel]
Residual Risks of Material Misstatement

200.10 Management and those charged with governance establishes a wide variety of controls
for varied purposes, such as the preparation of fair financial statements, efficiency and
effectiveness of operations, and compliance with internal and external requirements. In
the context of the audit of the financial statements, the auditor is concerned with those
controls that impact the financial statements and the audit, and thus addresses control
risks.
200.11 One focus area in assessing the residual risk of material misstatement is the remaining
business risks which are mainly relating to the risks that the entity’s accounting
estimates and presentation and disclosure decisions may lead to material misstatement
in the financial statements and could mislead the users of the financial statements
despite the proper functioning of business controls.

200.12 Factors to consider in assessing the remaining business risks include:
▪ the quality of the information used
▪ management bias
▪ competency of client personnel
▪ complexity of business transactions.
The above factors may adversely affect the achievement of the entity’s business
objectives and, may give rise to audit risk. Hence, necessary assessment of which
should be considered.
Accounting Processes
200.13 Companies enter into transactions to pursue its business objectives. A transaction is an
event involving the exchange of value between the company and an external party. The
more common transactions are purchases of goods or services from suppliers, sale of
goods or services to customers, borrowing from financial institutions, or payment of
salaries to employees.
200.14 The transactions are passed through the accounting system of the companies to come
up with financial statements. These transactions and the related accounting processes
are usually grouped into classes according to common features, properties or qualities
as follows:
▪ Routine transactions
▪ Non-routine transactions
▪ Accounting estimates
Routine transactions
200.15 Routine transactions are those transactions that are usually conducted to pursue the
entity's day-to-day business with the outside world, such as sales or revenue, purchases,
cash payments and cash receipts. Routine transactions are likely to be:
▪ numerous;
▪ recurring;
▪ objectively measurable, requiring little or no judgment in determining the amount
to be recorded;
▪ processed in a similar way each time they occur.
200.16 Despite these characteristics, in the absence of effective controls, the risk of material
misstatement for many routine transactions may be high.
Management usually establishes effective controls over the recording, processing and
reporting of routine transactions to provide reasonable assurance regarding the

achievement of objectives relating to operations, financial reporting and compliance
with laws and regulations.
200.17 The characteristics of routine transactions often permit highly automated processing by
the computer information systems with little or no manual/human intervention. These
characteristics may also permit incorporating business rules into the system to the end
that each transaction entered into the system for processing is compared to established
criteria and subjected to a number of tests. Moreover, reporting may be designed to
highlight exceptions for follow-up, and identify matters such as changes in size, volume
and amounts of transactions.
Non-Routine transactions
200.18 Non-routine transactions are transactions that occur infrequently. Non-routine
transactions may:
❑ be relatively few in number;
❑ be unusual and in some cases unpredictable;
❑ require judgment to determine amounts and the accounting period for recording;
❑ involve questions of intent or economic substance.
200.19 Non-routine transactions may include:

❑ business transactions that are unusual in some respect. For example, large
transactions timed close to the period-end.
❑ business transactions outside the routine activities of the entity . For example,
acquisitions, dispositions, borrowings and sale and lease-back transactions.
❑ accounting entries outside the normal course of business. For example, closing
entries made only at period-end or other external reporting dates.
Accounting Estimates
200.20 An accounting estimate is an approximation of the amount of an item in the absence of
a precise means of measurement.
PSA 540.6
The objective of the auditor is to obtain sufficient appropriate audit evidence about whether:
(a) accounting estimates, including fair value accounting estimates, in the financial
statements, whether recognized or disclosed, are reasonable, and
(b) related disclosures in the financial statements are adequate, in the context of the
applicable financial reporting framework.
200.21 In financial statements, accounting estimates measure the effects of business risks, past
business transactions or other events, or the present status of an asset or liability.

200.22 Accounting estimates are included in the financial statements because:
❑ the measurement of some amounts or the valuation of some accounts is uncertain,
pending the outcome of future events;
❑ relevant data concerning events that have already occurred cannot be accumulated
on a timely, cost-effective basis.
Examples:
❑ the allowance for uncollectible accounts
❑ write-downs of inventories to net realizable value
❑ recoverable amounts included in the computation of impairment losses on
property, plant and equipment
❑ provisions for probable loss due to lawsuits
❑ pension liabilities and expense
200.23 Accounting estimates originate as accounting entries within the entity and therefore are
different from transactions. Some accounting estimates are routine and some are non-
routine.
For example, routine accounting estimates include those for deferred income taxes and
depreciation expense allocating the cost of fixed assets over their estimated useful lives.
Non-routine accounting estimates may include those for environmental clean-up costs,
provision for losses from pending lawsuits and allowances to reduce inventory and
receivables to their estimated realizable value.
200.24 Management is responsible for accounting estimates. To fulfill this responsibility,

management:
❑ identifies the accounting estimates required;
❑ identifies factors that may influence the accounting estimates;
❑ makes assumptions to estimate the likely effect of those factors;
❑ gathers data and estimates the amount.
200.25 To determine whether management has identified the accounting estimates that may be
significant to the financial statements the auditor may:
❑ ask management about the need to make accounting estimates;
❑ review the assertions in the financial statements to determine the need for
accounting estimates;
❑ consider information obtained from other audit procedures.
200.26 Accounting estimates are often based on data derived from routine transactions
processed by the entity's computer information systems. Controls may be effective with
respect to the completeness, accuracy and validity (existence) of such underlying data.

200.27 It may be more difficult for management to establish controls that are effective for the
judgments that enter into accounting estimates. The difficulty may be increased
because judgments may need to change when economic and industry circumstances
change.
200.28 Even though it may be difficult for management to implement effective controls for
aspects of accounting estimates, it may be important for management to do so, for
instance for those accounting estimates that are material in the financial statements.
For example, assumptions used in calculations of the liability and cost of retirement
plans may be approved by appropriate committees of those charged with governance
which may utilize independent specialists for advice, such as professional actuaries.
200.29 The auditor is responsible for evaluating the reasonableness of accounting estimates
made by management in the context of the financial statements taken as a whole. If the
auditor believes there are material weaknesses, the auditor reports them to
management and, if appropriate, to those charged with governance.
200.30 A difference between the outcome of an accounting estimate and the amount originally
recognized or disclosed in the financial statements does not necessarily represent a
misstatement of the financial statements. This is particularly the case for fair value
accounting estimates, as any observed outcome is invariably affected by events or
conditions subsequent to the date at which the measurement is estimated for purposes
of the financial statements. (IFAC Guide, Vo. 1, Second Edition, page 138)
Risk of Material Misstatement
PSA 200.5
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance
about whether the financial statements as a whole are free from material misstatement,
whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained
when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e.,
the risk that the auditor expresses an inappropriate opinion when the financial statements are
materially misstated) to an acceptably low level. However, reasonable assurance is not an
absolute level of assurance, because there are inherent limitations of an audit which result in
most of the audit evidence on which the auditor draws conclusions and bases the auditor’s
opinion being persuasive rather than conclusive.
200.31 A misstatement is a difference between the amount, classification, presentation, or

disclosure of a reported financial statement item and the amount, classification,
presentation, or disclosure that is required for the item to be in accordance with the
applicable financial reporting framework. Misstatements can arise from error or fraud.
When the auditor expresses an opinion on whether the financial statements are
presented fairly, in all material respects, misstatements also include those adjustments
of amounts, classifications, presentation, or disclosures that, in the auditor’s judgment,
are necessary for the financial statements to be presented fairly, in all material respects.

200.32 A material misstatement is a misstatement that, when accumulated with others, could
cause the financial statements to be materially misstated.
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatement,
misstatement.
200.33 The auditor makes preliminary assessments of the risk of material misstatement in the
understanding and evaluating internal control structure phase and accounting processes
of the audit process.
200.34 The risk of material misstatement may be higher for audit objectives relating to
accounting estimates for one or more of the following reasons:
❑ accounting principles for accounting estimates may be unsettled, unclear or subject
to wide interpretation;
❑ required judgments may be subjective, complex and require assumptions about the
effects of future events;
For example, pension expense and warranty liabilities judgments may either overlook or
misinterpret current developments. Another example, judgments may overlook effects
of a rapidly changing technological environment on the estimates of useful lives
required in calculations of depreciation expense.
200.35 Management may establish the following types of controls to help reduce this risk:
❑ develop accounting estimates using qualified and experienced personnel, including
external experts;
❑ review and approval by higher levels of management of the relevant factors and the
development of assumptions;
❑ periodic review of methods of developing the factors and the assumptions;
❑ comparison of accounting estimates made in prior periods with results in
subsequent periods;
❑ consideration by appropriate levels of management of whether the accounting
estimates are consistent with the operational plans of the entity.
The risk of material misstatement for non-routine transactions is usually higher than for
routine transactions, due to factors such as:
❑ greater management intervention to specify accounting;
❑ greater manual intervention for data collection and processing;
❑ greater judgment required in determining amounts;

❑ complex calculations or accounting principles;
❑ the nature of non-routine transactions may make it difficult for management to
implement effective controls for non-routine transactions as compared to routine
transactions.
200.36 Even though it may be difficult for management to implement effective controls for
non-routine transactions, management may do so. For example:
❑ controls may include policies and procedures for authorization and approval of non-
routine transactions. These activities may include consideration by the board of
directors for transactions such as acquisitions, disposals and related party
transactions.
❑ When the entity has entered into an unusual or complex transaction and the risk of
material misstatement is high, the auditor obtains an understanding of the
substance of the entity's arrangements and transactions with third parties.
❑ The auditor considers whether to confirm the terms of the transactions with the
other parties in addition to examining documentation held by the entity. For
example, the auditor may confirm terms such as side agreements or terms that, in
effect, allow for return of the merchandise.
❑ The auditor also considers whether there may be side agreements between the
entity and its customers. When appropriate, in addition to confirming account
balances and material revenue transactions, the auditor may also confirm relevant
contract terms with customers to obtain assurance that side agreements do not
exist. The auditor confirms such terms with the contract signer.
Financial Statement Assertions and Audit Objectives

Financial statement assertions
200.37 Assertions are representations (i.e., accounts and amounts) by management, explicit or
otherwise, that are embodied in the financial statements, as used by the auditor to
consider the different types of potential misstatements that may occur. They relate to
the recognition, measurement, presentation, and disclosure of the various elements
(amounts and disclosures) in the financial statements. For example, the completeness
assertion relates to all transactions and events that should have been recorded having
been recorded. They are used by the auditor to consider the different types of potential
misstatements that may occur. (IFAC Guide, Vol. 1, Second Edition, page 23)
200.38 PSA 315, par. A111 classifies assertions as follows:

❑ Assertions about classes of transactions and events for the period under audit;
❑ Assertions about account balances at the period end; and
❑ Assertions about presentation and disclosure
200.39 Assertions about classes of transactions and events for the period under audit include:

❑ Occurrence—transactions and events that have been recorded have occurred and
pertain to the entity
❑ Completeness—all transactions and events that should have been recorded have
been recorded.
❑ Accuracy—amounts and other data relating to recorded transactions and events
have been recorded appropriately.
❑ Cutoff—transactions and events have been recorded in the correct accounting
period.
❑ Classification—transactions and events have been recorded in the proper accounts.
Assertions about account balances at period end include:

❑ Existence—assets, liabilities, and equity interests exist.
❑ Rights and obligations—the entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
❑ Completeness—all assets, liabilities and equity interests that should have been
recorded have been recorded.
❑ Valuation and allocation—assets, liabilities, and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or
allocation adjustments are appropriately recorded.
Assertions about presentation and disclosure include:

❑ Occurrence and rights and obligations—disclosed events, transactions, and other
matters have occurred and pertain to the entity.
❑ Completeness—all disclosures that should have been included in the financial
statements have been included.
❑ Classification and understandability—financial information is appropriately
presented and described, and disclosures are clearly expressed.
❑ Accuracy and valuation—financial and other information are disclosed fairly and at
appropriate amounts.
Audit Objectives
200.40 An audit objective is the auditor’s goal of obtaining sufficient appropriate audit evidence
about one or more of these financial statement assertions.
200.41 The auditor shall develop audit objectives to address the financial statement assertions
relating to the financial statement implications of business risks and classes of
transactions. A financial statement implication relates, for example, to a:
❑ Class of transactions
❑ Accounting estimate
❑ Presentation and disclosure decision

200.42 The auditor identifies the financial statement implications, and develops or confirms
his/her audit objectives while performing the audit tests.
Critical audit objectives

200.43 The audit aims to provide reasonable assurance that the financial statements are free of
material misstatement.
200.44 Critical audit objectives usually relate more to the material financial statement
implications of business risks and classes of non-routine transactions than to material
classes of routine transactions.
200.45 This may be the case when the auditor’s understanding of business risks is based on
highly uncertain factors as it may be more difficult for us to obtain sufficient
appropriate audit evidence for related audit objectives. One possible reason for this is
that management needs to apply a higher degree of judgment to predict the financial
statement implications of these business risks.
200.46 The judgment as to what are designated as critical audit objectives often depends on
the surrounding circumstances, such as the nature of the business, its usual profitability,
disclosure requirements and other issues the auditor considers.
For example, the auditor considers, among others:

❑ the existence of related party transactions;
❑ the potential defaults under contractual agreements, such as debt agreements;
❑ the reversal in previous trends in profits or liquidity;
❑ the likelihood of illegal acts.
200.47 The auditor or the engagement partner, in the case of partnership, is responsible for
providing overall direction for the audit approach to critical audit objectives, including:
❑ the nature, timing and extent of audit procedures;
❑ the involvement of more experienced audit staff and specialists. A partner may
consult an actuarial specialist on aspects of the pension liability, or an
environmental specialist on aspects of environmental liabilities.
200.48 The audit or the engagement partner, in the case of partnership, is responsible for
reviewing audit working papers relating to critical audit objectives.
200.49 The auditor sets out the critical audit objectives, including his/her approach to them and
the conclusions thereof.

Materiality
PSA 320.8
The objective of the auditor is to apply the concept of materiality appropriately in planning
and in performing the audit.
200.50 Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements. Materiality depends on
the size of the item or error judged in the particular circumstances of its omission or
misstatement. Thus, materiality provides a threshold or cut-off point rather than being
a qualitative characteristic which information must have if it is to be useful.
200.51 Financial statements may be materially misstated due to the effect of:
❑ an individual omission or misstatement (a material misstatement); or
❑ the cumulative effect of a number of misstatements (significant misstatements) that
are not individually considered material.
200.52 A material misstatement is a misstatement that, when accumulated with others, could
cause the financial statements to be materially misstated. The auditor considers the
cumulative effect of material misstatements.
200.53 Financial statements may be materially misstated as a result of fraud or error. Fraud is
an intentional act by one or more individuals among management, employees or third
parties. An error is an unintentional misstatement.
200.54 There are three levels of materiality:

❑ Overall materiality or materiality at the financial statement level
❑ Performance materiality
❑ Specific materiality or materiality applied to specific classes of transactions, account
balances or disclosures [AASC Bulletin 2010-001]
For more on the use of materiality in planning an audit, see Section 300 – Audit
Planning, topic on Materiality.
200.55 The assessment of materiality is a matter of the auditor’s professional judgment. In

applying this judgment the auditor considers both the amount (quantity) and nature
(quality) of misstatements.
200.56 The amount of a misstatement by itself, without taking account of the nature of the
misstatement and the surrounding circumstances, is not usually a sufficient basis for a
judgment of materiality.

200.57 Surrounding circumstances include the relative size of the misstatement compared to
the financial statements in total and the factual context in which the user of the
financial statements would view the financial statement item containing the
misstatement.
200.58 Surrounding circumstances that can affect the auditor’s professional judgment of
materiality include, but are not limited to, whether the misstatement:
❑ changes a loss into profit or vice versa;
❑ is intentional or unintentional;
❑ affects the entity's compliance with applicable laws and regulations;
❑ affects the entity's compliance with debt covenants or other contractual
requirements;
❑ has the effect of increasing management's compensation;
❑ may result in a significant positive or negative market reaction;
❑ arises from an item capable of precise measurement or whether it arises from an
estimate and, if so, the degree of imprecision inherent in the estimate;
❑ involves concealment of an unlawful transaction.
200.59 The auditor determines materiality based on his/her perception of the needs of users. In
applying his/her professional judgment, it is reasonable for the auditor to assume that
users of the financial statements:
▪ Have a reasonable knowledge of business, economic activities, and accounting, and

have a willingness to study the information in the financial statements with reasonable
diligence;
▪ Understand that financial statements are prepared and audited to levels of materiality;
▪ Recognize the uncertainties inherent in the measurement of amounts based on the use
of estimates,   judgment, and the consideration of future events; and
▪ Make reasonable economic decisions on the basis of the information in the financial
statements. (IFAC Guide, Vol. 1, Second Edition, page 86) 
200.60 As a result of the interaction of quantitative and qualitative considerations in the

auditor’s judgment of materiality, a misstatement of a relatively small amount that
comes to the auditor’s attention could have a material effect on the financial
statements.
200.61 Materiality is not an absolute number. It represents a grey area between what is very
likely not material and what is very likely material. Consequently, the assessment of
what is material is always a matter of professional judgment.

Audit Evidence
Obtaining audit evidence
PSA 500.4
The objective of the auditor is to design and perform audit procedures in such a way as to
enable the auditor to obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the auditor’s opinion.
200.62 This sub-section discusses:

❑ the sufficiency of audit evidence
❑ the appropriateness of audit evidence
❑ techniques to obtain audit evidence
❑ selecting items for testing.
200.63 The auditor obtains audit evidence as he/she performs the phases of the audit process.
Audit evidence is obtained for each of the audit objectives to:
❑ support the assessment of the risk of material misstatement
The auditor may obtain this evidence by supporting the his/her understanding of
residual business risks and performing tests of control.
❑ respond to the auditor’s assessment of the risk of significant misstatement.
The auditor obtains this evidence by performing analytical procedures and tests of
details.
200.64 The auditor obtains audit evidence by performing an appropriate mix of audit
procedures, including tests of control, analytical procedures and tests of details, as
well as risk assessment procedures.
Sufficiency of audit evidence

200.65 Sufficiency is a measure of the quantity of audit evidence. Sufficiency is related to the
extent of the auditor’s audit work, with respect to the his/her assessed level of audit
risk. The auditor judges the required extent of audit procedures by considering the
following:
❑ nature of the account balance or class of transactions, including the number and
relative sizes of items in the population;
❑ risk of material misstatement in the financial statement assertions covered by the
auditor’s audit objectives;
❑ nature and timing of the planned audit procedures;
❑ audit evidence obtained from other audit procedures.

Appropriateness of audit evidence
200.66 Appropriateness is a measure of the quality of audit evidence, its relevance to an
assertion and its reliability. Appropriateness is related to the nature and timing of the
auditor’s audit work.
Nature
200.67 The auditor judges the nature of the required audit procedures by considering the
following generalizations:
❑ audit evidence obtained from outside the entity is more persuasive than that
obtained from within the entity;
❑ audit evidence obtained from or created by unrelated third parties is more
persuasive than that obtained from related parties;
❑ audit evidence obtained from inside the entity is more persuasive when related
controls are effective;
❑ audit evidence obtained directly through performing an inspection, observation or
computation is more persuasive than that obtained indirectly by inquiry of others;
❑ audit evidence in the form of documents and written representations is more
persuasive than oral representations;
❑ audit evidence obtained from several sources that suggest the same conclusion is
more persuasive than that obtained from only one source.
200.68 When the auditor obtains consistent evidence from different sources or from
performing different techniques the auditor may obtain a cumulative degree of
evidence higher than that which attaches to the individual items by themselves.
200.69 Conversely, when audit evidence from one source is inconsistent with that from
another, the auditor usually performs additional audit work to resolve the
inconsistency.
Timing
200.70 The auditor may perform tests of control or substantive procedures before or after the
period-end covered by the financial statements.
200.71 Timing refers to when audit procedures are performed, or the period or date to which
the audit evidence applies.
Before or at the Period End?

In most instances (particularly with small entities), audit procedures will be carried out
at the period end and later. In addition, the higher the risks of material misstatement,
the more likely it would be for substantive procedures to be performed nearer to, or
after, the period end. (IFAC Guide, Vol. 1, Second edition, page 113)

200.72 Performing audit work before the period-end allows the auditor to consider significant
matters that may affect the period-end financial statements and to change the audit
approach, if necessary.
200.73 When the auditor performs audit work before the period-end, he/she recognizes the
potentially increased risk that a material misstatement that may exist at the period-end
may not be detected.
200.74 The auditor reduces this potentially increased audit risk by performing additional audit
work to cover the remaining period in a way that provides a reasonable basis for
extending the audit conclusions to the period-end. The auditor usually compares
information at the period-end date with comparative information at the date of the
auditor’s earlier audit work to identify unusual amounts or trends. The auditor
investigates such unusual matters.
Techniques to obtain audit evidence

200.75 The auditor obtains audit evidence by performing an appropriate mix of audit
procedures, including tests of control, analytical procedures and tests of details.
200.76 Such audit work involves one or more of the following techniques:
❑ inspection
❑ observation
❑ inquiry
❑ confirmation
❑ recalculation
❑ analytical procedures
❑ re-performance
200.77 The auditor may use the computer as an audit tool to apply some of the above audit
techniques. The use of the computer as an audit tool is known as computer-assisted audit
techniques (CAATS).
Inspection
200.78 Inspection involves examining records or documents, whether internal or external, in
paper form, electronic form, or other media, or a physical examination of an asset.
Inspection of records and documents provides audit evidence of varying degrees of
reliability, depending on their nature and source and, in the case of internal records and
documents, on the effectiveness of the controls over their production. An example of
inspection used as a test of controls is inspection of records for evidence of
authorization.

The auditor often uses inspection techniques as part of his/her follow-up procedures for
observations or inquiries.
Observation
200.79 Observation consists of looking at a process or procedure being performed by others,
for example, the auditor’s observation of inventory counting by the entity’s personnel,
or of the performance of control activities. Observation provides audit evidence about
the performance of a process or procedure, but is limited to the point in time at which
the observation takes place, and by the fact that the act of being observed may affect
how the process or procedure is performed.
Inquiry
200.80 Inquiry consists of seeking information of knowledgeable persons, both financial and
nonfinancial, within the entity or outside the entity. Inquiry is used extensively
throughout the audit in addition to other audit procedures. Inquiries may range from
formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an
integral part of the inquiry process.
200.81 Responses to inquiries may provide the auditor with information not previously
possessed or with corroborative audit evidence. Alternatively, responses might provide
information that differs significantly from other information that the auditor has
obtained, for example, information regarding the possibility of management override
of controls. In some cases, responses to inquiries provide a basis for the auditor to
modify or perform additional audit procedures.
200.82 Although corroboration of evidence obtained through inquiry is often of particular

importance, in the case of inquiries about management intent, the information
available to support management’s intent may be limited. In these cases, understanding
management’s past history of carrying out its stated intentions, management’s stated
reasons for choosing a particular course of action, and management’s ability to pursue a
specific course of action may provide relevant information to corroborate the evidence
obtained through inquiry.
200.83 In respect of some matters, the auditor may consider it necessary to obtain written
representations from management and, where appropriate, those charged with
governance to confirm responses to oral inquiries.
External confirmation
200.84 An external confirmation represents audit evidence obtained by the auditor as a direct
written response to the auditor from a third party (the confirming party), in paper form,
or by electronic or other medium. External confirmation procedures frequently are

relevant when addressing assertions associated with certain account balances and their
elements. However, external confirmations need not be restricted to account balances
only.
For example, the auditor may request confirmation of the terms of agreements or
transactions an entity has with third parties; the confirmation request may be designed
to ask if any modifications have been made to the agreement and, if so, what the
relevant details are. External confirmation procedures also are used to obtain audit
evidence about the absence of certain conditions, for example, the absence of a “side
agreement” that may influence revenue recognition.
200.85 As the risk of significant misstatement increases, the auditor selects substantive
procedures to obtain more or different audit evidence about a financial statement
assertion. In these situations, the auditor may use external confirmation procedures
rather than, or in conjunction with, tests directed toward documents or parties within
the entity.
200.86 Examples of situations where the auditor may use external confirmations are:
❑ receivable balances and terms
❑ bank balances and other information relevant to banking relationships
❑ inventories held by third parties at bonded warehouses for processing or on
consignment
❑ property title deeds held by lawyers for safe custody or as security
❑ investments purchased from stockbrokers but not delivered at the period-end date
❑ unsecured loans from lenders
❑ payables balances and terms
Recalculation
200.87 Recalculation consists of checking the mathematical accuracy of documents or records.
Recalculation may be performed manually or electronically.
Analytical Procedures
200.88 Analytical procedures consist of evaluations of financial information made by a study of

plausible relationships among both financial and non-financial data. Analytical
procedures also encompass the investigation of identified fluctuations and relationships
that are inconsistent with other relevant information or deviate significantly from
predicted amounts.
200.89 Analytical procedures used as risk assessment procedures help to identify matters that
have financial statement and audit implications. Some examples are unusual
transactions or events, amounts, ratios, and trends.

200.90 There are a number of possible techniques that can be used to perform the analytical
procedures. The objective is to select the most appropriate technique to provide the
intended levels of assurance and precision. Techniques include:
▪ Ratio analysis
▪ Trend analysis
▪ Break-even analysis
▪ Pattern analysis, and
▪ Regression analysis
Re-performance
200.91 Re-performance involves the auditor’s independent execution of procedures or controls
that were originally performed as part of the entity’s internal control.

PSA 315.5
The auditor shall perform risk assessment procedures to provide a basis for the identification
and assessment of risks of material misstatement at the financial statement and assertion
levels. Risk assessment procedures by themselves, however, do not provide sufficient
appropriate audit evidence on which to base the audit opinion.
200.92 Risk assessment procedures are the audit procedures performed to obtain an
understanding of the entity and its environment, including the entity’s internal control,
to identify and assess the risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels.
200.93 The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial
statement and assertion levels. Risk assessment procedures by themselves, however,
do not provide sufficient appropriate audit evidence on which to base the audit
opinion.
200.94 The risk assessment procedures shall include the following:

❑ Inquiries of management, and of others within the entity who in the auditor’s
judgment may have information that is likely to assist in identifying risks of material
misstatement due to fraud or error;
❑ Analytical procedures;
❑ Observation; and
❑ Inspection.

Tests of control
200.95 Test of controls are audit procedures designed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at the
assertion level.
200.96 Typical tests of controls include the selection of a representative sample of transactions
or supporting documentation to:
▪ Observe the operation of an internal control procedure being performed;

▪ Inspect evidence that the control procedure was performed;
▪ Inquire about how and when the procedure was performed; and
▪ Re-perform the operation of the control procedure (such as where the information
system is computerized).
(IFAC Guide, Volume 1, Second edition, page 116)
200.97 There are five steps in the Study and Evaluation of Internal Controls phase of the audit:
1. Obtain and document an understanding of internal control.
It is during step 3 that tests of controls are performed.
The output of consideration of internal control evaluation would be finalized versions of

the audit strategy, audit plan and audit programs previously developed during audit
planning. Internal controls and the five steps above are presented and discussed further
in Section 400.
200.98 Tests are applied only to those controls on which the auditor intends to rely when
designing substantive tests of account balances. An auditor would not rely on, and
therefore not test, a particular control if the audit effort required to test the control
exceeded the reduction in year-end audit effort that could be achieved by reliance.
200.99 Tests of control activities are necessary to support a less-than-high risk assessment
because control activities and related accounting procedures are applied in more
detailed levels and have more direct effects on specific audit objectives and account
balances within transaction cycles than do controls that are part of the other
components of internal control.
200.100 The tests generally consist of one, or a combination of, the following procedures:
❑ Observation; and inquiry of client personnel;
❑ Observation of the application of policies and procedures;

❑ Inspection (i.e., examination of documents);
❑ Re-performance or recalculation
200.101 The procedures used in testing controls should be sufficiently comprehensive to

support the control risk assessment.
Substantive procedures
200.102 Substantive procedures are tests performed to obtain audit evidence to detect
material misstatements in the financial statements. There are two types of
substantive procedures:
❑ analytical procedures
❑ tests of details of transactions and account balances.
PSA 330.18
Irrespective of the assessed risks of material misstatement, the auditor shall design and
perform substantive procedures for each material class of transactions, account balance and
disclosure.
PSA 330.20
The auditor’s substantive procedures shall include the following audit procedures related to
the financial statements closing process:
a) Agreeing or reconciling the financial statements with the underlying accounting records;
and
b) Examining material journal entries and other adjustments made during the course of
preparing the financial statements.
PSA 330.22
If substantive procedures are performed at an interim date, the auditor shall cover the
remaining period by performing:
a) substantive procedures, combined with tests of controls for the intervening period; or
b) if the auditor determines that it is sufficient, further substantive procedures only, that
provides a reasonable basis for extending the audit conclusions from the interim date to
the period end.
200.103 The auditor gathers audit evidence by performing substantive procedures regardless of
the auditor’s assessment of the risk of significant misstatement. However, the auditor
may obtain this audit evidence for individual audit objectives by performing analytical
procedures or tests of details only. The nature, timing and extent of the auditor’s
substantive procedures depend upon his/her assessment of the risk of material
misstatement.

Analytical procedures
200.104 Analytical procedures are the analysis of plausible relationships among both financial
and non-financial information. They include the investigation of fluctuations and
relationships that are inconsistent with the auditor’s expectations.
200.105 Relationships may exist among different types of financial information or between
financial and non-financial information.
For example, the auditor may develop an expectation about an entity's gross profit
based on its product revenue. The auditor may develop an expectation about an
entity's revenue based on the auditor’s understanding of industry trends and market
research reports.
200.106 The effectiveness of analytical procedures depends on the development of

expectations that the auditor considers precise enough to identify unexpected
relationships.
200.107 The auditor performs analytical procedures to:

❑ obtain an understanding of the financial statement implications of business risks
and classes of transactions;
❑ develop audit objectives;
❑ make preliminary assessments of the risk of significant misstatement for each audit
objective;
❑ obtain substantive audit evidence, as appropriate;
❑ evaluate whether the financial statements are consistent with the auditor’s
knowledge of the business.
Tests of transactions and details

200.108 The auditor performs tests of details, as appropriate, to:
❑ obtain audit evidence as to whether the financial statement assertions addressed by
the auditor’s audit objectives include a significant misstatement;
The auditor considers the sufficiency and appropriateness of the audit evidence the
auditor plans to obtain from analytical procedures, in the context of the assessment
of the risk of material misstatement, before deciding whether it is appropriate to
perform tests of details.
❑ estimate the amount of the audit difference for financial statement assertions that
the auditor believes include a material misstatement.
The auditor recognizes that a material misstatement has both qualitative and
quantitative aspects. When planning the auditor’s tests of details the auditor uses
the auditor’s consideration of planned audit precision, which is basically based on
estimate, as a guide for the quantitative aspects of possible misstatement.

200.109 Tests of details are the application of one or more of the following techniques to
individual items or transactions that make up an account balance, class of transactions,
or disclosures:
❑ inspection;
❑ observation;
❑ inquiry;
❑ confirmation; and
❑ recalculation.
Subsequent Events
PSA 560.4
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence about whether events occurring between
the date of the financial statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in
those financial statements in accordance with the applicable financial reporting
framework; and
b) To respond appropriately to facts that become known to the auditor after the date of the
auditor’s report, that, had they been known to the auditor at that date, may have caused
the auditor to amend the auditor’s report.
200.110 “Subsequent events” refers to:

▪ Events occurring between the date of the financial statements and the date of
the auditor’s report; and
▪ Facts that become known to the auditor after the date of the auditor’s report.
PSA 560.6
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit
evidence that all events occurring between the date of the financial statements and the date
of the auditor’s report that require adjustments of, or disclosures in, the financial statements
have been identified. The auditor is not, however, expected to perform additional audit
procedures on matters to which previously applied audit procedures have provided
satisfactory conclusions.
200.111 The auditor shall perform audit procedures to identify any subsequent events that
would require adjustments of, or disclosures in, the financial statements. This would
include:
▪ Understanding management procedures (if any) to identify subsequent events;

▪ Making inquiries of management (and those charged with governance) about:
o New commitments, borrowings, or guarantees,
o Sales or acquisitions of assets that have occurred or are planned,

o Increases in capital or issuance of debt instruments,
o Agreements to merge or liquidate,
o Assets that have been appropriated by government or destroyed (e.g., by fire or
flood),
o Litigation, claims, and contingencies,
o Any unusual accounting adjustments made or contemplated,
o Any events that have occurred or are likely to occur that will bring into question
the appropriateness of the going-concern assumption or other accounting
policies,
o Any events relevant to the measurement of estimates or provisions in the
financial statements, and
o Any events relevant to the recoverability of assets;
▪ Reading minutes, if any, of the meetings (management and those charged with
governance) held after the date of the financial statements, and inquiring about
matters discussed at meetings for which minutes are not yet available; and
▪ Reading financial reports produced after the period end, if any.
(IFAC Guide, Volume I, Second edition, page 158)
PSA 560.10
The auditor has no obligation to perform any audit procedures regarding the financial
statements after the date of the auditor’s report. However, if, after the date of the auditor’s
report but before the date the financial statements are issued, a fact becomes known to the
auditor that, had it been known to the auditor at the date of the auditor’s report, may have
caused the auditor to amend the auditor’s report, the auditor shall:
a) Discuss the matter with management and, where appropriate, those charged with
governance.
b) Determine whether the financial statements need amendment and, if so,
c) Inquire how management intends to address the matter in the financial statements.
200.112 When facts become known to the auditor after the date of the auditor’s report but
before financial statements are issued, the auditor shall consider the following:
▪ Discuss the matter with management (and those charged with governance);
▪ Determine whether the financial statements need amendment and if so:
o Inquire how management intends to address the matter in the financial
statements,
o Perform any further audit procedures required, and
o Issue a new auditor’s report on the amended financial statements. This
could also include dual dating of the report, restricted to the amendment or
inclusion of an emphasis of matter paragraph; and
▪ Where management does not amend the financial statements, the auditor would
issue a modified auditor’s opinion.
▪ If the auditor’s report has already been released, notify management (and those
charged with governance) not to issue the financial statements to third parties
before the necessary amendments have been made.
▪ If the financial statements are released despite the notification, take appropriate
action (after consulting with legal counsel) to prevent reliance on the auditor’s
report.
Going Concern
PSA 570.9
a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management’s use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern; and
c) To determine the implications for the auditor’s report
200.113 The going-concern assumption is fundamental to the preparation of financial

statements. Under the going-concern assumption, an entity is ordinarily viewed as
continuing in business for the foreseeable future (i.e., usually twelve months from the
balance sheet date) with neither the intention nor the necessity of liquidation, ceasing
trading, or seeking protection from creditors pursuant to laws or regulations.
Accordingly, assets and liabilities are recorded on the basis that the entity will be able
to realize its assets and discharge its liabilities in the normal course of business.
200.114 Events or conditions that, individually or collectively, may cast significant doubt about
the going-concern assumption may include the following:
▪ Fixed-term borrowings approaching maturity without realistic prospects of renewal

or repayment, or excessive reliance on short-term borrowings to finance long-term
assets.
▪ Indications of withdrawal of financial support by creditors.
▪ Negative operating cash flows indicated by historical or prospective financial
statements.
▪ Adverse key financial ratios.
▪ Substantial operating losses, or significant deterioration in the value of assets used
to generate cash flows.
▪ Arrears or discontinuance of dividends.
▪ Inability to pay creditors on due dates.
▪ Inability to comply with the terms of loan agreements.
▪ Inability to obtain financing for essential new-product development or other
essential investments.
▪ Management’s intentions to liquidate the entity or to cease operations
▪ Loss of a major market, key customer(s) franchise, license, or principal supplier(s).

▪ Emergence of a highly successful competitor.
▪ Pending legal or regulatory proceedings against the entity that may, if successful,
result in claims that the entity is unlikely to be able to satisfy.
▪ Changes in law or regulation or government policy expected to adversely affect the
entity.
200.115 The significance of the above events or conditions often can be mitigated by other
factors. For example, the effect of an entity being unable to make its normal debt
repayments may be counterbalanced by management’s plans to maintain adequate
cash flows by alternative means, such as disposing of assets, rescheduling loan
repayments, or obtaining additional capital. Similarly, the loss of a principal supplier
may be mitigated by the availability of a suitable alternative source of supply.

300 Audit Planning
PSA 300.4
The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.
PSA 300.5
The engagement partner and other key members of the engagement team shall be
involved in planning the audit, including planning and participating in the discussion
among engagement team members.
PSA 300.7
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan
300.1 Planning an audit involves establishing the overall audit strategy for the engagement
and developing an audit plan, in order to reduce audit risk to an acceptably low level.
Planning involves the engagement partner and other key members of the engagement
team to benefit from their experience and insight and to enhance the effectiveness and
efficiency of the planning process.
300.2 Audit Planning includes important scoping and coordination decisions appropriate to
the requirements of the audit engagement. It is the second major phase of the audit
process as defined in the PICPA’s Audit Methodology Framework.
300.3 Audit Planning offers the following benefits:

▪ Team members learn from the experience and insights of the partner and other key
personnel
▪ The engagement is properly organized, staffed, and managed.
▪ Experience gained from previous periods’ engagements and other assignments is
properly utilized.
▪ Important areas of the audit receive the appropriate attention.
▪ Potential problems are identified and resolved on a timely basis.
▪ Audit file documentation is reviewed on a timely basis.
▪ Work performed by others is coordinated (other auditors, experts, etc.)
300.4 This section covers the following considerations in audit planning:

▪ Developing the overall audit strategy and detailed audit plan.
▪ Obtaining an understanding of the client and its environment.
▪ Assessing the possibility of non-compliance.
▪ Establishing materiality and assessing risk.
Audit Planning 300 – 1

▪ Identifying related parties.
▪ Performing preliminary analytical procedures.
▪ Determining the need for experts.
▪ Preparation of preliminary audit programs.
Developing the Overall Audit Strategy

300.5 Establishing the overall audit strategy involves designing optimized audit approaches that
seek to achieve the necessary audit assurance at the lowest cost within the constraints of
the information available. Audit procedures should be relevant to the important
assertions, and as cost-effective as possible to perform.
300.6 Development of the overall audit strategy begins at the commencement of the
engagement, and is completed and then updated based on the information obtained from:
▪ Previous experience with the entity;
▪ Preliminary (client acceptance and continuation) activities;
▪ Discussions with the client on changes since last period and recent operating results;
▪ Other engagements performed for the client during the period;
▪ Audit team discussions and meetings;
▪ Other external sources such as newspaper and Internet articles; and
▪ New information obtained, failed audit procedures, or new circumstances encountered
during the audit that will change previously planned strategies.
(IFAC Guide, Volume 2, Third edition, page 46)
300.7 The overall audit strategy sets the scope, timing and direction of the audit, and guides the
development of the more detailed audit plan. The establishment of the overall audit
strategy involves:
1. Determining the characteristics of the engagement that define its scope;
2. Ascertaining the reporting objectives of the engagement to plan the timing of the
audit and the nature of the communications required; and
3. Considering the important factors that, in the auditor’s professional judgment, will
determine the focus or direction of the engagement team’s efforts.
300.8 To determine engagement characteristics, the auditor shall consider the following:
▪ The financial reporting framework to be used.

▪ Additional reports required, such as stand-alone financial and industry specific
requirements (e.g., by SEC, BIR, etc.)
▪ Any need for specialized knowledge or expertise to address complex, specific, and
high-risk audit areas.
▪ Use of evidence obtained in previous audits (such as risk assessment procedures and
tests of controls).

▪ Effect of information technology on audit procedures (availability of data and use of
computer-assisted audit techniques).
▪ Availability of entity personnel and data.
300.9 The auditor shall document key decisions considered necessary to properly plan the audit
and to communicate significant matters to the engagement team. The overall strategy
documents the following relevant actions:
▪ Perform preliminary activities (client acceptance/continuance and establish terms of

engagement).
▪ Gather relevant information about the entity such as current operating results, results
from previous engagements, and significant changes in the current period.
▪ Assign staff to the engagement, including, where applicable, the engagement quality
control reviewer and any experts required.
▪ Schedule the audit team meeting (including the engagement partner) to discuss the
susceptibility of material misstatements (including fraud) in the financial statements.
▪ Determine the appropriate timeframes (dates) when each aspect of audit work will be
undertaken (inventory counts, risk assessments procedures, external confirmation, the
period-end visit, and meetings to discuss audit results).
300.10 Many audits of small entities involve the audit engagement partner working with one
engagement team member. With a smaller team, coordination and communication
between team members are easier. Establishing the overall audit strategy for the audit of
a small entity need not be a complex or time-consuming exercise. A brief memorandum
prepared at the completion of the previous audit, based on a review of the working papers
and highlighting issues identified in the audit just completed, updated and changed in the
current period based on discussions with the owner-manager, can serve as the basis for
planning the current audit engagement.
Exhibit 300-01 shows the Audit Strategy Worksheet.
Developing the Detailed Audit Plan
PSA 300.9
The auditor shall develop an audit plan that shall include a description of:
a) The nature, timing and extent of planned risk assessment procedures, as determined under
PSA 315.
b) The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under PSA 330
c) Other planned audit procedures that are required to be carried out so that the engagement
complies with PSAs.
300.11 The auditor documents the audit plan in the Audit Planning Memorandum. The audit
team refers to this document to get a full understanding of the activities that will be

carried out in the audit, the responsibilities assigned, the deliverables and other
administrative and management aspects of the audit.
PSA 300.10
The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.
300.12 As the need arises, the auditor may revise the planning document to adopt to the
requirements of a specific audit job.
300.13 A detailed audit plan addresses the various matters identified in the overall audit strategy,
taking into account the need to achieve the audit objectives through the efficient use of
the auditor’s resources. Although the auditor ordinarily establishes the overall audit
strategy before developing the detailed audit plan, the two planning activities are not
necessarily discrete or sequential processes but are closely inter-related since changes in
one may result in consequential changes to the other.
300.14 The audit plan includes a description of the nature, timing and extent of risk assessment
procedures, further audit procedures (tests of controls and substantive tests) and other
audit procedures required to be carried out for the engagement in order to comply with
PSAs.
300.15 Documentation of the audit plan also serves as a record of the proper planning and
performance of the audit procedures that can be reviewed and approved prior to the
performance of further audit procedures.
300.16 Planning takes place over the course of the audit as the audit plan for the engagement
develops. For example, planning of the auditor’s risk assessment procedures ordinarily
occurs early in the audit process. However, planning of the nature, timing and extent of
specific further audit procedures depends on the outcome of those risk assessment
procedures.
300.17 In addition, the auditor may begin the execution of further audit procedures for some
classes of transactions, account balances and disclosures before completing the more
detailed audit plan of all remaining further audit procedures.
Exhibit 300-02 shows a sample of Audit Planning Memorandum.

Performing Risk Assessment Procedures
PSA 240.10
The objectives of auditor are:
a) To identify and assess the risk of material misstatement of the financial statements due to
fraud;
b) To obtain sufficient appropriate audit evidence regarding the assessed risk of material
misstatement due to fraud, through designing and implementing appropriate responses;
and
c) To respond appropriately to fraud or suspected fraud identified during the audit.
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatement,
misstatement.
PSA 315.5
The auditor shall perform risk assessment procedures to provide a basis for the identification
and assessment of risks of material misstatement at the financial statement and assertion
levels. Risk assessment procedures by themselves, however, do not provide sufficient
appropriate audit evidence on which to base the audit opinion.
300.18 The purpose of risk assessment procedures is to identify and assess risks of material
misstatement. This is achieved through understanding the entity and its environment,
including internal control. Information may be obtained from external sources, such as
the Internet and trade publications, and from internal sources such as discussions with
key personnel. This understanding of the entity becomes a continuous, dynamic
process of gathering, updating and analyzing information throughout the audit.
300.19 Risk assessment procedures provide audit evidence to support the assessment of risks
at the financial statement and assertion levels. However, this evidence does not stand
alone. Evidence obtained from risk assessment procedures is supplemented by further
audit procedures (that respond to the risks identified) such as tests of controls and/or
substantive procedures. (IFAC Guide, Volume 1, Second edition, page 95)
300.20 The auditor uses professional judgment to determine the risk assessment procedures to
be performed, and the scope or depth of understanding of the entity that is required. In
the first year that the auditor conducts the audit for an entity, the work required to
obtain and document this information will often require a significant amount of time.
However, if the information obtained is well documented in the first year, the time
required to update the information in subsequent years should be considerably less
than that required in the first year. (IFAC Guide, Volume 1, Second edition, page 95)

The Three Risk Assessment Procedures
300.21 Risk assessment procedures include:
▪ Inquiries of Management and Others;
▪ Observation and Inspection; and
▪ Analytical Procedures
300.22 Each of the three risk assessment procedures should be performed during the audit, but
not necessarily for each aspect of the understanding required. In many situations, the
results from performing one type of procedure may lead to performing another. For
example, in an interview with the sales manager, an unusual but significant sales
contract might be identified. This could be followed up by an inspection of the actual
sales contract and an analysis of the impact on sales margins. Alternatively, findings
from performing analytical procedures on preliminary operating results may trigger
some questions for management. The answers to these questions may then lead to
requests to inspect certain documents or observe some activities.
300.23 Inquiry is used by the auditor in conjunction with other risk assessment procedures to
assist in identifying risks of material misstatement. The focus of the questions is to
obtain an understanding of each of the required aspects as set in PSA 315. Examples of
areas of inquiry include the following:
▪ Environment in which the financial statements are prepared
▪ Oversight of management’s processes for identifying and responding to the risks of
fraud or error in the entity, and the internal control that management has establish to
mitigate these risks.
▪ Knowledge of any actual, suspected, or alleged fraud affecting the entity.
▪ Management’s assessment of the risk that the financial statements may be materially
misstated due to fraud or error, including the nature, extent, and frequency of such
assessments.
▪ Management’s communication, if any, to employees regarding its views on business
practices and ethical behavior.
▪ The entity’s culture (values and ethics).
▪ Management incentive plans.
▪ How estimates are prepared.
▪ Business trends and unusual events.
▪ The initiating, processing, or recording of complex or unusual transactions.
▪ Marketing strategies and sales trends.
▪ Contractual arrangements with customers.
▪ The extent of management override (i.e., have these employees ever been asked to
override internal controls or revenue recognition accounting policies?). (IFAC Guide,
Volume 1, Second edition, page 99)

300.24 Do not confine your questions (especially in smaller audits) to the owner-manager and
the accountant. Ask other employees (if any) in the entity (such as the sales manager,
production manager, or other employees) about trends, unusual events, major business
risks, the functioning of internal control, and any instances or management override.
300.25 Parties to whom inquiries can be directed to include the following:

▪ those charged with governance who may help the auditor understand the environment
in which the financial statements are prepared
▪ internal audit personnel who may relate their activities concerning the design and
effectiveness of the entity’s internal control and whether management has
satisfactorily responded to any findings from these activities
▪ employees who are involved in initiating, processing or recording complex or unusual
transactions that may help the auditor in evaluating the appropriateness of the
selection and application of certain accounting policies
▪ in-house legal counsel who may relate such matters as litigation, compliance with laws
and regulations, knowledge of fraud or suspected fraud affecting the entity,
warranties, post-sales obligations, arrangements with business partners and the
meaning of contract terms
▪ marketing or sales personnel who may relate changes in the entity’s marketing
strategies, sales trends, or contractual arrangements with its customers.
300.26 If a possible fraud involving senior management or those charged with governance is
discovered, consult immediately with the engagement partner, and consider obtaining
legal advice on how to proceed. The information should also be kept confidential to
ensure that privacy and confidentiality requirements are properly followed. Also check
the code of ethics for any additional requirements and guidance.
300.27 Observation and inspection:

▪ Support the inquiries made of management and others; and
▪ Provide additional information about the entity and its environment.
300.28 Consider observing:

▪ How the entity operates and is organized;
▪ Entity’s premises and plant facilities;
▪ Management’s operating style and attitude toward internal control;
▪ Operation of various internal control procedures; and
▪ Compliance with key policies.

300.29 Consider inspecting documents such as:
▪ Business plans, strategies, and proposals;
▪ Industry studies and media reports on the entity;
▪ Major contracts and commitments;
▪ Regulations and correspondence with regulators;
▪ Correspondence with lawyers, bankers, and other stakeholders;
▪ Accounting policies and records;
▪ Internal control manuals;
▪ Reports prepared by management (such as performance data and interim financial
statements); and
▪ Other reports, such as minutes from meetings of those charged with governance,
reports from consultants, etc.
300.30 Analytical procedures used as risk assessment procedures help to identify matters that
have financial statement and audit implications. In addition to being a risk assessment
procedure, analytical procedures can also be used as further audit procedures in:
▪ Obtaining evidence about a financial statement assertion. This would be a substantive
analytical procedure and is discussed further in Section 400 of this Manual.
▪ Performing an overall review of the financial statements at, or near, the end of the
audit.
300.31 Most analytical procedures are not very detailed or complex. They often use data
aggregated at a high level, which means the results can only provide a broad initial
indication about whether a material misstatement may exist.
300.32 The steps involved in performing analytical procedures as part risk assessment
procedures are as follows:
▪ First, develop expectations about plausible relationships among the various types of
information that could reasonably be expected to exist. Where possible, seek to use
independent (i.e., not internally generated) sources of information. The financial and
non-financial information could include: financial statements for comparable previous
periods; budgets, forecasts, and extrapolations from interim or annual data; and
information regarding the industry in which the entity operates and current economic
conditions.
▪ Next, compare expectations with recorded amounts or ratios developed from recorded
amounts
▪ Then, evaluate the results. Where unusual or unexpected relationships are found,
consider potential risks of material misstatement.

Obtain an Understanding of the Client and its Environment
300.33 The auditor should obtain an understanding of the entity and its environment, including
its internal control. Such understanding enables the auditor to identify and understand
the events, transactions and practices that, in the auditor’s judgment, may have a
significant effect on the financial statements, the engagement, or the audit report.
300.34 The auditor should obtain knowledge about the general economic factors and industry
conditions affecting the entity’s business; important characteristics of the entity, its
business, its financial performance and its reporting requirements including changes
since the date of the prior audit; and the general level of competence of management.
Sources of understanding of the entity and its environment include:

▪ Previous experience with the entity and its industry.
▪ Discussion with people with the entity (Examples of people within the entity include
directors and senior operating personnel)
▪ Discussion with internal audit personnel and review of internal audit reports.
▪ Discussion with other auditors and with legal and other advisors who have provided
services to the entity or within the industry.
▪ Discussion with knowledgeable people outside the entity (Examples of
knowledgeable people outside the entity include industry economists, industry
regulators, customers, suppliers, competitors)
▪ Publications related to the industry (Examples include government statistics,
surveys, texts, trade journals, reports prepared by banks and securities dealers,
financial newspapers)
▪ Legislation and regulations that significantly affect the entity.
▪ Visits to the entity's premises and plant facilities.
▪ Documents produced by the entity (Examples include minutes of meetings, material
sent to shareholders or filed with regulatory authorities, promotional literature,
prior years' annual and financial 'reports, budgets, internal management reports,
interim financial reports, management policy manual, manuals of accounting and.
internal control systems, chart of accounts, job descriptions, marketing and sales
plans)
Exhibit 300-03 shows the Sources of Understanding of the Client and Its Environment
Checklist.
300.35 Understanding the entity and its environment and using this information appropriately
assists the auditor in assessing risk and identifying problems and in planning and
performing the audit effectively and efficiently.

The Required Understanding of the Entity and its Environment
300.36 The auditor’s understanding of the entity and its environment consists of an
understanding of the following:
▪ Industry, regulatory, and other external factors, including the applicable financial
reporting framework.
Relevant industry factors include industry conditions such as the competitive

environment, supplier and customer relationships, and technological developments.
Examples of matters the auditor may consider include:
o The market and competition, including demand, capacity, and price
competition;
o Cyclical or seasonal activity.
o Product technology relating to the entity’s products.
o Energy supply and cost.
Relevant regulatory factors include the regulatory environment. The regulatory

environment encompasses, among other matters, the applicable financial reporting
framework and the legal and political environment.
Examples of matters the auditor may consider include:

o Accounting principles and industry specific practices.
o Regulatory framework for a regulated industry.
o Legislation and regulation that significantly affect the entity’s operations,
including direct supervisory activities.
o Taxation (corporate and other).
o Government policies currently affecting the conduct of the entity’s business,
such as monetary, including foreign exchange controls, fiscal, financial
incentives (for example, government aid programs), and tariffs or trade
restrictions policies.
o Environmental requirements affecting the industry and the entity’s
business.
Examples of other external factors affecting the entity that the auditor may consider
include the general economic conditions, interest rates and availability of financing,
and inflation or currency revaluation.
▪ Nature of the entity.

Examples of matters that the auditor may consider when obtaining an
understanding of the nature of the entity include:
• Business operations – such as:

▪ Nature of revenue sources, products or services, and markets, including
involvement in electronic commerce such as Internet sales and marketing
activities.
▪ Conduct of operations (for example, stages and methods of production, or
activities exposed to environmental risks).
▪ Alliances, joint ventures, and outsourcing activities.

▪ Geographic dispersion and industry segmentation.
▪ Location of production facilities, warehouses, and offices, and location and
quantities of inventories.
▪ Key customers and important suppliers of goods and services, employment
arrangements (including the existence of union contracts, pension and other
post employment benefits, stock option or incentive bonus arrangements,
and government regulation related to employment matters).
▪ Research and development activities and expenditures.
▪ Transactions with related parties.
• Investments and investment activities – such as:

▪ Planned or recently executed acquisitions or divestitures.
▪ Investments and dispositions of securities and loans.
▪ Capital investment activities.
▪ Investments in non-consolidated entities, including partnerships, joint
ventures and special-purpose entities.
• Financing and financing activities – such as:

▪ Major subsidiaries and associated entities, including consolidated and
nonconsolidated structures.
▪ Debt structure and related terms, including off-balance-sheet financing
arrangements and leasing arrangements.
▪ Beneficial owners (local, foreign, business reputation and experience) and
related parties.
▪ Use of derivative financial instruments.
• Financial reporting – such as:

▪ Accounting principles and industry specific practices, including industry
specific significant categories (for example, loans and investments for banks,
or research and development for pharmaceuticals).
▪ Revenue recognition practices.
▪ Accounting for fair values.
▪ Foreign currency assets, liabilities and transactions.
▪ Accounting for unusual or complex transactions including those in
controversial or emerging areas (for example, accounting for stock-based
compensation).
▪ Period end financial reporting policies and procedures including journal
entries.
▪ The entity’s selection and application of accounting policies, including the reasons
for changes thereto.
An understanding of the entity’s selection and application of accounting policies
may encompass such matters as:
o The methods the entity uses to account for significant and unusual
transactions.
o The effect of significant accounting policies in controversial or emerging
areas for which there is a lack of authoritative guidance or consensus.

o Changes in the entity’s accounting policies.
o Financial reporting standards and laws and regulations that are new to the
entity and when and how the entity will adopt such requirements.
▪ Objectives and strategies and the related business risks that may result in risks of
Examples of matters that the auditor may consider when obtaining an
understanding of the entity’s objectives, strategies and related business risks that
may result in a risk of material misstatement of the financial statements include:
o Industry developments (a potential related business risk might be, for
example, that the entity does not have the personnel or expertise to deal
with the changes in the industry).
o New products and services (a potential related business risk might be, for
example, that there is increased product liability).
o Expansion of the business (a potential related business risk might be, for
example, that the demand has not been accurately estimated).
o New accounting requirements (a potential related business risk might be,
for example, incomplete or improper implementation, or increased costs).
o Regulatory requirements (a potential related business risk might be, for
example, that there is increased legal exposure).
o Current and prospective financing requirements (a potential related
business risk might be, for example, the loss of financing due to the entity’s
inability to meet requirements).
o Use of IT (a potential related business risk might be, for example, that
systems and processes are incompatible).
o The effects of implementing a strategy, particularly any effects that will lead
to new accounting requirements (a potential related business risk might be,
for example, incomplete or improper implementation).
▪ Measurement and review of the entity’s financial performance.

Examples of internally-generated information used by management for measuring
and reviewing financial performance, and which the auditor may consider, include:
o Key performance indicators (financial and non-financial) and key ratios,
trends and operating statistics.
o Period-on-period financial performance analyses.
o Budgets, forecasts, variance analyses, segment information and divisional,
departmental or other level performance reports.
o Employee performance measures and incentive compensation policies.
o Comparisons of an entity’s performance with that of competitors.
External parties may also measure and review the entity’s financial performance.
For example, external information such as analysts’ reports and credit rating agency
reports may represent useful information for the auditor. Such reports can often be
obtained from the entity being audited.

▪ Internal control.
An understanding of internal control assists the auditor in identifying types of
potential misstatements and factors that affect the risks of material misstatement,
and in designing the nature, timing, and extent of further audit procedures. Internal
control is designed, implemented and maintained to address identified business
risks that threaten the achievement of any of the entity’s objectives that concern:
o The reliability of the entity’s financial reporting;

o The effectiveness and efficiency of its operations; and
o Its compliance with applicable laws and regulations.
The way in which internal control is designed, implemented and maintained varies
with an entity’s size and complexity. Smaller entities may use less structured means
and simpler processes and procedures to achieve their objectives.
Exhibit 300-04 shows the audit form for Understanding of the Client and its
Environment.
Assessing the Risk of Fraud and Non-Compliance

300.37 There are two major classification of risk:
▪ Business risk; and
▪ Fraud risk.
The difference between business risk and fraud risk is that fraud risk results from a
person’s deliberate actions. In many instances, a risk can be both a business and a fraud
risk. For example, the introduction of a new accounting system creates uncertainty (errors
could be made as personnel learn the new system) and would be classified as a business
risk. However, it could also be classified as a fraud risk, because someone could take
advantage of the uncertainty to misappropriate assets or manipulate the financial
statements. (IFAC Guide, Volume 2, Third edition, page 83)
300.38 The term “business risk” encompasses more than just the risks of material misstatement in
the financial statements. Business risks result from significant conditions, events,
circumstances, actions, or inactions that could adversely affect the entity’s ability to
achieve its objectives and executes its strategies.
300.39 Business risk also includes events that arise from change, complexity, or the failure to
recognize the need for change. Change may arise, for example, from:
▪ The development of new products that may fail;

▪ An inadequate market, even if new products are successfully developed; or
▪ Flaws in the products that may result in liabilities and damage to the entity’s reputation.
300.40 Fraud risk relates to events or conditions that indicate an incentive or pressure to commit
fraud or provide an opportunity to commit fraud.

300.41 The term “fraud” refers to an intentional act by one or more individuals among
management, those charged with governance, employees, or third parties involving the
use of deception to obtain an unjust or illegal advantage. Fraud involving one or more
members of management or those charged with governance is referred to as
“management fraud.” Fraud involving only employees of the entity is referred to as
“employee fraud.” In either case, there may be collusion within the entity or with third
parties outside of the entity. (IFAC Guide, Volume 2, Third edition, page 83)
Types and Characteristics of Fraud

300.42 Although fraud can occur at any level in the organization, it tends to be more serious (and
involve higher monetary amounts) when senior management is involved. Some of the
major conditions that create an environment for fraud include:
▪ Ineffective corporate governance;

▪ Lack of leadership by management and poor “tone at the top”;
▪ High incentives provided for financial performance;
▪ Taxes or other expenses that are considered very high or onerous;
▪ Complexity in the entity’s rules, regulations, and policies;
▪ Unrealistic expectations from bankers, investors, or other stakeholders;
▪ Downward and unexpected shifts in profitability;
▪ Unrealistic budget targets for staff to attain; and
▪ Inadequate internal control, especially in the presence of organizational change.
300.43 As can be determined from the above, the most effective anti-fraud internal control would
be a strong commitment by those in governance and senior management positions to
doing the right thing. This is evidenced through articulated entity values and a
commitment to ethics that are modeled on a day-to-day basis. This is true for any size of
organization. (IFAC Guide, Volume 2, Third edition, pages 89-90)
The Fraud Triangle

300.44 In conducting risk assessment procedures, audit team members need to consider the
existence of the three conditions that often provide clues to the existence of fraud.
Forensic accountants often refer to this as the “fraud triangle” because when all three
conditions are present, it is highly likely that fraud may be occurring. The conditions are:
▪ Pressure
This is often generated by immediate needs (such as having significant personal debts or
meeting an analyst’s or bank’s expectations for profit) that are difficult to share with
others.
▪ Opportunity
A poor corporate culture and a lack of adequate internal control procedures can often
create confidence that a fraud could go undetected.
▪ Rationalization

Rationalization is the belief that a fraud has not really been committed. For example,
the perpetrator rationalizes that “this is not a big deal” or “I am only taking what I
deserve.” (IFAC Guide, Volume 2, Third edition, page 90)
300.45 The auditor’s understanding of business and fraud risk factors increases the likelihood of
identifying the risks of material misstatement. However, there is no responsibility for the
auditor to identify or assess all of the possible business risks.
300.46 Fraud is always intentional. It involves concealment of information from the auditor and
deliberate misrepresentations. Consequently, fraud is discovered by looking for patterns,
oddities, and exceptions, often in what might be considered very small monetary amounts.
Fraud is unlikely to be detected through substantive procedures alone. For example, an
auditor is unlikely to identify a missing transaction or determine that a transaction is
invalid unless there is some additional “understanding of the entity” that can be used as a
frame of reference. (IFAC Guide, Volume 2, Third edition, page 93)
Exhibit 300-05 shows summary of Sources of Fraud Risk
300.47 The term “noncompliance” as used in PSAs refers to acts of omission or commission by the
entity being audited, either intentional or unintentional, which are contrary to the
prevailing laws or regulations. Such acts include transactions entered into by, or in the
name of, the entity or on its behalf by its management or employees. Some laws and
regulations may give rise to business risks that have a fundamental effect on the
operations of the entity, or on its ability to continue as a going concern. In order to plan
the audit, the auditor should obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying with
that framework.
300.48 The relevant laws and regulations would be well established and known to the entity and
within the industry; they would be considered on a recurring basis each time financial
statements are issued. These laws and regulations, may relate to among others:
▪ The form and content of financial statements, including industry specific requirements;
▪ accounting for transactions under government contracts;
▪ or the accrual or recognition of expenses for income taxes or pension costs.
Exhibit 300-06 shows the work program for Assessment of Non-Compliance with Relevant
Laws and Regulations.
Establishing Materiality and Assessing Risk

300.49 When establishing the overall audit strategy, the auditor shall determine materiality for
the financial statements as a whole. If, in the specific circumstances of the entity, there is
one or more particular classes of transactions, account balances or disclosures for which
misstatements of lesser amounts than materiality for the financial statements as a whole
could reasonably be expected to influence the economic decisions of users taken on the
basis of the financial statements, the auditor shall also determine the materiality level or

levels to be applied to those particular classes of transactions, account balances or
disclosures.
300.50 The auditor shall determine performance materiality for purposes of assessing the risks of
material misstatement and determining the nature, timing and extent of further audit
procedures.
300.51 Planning the audit solely to detect individually material misstatements overlooks the fact
that the aggregate of individually immaterial misstatements may cause the financial
statements to be materially misstated, and leaves no margin for possible undetected
misstatements.
300.52 Performance materiality is set to reduce to an appropriately low level the probability that
the aggregate of uncorrected and undetected misstatements in the financial statements
exceeds materiality for the financial statements as a whole. Similarly, performance
materiality relating to a materiality level determined for a particular class of transactions,
account balance or disclosure is set to reduce to an appropriately low level the probability
that the aggregate of uncorrected and undetected misstatements in that particular class of
transactions, account balance or disclosure exceeds the materiality level for that particular
class of transactions, account balance or disclosure.
The determination of performance materiality is not a simple mechanical calculation and

involves the exercise of professional judgment. It is affected by the auditor’s
understanding of the entity, updated during the performance of the risk assessment
procedures; and the nature and extent of misstatements identified in previous audits and
thereby the auditor’s expectations in relation to misstatements in the current period.
300.53 PSA 320 – Materiality in Planning and Performing an Audit, clearly requires the auditor to
determine three different levels of materiality, as follows [AASC Bulletin 001 Series of 2010
Philippine Standard on Auditing 320 (Revised and Redrafted), Materiality in Planning and
Performing an Audit]:
A. Materiality for the financial statements as a whole
Materiality for the financial statements as whole (hereinafter referred to as the “overall
materiality”) is the materiality determined at the overall financial statement level. This
materiality level helps the auditor determine whether the proposed audit adjustments are
significant or not. If the audit adjustments exceed this level, the auditor may need to
adjust the financial statements.
The following steps are required in calculating overall materiality:
1. Identify an appropriate benchmark which could either be an element or component of

the financial statements (e.g. profit before tax, gross profit, revenue/sales; or it can
also be total assets or total equity).
2. Choose an appropriate percentage to be applied to that benchmark.

In determining the appropriate benchmark, the following factors are normally considered
by the auditor:
▪ components of the financial statements
▪ focus of the users of the financial statements
▪ nature of the entity
▪ ownership structure of the entity
▪ volatility of the benchmark identified
▪ laws and regulations (e.g. SEC) – SEC Memorandum Circular No. 8, Series 2009, “Scale of
Fines for Non-compliance with the Financial Reporting Requirements of the
Commission”, considers significant accounts equivalent to 5% of a balance sheet or
income statement line item for listed companies, mutual funds, other issuers of
securities to public and pre-need companies. For all other corporations, the threshold
shall be 10% or more.
In practice, the benchmark commonly used for profit-oriented companies is profit from
continuing operations before tax. However, the auditor should also take into account
whether there are circumstances that give rise to an exceptional increase or decrease
affecting the chosen benchmark (i.e. non-recurring gain or loss). In such case, the auditor
may use a benchmark based on a normalized profit before tax from continuing operations.
B. Performance materiality
Performance materiality is calculated as a certain percentage of overall materiality in order

to capture any uncorrected misstatements, the total amount of which may exceed overall
materiality. This materiality level is used in scoping of financial statement line items to be
tested by the auditor and ensures that significant accounts in the financial statements are
covered by audit testing. In determining performance materiality, an understanding of the
following factors may affect the auditor’s judgment such as:
▪ nature of the entity’s business and transactions

▪ risk assessment procedures
▪ nature and extent of misstatements identified in previous audits
C. Materiality applied to specific classes of transactions, account balance or disclosures
Materiality applied to specific classes of transactions, account balances or disclosures

(hereinafter referred to as “specific materiality”) is the amount set by the auditor for
particular classes of transactions, account balances or disclosures for which
misstatements, well though lower than overall materiality could reasonably be expected to
influence the economic decisions of users of the financial statements. In determining the
specific materiality, the auditor normally considers the following factors:
▪ laws and regulations (e.g. related party transactions) – SEC Memorandum Circular No. 8,
Series of 2009, states that related party transactions as required under PAS 24, Related
Party Transactions, are considered significant regardless of amount involved if the
company is a public company, a listed companies, issuers of securities to public or
secondary licensee of the SEC.
▪ financial reporting framework

▪ key industry disclosures of the entity
▪ particular aspects of the entity’s business
▪ understanding of the view of those charged with governance and management
Revisions to initial materiality levels
If the auditor becomes aware of information during the audit that would have caused the
determination of a different amount of the benchmark, the auditor should revise the overall
materiality and the auditor should assess the need to revise performance materiality and
specific materiality, and whether the nature, timing and extent of further audit procedures
remain appropriate.
Documentation requirements
PSA 320, paragraph 4 states that the auditor is required to include in the audit
documentation the amounts and the factors considered in the determination of the
materiality levels prescribed by this standard including the basis for any revisions to those
materiality levels. Audit documentation should demonstrate the judgment and rationale
used by the auditor in determining these materiality levels.
Illustrative examples to apply PSA 320 requirements
The illustrative examples and the percentages used below are only for illustration purposes, and
do not in any way provide guidance or to be used as a standard practice. The auditor should use
his/her professional judgment in setting and determining the materiality levels in an audit of
financial statements. For illustration purposes, consider the following financial information of
an entity:
Total assets P 1,000,000

Total liabilities 700,000
Total equity 300,000
Sales P 800,000
Cost of sales 600,000
Gross profit 200,000
Operating expenses 50,000
Profit before tax 150,000
Income tax provision 45,000
Profit for the year P 105,000
1) Overall materiality
Assuming that the entity is a profit-oriented company, the materiality levels which the auditor
may consider are as follows:
Consideration
Profit before tax Sales
Benchmark P150,000 P800,000

Percentage 5% 1%
Overall materiality P7,500 P8,000
The above amounts are the assessment of materiality on the financial statements as a whole.
They also serve as a basis in determining if identified uncorrected misstatements are already
material in the aggregate to the financial statements and therefore required to be adjusted.
Although the above amounts are acceptable, appropriate overall materiality will depend on the
factors [PSA 320.A3] considered in determining the correct benchmark.
2) Performance materiality
Based on the above overall materiality levels, the auditor may consider the overall engagement
risk and the history of booked audit adjustments in determining the percentage for performance
materiality.
Assuming based on the auditor’s judgment, the following rationale and percentages have been
determined:
Rationale for higher Rationale for lower

performance materiality performance materiality
Overall engagement risk Low High
History of booked adjustment Limited to none Frequent
Fraud risk Low High
Threshold to adopt based on 25% lower than overall 50% lower than overall
professional judgment and materiality materiality
understanding of the entity
The performance materiality is calculated as follows:

Overall materiality P7,500 P8,000
Performance materiality
Higher (25%) P5,625 P6,000
Lower (50%) P3,750 P4,000
As calculated above, all financial statement line items above performance materiality are
required to be included in the scope of the audit. This means that for a high risk audit
engagement, a lower level of performance materiality is appropriate in order to respond to a
higher risk of material misstatement. Conversely, for a low risk audit engagement, a higher level
of performance materiality is appropriate as there is a lower risk of materiality misstatement.
However, it is not appropriate to automatically exclude all balances below the performance
materiality level from the audit testing. The auditor should ensure that the total amount of the
excluded financial statement line items should not be above overall materiality. Otherwise, the

auditor should design audit procedures to reduce the total amount of excluded financial
statement line items below overall materiality.
3) Specific materiality
Assume further that the auditor has assessed that there are specific users who expect a lesser
level of misstatement in management compensation; the auditor may consider setting a specific
materiality lower than performance materiality in order to obtain higher comfort on the audit
procedures performed over management compensation. Assuming that based on the auditor’s
assessment, adopting a 50% threshold below performance materiality is appropriate to address
the risk, the specific materiality will be computed as follows:

Specific materiality
Higher (50% of performance P2,813 P3,000
materiality)
Lower (50% of performance P1,875 P2,000
materiality)
The Effect of Materiality on Audit Procedures
300.54 The amount of tolerable misstatement assigned to an account balance or class of

transactions affects the extent of audit procedures performed for the said account or class
of transaction. The lower the tolerable misstatement, the more extensive the required
audit procedures.
As an extreme case, assume that tolerable misstatement for accounts payable is zero. This
means that any amount of misstatement in accounts payable, even a one centavo
misstatement, can affect the decision of users of financial statements. Consequently, the
auditor would have to test every transaction making up the account.
300.55 The concept of materiality recognizes that auditors work within constraints of time and
cost. Thus, the auditor (and financial statement users) must permit a reasonable allowance
for error in the financial statement accounts.
Consideration of Materiality Towards the End of an Engagement
300.56 Toward the end of an engagement, after all audit evidence has been gathered and
evaluated, an auditor again considers materiality by comparing the combined
misstatements for all accounts with the preliminary (or revised) estimate for the entire set
of financial statements taken as a whole.
300.57 In evaluating whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework, the auditor should assess

whether the aggregate of uncorrected misstatements that have been identified during the
audit is material.
300.58 The aggregate of uncorrected misstatements (also known as likely misstatements)

comprises:
1. Specific misstatements identified by the auditor including the net effect of

uncorrected misstatements identified during the audit of previous periods;
2. The auditor’s best estimate of other misstatements which cannot be specifically
identified (i.e., projected errors).
300.59 If the aggregate of the uncorrected misstatements that the auditor has identified
approaches the performance materiality level, the auditor would consider whether it is
likely that undetected misstatements, when taken with aggregate uncorrected
misstatements could exceed materiality level. Thus, as aggregate uncorrected
misstatements approach the materiality level the auditor would consider reducing audit
risk by performing additional audit procedures or by requesting management to adjust the
financial statements for identified misstatements.
See Exhibit 300-07, Materiality Worksheet.
Other Considerations – Consolidated Financial Statements
300.60 If the audit involves consolidated financial statements, the auditor uses the consolidated
amounts. If a separate audit opinion is issued on the financial statements of a component
included in the consolidated financial statements, a separate audit materiality calculation
is made for the audit of the financial statements of the component.
300.61 Audit materiality for a component included in consolidated financial statements may not
exceed audit materiality calculated for the consolidated financial statements.
Other Considerations – Multi-Location Audits
300.62 When work is performed by more than one auditor, i.e. multinational companies with
subsidiary in the Philippines, the originating office specifies the audit materiality amount
(usually based on consolidated assets and revenues).
300.63 However, if the auditor is to issue a separate audit report stating an audit opinion on the
separate financial statements of the subsidiary being audited, , a separate audit materiality
amount need to be calculated and used.
Other Considerations – Insignificant Amounts
300.64 The auditor specifies one or more amounts below which the auditor considers
misstatements, if they exist, to be insignificant. Amounts stated as insignificant represent
the professional judgment of the audit team. Specifically, the judgment is that a material

misstatement would not result in the financial statements if misstatements below the
amount stated are ignored.
300.65 Amounts stated as insignificant need not be the same across the entire audit; qualitative
factors may be involved. Misstatements that the auditor detects below these amounts are
not summarized in a summary of unadjusted audit differences. However, the auditor
considers their qualitative aspects.
300.66 The auditor’s qualitative consideration of such insignificant misstatements is usually

limited to a consideration of whether such misstatements:
▪ appear to be related to fraud risk factors
▪ individually or in the aggregate may be indicators of control failures.
If not, the working papers document the auditor’s conclusion that the difference is not
significant. That conclusion may be limited to a notation, initialed by the preparer, such as
the following: misstatement insignificant to warrant further investigation.
Assessing the Risks of Material Misstatement

300.67 In assessing the risk of material misstatements (inherent risk and control risk) both at the
financial statement and assertion level, the auditor is required to perform the following:
1. Identify risks by considering the understanding of the entity and its environment,
(including relevant controls), and by considering the classes of transactions, account
balances, and disclosures in the financial statements.
2. Relate the identified risks to what can go wrong at the assertion level; and
3. Consider whether the risks are of a magnitude that could result in a material
misstatement of the financial statements.
300.68 Management often reacts to inherent risk situations by designing internal control systems
to prevent or detect and correct misstatements.
300.69 The amount of substantive test procedures and related audit work in an engagement often
depends on the extent of reliance that the auditor places on the internal control system of
the company.
300.70 During audit planning, the auditor obtains an overall “feel” of the situation by determining,
on a preliminary basis, the major areas where the audit work will place reliance on internal
controls. Specifically, this means identification of major transaction cycles (e.g., revenue
and receipts, purchasing and disbursement, payroll, conversion, investing and financing
cycles), and the controls put in place to reduce the risks of material misstatements.
Generally, the more reliable internal controls are, the lesser the substantive test
procedures to apply in auditing year-end account balances. See also Appendix 2 of PSA
315 – Conditions and Events That May Indicate Risks of Material Misstatement.

300.71 The assessment of inherent risk and control risk may be expressed quantitatively or
qualitatively.
See Section 400 for more discussion on the assessment of control risk.
Significant Risks
300.72 The assessment of inherent risk and control risk may be expressed quantitatively or
qualitatively. Of concern to the auditor is the presence of significant risks, since these
require special audit consideration.
300.73 Determination and assessment of significant risks, which arise on most audits, is a matter
of the auditor’s professional judgment. In exercising this judgment, the auditor should
consider the following:
1. Whether the risk is a risk of fraud.
2. Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention.
3. The complexity of transactions.
4. Whether the risk involves significant transactions with related parties.
5. The degree of subjectivity in the measurement of financial information related to
the risk especially those involving a wide range of measurement uncertainty.
6. Whether the risk involves significant transactions that are outside the normal course
of business for the entity, or that otherwise appear to be unusual.
300.74 Significant risks often relate to significant non-routine transactions and judgmental
matters. Non-routine transactions are transactions that are unusual, either due to size or
nature, and that therefore occur infrequently. Judgmental matters may include the
development of accounting estimates for which there is significant measurement of
uncertainty.
300.75 If management has not appropriately responded by implementing controls over significant
risks and if, as a result, the auditor judges that there is material weakness in the entity’s
internal control, the auditor communicates this matter to those charged with governance
and also considers the implications for the auditor’s risk assessment.
The Effect of Audit Risk on Audit Procedures
300.76 The higher the combined assessments of inherent and control risks, the lower the amount
of detection risk that can be accepted. The lower the acceptable detection risk, the greater
the amount of audit procedures to be performed in order to reduce the chances of not
detecting misstatements.
See Exhibit 300-08, for sample Risk Assessment Worksheet form.

The Relationship Between Audit Risk and Materiality
300.77 When planning the audit, the auditor considers what would make the financial statements
materially misstated. The auditor’s understanding of the entity and its environment
establishes a frame of reference within which the auditor plans the audit and exercises
professional judgment about assessing the risks of material misstatement of the financial
statements and responding to those risks throughout the audit. It also assists the auditor
to establish materiality and in evaluating whether the judgment about materiality remains
appropriate as the audit progresses. The auditor’s assessment of materiality, related to
classes of transactions, account balances, and disclosures, helps the auditor decide such
questions as what items to examine and whether to use sampling and substantive
analytical procedures. This enables the auditor to select audit procedures that, in
combination, can be expected to reduce audit risk to an acceptably low level.
300.78 There is an inverse relationship between materiality and the level of audit risk, that is, the
higher the materiality level, the lower the audit risk and vice versa. The auditor takes the
inverse relationship between materiality and audit risk into account when determining the
nature, timing and extent of audit procedures.
For example, if, after planning for specific audit procedures, the auditor determines that
the acceptable materiality level is lower, audit risk is increased. The auditor would
compensate for this by either:
1. Reducing the assessed risk of material misstatement, where this is possible, and
supporting the reduced level by carrying out extended or additional tests of control;
or
2. Reducing detection risk by modifying the nature, timing and extent of planned
substantive procedures.
Materiality and Audit Risk in Evaluating Audit Evidence
300.79 The auditor’s assessment of materiality and audit risk may be different at the time of
initially planning the engagement from at the time of evaluating the results of audit
procedures. This could be because of a change in circumstances or because of a change in
the auditor’s knowledge as a result of performing audit procedures. For example, if audit
procedures are performed prior to period end, the auditor will anticipate the results of
operations and the financial position. If actual results of operations and financial position
are substantially different, the assessment of materiality and audit risk may also change.
Additionally, the auditor may, in planning the audit work, intentionally set the acceptable
materiality level at a lower level than is intended to be used to evaluate the results of the
audit. This may be done to reduce the likelihood of undiscovered misstatements and to
provide the auditor with a margin of safety when evaluating the effect of misstatements
discovered during the audit.

Identifying Related Parties
300.80 The auditor needs to have a sufficient understanding of the entity and its environment to
enable identification of the events, transactions and practices that may result in a risk of
material misstatement regarding related parties and transactions with such parties.
300.81 A related party transaction is a transfer of resources, services or obligations between

related parties, regardless of whether a price is charged.
300.82 A party is related to an entity if:
1. Directly, or indirectly through one or more intermediaries, the party:

- Controls, is controlled by, or is under common control with, the entity (this includes
parents, subsidiaries and fellow subsidiaries);
- Has an interest in the entity that gives it significant influence over the entity; or
- Has joint control over the entity;
2. The party is an associate of the entity;
3. The party is a joint venture in which the entity is a venturer;
4. The party is a member of the key management personnel of the entity or its parent;
5. The party is a close member of the family of any individual referred to in 1 or 4;
6. The party is an entity that is controlled, jointly controlled or significantly influenced by,
or for which significant voting power in such entity resides with, directly or indirectly,
any individual referred to in 4 or 5; or
The party is a post-employment benefit plan for the benefit of employees of the entity, or
of any entity that is a related party of the entity.
300.83 While the existence of related parties and transactions between such parties are
considered ordinary features of business, the auditor needs to be aware of them because:
▪ The applicable financial reporting framework may require disclosure in the financial
statements of certain related party relationships and transactions, such as those
required by PFRS for SME and PFRS for SE;
▪ The existence of related parties or related party transactions may affect the
financial statements. For example, the entity’s tax liability and expense may be
affected by the tax laws in various jurisdictions which require special consideration
when related parties exist;
▪ The source of audit evidence affects the auditor’s assessment of its reliability.
Generally, a greater degree of reliance may be placed on audit evidence that is
obtained from or created by unrelated third parties; and
▪ A related party transaction may be motivated by other than ordinary business
considerations, for example, profit sharing or even fraud.
300.84 Related parties may be identified by inquiries of management and predecessor auditors
and by reviews of stockholder listings, and material investment transactions.
See Exhibit 300-09, for sample Related Parties and Related Party Transactions work
program.

Perform Analytical Review Procedures
300.85 Analytical procedures refer to evaluations of financial information made by a study of
plausible relationships among both financial and non-financial data. Analytical procedures
encompass the investigation of identified fluctuations and relationships that are
inconsistent with other relevant information or deviate significantly from predicted
amounts. These procedures are required to be performed in the planning and in the final
review stages of the audit, but not as substantive test procedures in gathering audit
evidence.
Analytical Procedures During the Planning Stage
300.86 The primary objective in performing analytical procedures in the planning stage of the
audit, is to enhance the auditor’s understanding of the client, its business and the industry
in which the client operates and to identify areas of potential risk.
300.87 Effective analytical procedures provide audit evidence in a cost-effective manner.

However, due care must be taken in carrying out such procedures for it to be effective.
Analytical procedures are used in the different stages of the audit. For planning the audit,
the objectives are:
▪ enhance the understanding of the business, e.g. know where the business stands in the
market
▪ identify non-routine transactions
▪ plan an efficient audit, i.e. reducing or eliminating the planned amount of substantive
audit testing required
▪ ensure that appropriate recognition is given to the results of analytical procedures in
reducing tests of details.
300.88 Examples of analytical procedures at the planning stage are:

▪ Study of the changes in a given account balance, item, or element over prior
accounting periods with expectations for the current year;
▪ Comparison of financial information with anticipated results (for example, budgets and
forecasts);
▪ Study of the relationships between account balances over time or among firms in a
given industry;
▪ Comparison of simple computations or series of computations that develop an
estimate for a given account balance, item, or element (for example, proof-in-total or
reasonableness tests);
▪ Study of the relationship of financial information with non-financial information.
300.89 The basic premise underlying the application of analytical procedures is that relationships
among data may reasonably be expected to exist and to continue to exist in the absence of
known conditions to the contrary. Particular conditions that can cause variations in these

relationships include, for example, specific unusual transactions or events, accounting
changes, business changes, random fluctuations or misstatements.
300.90 Analytical procedures may be helpful in identifying the existence of unusual transactions
or events, and amounts, ratios, and trends that might indicate matters that have financial
statement and audit implications.
300.91 Precise and powerful analytical procedures may involve obtaining and analyzing detailed
data ensuring that the data is reliable and corroborating management representations.
300.92 For most of the audit clients, internally generated information may be obtained and
analyzed. In addition, data external to the clients may be obtained for benchmarking
purposes.
300.93 In performing analytical procedures as risk assessment procedures, the auditor develops
expectations about plausible relationships that are reasonably expected to exist.
300.94 Analytical procedures generally cover three major activities as follows:
1. Prediction or Expectation – we may predict an account balance, a class of transactions

or a ratio involving financial and/or operating data. There are three methods of forming
an expectation:
a. trend analysis
b. ratio analysis
c. reasonableness testing.
The auditor considers the most appropriate method to perform based on the precision
required.
2. Comparison – predictions are compared to the current year account balance, a

budgeted amount, the relevant amount for a comparable company or industry average.
3. Judgment – professional judgment will be used to investigate and conclude on the

differences observed.
When comparison of those expectations with recorded amounts or ratios developed

from recorded amounts yields unusual or unexpected relationships, the auditor
considers those results in identifying risks of material misstatement. However, when
such analytical procedures use data aggregated at a high level (which is often the
situation), the results of those analytical procedures only provide a broad initial
indication about whether a material misstatement may exist. Accordingly, the auditor
considers the results of such analytical procedures along with other information
gathered in identifying the risks of material misstatement.
300.95 Analytical procedures are the preferred choice for obtaining audit evidence. It is usually
considered before performing tests of details. Evidence is only obtained solely from tests

of details where analytical procedures are impractical or not cost-effective, or where
relationships which can be analyzed do not exist.
See Exhibit 300-10, for Analytical Review Procedures, sample form.
Determining the Need for Auditor’s Expert

300.96 The auditor is not expected to have the expertise of a person trained for or qualified to
engage in the practice of another profession or occupation, such as an actuary or engineer.
During the course of the audit, the auditor may require audit evidence in the form of
reports, opinions, valuations and statements of an auditor’s expert. An expert may be
contracted/employed by the entity or by the auditor.
300.97 Situations which may warrant the use of an auditor’s expert include the following:
▪ Valuations of certain types of assets, for example, land and buildings, plant and
machinery, works of art, and precious stones.
▪ Determination of quantities or physical condition of assets, for example, minerals
stored in stockpiles, underground mineral and petroleum reserves, and the remaining
useful life of plant and machinery.
▪ Determination of amounts using specialized techniques or methods, for example, an
actuarial valuation.
▪ The measurement of work completed and to be completed on contracts in progress.
▪ Legal opinions concerning interpretations of agreements, statutes and regulations.
300.98 When determining the need to use the work of an auditor’s expert, the auditor would
consider:
▪ The engagement team’s knowledge and previous experience of the matter being
considered;
▪ The risk of material misstatement based on the nature, complexity, and materiality of
the matter being considered; and
▪ The quantity and quality of other audit evidence expected to be obtained.
300.99 When planning to use the work of an auditor’s expert, the auditor should evaluate the
professional competence of the expert. This will involve considering the expert’s
professional certification or licensing by, or membership in, an appropriate professional
body. It also involves considering the expert’s experience and reputation in the field in
which the auditor is seeking audit evidence.
300.100 The auditor should evaluate the objectivity of the expert, since the risk that an expert’s
objectivity will be impaired increases when the expert is:
▪ Employed by the entity; or
▪ Related in some other manner to the entity, for example, by being financially
dependent upon or having an investment in the entity.

300.101 If the auditor is concerned regarding the competence or objectivity of the expert, the
auditor needs to discuss any reservations with management and consider whether
sufficient appropriate audit evidence can be obtained concerning the work of an expert.
The auditor may need to undertake additional audit procedures or seek audit evidence
from another expert.
See Exhibit 300-11, Audit Program for the Use of the Auditor’s Expert, for the related
work program.
Developing the Preliminary Audit Programs

300.102 The most important control mechanism in an audit is the audit program. The audit
program is a list of procedures (tests of controls or substantive tests) used to gather
sufficient appropriate audit evidence.
300.103 For initial engagements, preliminary audit programs are not usually prepared until the
client’s control structure has been reviewed and documented, since the auditor has no
prior information about the client’s internal control structure. In continuing engagements,
preliminary audit programs can be drafted in advance of fieldwork, based on the auditor’s
prior knowledge of the client’s control structure and the results of previous assessments of
control risk.
300.104 Firms usually have already pre-printed audit programs. Auditors would normally modify
these printed programs to suit the client’s conditions, situations and peculiarities. There
are two types of audit programs:
1. Tests of controls audit program (compliance test audit program) – prepared when
the auditor has identified controls which he/she plans to rely on (reliance
approach). See Exhibit 300-12 for sample Test of Controls – Purchasing Cycle
program.
2. Substantive test audit program – prepared regardless of the approach taken by the
auditor (reliance or no reliance). See Exhibit 300-13 for sample Substantive Test –
Trade Payable program.
300.105 The overall audit plan and the audit program should be revised as necessary during the
course of the audit.
300.106 As the audit team implements the audit plan, it may be necessary to adjust or revise the
plan and as appropriate the audit programs to adopt to circumstances that the audit team
encounter when implementing the audit plan. For example:
• Preliminary assessment of audit materiality may have been set high during planning and
may need to be reduced
• Tests of controls may have resulted to a lot of exception that affects full reliance on the
control system and would thus necessitate corresponding adjustment to the
substantive testing procedures initially set

300.107 If based on the study and evaluation of the client’s business profile and the preliminary
assessment of control risks, we determined that the “no-reliance” approach is more
appropriate, the basis for such decision must be adequately documented in the Planning
Memorandum, signed off by the auditor or approved by the Engagement Partner.
Timing of the Audit Work
300.108 Efficient scheduling of audit work is the key to maximizing the effectiveness and monetary
return of an accounting firm. This fact becomes clear when considering the economics of a
public accounting practice.
300.109 Not all audit procedures must be performed after the end of the period being audited, and
most accounting firms strive to perform as much work at an interim date as possible. This
practice allows the accounting firm to reduce staff requirements and the clients to issue
financial statements and annual reports at an earlier date.
300.110 The timing of significant phases of the audit and tentative deadline dates for completion
should be determined, agreed upon with the client and documented in an engagement
timetable.
300.111 The following are significant dates for audit engagements:

▪ Physical inventory count
▪ Confirmation of receivables
▪ Commencement of field work
▪ Submission of required schedules and analyses
▪ Workpapers and data for consolidation to arrive from other locations
▪ Closing conference
▪ Submission of auditor’s report and management letter
▪ Issuance of special report, if any
▪ Availability of financial statements for Board of Directors’ meeting
▪ Filing of financial statements/returns with BIR, SEC and other agencies
See Exhibit 300-14 for a sample Time Budget.

Audit Team Discussions
PSA 240.15
PSA 315 requires a discussion among the engagement team members and a determination by
the engagement partner of which matters are to be communicated to those team members
not involved in the discussion. This discussion shall place particular emphasis on how and
where the entity’s financial statements may be susceptible to material misstatement due to
fraud, including how fraud might occur. The discussion shall occur setting aside beliefs that
the engagement team members may have that management and those charged with
governance are honest and have integrity.
PSA 315.10
The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity’s financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity’s facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
300.112 A critical element in the success of any audit engagement is good communication among
the audit team members. Communication starts with the assignment of team members,
arranging the team meeting to plan the engagement, and then continues throughout the
engagement. The benefits of good communication include:
▪ Each person on the team will understand the entity being audited, the financial
reporting framework to be used, what his/her specific role will be in the audit, and the
expectations about how and when work will be performed.
▪ Potential for over-and under-auditing will be significantly reduced.
▪ Staff is provided insights into the client and audit expectations directly from senior
personnel such as the engagement partner.
▪ Team discussions on the susceptibility of the financial statements to material
misstatements will help determine the business and fraud risks that need to be
addressed.
▪ Staff will be encouraged to ask questions and reconsider the effectiveness of the
previous period’s responses to assessed risks.
(IFAC Guide, Volume 2, Third edition, page71)
300.113 On larger engagements, a planning meeting should be scheduled well in advance of the
commencement of fieldwork. This will provide the time necessary to prepare or make
changes in the detailed audit plan. On very small engagements, planning may best be
achieved through brief discussions at the start of the engagement and as the audit
progresses. (IFAC Guide, Volume 2, Third edition, page 72)
300.114 Team members should be encouraged to come to the meeting with a questioning mind,
and be prepared to participate and share information with an attitude of professional

skepticism. They should set aside any beliefs that management and those charged with
governance are honest and have integrity. The extent of the discussion should be
influenced by the roles, experience, and the information needs of the audit engagement
team members.
300.115 Emphasize the importance for staff to be alert for indications of dishonesty, but also to be
careful not to jump to any conclusions, particularly when discussing findings with the
entity’s management or staff. Indicate possible circumstances (red flags) that, if
encountered, might indicate the possibility of fraud.
300.116 Fraud is generally discovered by identifying patterns, exceptions, and oddities in

transactions and events. For example, a false claim in an expense account would be
immaterial to the financial statements by itself, but could be indicative of a much larger
issue such as lack of management integrity.
(IFAC Guide, Volume 2, Third edition, page 74)
Other Planning Considerations
Arrangements for Company Assistance
300.117 The extent of assistance to be provided by the company during the audit should be
determined and arranged as early as possible. A listing of schedules and analyses to be
provided by the client, with indication of the dates and by whom they are to be completed
should be prepared. Only useful items should be listed and completion dates should be
realistic and consistent with the timing of the audit plan and the company’s year-end
scheduling. Suggested formats for the schedules or analyses, showing the column
headings, may be given to the accountant of the company.
300.118 These schedules may also be accessed by the auditor electronically, from the client’s
computer information system, depending on the access level granted to the auditors.
300.119 The following are examples of schedules that the client company can provide:
▪ Lead schedules or trial balance
▪ Bank reconciliation statements
▪ Schedule of accounts receivable, with remarks as to collectability
▪ Inventory listings
▪ Schedule of fixed assets and related accumulated depreciation
▪ Analyses of prepaid and deferred charges
▪ Schedule of accounts, notes and vouchers payable
▪ List of stockholders with corresponding number of shares held
▪ Insurance policies in force
▪ Stock options granted, terminated, exercised and exercisable
▪ Schedule of unmatched delivery receipts with sales invoices

▪ Schedule of unmatched receiving reports with supplier’s invoices
▪ Acquisitions and retirement of fixed assets
▪ Schedule of taxes and licenses paid and accrued during the year
Consider the Work of Internal Auditors
300.120 The scope of work and principal findings of the internal auditors during the current year
and for the remainder of the year should be determined, including their availability for
coordination or direct assistance, if any. The effect of the internal audit function on the
nature, timing, and extent of the auditor’s own audit procedures should be determined in
due course by reviewing and evaluating the objectivity and competence of the internal
auditors and the effectiveness of their procedures.
300.121 In areas where the work of internal auditors is effective, the independent auditor may
arrange for coordination of the internal auditors’ effort with this work in such areas as:
▪ Observation of inventory count
▪ Confirmation of receivables
▪ Review of fixed assets additions and disposals
▪ Review of depreciation provisions
▪ Bank reconciliation preparation
▪ Review of loss events
Direction, Supervision and Review
300.122 Supervision involves directing the efforts of assistants who are involved in accomplishing
the objectives of the examination and determining whether those objectives were
accomplished. Elements of supervision include the following activities:
▪ Coordinating staff assignments and ascertaining that staff with appropriate
capabilities is performing the work.
▪ Assigning work to assistants.
▪ Reviewing all fieldwork to conclude that the engagement is satisfactorily completed.
▪ Conducting on the job training.
▪ Resolving significant accounting, auditing and similar matters relative to the
engagement, including necessary consultation thereon.
300.123 The extent of supervision appropriate in a given instance depends on many factors,
including the complexity of the subject matter and the qualifications of persons
performing the work.
300.124 Assistants should be informed of their responsibilities and the objectives of the procedures
that they are to perform. They should be informed of matters that may affect the nature,
extent and timing of procedures they are to perform, such as the nature of the entity’s
business as it relates to their assignments and possible accounting and auditing problems.

300.125 The auditor should direct assistants to bring to his attention significant accounting and
auditing questions raised during the examination so that he may assess their significance.
The work performed by each assistant should be reviewed to determine whether it was
adequately performed and to evaluate whether the results are consistent with the
conclusions to be presented in the auditor’s report.
300.126 The auditor and assistants should be aware of the procedures to be followed when
differences of opinion concerning accounting and auditing issues exists among firm
personnel involved in the examination. Such procedures should enable an assistant to
document this disagreement with the conclusions reached if, after appropriate
consultation, he believes it necessary to disassociate himself from the resolution of the
matter. In this situation, the basis for the final resolution should be documented.
300.127 Supervision and review are essential parts of managing an engagement. The partner is
ultimately responsible for forming and expressing an opinion on the financial statements
and cannot delegate this responsibility. The manager or other experienced individual is
usually responsible for supervising and monitoring the work done to ensure that it is in
accordance with the audit-testing plan.
300.128 Supervision also entails comparing the completed work with established timetables and
budgets, training and coaching, and identifying differences in professional judgment
among personnel and referring them to the appropriate level for resolution, as well as
directly reviewing the work performed.
300.129 The work done by each member of the audit team is supervised, reviewed, and approved
by another, more experienced member. Queries raised during the review process should
be followed up and resolved before completing the engagement and issuing the audit
opinion.
Refer to Section 600 for more discussion on Direction, Supervision and Review.

400 Audit Process
400.1 This section covers the following considerations in the audit process:
▪ Studying and evaluating of client’s internal control system
▪ Substantive testing
▪ Completing the audit engagement
400.2 The study and evaluation of client’s internal control system includes the following sub-
topics:
▪ Definition of internal control
▪ Purpose of internal control
▪ Limitations of internal control
▪ Pervasive and specific internal controls
▪ Division of internal control into components
▪ Internal control in smaller entities
▪ Absence of internal controls
▪ Controls to prevent fraud (anti-fraud controls)
▪ Controls relevant to audit
▪ Steps in evaluating internal control
▪ Characteristics of manual and automated elements of internal control
▪ Auditing in an IT environment
▪ Communicating deficiencies in internal control
400.3 The substantive test includes the following sub-topics:

▪ Substantive analytical procedures
▪ Substantive test of details
▪ Audit of accounting estimates
400.4 The completing the audit engagement includes the following sub-topics:
▪ Performs final analytical procedures;
▪ Reads minutes of recent board and committee meetings;
▪ Inquiry of entity’s legal counsel;
▪ Inquiry of client to identify commitments and contingencies;
▪ Makes final materiality judgments;
▪ Summarizes and evaluates the audit findings;
▪ Reviews the working papers;
▪ Reviews the financial statement presentation and disclosures for adequacy;
Audit Process 400 – 1

▪ Assess appropriateness of management use of going concern assumption;
▪ Considers subsequent events; and
▪ Obtains management representation letters.
Internal Control
400.5 As defined in paragraph 4.c of PSA 315, internal control is the process designed,
implemented and maintained by those charged with governance, management and other
personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations, and compliance with applicable laws and regulations.
The term “controls” refers to any aspects of one or more of the components of internal
control.
Purpose of Internal Control

400.6 In accordance with PSA 315 par. A40, internal control is designed, implemented and
maintained to address identified business risks that threaten the achievement of any of
the entity’s objectives that concern:
▪ The reliability of the entity’s financial reporting;
▪ The effectiveness and efficiency of its operations; and
▪ Its compliance with applicable laws and regulations.
The way in which internal control is designed, implemented and maintained varies with
an entity’s size and complexity. Smaller entities may use less structured means and
simpler processes and procedures to achieve their objectives.
Limitations of Internal Control

400.7 Internal control, no matter how effective, can provide an entity with only reasonable
assurance about achieving the entity’s financial reporting objectives. The likelihood of
their achievement is affected by limitations inherent to internal control. These include
the realities that human judgment in decision-making can be faulty and that breakdowns
in internal control can occur because of human error.
For example, there may be an error in the design of, or in the change to, a control. Equally,
the operation of a control may not be effective, such as where information produced for
the purposes of internal control (for example, an exception report) is not effectively used
because the individual responsible for reviewing the information does not understand its
purpose or fails to take appropriate action. [PSA315.A42]
400.8 Additionally, controls can be circumvented by the collusion of two or more people or
inappropriate management override of internal control. For example, management may
enter into side agreements with customers that alter the terms and conditions of the
entity’s standard sales contracts, which may result in improper revenue recognition. Also,

edit checks in a software program that are designed to identify and report transactions
that exceed specified credit limits may be overridden or disabled. [PSA315.A43]
400.9 Further, in designing and implementing controls, management may make judgments on
the nature and extent of the controls it chooses to implement, and the nature and extent
of the risks it chooses to assume. [PSA315.A44]
400.10 Smaller entities often have fewer employees which may limit the extent to which
segregation of duties is practicable. However, in a small owner-managed entity, the
owner-manager may be able to exercise more effective oversight than in a larger entity.
This oversight may compensate for the generally more limited opportunities for
segregation of duties. [PSA315.A45]
On the other hand, the owner-manager may be more able to override controls because
the system of internal control is less structured. This is taken into account by the auditor
when identifying the risks of material misstatement due to fraud. [PSA315.A46]
Pervasive and Specific Internal Controls

400.11 Internal controls can be broadly categorized as pervasive controls that address pervasive
risks, at the financial statement level and specific (transactional) controls that address
specific risks at the assertion level. (IFAC Guide, Vol. II, Fourth Edition, page 111)
400.12 Pervasive controls address governance and general management and serve to establish
the overall control environment or “tone at the top.” Typical control processes include
human resources, fraud, risk assessment (management override), general IT
management, preparation of financial information (including financial statements and
underlying estimates, etc.), and the ongoing monitoring of operations. In small entities,
these controls will refer primarily to management’s attitudes toward integrity and
control. (IFAC Guide, Vol. II, Fourth Edition, page 112)
400.13 A solid understanding of the pervasive elements of internal control provides an important
foundation for assessing relevant controls over financial reporting at the transactional
(business process) level. For example, if there are poor controls over data integrity, this
will impact the reliability of all information produced by systems such as sales, purchases,
and payroll. (IFAC Guide, Vol. II, Fourth Edition, page 112)
400.14 Transactional (business process) controls are specific processes/controls that are
designed to ensure that:
• Transactions are appropriately recorded for the preparation of financial statements;
• Accounting records are maintained in reasonable detail to accurately and fairly reflect
all the transactions and dispositions of assets;
• Receipts and expenditures are made only in accordance with the authorizations of
management; and
• Unauthorized acquisition, use, or disposition of assets would be prevented or
detected on a timely basis. (IFAC Guide, Vol. II, Fourth Edition, page 112)

400.15 Transactional control processes include routine transactions (such as revenues,
purchases, and payroll) and non-routine transactions (such as purchasing equipment, or
the costs involved in starting a new line of business). (IFAC Guide, Vol. II, Fourth Edition,
page 112)
Components of Internal Control

400.16 The division of internal control into the following five components, for purposes of the
Audit Manual, provides a useful framework for auditors to consider how different aspects
of an entity’s internal control may affect the audit:
(a) The control environment;
(b) The entity’s risk assessment process;
(c) The information system, including the related business processes, relevant to
financial reporting, and communication;
(d) Control activities; and
(e) Monitoring of controls.
The division does not necessarily reflect how an entity designs, implements and maintains
internal control, or how it may classify any particular component. The firm may use
different terminology or frameworks to describe the various aspects of internal control,
and their effect on the audit than those used in this Audit Manual, provided all the
components described in this Audit Manual are addressed. [PSA315.A47]
Components of Internal Control—Control Environment
PSA 315.A65
The control environment includes the governance and management functions and the
attitudes, awareness, and actions of those charged with governance and management
concerning the entity’s internal control and its importance in the entity. The control
environment sets the tone of an organization, influencing the control consciousness of its
people.
400.17 Elements of the control environment that may be relevant when obtaining an
understanding of the control environment include the following:
(a) Communication and enforcement of integrity and ethical values – These are essential
elements that influence the effectiveness of the design, administration and
monitoring of controls.
(b) Commitment to competence – Matters such as management’s consideration of the
competence levels for particular jobs and how those levels translate into requisite
skills and knowledge.
(c) Participation by those charged with governance – Attributes of those charged with
governance such as:
- Their independence from management.

- Their experience and stature.
- The extent of their involvement and the information they receive, and the
scrutiny of activities.
- The appropriateness of their actions, including the degree to which difficult
questions are raised and pursued with management, and their interaction with
internal and external auditors.
(d) Management’s philosophy and operating style – Characteristics such as
management’s:
- Approach to taking and managing business risks.
- Attitudes and actions toward financial reporting.
- Attitudes toward information processing and accounting functions and
personnel.
(e) Organizational structure – The framework within which an entity’s activities for
achieving its objectives are planned, executed, controlled, and reviewed.
(f) Assignment of authority and responsibility – Matters such as how authority and
responsibility for operating activities are assigned and how reporting relationships
and authorization hierarchies are established.
(g) Human resource policies and practices – Policies and practices that relate to, for
example, recruitment, orientation, training, evaluation, counseling, promotion,
compensation, and remedial actions. [PSA315.A66]
400.18 The control environment within small entities will differ from larger entities, but is just as
important. This is particularly true when the entity does not have the staff or resources
to implement traditional control activities such as segregation of duties. (IFAC Guide, Vol.
I, Fourth Edition, page 44)
400.19 In smaller entities, the active involvement of a competent owner-manager (a control-

environment strength) may well reduce the need for other control activities, such as
segregation of duties. Consequently, control environment strengths can serve to
indirectly prevent or detect and correct certain types of misstatement. For example, when
the owner-manager reviews and approves individual transactions before they are
completed, it may serve to prevent or detect and correct certain specific errors or fraud.
However, this control environment strength would not mitigate other risks such as
management override of controls. (IFAC Guide, Vol. I, Fourth Edition, page 44)
400.20 In smaller entities, there will typically be less documentation available to support control
environment controls. Consequently, the attitudes, awareness, and actions of
management (such as owner-managers) will often form the basis for evaluating control
design and implementation. For example, larger entities are likely to provide staff with a
code of conduct that outlines acceptable behaviors and consequences for violating codes
or rules. Smaller entities may communicate similar values and acceptable behaviors
through oral communications and by management example. (IFAC Guide, Vol. I, Fourth
Edition, page 44)

400.21 Where there is no supporting documentation for a particular control, the auditor would
prepare a memorandum for the file. For example, in addressing whether there is
communication and enforcement of integrity and ethical values, the auditor could:
• Identify the entity’s values, acceptable behaviors, and enforcement actions through
discussions with management. The auditor would then assess whether they are
sufficient to address the control design.
• Ask one or two employees what they believe are the entity’s values, acceptable
behaviors, and enforcement actions. These interviews would address whether
management’s values and acceptable behaviors have been communicated and
enforced. This would address control implementation.
(IFAC Guide, Vol. I, Fourth Edition, page 45)
Components of Internal Control—The Entity’s Risk Assessment Process
PSA 315.A75
The entity’s risk assessment process forms the basis for how management determines the risks
to be managed.
400.22 The entity’s risk assessment process includes the identification and treatment by
management (and those charged with governance) of business and fraud risks that could
impact on the achievement of financial reporting objectives. (IFAC Guide, Vol. II, Fourth
Edition, page 110)
400.23 If that process is appropriate to the circumstances, including the nature, size and
complexity of the entity, it assists the auditor in identifying risks of material misstatement.
Whether the entity’s risk assessment process is appropriate to the circumstances is a
matter of judgment. [PSA 315.A75]
400.24 In smaller entities where a formal risk assessment process is unlikely to exist, the auditor
would discuss with management how business risks are identified and how they are
addressed. Matters the auditor should consider are how management:
• Identifies risks relevant to financial reporting;
• Estimates the significance of the risks;
• Assesses the likelihood of their occurrence; and
• Decides upon actions to manage them.
400.25 The auditor is also required to evaluate whether the absence of a documented risk
assessment process is appropriate in the circumstances, or determine whether it
represents a significant deficiency in internal control. (IFAC Guide, Vol. I, Fourth Edition,
page 48)
400.26 If the auditor identifies risks of material misstatement that management failed to identify,
he/she should consider:
• Why did management’s processes fail?
• Are the processes appropriate to the circumstances?

400.27 If a significant deficiency exists in the entity’s risk assessment process (or there is no
process at all), it would be communicated to management and those charged with
governance. (IFAC Guide, Vol. I, Fourth Edition, page 48)
Components of Internal Control—The Information System, Including the

Related Business Processes, Relevant to Financial Reporting, and
Communication
PSA 315.A77
The information system relevant to financial reporting objectives, which includes the
accounting system, consists of the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as well as events and conditions) and
to maintain accountability for the related assets, liabilities, and equity;
• Resolve incorrect processing of transactions, for example, automated suspense files and
procedures followed to clear suspense items out on a timely basis;
• Process and account for system overrides or bypasses to controls;
• Transfer information from transaction processing systems to the general ledger;
• Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting framework
is accumulated, recorded, processed, summarized and appropriately reported in the financial
statements.
400.28 An entity’s systems and communication includes identifying the significant classes of
transactions in the entity's operations, the information captured and processed in the
accounting records, (including information obtained from outside of the general and
subsidiary ledgers), the control activities in place over financial reports and financial
statements prepared for management and outsiders, and control activities in place over
the use of technology such as the operation of accounting applications, data storage and
data security. (IFAC Guide, Vol. II, Fourth Edition, page 110)
400.29 An entity’s information system typically includes the use of standard journal entries that
are required on a recurring basis to record transactions. Examples might be journal entries
to record sales, purchases, and cash disbursements in the general ledger, or to record
accounting estimates that are periodically made by management, such as changes in the
estimate of uncollectible accounts receivable. [PSA315.A78]
400.30 An entity’s financial reporting process also includes the use of non-standard journal
entries to record non-recurring, unusual transactions or adjustments. Examples of such
entries include consolidating adjustments and entries for a business combination or
disposal or nonrecurring estimates such as the impairment of an asset. In manual general
ledger systems, non-standard journal entries may be identified through inspection of
ledgers, journals, and supporting documentation. When automated procedures are used
to maintain the general ledger and prepare financial statements, such entries may exist
only in electronic form and may therefore be more easily identified through the use of
computer-assisted audit techniques (CAATs). [PSA315.A79]

400.31 An entity’s business processes are the activities designed to:
▪ Develop, purchase, produce, sell and distribute an entity’s products and services;
▪ Ensure compliance with laws and regulations; and
▪ Record information, including accounting and financial reporting information.
Business processes result in the transactions that are recorded, processed and reported
by the information system. Obtaining an understanding of the entity’s business processes,
which include how transactions are originated, assists the auditor obtain an
understanding of the entity’s information system relevant to financial reporting in a
manner that is appropriate to the entity’s circumstances. [PSA315.A80]
400.32 Information systems and related business processes relevant to financial reporting in
small entities are likely to be less sophisticated than in larger entities, but their role is just
as significant. Small entities with active management involvement may not need
extensive descriptions of accounting procedures, sophisticated accounting records, or
written policies. Understanding the entity’s systems and processes may therefore be
easier in an audit of smaller entities, and may be more dependent on inquiry than on
review of documentation. The need to obtain an understanding, however, remains
important. [PSA315.A81]
400.33 Communication by the entity of the financial reporting roles and responsibilities and of
significant matters relating to financial reporting involves providing an understanding of
individual roles and responsibilities pertaining to internal control over financial reporting.
It includes such matters as the extent to which personnel understand how their activities
in the financial reporting information system relate to the work of others and the means
of reporting exceptions to an appropriate higher level within the entity. Communication
may take such forms as policy manuals and financial reporting manuals. Open
communication channels help ensure that exceptions are reported and acted on.
[PSA315.A82]
400.34 Communication may be less structured and easier to achieve in a small entity than in a
larger entity due to fewer levels of responsibility and management’s greater visibility and
availability. [PSA315.A83]
400.35 Smaller entities may have less sophisticated and less thoroughly documented information
and communication systems. If management does not have extensive descriptions of
accounting procedures, sophisticated accounting records, or written policies, the
understanding required by the auditor will be obtained more by inquiry and observation
than by review of documentation. (IFAC Guide, Vol. I, Fourth Edition, page 52)

Components of Internal Control—Control Activities
PSA 315.A84
Control activities are the policies and procedures that help ensure that management directives
are carried out.
400.36 Control activities, whether within IT or manual systems, have various objectives and are
applied at various organizational and functional levels. Examples of specific control
activities include those relating to the following:
▪ Authorization;
▪ Performance reviews;
▪ Information processing;
▪ Physical controls; and
▪ Segregation of duties. [PSA315.A84]
400.37 Control activities that are relevant to the audit are:

▪ Those that are required to be treated as such, being control activities that relate to
significant risks and those that relate to risks for which substantive procedures alone
do not provide sufficient appropriate audit evidence; or
▪ Those that are considered to be relevant in the judgment of the auditor. [PSA315.A85]
400.38 The auditor’s judgment about whether a control activity is relevant to the audit is
influenced by the risk that the auditor has identified that may give rise to a material
misstatement and whether the auditor thinks it is likely to be appropriate to test the
operating effectiveness of the control in determining the extent of substantive testing.
[PSA315.A86]
400.39 The auditor’s emphasis may be on identifying and obtaining an understanding of control
activities that address the areas where the auditor considers that risks of material
misstatement are likely to be higher. When multiple control activities each achieve the
same objective, it is unnecessary to obtain an understanding of each of the control
activities related to such objective. [PSA315.A87]
400.40 The auditor’s knowledge about the presence or absence of control activities obtained
from the understanding of the other components of internal control assists the auditor in
determining whether it is necessary to devote additional attention to obtaining an
understanding of control activities. [PSA315.A88]
400.41 The concepts underlying control activities in small entities are likely to be similar to those
in larger entities, but the formality with which they operate may vary. Further, small
entities may find that certain types of control activities are not relevant because of
controls applied by management. For example, management’s sole authority for granting
credit to customers and approving significant purchases can provide strong control over
important account balances and transactions, lessening or removing the need for more
detailed control activities. [PSA315.A89]

400.42 Control activities relevant to the audit of a smaller entity are likely to relate to the main
transaction cycles such as revenues, purchases and employment expenses. [PSA315.A90]
Control Techniques
400.43 The client’s internal control system utilizes variety and combination of control techniques
to achieve the objective set by management. Many control techniques fit into specific
categories based on similarities of how tests of design and operating effectiveness would
be conducted. Each control technique is grouped into controls categories. These are:
▪ Authorization
▪ Configuration/Account mapping controls
▪ Exception/Edit report
▪ Interface/Conversion controls
▪ Key performance indicator
▪ Management review
▪ Reconciliation
▪ Segregation of duties
▪ System access
Authorization
400.44 Authorization includes:

▪ Approval of transactions executed in accordance with management’s general or
specific policies and procedures
▪ Access to assets and records in accordance with management’s general or specific
policies and procedures.
Configuration/Account mapping controls
400.45 System configuration and account mapping includes “switches” that can be set by turning
them on or off to secure data against inappropriate processing, based on the
organization's business rules. If the switch is turned on, the checking can be customized
for the particular organization to be very robust or very permissive. The more specific
definition of each is as follows:
▪ Configurable controls - specific “switches” that can be set by turning them on or off
to secure data against inappropriate processing.
▪ Account mapping - specific “switches” that can be set related to how a transaction is
posted to the general ledger and then to the financial statements.
System configuration and account mapping includes standard (comes with the application
or system) and customized (developed or changed by the client) controls that have been

designed based on appropriate business criteria, to secure data against inappropriate
processing (by enforcing validity, completeness, accuracy) and help ensure data integrity.
All configurable controls/account mapping should be documented and tested properly

before implementation and be subject to appropriate change control procedures (which
include authorization, segregation of duties and testing).
In addition, the system access, authorization and segregation of duties controls (see the
separate control categories) must be appropriately designed and implemented to support
the controls provided by configuration and account mapping.
Typical examples of configurable controls are:

▪ Posting Limits
▪ Release Strategies
▪ Tolerance Limits
▪ Validations and Edit checks
▪ Screen Layout (some fields and values are required, others are suppressed, some are
pre-populated with default values, and some are “display only” values),
▪ Authorization Groups (as noted above)
▪ Transaction Variants (a way to modify a standard transaction such as Post GL entry,
so it does something different,
▪ User Parameter ID’s (which populate a user’s field automatically)
▪ Security Settings (which need to be aligned with the configuration)
▪ Configuration options (ability to “lock” the system).
For purposes of the audit, when carrying out test of design and test of operating
effectiveness on a configurable control, the specific configurable control(s) or account
mapping(s) that manage a specific risk should be identified and the focus of test work
(versus performing test work on all of the configurable controls within a system).
Exception/Edit report
400.46 Controls that fall into the exception/edit report category relate to when a report is
generated by an entity to monitor something and followed-up on through to resolution.
In most instances, the reports are focused on exceptions/edits as defined below, however
in some instances it may just be a report. For example, if an aging report is generated by
the system and followed up, the content does not necessarily represent edits or
exceptions, but the control would fall into this category for test of exception and test of
edit considerations.
▪ Exception - a violation of a set standard (e.g. customer sales exceed credit limit;
3-way match does not reconcile)
▪ Edit - a change to a master file (e.g. addition of a new employee; changes in wage
rates)

400.47 In most instances the underlying data for an exception/edit report is to be tested.
Interface/Conversion controls
400.48 Data interfaces transfer specifically defined portions of information (data) between two
computer systems, using either manual or automated means or a hybrid of both, and
should ensure accuracy, completeness and integrity of the data being transferred.
400.49 The job of a data interface is to transfer the data securely, once and only once,
completely, accurately, with integrity, and to highlight any exceptions.
400.50 Interfaces can be two-way (back and forth between two systems) or one-way (from one
system to another) and can link new systems to old/Legacy systems or old/Legacy systems
to new systems.
400.51 If the interfaced data originates in an old/Legacy system, it is important to consider the
extent of testing to be done on data quality/integrity controls from the “old” system since
Garbage In = Garbage Out.
400.52 Data conversion is the process of migrating data from a Legacy system (which may have
old, duplicate, inaccurate, incomplete data, which reside in several places within the
system) to a new system.
400.53 To perform this process, the data needs to be cleansed, reviewed and synchronized prior
to conversion (a critical step), then mapped (which may include parsing or other
manipulation), reformatted, translated, consolidated and loaded into the new system
(which may include a time lag or delay during which new data is created). Once the data
has been converted and loaded into the new system, it must be maintained to ensure its
completeness, existence, accuracy and integrity.
400.54 Interfaces require a detailed understanding of the technical and business issues related
to the interfaces.
▪ Business issues include: the business need for the interface, when is the system able
to perform the interface, how often is the interface run, how much data or how many
transactions are processed, impact of interface procedures on normal business
operations, and synchronization of legacy and new systems.
▪ Technical issues include method used to interface (import/export features of the old
and/or new package, custom programs that were developed, intermediate
system/utility (holding place), manual entry of the interfaced data), technical
approach (batch, real time, parallel) and content of what exactly is interfaced (master
file updates, detail/summary transactions, balances).
400.55 Interface/conversion data itself must be prepared properly and appropriately. In

addition, the interface/conversion must be properly and appropriately: designed (i.e.,
data mapping techniques detailing how data from one system is to be reflected in the
other), tested, performed (manual or automated), owned, maintained, re-sent if needed,

auditable (audit trail) and traceable (distinguishable from normal transactions). Any
changes are authorized, tested and documented.
400.56 The attributes of interfaces/conversion include:
▪ data integrity (data is not changed or manipulated) and
▪ data security (no one can access it).
400.57 Interfaces/conversion include controls in these areas:

▪ data management (date/time stamps, file names)
▪ processing (no missing, duplicate or redundant data and to ensure completeness and
accuracy)
▪ validation/reconciliation (on-line edits, batch totals)
▪ detection and correction of exceptions and errors.
400.58 For purposes of the audit, when carrying out test of design and test of operating
effectiveness on interfaces, the specific interface that relates to managing a specific risk
should be identified and the focus of test work (versus performing test work on all
interfaces to every system).
Key performance indicator
400.59 Key performance indicators (“KPIs”) are the financial and non-financial quantitative
measurements that are:
▪ collected by the entity, either continuously or periodically; and
▪ used by management to evaluate the extent of progress toward meeting the entity's
defined objectives.
400.60 The auditor selects only those KPIs that are both relevant to the financial statement
assertions being audited and possess the following qualities:
▪ they are strong and valid;
▪ they are expected to produce reliable results; and
▪ they are at an appropriate level of precision to detect significant misstatement (as
defined by the auditor).
Management review
400.61 Management review is the activity of a person different than the preparer analyzing and
performing oversight of activities performed. In many instances, it will be a manager
reviewing the work of a subordinate. However, it is not limited to this. It may include co-
workers reviewing each others work.
Reconciliation
400.62 A reconciliation is a control designed to check whether two items/computer systems, etc.
are consistent.

Segregation of duties
400.63 The separation of duties and responsibilities of authorizing transactions, recording

transactions and maintaining custody to prevent individuals from being in a position to
both perpetrate and conceal an error or irregularity.
System access
400.64 System access is the ability that individual users or groups of users have within a computer
information system processing environment, as determined and defined by access rights
configured in the system. The access rights in the system agree to the access in practice.
Components of Internal Control—Monitoring of Controls
PSA 315.A94
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time. It involves assessing the effectiveness of controls on a timely basis and taking
necessary corrective actions. Management accomplishes monitoring of controls through
ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring
activities are often built into the normal recurring activities of an entity and include regular
management and supervisory activities.
400.65 In many entities, internal auditors or personnel performing similar functions contribute
to the monitoring of an entity’s activities. Management’s monitoring activities may also
include using information from communications from external parties such as customer
complaints and regulator comments that may indicate problems or highlight areas in need
of improvement. [PSA315.A95]
400.66 Management’s monitoring of control is often accomplished by management’s or the

owner-manager’s close involvement in operations. This involvement often will identify
significant variances from expectations and inaccuracies in financial data leading to
corrective action to the control. [PSA315.A96]
400.67 Much of the information used in monitoring may be produced by the entity’s information
system. If management assumes that data used for monitoring are accurate without
having a basis for that assumption, errors that may exist in the information could
potentially lead management to incorrect conclusions from its monitoring activities.
Accordingly, an understanding of:
▪ The sources of the information related to the entity’s monitoring activities; and
▪ The basis upon which management considers the information to be sufficiently
reliable for the purpose, is required as part of the auditor’s understanding of the
entity’s monitoring activities as a component of internal control. [PSA315.A97]

Internal Control in Smaller Entities
400.68 In smaller entities, there are often few employees, which may limit the extent to which:
▪ Segregation of duties is practicable; and
▪ An appropriate paper trail of documentation is available. (IFAC Guide, Vol. II, Fourth
Edition, page 114)
400.69 Internal control in such entities often derives from the control environment
(management’s commitment to ethical values, competence, attitude toward control, and
its day-to-day actions) as opposed to specific controls over transactions. Evaluating the
control environment is quite different from traditional control activities, as it involves an
assessment of the behavior, attitudes, competence, and actions of management. Such
assessments are often documented in a memo or with a questionnaire. (IFAC Guide, Vol.
II, Fourth Edition, page 114)
400.70 The presence of a highly involved owner-manager is often an internal control strength
and a control weakness. The control strength is that the person (assuming his/her
competence) will be knowledgeable about all aspects of operations, and it is highly
unlikely that material misstatements will be missed. The control weakness is the
opportunity provided for that person to override the internal control for his/her own
benefit. (IFAC Guide, Vol. II, Fourth Edition, page 114)
Absence of Internal Controls

400.71 In virtually all entities, there is some form of internal control, such as the competence of
the owner-manager (control environment). It may be informal and unsophisticated, but
it is still internal control. An entity that does not mitigate any of the major risks it faces
(through control components such as the control environment, risk assessment,
information systems, control activities, or monitoring) is unlikely to stay in business for
long.
400.72 Where there are not many control activities that can be identified, the auditor would
consider whether:
▪ It is possible to address the relevant assertions by performing further audit
procedures that are primarily substantive procedures; or
▪ The absence of control activities or of other components of control (in rare cases)
makes it impossible to obtain sufficient appropriate audit evidence.
400.73 Other matters that would raise questions as to whether the audit should be conducted
would include:
▪ Concerns about management’s integrity, non-ethical behavior, or a poor attitude
toward internal control. Deficiencies in the control environment tend to undermine
controls that exist in other control components. It also raises the risk of management
misrepresentation and fraud; and
▪ Concerns about the condition and reliability of an entity’s records that make it
unlikely that sufficient appropriate audit evidence will be available to support an
unqualified opinion.

400.74 If these or similar concerns are present, the auditor should consider the need to modify
the auditor’s report or withdraw from the engagement altogether. If withdrawal is
chosen, the auditor would consider his/her professional and legal responsibilities,
including any requirement to report to the persons who made the audit appointment and
to regulatory authorities. The auditor would also discuss the withdrawal and the reasons
with the appropriate level of management and those charged with governance. (IFAC
Guide, Vol. II, Fourth Edition, page 114)
Controls to Prevent Fraud (Anti-Fraud Controls)

400.75 Management override can often be mitigated or slowed down in small entities by
establishing and then documenting key policies and procedures. For example, a written
policy that says all non-routine journal entries require approval would empower the
bookkeeper to ask the manager to approve proposed journal entries. It would not prevent
management override from occurring but would act as a deterrent. If anti-fraud policies
and procedures are not in operation, the risk of management override will need to be
addressed by the auditor through performing other audit procedures.
400.76 Controls that address compliance with regulations that are not relevant to the audit
(where noncompliance would not result in a material misstatement in the financial
statements) do not need to be addressed in the audit. (IFAC Guide, Vol. II, Fourth Edition,
page 115)
Controls Relevant to the Audit
PSA 315.12
The auditor shall obtain an understanding of internal control relevant to the audit. Although
most controls relevant to the audit are likely to relate to financial reporting, not all controls that
relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional
judgment whether a control, individually or in combination with others, is relevant to the audit.
400.77 There is a direct relationship between an entity’s objectives and the controls it
implements to provide reasonable assurance about their achievement. The entity’s
objectives, and therefore controls, relate to financial reporting, operations and
compliance; however, not all of these objectives and controls are relevant to the auditor’s
risk assessment. [PSA315.A56]
400.78 Controls that are scoped out of the audit includes those controls:
▪ Do not drive financial reporting (such as operational controls and controls that
address compliance with regulations); and
▪ Even if non-existent, a material misstatement in the financial statements would be
unlikely. (IFAC Guide, Vol. II, Fourth Edition, page 115)
400.79 Controls that would always be relevant to the audit include those that mitigate:
▪ Significant risks - significant risks are identified and assessed risks of material
misstatement that, in the auditor’s judgment, require special audit consideration.

▪ Risks that cannot easily be addressed by substantive procedures - these are identified
and assessed risks of material misstatement for which substantive procedures alone
would not provide sufficient appropriate audit evidence.
▪ Other risks of material misstatement - these are identified and assessed risks of
material misstatement that, in the judgment of the auditor, could potentially result
in material misstatements occurring. (IFAC Guide, Vol. II, Fourth Edition, page 116)
400.80 Factors relevant to the auditor’s judgment about whether a control, individually or in
combination with others, is relevant to the audit may include such matters as the
following:
▪ Materiality.
▪ The significance of the related risk.
▪ The size of the entity.
▪ The nature of the entity’s business, including its organization and ownership
characteristics.
▪ The diversity and complexity of the entity’s operations.
▪ Applicable legal and regulatory requirements.
▪ The circumstances and the applicable component of internal control.
▪ The nature and complexity of the systems that are part of the entity’s internal control,
including the use of service organizations.
▪ Whether, and how, a specific control, individually or in combination with others,
prevents, or detects and corrects, material misstatement. [PSA315.A57]
400.81 Controls over the completeness and accuracy of information produced by the entity may
be relevant to the audit if the auditor intends to make use of the information in designing
and performing further procedures. Controls relating to operations and compliance
objectives may also be relevant to an audit if they relate to data the auditor evaluates or
uses in applying audit procedures. [PSA315.A58]
400.82 Internal control over safeguarding of assets against unauthorized acquisition, use, or
disposition may include controls relating to both financial reporting and operations
objectives. The auditor’s consideration of such controls is generally limited to those
relevant to the reliability of financial reporting. [PSA315.A59]
400.83 An entity generally has controls relating to objectives that are not relevant to an audit
and therefore need not be considered. For example, an entity may rely on a sophisticated
system of automated controls to provide efficient and effective operations (such as an
airline’s system of automated controls to maintain flight schedules), but these controls
ordinarily would not be relevant to the audit. Further, although internal control applies
to the entire entity or to any of its operating units or business processes, an
understanding of internal control relating to each of the entity’s operating units and
business processes may not be relevant to the audit. [PSA315.A60]

Studying and Evaluating Internal Control
PSA 315.13
When obtaining an understanding of controls that are relevant to the audit, the auditor shall
evaluate the design of those controls and determine whether they have been implemented, by
performing procedures in addition to inquiry of the entity’s personnel.
PSA 315.29
If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity’s controls, including control activities, relevant to that risk.
PSA 315.32
The auditor shall include in the audit documentation:
(a) The discussion among the engagement team where required by paragraph 10, and the
significant decisions reached;
(b) Key elements of the understanding obtained regarding each of the aspects of the entity and
its environment specified in paragraph 11 and of each of the internal control components
specified in paragraphs 14–24; the sources of information from which the understanding was
obtained; and the risk assessment procedures performed;
(c) The identified and assessed risks of material misstatement at the financial statement level
and at the assertion level as required by paragraph 25; and
(d) The risks identified, and related controls about which the auditor has obtained an
understanding, as a result of the requirements in paragraphs 27–30.
400.84 The auditor’s approach to understanding internal control should be from the top down.
The first step is to identify the relevant pervasive and transactional risks, and then
determine whether management’s response is appropriate. (IFAC Guide, Vol. II, Fourth
Edition, page 116)
400.85 A solid understanding of entity-level controls provides an important basis for assessing
relevant controls over financial reporting at the transactional (business process) level. For
example, if there are poor controls over data integrity at the entity level, this will impact
the reliability of all information produced by systems such as sales, purchases, and payroll.
(IFAC Guide, Vol. II, Fourth Edition, page 116)
400.86 The top-down and risk-based approach to understanding internal control involves:
▪ Identifying the business processes involved (including accounting) for each significant
account balance;
▪ Determining for each process identified whether a material misstatement in the
financial statements could possibly occur, or whether other factors exist that would
make it relevant; and
▪ Scoping out of the audit those processes and controls that are not relevant.
For example, a biscuit production company may have the following processes that drive
the sales revenue figure:

▪ The main sales order system captures details and the progress of each order received
by telephone. This accounts for 70% of sales.
▪ “Window sales” occur when customers buy broken biscuits from a small shop at the
back of the production facility. These account for 2% of sales.
▪ Internet sales — orders are placed online and paid by credit card; these account for
28% of sales.
▪ The accounting system captures details of all types of sales.
In this situation, the window sales are unlikely to result in a material misstatement in the
financial statements and may therefore be scoped out of the audit. However, before this
decision is made, it would still be prudent to either:
▪ Inquire about the existence of controls over the window sales to ensure that all such
sales are recorded, and that there is no deliberate breaking of biscuits for sale at
reduced prices to related parties; or
▪ Perform an analytical review of the breakdown of sales to ensure that window sales
have not deviated from the expected 2% of sales. (IFAC Guide, Vol. II, Fourth Edition,
page 116)
See Exhibit 400-1, Checklist for Evaluation of Internal Control Components, for the
related audit form.
400.87 Regardless of whether tests of controls will ultimately be performed to gather audit
evidence, it is still necessary for the auditor on every engagement to evaluate control
design and implementation. This involves a five-step process, which can be summarized
as follows.
1. Obtain and document an understanding of client’s internal control system.
Please refer to Section 100.11 to Section 100.19 for the concepts and principles of studying
and evaluating internal control.
Step 1 - Obtain and document an understanding of client’s internal control

system
400.88 The auditor should obtain an understanding of the accounting and internal control
systems sufficient to plan the audit and develop an effective audit approach. The auditor’s
concern in obtaining understanding is to evaluate the design and to determine whether
the internal controls are implemented.
The auditor uses the understanding of internal control to identify types of potential
misstatements, consider factors that affect the risks of material misstatement, and design
the nature, timing, and extent of further audit procedures.

400.89 Because the number and nature of transaction cycles varies from industry to industry and
from company to company, an auditor must identify each client’s major transaction
cycles. For each cycle, the auditor should study and evaluate related controls.
400.90 In obtaining an understanding of internal controls, the auditor may use the following
procedures:
▪ Inquiries of appropriate company personnel;
▪ Inspection documents and records;
▪ Observation of the company's activities and operations; and
▪ Performing walk-through.
Inquiry alone will not usually provide sufficient appropriate evidence to support a
conclusion about the effectiveness of design of a control. The auditor also considers the
evidence obtained from previous experience with the client.
400.91 The auditor should identify the significant and other risk factors that are present and
determine whether related controls are present to mitigate those risk factors. The auditor
should identify:
1. What can go wrong?
2. Sources of risk
3. Mitigating controls
400.92 When a listing of risk factors by business process has been prepared, it would be useful
(but not required) to:
▪ Eliminate any risk factor that would be unlikely to result in a material misstatement
even if it was not mitigated at all. Controls that address such risks would not be
relevant to the audit;
▪ Customize the wording of the risk factors to make it relevant for the particular entity;
▪ Ensure that all relevant assertions have been addressed; and
▪ Consider whether there are any additional pervasive risks (financial statement-level)
and transactional risks (assertion level) that could result in a material misstatement if
not mitigated. (IFAC Guide, Vol. II, Fourth Edition, page 122)
400.93 Evaluating whether a control has been designed properly by management involves an
assessment of whether the controls identified (individually or in combination with other
controls) will actually mitigate the risk factor. This involves considering whether the
control(s) is capable of effectively:
▪ Preventing material misstatements from occurring in the first place; or
▪ Detecting and correcting material misstatements after they have occurred. (IFAC
400.94 Implementation of controls provides evidence about whether a control was actually in
operation at a particular point in time. It does not address operating effectiveness

throughout the period being audited. Evidence of operating effectiveness (if this is part
of the audit strategy being developed) would be achieved through a test of controls that
gathers evidence about control operation over a period of time, such as a year. (IFAC
400.95 Only when it has been established that the internal control relevant to the audit has been
properly designed and implemented is it worth considering:
▪ What tests of the operating effectiveness of controls (if any) will reduce the need for
other substantive testing; and
▪ What controls require testing because there is no other way of obtaining sufficient
appropriate audit evidence. (IFAC Guide, Vol. II, Fourth Edition, page 129)
400.96 In documenting the understanding of internal controls, the auditor should consider the
following:
▪ How significant transactions are initiated, authorized, recorded, processed, and
reported;
▪ The flow of transactions in sufficient detail to identify the points at which material
misstatements caused by error or fraud could occur; and
▪ Internal controls over the period-end financial reporting process, including significant
accounting estimates and disclosures. (IFAC Guide, Vol. II, Fourth Edition, page 131)
400.97 The most common forms of documentation prepared by management or the auditor are:
▪ Narrative descriptions or memoranda;
▪ Flow charts;
▪ A combination of flow charts and narrative descriptions; and
▪ Questionnaires and checklists. (IFAC Guide, Vol. II, Fourth Edition, page 131)
400.98 The nature and extent of the documentation required is a matter of professional
judgment. Factors to consider include:
▪ The nature, size, and complexity of the entity and its internal control;
▪ Availability of information from the entity; and
▪ Audit methodology and technology used in the course of the audit. (IFAC Guide, Vol.
II, Fourth Edition, page 131)
400.99 The extent of documentation may also reflect the experience and capabilities of the audit
team. An audit undertaken by a less experienced team may require more detailed
documentation to assist them in obtaining an appropriate understanding of the entity
than a team composed of more experienced individuals.

Step 2 – Make a Preliminary Assessment of Control Risk
400.100 After obtaining an understanding of the accounting and internal control systems, the
auditor should make a preliminary assessment of control risk, at the assertion level, for
each material account balance or class of transactions.
400.101 The auditor ordinarily assesses control risk at a HIGH level or MAXIMUM level for some
or all assertions when:
▪ the entity's accounting and internal control systems are not effective; or
▪ evaluating the effectiveness of the entity's accounting and internal control systems
would not be efficient.
400.102 The auditor ordinarily assesses control risk at a LESS THAN HIGH level or BELOW
MAXIMUM level for some or all assertions when:
▪ Is able to identify internal controls relevant to the assertion which are likely to
prevent or detect and correct a material misstatement; and
▪ Plans to perform tests of control to support the assessment.
Step 3 - Determine the auditor’s response to the risk assessment
400.103 In order to reduce audit risk to an acceptably low level, the auditor should determine
overall responses to assessed risks at the financial statement level, should design and
perform further audit procedures to respond to assessed risk at the assertion level. Such
responses include:
1. Control Risk is HIGH / MAXIMUM LEVEL- the auditor relies on substantive testing. This
is called substantive approach or no-reliance approach.
2. Control Risk is LESS THAN HIGH/BELOW MAXMIMUM LEVEL – the auditor performs
test of control. This is called reliance or systems-based approach.
400.104 If the auditor assesses control risk at less than high or below maximum, the auditor
should:
1. Identify key controls the auditor plans to rely
2. Test the operating effectiveness of the controls.
400.105 The objectives in performing tests of controls are to assist the auditor in determining
whether or not, for the period of reliance, it is likely that the control being tested:
▪ Operated as the auditor understood that it would operate.
▪ Was applied throughout the period of reliance.
▪ Was performed on a timely basis.
▪ Encompassed all applicable transactions.
400.106 Test of controls may include the following techniques or procedures:

1. Inquiries of appropriate company personnel;
2. Inspection documents and records;
3. Observation of the company's activities and operations;

4. Performing walk-through;
5. Re-performance (manual or automated); and
6. Re-calculation of amounts resulting from automated controls.
Using one technique may not, by itself, provide sufficient appropriate audit evidence as:
▪ an observation provides audit evidence about the operation of a control only at the
time it is observed;
▪ individuals being interviewed may provide the answers they think we want to hear;
▪ inspecting written evidence of operation, such as initials on documents, does not
necessarily mean a control was performed.
400.107 In a continuing engagement, the auditor will be aware of the controls through work
carried out previously. It may be necessary to test different controls at different occasions
throughout the period under review.
400.108 If substantially different controls were in use at different times during the period, the
auditor considers each separately. A breakdown in controls for a specific portion of the
period requires separate consideration of the nature, extent and timing of audit
procedures.
400.109 In designing the work program for control testing, the auditor incorporates in the test
procedures, the following:
▪ nature of the testing
▪ extent of the testing.
▪ timing of the testing
The following should be considered when determining the nature of test work to
perform:
▪ errors detected by the control;
▪ actions taken relating to errors found; and
▪ whether the level of errors /exceptions / reconciling items is reasonable or high.
In the context of tests of control, extent includes matters such as:

▪ the depth and breadth of questioning;
▪ the degree of corroboration of significant matters raised, including:
- making additional enquiries of the same, or other individuals
- reading appropriate reports or other documents to support responses
- following up on identified inconsistencies.
The auditor remains alert for inconsistencies between responses and actions.
The auditor should consider whether the internal controls were in use throughout the
period. The auditor considers whether relevant aspects of the business control
environment and the controls were in use throughout the period. The auditor usually

performs tests of control in advance of the period-end. The auditor also obtains audit
evidence as to whether the relevant controls remain effective during the remainder of
the period.
400.110 Based on the results of the tests of control, the auditor evaluate whether the controls are
designed and operating as contemplated in the preliminary assessment of the risk of
significant misstatement for related audit objectives.
400.111 For each of the controls tested, the auditor documents in the working papers:
▪ the nature, timing and extent of the tests of control;
▪ the auditor’s findings.
400.112 If the findings support the preliminary assessments of the risk of significant misstatement,
the auditor proceeds with the substantive procedures as planned. The auditor can only
support an assessment of the risk of significant misstatement below the maximum level
if the auditor has obtained audit evidence about the effectiveness of both the design and
operation of a control.
400.113 If the auditor identifies conditions that suggest controls may not be operating effectively,
the auditor investigates the nature and cause of the conditions. The auditor also considers
whether other controls may provide the evidence required.
400.114 Working papers for tests of control include:

▪ description of the design of the control, specifying the relevant financial statement
assertions addressed by the control;
▪ summary of the test of effectiveness of design;
▪ description of the nature, timing and extent of tests of operating effectiveness
▪ summary of findings
400.115 As tests of control tend to include observation and inquiry techniques, the auditor’s
working papers may include minutes of meetings which include:
▪ the date of the meeting
▪ the names of the meeting participants
▪ the matters discussed
▪ significant matters raised
▪ a description of the follow-up procedures
▪ a summary of audit findings.
400.116 The auditor may ask a member of the entity who was present at the meeting to sign a
copy of minutes where the matters raised are significant to the audit.
400.117 Note however that in small entities, majority of the approach is substantive or no-reliance
approach since it is expected that they may not have comprehensive controls as
compared to large entities.

Please refer to Section 100.21 to Section 100.26 for the concepts and principles of testing
internal control.
See Exhibit 400-2 Sample Test of Control for the related audit form.
Step 4 - Reassess control risk
400.118 Based on the results of the tests of control, the auditor should evaluate whether the
internal controls are designed and operating as contemplated in the preliminary
assessment of control risk. The evaluation of deviations may result in the auditor
concluding that the assessed level of control risk needs to be revised. In such cases, the
auditor would modify the nature, timing and extent of planned substantive procedures.
Step 5 - Determine the nature, extent and timing of substantive tests
400.119 Irrespective of the assessed risk of material misstatement, the auditor should design and
perform substantive procedures for each material class of transactions, account balance
and disclosures. The auditor should determine the nature, extent and timing of
substantive testing by combining the assess inherent and control risk (i.e., risk of material
misstatement).
RISK OF MATERIAL MISSTATEMENT
SUBSTANTIVE HIGH OR MAXIMUM LESS THAN HIGH OR BELOW
PROCEDURE MAXIMUM
Nature More effective Less Effective
Timing Year-end or closer to year-end Interim
Extent More extensive Less extensive
Please refer to the substantive testing section for a more detailed discussion.
Characteristics of Manual and Automated Elements of Internal Control Relevant to the

Auditor’s Risk Assessment
400.120 An entity’s system of internal control contains manual elements and often contains
automated elements. The characteristics of manual or automated elements are relevant
to the auditor’s risk assessment and further audit procedures based thereon.
[PSA315.A49]
400.121 The use of manual or automated elements in internal control also affects the manner in
which transactions are initiated, recorded, processed, and reported:
▪ Controls in a manual system may include such procedures as approvals and reviews
of transactions, and reconciliations and follow-up of reconciling items. Alternatively,
an entity may use automated procedures to initiate, record, process, and report
transactions, in which case records in electronic format replace paper documents.
▪ Controls in IT systems consist of a combination of automated controls (for example,
controls embedded in computer programs) and manual controls. Further, manual

controls may be independent of IT, may use information produced by IT, or may be
limited to monitoring the effective functioning of IT and of automated controls, and
to handling exceptions.
When IT is used to initiate, record, process or report transactions, or other financial
data for inclusion in financial statements, the systems and programs may include
controls related to the corresponding assertions for material accounts or may be
critical to the effective functioning of manual controls that depend on IT.
▪ An entity’s mix of manual and automated elements in internal control varies with the
nature and complexity of the entity’s use of IT. [PSA315.A50]
400.122 Generally, IT benefits an entity’s internal control by enabling an entity to:

▪ Consistently apply predefined business rules and perform complex calculations in
processing large volumes of transactions or data;
▪ Enhance the timeliness, availability, and accuracy of information;
▪ Facilitate the additional analysis of information;
▪ Enhance the ability to monitor the performance of the entity’s activities and its
policies and procedures;
▪ Reduce the risk that controls will be circumvented; and
▪ Enhance the ability to achieve effective segregation of duties by implementing
security controls in applications, databases, and operating systems. [PSA315.A51]
400.123 IT also poses specific risks to an entity’s internal control, including, for example:
▪ Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
▪ Unauthorized access to data that may result in destruction of data or improper
changes to data, including the recording of unauthorized or non-existent
transactions, or inaccurate recording of transactions. Particular risks may arise where
multiple users access a common database.
▪ The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties.
▪ Unauthorized changes to data in master files.
▪ Unauthorized changes to systems or programs.
▪ Failure to make necessary changes to systems or programs.
▪ Inappropriate manual intervention.
▪ Potential loss of data or inability to access data as required. [PSA315.A52]
400.124 Manual elements in internal control may be more suitable where judgment and discretion
are required such as for the following circumstances:
▪ Large, unusual or non-recurring transactions.
▪ Circumstances where errors are difficult to define, anticipate or predict.
▪ In changing circumstances that require a control response outside the scope of an
existing automated control.

▪ In monitoring the effectiveness of automated controls. [PSA315.A53]
400.125 Manual elements in internal control may be less reliable than automated elements
because they can be more easily bypassed, ignored, or overridden and they are also more
prone to simple errors and mistakes. Consistency of application of a manual control
element cannot therefore be assumed. Manual control elements may be less suitable for
the following circumstances:
▪ High volume or recurring transactions, or in situations where errors that can be
anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated.
▪ Control activities where the specific ways to perform the control can be adequately
designed and automated. [PSA315.A54]
400.126 The extent and nature of the risks to internal control vary depending on the nature and
characteristics of the entity’s information system. The entity responds to the risks arising
from the use of IT or from use of manual elements in internal control by establishing
effective controls in light of the characteristics of the entity’s information system.
[PSA315.A55]
Risks Arising From IT
400.127 The use of IT affects the way that control activities are implemented. From the auditor’s
perspective, controls over IT systems are effective when they maintain the integrity of
information and the security of the data such systems process, and include effective
general IT-controls and application controls. [PSA315.A91]
400.128 General IT-controls are policies and procedures that relate to many applications and
support the effective functioning of application controls. They apply to mainframe, mini-
frame, and end-user environments. General IT-controls that maintain the integrity of
information and security of data commonly include controls over the following:
▪ Data center and network operations.
▪ System software acquisition, change and maintenance.
▪ Program change.
▪ Access security.
▪ Application system acquisition, development, and maintenance. [PSA315.A92]
400.129 Application controls are manual or automated procedures that typically operate at a
business process level and apply to the processing of individual applications. Application
controls can be preventive or detective in nature and are designed to ensure the integrity
of the accounting records. Accordingly, application controls relate to procedures used to
initiate, record, process and report transactions or other financial data. These controls
help ensure that transactions occurred, are authorized, and are completely and
accurately recorded and processed. Examples include edit checks of input data, and
numerical sequence checks with manual follow-up of exception reports or correction at
the point of data entry. [PSA315.A93]

Auditing in an IT Environment
400.130 In accordance with PSAs, the auditor should consider the Computer Information Systems
(CIS) environment in designing audit procedures to reduce audit risk to an acceptably low
level.
400.131 Where a control is undertaken automatically within a computer information system or

where a manual control relies on information generated by a computer information
system, the auditor considers the reliability of the computer information system itself.
400.132 The risk that computer information systems may not be reliable may increase when:
▪ the entity has developed its own computer information system (rather than
purchasing standard package computer information systems);
▪ management has manipulated business data using spreadsheets and databases
before using the information for control purposes.
400.133 The auditor may obtain an understanding of the reliability of computer information
systems by performing various tasks, for example:
▪ passing data through a copy of the computer information system in a test
environment;
▪ considering the testing undertaken by management before the system was
implemented;
▪ inquiring about problems, if any, encountered by the users;
▪ reviewing the computer programs;
▪ reviewing system design documentation to verify that the control was properly
designed and considering the process for systems development.
400.134 The effectiveness of application controls is greatly affected by the effectiveness of general
controls. Accordingly, it may be more efficient to review the design of the general
controls before reviewing the application controls.
400.135 Application controls which the auditor may wish to test include manual controls exercised
by the user, controls over system output, and programmed control procedure.
400.136 The auditor’s tests of controls vary depending on whether audit evidence generated by
the computer is
▪ External to the computer, and therefore directly observable
o Procedures involved are usually inquiries, observation and inspection of
documents
o Auditing around the computer technique is applied
▪ Internal to the computer, and therefore not directly observable

o Require the auditor to use the computer to obtain reasonable degree of
assurance that controls are operating as planned
400.137 If evidence is external to the computer, the auditor may use auditing around the
computer. Auditing around the computer:
▪ It involves procedures generally performed in testing manual control structure
▪ Focuses solely on the input documents and the CIS output
▪ The auditor ignores the client’s data processing procedures
▪ Used for computer system that performs relatively uncomplicated processes and
produces detailed output.
▪ Also called the black box approach
400.138 If evidence is internal to the computer, the auditor may use auditing around the
computer. Auditing through the computer
▪ The auditor enters the client’s system and examines directly the computer and its
system and application software using CAATs
▪ Also called the white box approach
400.139 Before using CAATs in auditing through the computer, the following are the factors
considered:
▪ Degree of technical competence in IT
▪ Availability of CAATs and appropriate computer facilities
▪ Impracticability of manual tests
▪ Effectiveness and efficiency
▪ Timing of tests
Communicating Deficiencies in Internal Control
PSA 265.6
For purposes of the PSAs, the following terms have the meanings attributed below:
(a) Deficiency in internal control — This exists when:
(i) A control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in the financial statements on a timely
basis; or
(ii) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
(b) Significant deficiency in internal control — A deficiency or combination of deficiencies in
internal control that, in the auditor’s professional judgment, is of sufficient importance to merit
the attention of those charged with governance. (Ref: Para. A5)
400.140 During the course of the audit, deficiencies in internal control may be identified. This may
occur as a result of understanding and evaluating internal, in making risk assessments,
performing audit procedures, or from other observations made at any stage of the audit
process. (IFAC Guide, Vol. II, Fourth Edition, page 144)

400.141 There is no restriction on what control deficiencies can be communicated with those
charged with governance and with management. However, where an identified
deficiency is assessed by the auditor as being significant, the auditor would first discuss it
with management, and is then required to communicate it (and any other significant
deficiencies) in writing to those charged with governance. (IFAC Guide, Vol. II, Fourth
Edition, page 144)
400.142 If the auditor has identified one or more deficiencies in internal control, the auditor shall
determine, on the basis of the audit work performed, whether, individually or in
combination, they constitute significant deficiencies. [PSA265.8]
400.143 The auditor shall communicate in writing significant deficiencies in internal control
identified during the audit to those charged with governance on a timely basis. [PSA265.9]
400.144 The auditor shall also communicate to management at an appropriate level of

responsibility on a timely basis:
(a) In writing, significant deficiencies in internal control that the auditor has
communicated or intends to communicate to those charged with governance, unless
it would be inappropriate to communicate directly to management in the
circumstances; and
(b) Other deficiencies in internal control identified during the audit that have not been
communicated to management by other parties and that, in the auditor’s
professional judgment, are of sufficient importance to merit management’s
attention. [PSA265.10]
400.145 The auditor shall include in the written communication of significant deficiencies in
internal control:
(a) A description of the deficiencies and an explanation of their potential effects; and
(b) Sufficient information to enable those charged with governance and management to
understand the context of the communication. In particular, the auditor shall explain
that:
i. The purpose of the audit was for the auditor to express an opinion on the financial
statements;
ii. The audit included consideration of internal control relevant to the preparation
of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of internal control; and
iii. The matters being reported are limited to those deficiencies that the auditor has
identified during the audit and that the auditor has concluded are of sufficient.
[PSA265.11]
400.146 The auditor may use Management Letter in communicating deficiencies in internal
control. Contents may include the following:
▪ An indication that, if the auditor had performed more extensive procedures on

internal control, the auditor might have identified more deficiencies to be reported,

or concluded that some of the reported deficiencies need not in fact have been
reported;
▪ Description of the nature of each significant deficiency and the potential effects.
There is no need to quantify those effects;
▪ Any suggestions for remedial action on the deficiencies;
▪ Management’s actual or proposed responses;
▪ A statement as to whether or not the auditor has undertaken any steps to verify
whether management’s responses have been implemented; and
▪ An indication that such communication has been provided for the purposes of those
charged with governance, and that it may not be suitable for other purposes.
Significant deficiencies may be grouped together for reporting purposes where it is
appropriate to do so. (IFAC Guide, Vol. II, Fourth Edition, page 149)
See Exhibit 400-10 Sample Management Letter for the related audit form.
400.147 The auditor should consider whether the entity or the auditor will opt to communicate
key audit matters under PSA 701 Key Audit Matters. Matters communicated to those
charged with governance, especially those significant deficiencies, can be considered a
key audit matter (KAM). Note, however, that KAM is required only for listed entities and
voluntary for non-listed entities.
Please refer to 500.17 for more detailed discussion regarding KAM.
Substantive Testing
PSA 330.18
Irrespective of the assessed risks of material misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance and disclosure.
400.148 Substantive test procedures are audit procedures designed to obtain direct evidence as
to the completeness, accuracy, and validity of data and as to the reasonableness of the
estimates and other information contained in the financial statements. Substantive
procedures include inquiry, observation, inspection, confirmation, re-performance tests,
analyses of many types, and analytical reviews.
400.149 The nature, timing, and extent of substantive test procedures are responsive to the
auditor’s risk assessments for each of the relevant sources of information affecting a
significant account.
400.150 The auditor selects the substantive test procedures that, in the auditor’s judgment and
based on the auditor’s risk assessments, are required by the specific circumstances.

400.151 There are two types of substantive procedures that can be used by the team:
▪ analytical procedures
▪ tests of details of transactions and account balances.
Substantive Analytical Procedures
400.152 Analytical procedures are the analysis of plausible relationships among both financial and
non-financial information. They include the investigation of fluctuations and relationships
that are inconsistent with the auditor’s expectations.
400.153 Relationships may exist among different types of financial information or between
financial and non-financial information. For example, the auditor may develop an
expectation about an entity's gross profit based on its product revenue. The auditor may
develop an expectation about an entity's revenue based on the auditor’s understanding
of industry trends and market research reports.
400.154 When analytical procedures are used in substantive testing, the auditor identifies
differences by comparing the expected amount with the actual amount. The auditor
considers the nature and cause of identified differences. Differences exist because the
amount being audited:
▪ may contain a misstatement
▪ may not contain a misstatement but the auditor’s prediction may be imprecise.
400.155 When considering the nature and cause of differences, the auditor takes into account the
methods used and the planned precision.
400.156 The auditor develops expectations with the aim of identifying a significant misstatement.
The auditor recognizes that a significant misstatement has both qualitative and
quantitative aspects. When developing expectations the auditor uses the consideration
of planned audit precision as a guide for the quantitative aspects.
400.157 When analytical procedures identify significant fluctuations or relationships that are
inconsistent with other relevant information or that deviate from predicted amounts, the
auditor should investigate and obtain adequate explanations and appropriate
corroborative evidence.
400.158 The auditor seeks explanations from management and corroborate significant matters. If
there are no reasonable explanations, the auditor reconsiders the data and assumptions
used to calculate the prediction and the consequent range of acceptable values. The
auditor may perform a computation again to see if the difference is acceptable. The
auditor evaluates the impact of the deviation with respect to the planned audit precision.
Determine required precision
400.159 The auditor develops an expectation with a precision in mind. Precision is a measure of
how close the auditor’s expectation will be to the actual amount. The required precision

varies depending on the sufficiency and appropriateness of the evidence the auditor
requires from the analytical procedure.
400.160 For example, the auditor may perform an analytical procedure in response to a high risk
of significant misstatement for a related audit objective. The auditor therefore develops
a relatively precise expectation.
400.161 Factors that affect the precision of analytical procedures include:

▪ how the expectation was developed
In a dynamic industry, expectations based on prior performance may not be a precise
method to predict current relationships between financial and non-financial
information.
▪ characteristics of the data used in forming the expectation
Disaggregated data may be more precise than aggregated data. Data that has been
subject to audit procedures may be more reliable than data that has not. It is more
effective to use data that is independent from the amount being predicted.
▪ nature of the relationship.
It may be difficult to form more precise estimates relating to the financial statement
implications of business risks where the ultimate outcome is highly uncertain.
Forming expectations
400.162 Expectations are the auditor’s prediction of amounts based on relationships among both
financial and non-financial information. For example, the auditor may predict the level of
revenue based on a plausible relationship between store square footage and retail
revenue.
400.163 There are three methods of forming an expectation:

▪ trend analysis
▪ ratio analysis
▪ reasonableness testing.
400.164 The auditor considers the most appropriate method to perform based on the precision
required.
Trend analysis
400.165 The auditor obtains information to identify and understand trends. This may include:
▪ financial information
▪ changes in the general business environment and specific industry characteristics.
400.166 For example, the auditor may identify that an entity is operating in a stable business
environment. The auditor may determine that current period revenue is likely to follow

the same trend as previous revenue. The auditor performs a trend analysis to identify
any unusual fluctuations.
400.167 Trend analysis is the analysis of a change in financial or non-financial information over
time.
400.168 A simple trend analysis may compare last period's account balance to the current period's
account balance. A more precise trend analysis may encompass multiple accounting
periods and disaggregated data.
400.169 Trend analysis is appropriate when the relationship is predictable and stable. It is
important to understand the reasons why the auditor believes a trend to be stable and
therefore predictable, based upon the relationship of the variable in question to an
underlying aspect of the entity's business. For example, the relationship between
previous period and current period revenue may be predictable in a stable environment.
400.170 It may be possible that financial information may appear related when in reality no
relationship exists. For example, there may be no reason to expect expenditure for legal
fees in one period to be indicative of expenditure for the next period.
400.171 Trend analysis is less effective when the entity has experienced significant operating
changes or when the base data is highly aggregated. For example, trend analysis by
component, product or location, and monthly or quarterly rather than annually may be
more precise than an analysis of consolidated operating units.
Ratio analysis
400.172 Ratio analysis is the direct comparison of relationships between:

▪ financial information to other financial information
For example:
- for receivables, the auditor may analyze the ratios of credit revenue to average
net receivables;
- for inventory, the auditor may analyze the ratios of cost of goods sold to average
inventory;
- for sales, the auditor may analyze the ratio of sales returns and sales discounts to
total revenue.
▪ financial information to non-financial information
For example, the auditor may analyze the ratio of payroll expenses to average
employee numbers or analyze the ratio of total revenue to the number of orders.
▪ comparison of relationships between entities in the same industry.
For example, the auditor may compare gross profit between entities within an
industry.
400.173 Ratio analysis is appropriate when relationships are predictable and stable. Ratio analysis
is often more effective than trend analysis as the auditor analyzes relationships between
different types of information.

Reasonableness testing
400.174 Reasonableness testing is a computation of an expected amount, such as an account

balance. For example, the auditor may:
▪ develop an expectation for hotel revenues using the average occupancy rate, the
average room rate for rooms or room rate by category or class of room;
▪ use the number of employees hired and terminated, the timing of pay changes and
the effect of vacation and sick days to predict the change in payroll expenses from
the previous period to the current balance.
400.175 Trend and ratio analyses assume stable relationships. Reasonableness testing differs, as
the auditor uses identified plausible relationships to develop an explicit prediction of an
amount.
400.176 Reasonableness testing may build upon the relationship among financial and non-
financial information established by trend and ratio analyses.
400.177 The models used in reasonableness testing range from simple mathematical formulae to
complex regression techniques.
400.178 The auditor identifies the variables that are used to develop expectations. These variables
include:
▪ key performance indicators
▪ non-financial information
▪ financial information
▪ changes in the entity's general business environment and specific industry
characteristics.
400.179 For example, the auditor identifies a key performance indicator measuring the number of
units an entity's stores sell. The auditor also identifies the unit price by product line and
differing price structures used for different products. The auditor also considers industry
trends and the demand for the entity's products. The auditor performs a reasonableness
test for revenue by considering these factors.
Precision required
400.180 Usually, trend analysis provides the least precision and reasonableness testing provides
the highest precision. This is because when developing the auditor’s prediction using
ratio or trend analysis methods, the auditor assumes, to some extent, that appropriate
relationships are stable. With reasonableness testing the auditor incorporates more data
to lessen the reliance on assumed stable relationships.
400.181 Precision varies depending on:

▪ the number of variables used

Precision improves as the auditor incorporates more variables to develop an
estimate. Trend analysis may provide least precision as it is restricted to a single
variable. Ratio analysis may be more precise as the auditor uses two or more
variables. Reasonableness testing may provide higher precision by using as many
variables as are relevant.
▪ the reliability of the underlying data:
The auditor considers whether data is:
- independent from the amount being predicted
Precision improves as the auditor incorporates information that is independent
from the amount being predicted.
- obtained from independent sources
- developed under a reliable system with adequate controls
- subjected to audit testing in the current or prior period;
▪ the use of non-financial information;
Precision improves as the auditor incorporates non-financial information. Trend
analysis, by relying on a single variable, does not make use of potentially relevant
non-financial information.
▪ the use of knowledge about the entity's general business environment and specific
industry characteristics.
Precision improves as the auditor incorporates knowledge about the entity's general
business environment and specific industry characteristics.
Documentation and conclusion
400.182 Working papers for analytical procedures include a:

▪ description of the nature, timing and extent of the analytical procedures;
▪ description of differences found in excess of the desired precision, the auditor’s
investigation into their nature and cause
The auditor may document audit expectations, the rationale supporting them and the
desired precision.
▪ summary of our findings.
For example,
"Based on a comparison of our expectation with the recorded amount, our judgment
is that the recorded amount [is not / does not appear to be] significantly misstated."
Substantive Test of Details of Balances and Transactions
400.183 Tests of details are usually applied on certain significant account balance or transactions
where the team has not identified by applying test of controls related to the transactions
giving rise to the account balance that the account balance is properly stated. It is also
applied on such significant accounts which are not tested through analytical or other test
procedures.
400.184 The auditor performs tests of details, as appropriate, to:

▪ obtain audit evidence as to whether the financial statement assertions addressed by
audit objectives include a significant misstatement;
▪ consider the sufficiency and appropriateness of the audit evidence the auditor plans
to obtain from analytical procedures, in the context of the assessment of the risk of
significant misstatement, before deciding whether it is appropriate to perform tests
of details.
▪ estimate the amount of the audit difference for financial statement assertions that
the auditor believes include a significant misstatement.
The auditor recognizes that a significant misstatement has both qualitative and
quantitative aspects. When planning tests of details, the auditor uses the consideration
of planned audit precision as a guide for the quantitative aspects.
400.185 Tests of details are the application of one or more of the following techniques to
individual items or transactions that make up an account balance or class of transactions:
▪ Inspection;
▪ Observation;
▪ Inquiry;
▪ Confirmation;
▪ Re-computation.
400.186 When executing the test of details:

▪ the auditor defines the population to be tested
▪ define what constitutes a difference requiring investigation and follow-up
▪ choose appropriate methods for selecting items to be tested - the auditor chooses
between selecting the entire population, specific items or a representative sample.
▪ pick the items for testing.
▪ apply audit procedures to this population to obtain audit evidence that the
information reconciles to the financial statements;
▪ test every item selected;
▪ evaluate and interpret the results;
▪ document the results.
See the following exhibits for sample work programs:
Exhibit 400 – 12 for Audit Program - Cash and Bank Balances
Exhibit 400 – 13 for Audit Program - Participation at Inventory Count
Exhibit 400 – 14 for Audit Program - Property, Plant and Equipment
400.187 When defining the population, the auditor considers the following statements:
▪ The auditor cannot conclude on the completeness of a population based on the audit
evidence obtained by examining items drawn from that population, because omitted
items have no chance of selection.

▪ The auditor may be able to improve the effectiveness of our audit procedures by
subdividing and/or stratifying the population, performing different tests for each
subdivision.
For example, inventory may include both purchased and manufactured items. It may
be difficult to audit the cost of manufactured items without examining each
component (material, labor and overhead) separately, while we may audit purchased
items by reference to a single unit price.
▪ The period covered is important for tests of details applied to classes of transactions.
▪ The conclusion does not relate to the entire period unless the items for the test of
details are selected from a population that covers the entire period.
400.188 The auditor defines what constitutes a difference requiring investigation and follow-up.
Typical reasons for differences are:

▪ differences in timing of the recording of transactions. For example, items included in
the wrong period.
▪ differences in description. For example, maintenance expense coded to an asset
account.
▪ differences in amounts for data captured or processed. For example, transposed
digits or other numerical errors.
400.189 The auditor judges whether to select the entire population, specific items or to apply audit
sampling. If the auditor chooses specific items or a sample, the auditor accepts some
uncertainty in the audit evidence obtained because:
▪ what was obtained was persuasive rather than conclusive audit evidence;
▪ even if individual items were audited, there may still remain some uncertainty;
▪ the cost of examining items, especially routine transactions, is usually not cost
beneficial.
400.190 The following general factors may affect the choice between selecting specific items and
audit sampling:
▪ Selecting specific items is likely to be more effective when:
- the auditor assesses the risk of significant misstatement as low and the auditor
already have audit evidence from analytical procedures for the population. The
auditor therefore requires relatively little audit evidence from the test of details.
- the population contains a small number of individually significant items.
Therefore, testing a relatively small number of specific items efficiently addresses
a relatively high proportion of the audit risk.
- the population mainly contains non-routine transactions or accounting estimates.
Therefore, the population is unlikely to consist of similar items that could be
sampled.
▪ Audit sampling is likely to be more effective when:

- the auditor assesses the risk of significant misstatement as high and have little or
no audit evidence from analytical procedures. The auditor therefore requires
relatively more audit evidence from the test of details.
- the population contains a large number of individually insignificant items.
Therefore, testing a relatively large number of specific items is required to
address a significant proportion of the audit risk.
- the population mainly contains routine transactions. Therefore, the account is
likely to consist of similar items that may be efficiently sampled.
400.191 Based on the results of the tests of account balance or details, the auditor evaluates
whether the accounts are properly stated. In cases of exceptions noted in the substantive
test, the auditor determines whether the misstatement may be material or significant for
these to be adjusted in the financial statements under audit.
400.192 For each account balance tested, the auditor documents in the working papers:
▪ the nature, timing and extent of the substantive tests done;
▪ audit findings and conclusion specifically related to the objectives set at the work
programs.
Other Test Procedures

400.193 There are audit procedures that the audit team has to perform which do not relate to
specific account balances or classes of transactions. While so, these audit procedures
need to be performed to ensure that any financial statement implications of the areas to
be audited may be considered when finalizing the audit of the financial statements.
Accounting Estimates
PSA 540.7(a)
An approximation of a monetary amount in the absence of a precise means of measurement.
This term is used for an amount measured at fair value where there is estimation uncertainty,
as well as for other amounts that require estimation.
Please refer to Section 200.20 to Section 200.30 for the concepts and principles of accounting
estimate.
400.194 The auditor should obtain sufficient appropriate audit evidence as to whether an
accounting estimate is:
▪ reasonable in the circumstances
▪ properly accounted for and
▪ when required, is appropriately disclosed.

400.195 The auditor should make a final assessment of the reasonableness of the estimate based
on the auditor’s knowledge of the business and whether the estimate is consistent with
other audit evidence obtained during the audit.
400.196 The auditor should adopt one or a combination of the following approaches in the audit
of an accounting estimate:
▪ review and test the process used by management to develop the estimate;
▪ use an independent estimate for comparison with that prepared by management; or
▪ review subsequent events which confirm the estimate made
400.197 The auditor’s objective may address the following:

▪ valuation assertion
For example, an audit objective addressing valuation may relate to the business risk
that product X may become obsolete due to the introduction of new technology.
Note that the auditor addresses the completeness, existence and accuracy assertions
of the account balance by auditing the underlying significant classes of transactions
that have been accumulated in the account balance.
▪ completeness, existence and accuracy assertions of a liability.
For example, an audit objective addressing completeness, existence and accuracy
may relate to a business risk where the event leading to the risk has occurred, such
as an entity being fined by an environmental regulatory agency. At the account
balance level, the auditor may only need to develop audit objectives relating to
presentation and disclosure assertions.
400.198 The auditor may compare accounting estimates made for a prior period with actual
results of that period to:
▪ obtain audit evidence about the past reliability of management's accounting
estimates;
▪ consider the entity's accounting for the differences between the result and the earlier
accounting estimates.
See Exhibit 400 – 3 for Audit Work Program for Accounting Estimates for the related
audit form.

400.199 In this final phase, the auditor performs the final audit procedures required to obtain
sufficient audit evidence to form the auditor’s opinion. The auditor also reports the audit
findings to the client. By performing the final audit procedures, the auditor is able to
conclude on the audit objectives, form an opinion and report audit findings. Completion
phase procedures may include the following:
▪ Performs final analytical procedures;
▪ Reads minutes of recent board and committee meetings;

▪ Inquiry of entity’s legal counsel;
▪ Inquiry of client to identify commitments and contingencies;
▪ Makes final materiality judgments;
▪ Summarizes and evaluates the audit findings;
▪ Reviews the working papers;
▪ Reviews the financial statement presentation and disclosures for adequacy;
▪ Assess appropriateness of management use of going concern assumption;
▪ Considers subsequent events; and
▪ Obtains management representation letters.
The above procedures require the exercise of considerable professional judgment and
thus are generally performed by the more senior members of the engagement team.
Performs Final Analytical Procedures
400.200 The auditor should perform final analytical procedure to determine the reasonableness
of the amounts presented in the financial statement.
400.201 If the analytical procedures provide evidence of items that were not previously identified,
it is necessary to perform additional procedures.
Reads Minutes of Recent Board and Committee Meetings
400.202 The auditor should read minutes of board and committee meetings up to the date of the
report to determine matters that may require disclosure or recording of a provision.
Litigation and Claims
400.203 The auditor usually sends letters of audit inquiry to client’s legal counsel or attorneys who
provided services to the client on significant exposure items during the year. Based on
the reply of the legal counsel or attorneys, the auditor determines if there are matters of
significant financial statement implications that need to be adjusted or disclosed before
finalizing the audit report on the financial statements.
Commitment and Contingencies
400.204 Inquire of the client as to the existence of commitments and contingencies. For example,
the auditor discusses, among others, the following items:
▪ Purchase commitments in excess of normal requirements or at prices in excess of

those prevailing in the market.
▪ Contractual obligations for material amount outside the ordinary course of business.
▪ Contracts that go into effect after year-end.

▪ Communications from regulatory agencies concerning noncompliance with, or
deficiencies in, financial reporting practices.
▪ Environmental contingencies.
▪ Items covered in bank or other debt confirmations.
▪ Agreements to purchase outstanding debt or equity.
▪ Sales subject to renegotiation or nonstandard sales terms (e.g., delayed payment
pending resale of the merchandise, return if not sold by-date, or bill-and-hold).
400.205 Evaluate whether the contingent losses are given appropriate accounting treatment and
are disclosed when required by financial reporting standards;
See Exhibit 400-4, Provisions, Contingencies and Commitments Audit Program for the
related audit form.
Makes Final Materiality Judgments
400.206 The auditor should determine the final materiality (i.e., tolerable materiality). The final
materiality judgment will be used in evaluating the audit findings.
400.207 Tolerable misstatement is used in sampling tests of details to address the risk that the
aggregate of individually immaterial misstatements may cause the financial statements
to be materially misstated, and to provide a margin for possible undetected
misstatements. Tolerable misstatement is the application of performance materiality to
a particular sampling procedure. Tolerable misstatement may be the same amount as or
an amount lower than performance materiality.
400.208 Tolerable rate of deviation is used for tests of controls where the auditor sets a rate of
deviation from prescribed internal control procedures to obtain an appropriate level of
assurance. The auditor seeks to obtain an appropriate level of assurance that the set rate
of deviation is not exceeded by the actual rate of deviation in the population.
Summarizes and Evaluates the Audit Findings
Audit Issues and Resolution
400.209 The significant issues identified during the audit, the decisions made to address these
issues and audit conclusions are brought together in one document.
400.210 In particular, this document includes as a minimum, the identification of, and approach
to, critical audit objectives. It also includes a discussion of important and unusual
accounting, auditing and reporting matters. The document includes a description of, or
reference to other working papers that describe the:
▪ issue and the potential audit implications
▪ approach we plan to take to address the issue
▪ findings and disposition

▪ conclusions
400.211 Preparation of this document is best begun when the auditor first identifies a significant
issue. At the conclusion of the audit, the audit team has to ensure that the issues included
in this document are all resolved properly before the engagement partner signs the audit
report. The engagement partner, manager and concurring reviewer, if any, need to sign
and date this document to confirm that all issues were resolved, or if not in certain
instances, appropriate audit report is issued.
See Exhibit 400-5 Audit Issues and Resolution Worksheet for the related audit form.
Audit Differences
400.212 In completing the auditor’s procedures relating to individual audit objectives, the auditor
may identify audit differences. Audit differences are audit findings for which the auditor
does not agree with the amount, classification, presentation or disclosure of items or
totals in the financial statements, including related notes.
400.213 Such findings represent a misstatement of the financial statements and can be caused by
error or fraud. The primary factor that distinguishes fraud from error is whether the
underlying cause (action that results in the misstatement) is intentional or unintentional.
400.214 Materiality should be considered when evaluating the effect of misstatements.

400.215 In evaluating the fair presentation of the financial statements the auditor should assess
whether the aggregate of uncorrected misstatements that have been identified during
the audit is material.
400.216 In evaluating audit differences, the auditor:

▪ considers the nature and cause of each audit difference with an appropriate degree
of professional skepticism including consideration of whether the difference may be
intentional
▪ considers whether the audit differences indicate a pattern. If a pattern appears to
exist, we consider whether to apply audit procedures specifically to detect that type
of misstatement.
For example, audit differences may be indicative of systematic processing errors,
unacceptable accounting methods that suggest additional errors may exist elsewhere
in the accounts, the existence of fraud risk factors, or a bias in estimates to improve
earnings;
▪ quantitatively and qualitatively evaluate each audit difference to determine whether
it is individually material.
400.217 Audit differences encompass:

▪ known errors and other misstatements, including audit differences from prior periods
Known errors and other misstatements are audit differences the auditor has
quantified, normally as a result of applying audit procedures. If unreasonable, the

difference between auditor’s estimate of the amount or range of amounts and the
amount recorded in the financial statements is an audit difference. Such audit
differences are often referred to as soft or subjective and may require further
consideration after discussion with the entity. Nevertheless, they usually are
characterized as known errors and other misstatements and are recorded on the
summary of unadjusted audit differences.
▪ most likely errors.
Most likely errors are audit differences based on the best estimate of misstatements
resulting from analytical procedures or from projecting the results of a representative
sample to the population tested. Such differences are not recorded on the summary
of unadjusted audit differences until it is appropriate to propose an adjusting entry
to the entity's books and records.
400.218 The auditor discusses audit differences coming to the auditor’s attention with
management during the audit, and evaluate their nature and cause. The auditor expects
management to investigate identified errors to determine appropriate adjustments.
400.219 If the auditor is not satisfied with management's investigation or its result, the auditor
considers the precision of the audit estimate of most likely error. The auditor continues
an investigation of the audit difference and performs additional audit procedures as
described in the next section.
Audit differences from prior periods
400.220 Audit differences from prior periods that the client did not adjust may affect current
period's earnings or opening net assets. Such audit differences can usually be described
as those that reverse in the current period and those that accumulate in the balance
sheet.
400.221 Reversing audit differences are those that reverse in the current period with an equal and
opposite effect on the profit or loss to that in the prior period, such as a cut-off error in
recording a sale. Reversing audit differences are sometimes described as those that
reverse during the normal course of operations without any direct interaction by
management.
400.222 Prior period unadjusted audit differences that do not reverse in the current period usually
result from the use of estimates. When a prior period unadjusted audit difference
reverses in the current period, its effect is considered when evaluating the effect of
current period audit differences on the profit or loss portion of the statement of
comprehensive income.
400.223 Accumulating audit differences are those that tend to increase an error in the balance
sheet such as the recording of depreciation on property, plant and equipment over
estimated lives that the auditor believes to be too long or too short, or the consistent
over-accrual(or under-accrual) of warranty expense by amounts that tend to increase the
over-accrual (or under-accrual) of the warranty obligation.

400.224 The fair presentation of balance sheet accounts including those that contain accumulated
misstatements from prior period unrecorded audit differences are evaluated each period
as part of normal audit procedures.
400.225 There are circumstances where unadjusted audit differences from prior periods may
affect the current period financial statements but do not easily fall into one of the above
general categories. For example:
▪ those made consistently each period that tend to have, more or less, a constant effect
on the balance sheet and little or no effect on profit or loss, such as a consistent
overstatement of the allowance for doubtful accounts by the same amount;
▪ those that may add a new error in the current period's profit or loss and balance
sheet, such as the overstatement of an allowance for inventory obsolescence in the
prior period and the understatement in the current period.
400.226 Qualitatively and quantitatively immaterial audit differences that have accumulated in
the balance sheet (e.g., those related to warranty obligations or allowances for loan
losses, and similar accounts) may become material to a current period's equity or income.
400.227 When evaluating the effect of such audit differences on equity, the auditor compares the
total difference to equity at the end of the current period. When evaluating the effect of
immaterial balance sheet audit differences on income, the auditor considers the net
difference, that is, the auditor considers the effect of prior period audit differences. Such
practice, if used, is consistently applied.
400.228 If the effect on equity is immaterial and current and prior period audit differences are
netted in reaching a conclusion that the income statement effect is immaterial, the
summary of unadjusted audit differences reflects both the current and prior period
effects.
400.229 The auditor encourages management to record audit differences in the current period. If
that is not practicable, the auditor encourages them to record non-reversing audit
differences in the first period following the current balance sheet date. Amortizing the
adjustments over several periods usually is not appropriate.
Evaluate audit differences and determine significance
400.230 The auditor specifies one or more amounts below which the auditor considers
misstatements, if they exist, to be insignificant. Misstatements the auditor detects below
these amounts are not compiled. However, the auditor considers their qualitative
aspects.
400.231 The auditor’s qualitative consideration of such insignificant misstatements is usually

limited to a consideration of whether such misstatements appear to be related to fraud
risk factors and whether such misstatements individually or in the aggregate may be
indicators of control failures. If not, the working papers document the conclusion that

the difference is not significant. That conclusion may be limited to a notation, such as the
words insignificant misstatement (or the abbreviation n/s), and initialed by the preparer.
400.232 Misstatements, which are considered to be significant, are transferred to a summary of

unadjusted audit differences.
400.233 To summarize the audit differences noted during the audit, the auditor uses the
Unadjusted Differences Summary worksheet.
See Exhibit 400-6 Unadjusted Differences Worksheet for the related audit form.
Disposition of audit differences
400.234 The auditor discusses audit differences with management noted during the audit and
evaluates their nature and cause. The auditor also evaluates audit differences to
determine whether they are material, individually or in the aggregate, consider whether
audit differences are indicative of fraud or an illegal act, and reconsider the risk of
significant misstatement.
400.235 The auditor usually expects management to record audit differences determined to be
individually material and to correct the financial statements for other audit differences
considered material in the aggregate.
400.236 If management refuses to adjust the financial statements and the results of extended
audit procedures do not enable the auditor to conclude that the aggregate of uncorrected
misstatements is not material, the auditor should consider the appropriate modification
to the auditor’s report in accordance with PSA 700.
400.237 The auditor encourages management to correct audit differences not determined to be
quantitatively or qualitatively material individually, or in the aggregate, in the current
period. The auditor would not object, however, if management decides to correct them
or allow them to self-correct (i.e., items that reverse) in a subsequent period. In some
cases, an entity may elect to correct some but not all of the immaterial audit differences
in the current or subsequent period.
400.238 The auditor should apply analytical procedures at or near the end of the audit when
forming an overall conclusion as to whether the financial statements as a whole are
consistent with knowledge of the business.
400.239 After effecting all the adjustments to the financial statements, the auditor performs final
analytical procedures to determine internal consistency of the amounts presented and
whether the figures make sense in relation to the understanding of the company’s
business and level of operation.
400.240 The results of final analytical procedures may lead the auditor to recommend changes in
presentation or disclosure, make additional inquiries, perform other procedures or
modify the opinion.

Reviews the Working Papers
400.241 Working paper review during the completion phase of the audits involves a review by the
manager or partner whether the conclusions reached is consistent with the opinion to be
issued.
Reviews the Financial Statement Presentation and Disclosures for Adequacy
400.242 The auditor should check the appropriateness of financial presentation and review of
adequacy of disclosures using the disclosure checklist that lists all specific disclosures
required by PFRS and the SEC, if appropriate. Please refer to the website of FRSC and SEC
for the most recent pronouncements.
400.243 It is an integral part of management’s responsibility for the fair presentation of the
financial statements in conformity with financial reporting standards. As such,
management has to make appropriate decisions regarding presentation and disclosure to
ensure that:
▪ the financial statements are prepared in accordance with acceptable accounting
policies consistently applied, or, if changed, the changes in accounting are presented
appropriately;
▪ appropriate information is disclosed, classified and described in accordance with
acceptable accounting policies and, if applicable, legal requirements.
400.244 It is the auditor’s responsibility to review and determine the propriety of the financial
statements presentation and adequacy of disclosures vis-a-vis the applicable financial
reporting and legal framework.
400.245 If on reading the other information, the auditor identifies a material inconsistency, the
auditor should determine whether the audited financial statements or the other
information needs to be amended.
400.246 If an amendment is necessary in the audited financial statements and the entity refuses
to make the amendment the auditor should express a qualified or adverse opinion. If an
amendment is necessary in the other information and the entity refuses to make the
amendment, the auditor should consider including in the report an emphasis of matter
paragraph describing the material inconsistency or taking other actions.
400.247 In certain instances, client’s management requests the auditor’s assistance in drafting the
financial statements and disclosures or notes to the financial statements. While so, the
auditor should ask management to sign the final draft of the financial statements and
disclosures to document their agreement and responsibility over it.
See Exhibit 400-7 Other Information Issued with Audited FS for the related audit form.

Going Concern
PSA 570.2
Under the going concern assumption, an entity is viewed as continuing in business for the
foreseeable future. General purpose financial statements are prepared on a going concern basis,
unless management either intends to liquidate the entity or to cease operations, or has no
realistic alternative but to do so. Special purpose financial statements may or may not be
prepared in accordance with a financial reporting framework for which the going concern basis
is relevant (e.g., the going concern basis is not relevant for some financial statements prepared
on a tax basis in particular jurisdictions). When the use of the going concern assumption is
appropriate, assets and liabilities are recorded on the basis that the entity will be able to realize
its assets and discharge its liabilities in the normal course of business.
400.248 The auditor considers audit evidence obtained throughout the engagement concerning
the entity’s ability to continue as a going concern for a reasonable period of time following
the balance sheet date.
400.249 When planning and performing audit procedures and in evaluating the results thereof,
the auditor should consider the appropriateness of the going concern assumption
underlying the preparation of the financial statements.
400.250 An entity's continuance as a going concern for the foreseeable future, generally a period
not to exceed one year after period end, is assumed in the preparation of financial
statements in the absence of information to the contrary.
400.251 Accordingly, assets and liabilities are recorded on the basis that the entity will be able to
realize its assets and discharge its liabilities in the normal course of business. If this
assumption is unjustified, the entity may not be able to realize its assets at the recorded
amounts and there may be changes in the amounts and maturity dates of liabilities. As a
consequence, the amounts and classification of assets and liabilities in the financial
statements may need to be adjusted.
400.252 The auditor should consider the risk that the going concern assumption may no longer be
appropriate.
400.253 During the course of the audit, the auditor carries out audit procedures designed to obtain
audit evidence as the basis for the expression of an opinion on the financial statements.
400.254 When a question arises regarding the going concern assumption, certain of these
procedures may take on additional significance or it may be necessary to perform
additional procedures or to update information obtained earlier. Procedures that are
relevant in this connection may include:
▪ Analyze and discuss cash flow, profit and other relevant forecasts with management.
▪ Review events after period end for items affecting the entity's ability to continue as a
going concern.
▪ Analyze and discuss the entity's latest available interim financial statements.

▪ Review the terms of debentures and loan agreements and determine whether any
have been breached.
▪ Read minutes of the meetings of shareholders, those charged with governance and
important committees for reference to financing difficulties.
▪ Inquire of the entity's lawyer regarding litigation and claims.
▪ Confirm the existence, legality and enforceability of arrangements to provide or
maintain financial support with related and third parties and assess the financial
ability of such parties to provide additional funds.
▪ Consider the entity's position concerning unfilled customer orders.
400.255 When analyzing cash flow, profit and other relevant forecasts, the auditor would consider
the reliability of the entity's system for generating such information. The auditor would
also consider whether the assumptions underlying the forecast appear appropriate in the
circumstances. In addition, the auditor would compare the prospective data for recent
prior periods with historical results and would compare the prospective data for the
current period with results achieved to date.
400.256 The auditor would also consider and discuss with management its plans for future action,
such as plans to liquidate assets, borrow money or restructure debt, reduce or delay
expenditures, or increase capital. The relevance of such plans to an auditor generally
decreases as the time period for planned actions and anticipated events increases.
Particular emphasis is ordinarily placed on plans that might have a significant effect on
the entity's solvency within the foreseeable future.
400.257 The auditor would obtain sufficient appropriate audit evidence that these plans are
feasible, are likely to be implemented and that the outcome of these plans will improve
the situation. The auditor would ordinarily seek written representations from
management regarding these plans.
400.258 After the procedures considered necessary have been carried out, all the information
required has been obtained, and the effect of any plans of management and other
mitigating factors have been considered, the auditor would decide whether the question
raised regarding the going concern assumption has been satisfactorily resolved.
400.259 If, in the auditor's judgment, sufficient appropriate audit evidence has been obtained to
support the going concern assumption, the auditor would not modify the auditor's report.
400.260 If, in the auditor's judgment, the going concern assumption is appropriate because of
mitigating factors, in particular management's plans for future action, the auditor would
consider whether such plans or other factors need to be disclosed in the financial
statements. If adequate disclosure is not made, the auditor should express a qualified or
adverse opinion, as appropriate.
400.261 If, in the auditor's judgment, the going concern question is not satisfactorily resolved, the
auditor would consider whether the financial statements:

▪ adequately describe the principal conditions that raise substantial doubt about the
entity's ability to continue in operation for the foreseeable future;
▪ state that there is significant uncertainty that the entity will be able to continue as a
going concern and, therefore, as appropriate may be unable to realize its assets and
discharge its liabilities in the normal course of business; and
▪ state that the financial statements do not include any adjustments relating to the
recoverability and classification of recorded asset amounts or to amounts and
classification of liabilities that may be necessary if the entity is unable to continue as
a going concern.
400.262 If adequate disclosure is made in the financial statements, the auditor should ordinarily
express an unqualified opinion and modify the auditor's report by adding Material
Uncertainty Related to Going Concern paragraph that highlights the going concern
problem by drawing attention to the note in the financial statements that discloses the
matters. The following is an example of such a paragraph:
"Without qualifying our opinion, we draw attention to Note XX in the financial statements.
The Company incurred a net loss of XXX during the year ended December 31, 20XX and, as
of that date, the Company's current liabilities exceeded its current assets by XXX and its
total liabilities exceeded its total assets by XXX. These factors, along with other matters
as set forth in Note XX, raise substantial doubt that the Company will be able to continue
as a going concern."
400.263 As provided under SRC Rule 68, if a company has incurred a capital deficiency, the auditor
shall provide in the audit report an emphasis paragraph indicating the following
information:
(a) The fact that the company has incurred a capital deficiency that raises an issue on its
going concern status;
(b) A brief discussion of a concrete plan of the company to address the capital deficiency
and reference to the note to financial statements that provides a complete disclosure
of the said plan;
(c) A statement that the auditor conducted sufficient audit procedures to verify the
validity of the aforementioned plan. [SRC Rule 68 1.E.v]
The following is an example of such a paragraph:

The Company has a capital deficiency amounting to XX million and XX million as of
December 31, 20X1 and 20X0, respectively. This indicates substantial doubt as to the
Company’s ability to continue as going concern. The Management’s plans towards
generating profitability to meet the Company’s commitments and obligations includes,
among others:
• Implementation of cost-effective policies for variable cost and expenditures; and
• Generate additional income by having new business customers.
Management believes that with the implementation of their program for building up
profitability the Company will continue to operate in the normal course. The Company’s
ability to continue as a going concern is dependent on the success of future operations.

We conducted sufficient audit procedures to verify the validity of the aforementioned
management plans.
400.264 If adequate disclosure is not made in the financial statements, the auditor should express
a qualified or adverse opinion, as appropriate. The following is an example of the
explanation and opinion paragraphs when a qualified opinion is to be expressed:
"The Company has been unable to renegotiate its borrowings from its bankers. Without
such financial support there is substantial doubt that it will be able to continue as a going
concern. Consequently, adjustments may be required to the recorded asset amounts and
classification of liabilities. The financial statements (and notes thereto) do not disclose
this fact.
In our opinion, except for the omission of the information included in the Basis for Qualified
Opinion, the financial statements give a true and fair view of ('present fairly, in all material
respects,') the financial position of the Company at December 31, 20XX and the results of
its operations and its cash flows for the year then ended in accordance with ..."
400.265 If, on the basis of the additional procedures carried out and the information obtained,
including the effect of mitigating circumstances, the auditor's judgment is that the entity
will not be able to continue in operation for the foreseeable future, the auditor would
conclude that the going concern assumption used in the preparation of the financial
statements is inappropriate. If the result of the inappropriate assumption used in the
preparation of the financial statements is so material and pervasive as to make the
financial statements misleading, the auditor should express an adverse opinion.
400.266 The auditor is not precluded from expressing a disclaimer of opinion for a going concern
uncertainty.
See Exhibit 400-8, Going Concern Audit Program for the related audit form.
Considers Subsequent Events
PSA 560.4
a) To obtain sufficient appropriate audit evidence about whether events occurring between
the date of the financial statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in
those financial statements in accordance with the applicable financial reporting
framework; and
b) To respond appropriately to facts that become known to the auditor after the date of the
auditor’s report, that, had they been known to the auditor at that date, may have caused
the auditor to amend the auditor’s report.
400.267 The auditor should perform procedures designed to obtain sufficient appropriate audit
evidence that all events up to the date of the auditor's report that may require adjustment
of, or disclosure in, the financial statements have been identified. These procedures are
in addition to routine procedures which may be applied to specific transactions occurring

after period end to obtain audit evidence as to account balances as at period end, for
example, the testing of inventory cutoff and payments to creditors. The auditor is not,
however, expected to conduct a continuing review of all matters to which previously
applied procedures have provided satisfactory conclusions.
400.268 When performing the procedures, the auditor’s objective in mind is to ascertain whether
events subsequent to the date of the financial statements are appropriately adjusted to
or disclosed in the financial statements and related notes. In reviewing subsequent
events, the auditor considers two periods subsequent to the financial statement date.
Reporting Date to the Audit Report Date
400.269 For this period to be reviewed, the auditor performs among others, the following major
procedures:
▪ Obtain the latest available interim financial information and compare it with the
information in the financial statements being reported on and make other
comparisons considered appropriate. Determine the current status of items that
were accounted for on the basis of tentative or incomplete data. Ascertain whether
unusual adjustments were made.
▪ Inquire of responsible officials about the existence of matters that may indicate
subsequent events requiring further investigation. These matters may refer to events
of plans that only management is aware of, where such plan may have significant
impact on the business and financial statements of the client.
▪ Review minutes of meetings of those charged with governance. Investigate
significant and unusual transactions and events.
▪ Document in the work papers the subsequent events identified by the auditor’s
review that are required to be reflected or disclosed in the financial statements and
audit procedures performed.
▪ Document audit conclusions regarding the appropriateness of accounting treatment
and adequacy of disclosure, and the effect of subsequent events, if any, on the
auditor ‘s report
Report Date to Date Signed Audit Report Released to Client
400.270 If considerable length of time has elapsed, (e.g. more than 15 business days), between
the date of our audit report and the date the report is delivered to the client, the auditor
usually updates the subsequent events review.
See Exhibit 400-8, Subsequent Events Review Audit Program for the related audit form.
Management report
400.271 In concluding the audit, the auditor prepares certain report to management to
communicate the following, if any:
▪ non-compliance with laws and regulations

▪ material control weaknesses.
▪ significant error in the financial statements and corresponding resolution
▪ performance improvement observations.
400.272 Depending on the mode of reporting to be agreed by the audit team, the management
reports may be communicated to management through a formal written report or a
formal slide presentation and written report at the same time.
See Exhibit 400-10 Sample Management Letter for the related audit form.
Written representations
PSA 580.7
Written representation is a written statement by management provided to the auditor to
confirm certain matters or to support other audit evidence. Written representations in this
context do not include financial statements, the assertions therein, or supporting books and
records.
400.273 The auditor shall request written representations from management with appropriate
responsibilities for the financial statements and knowledge of the matters concerned.
[PSA 580.9]
400.274 The auditor obtains evidence that management acknowledges its responsibility for the
fair presentation of the financial statements in accordance with the relevant financial
reporting framework, and has approved the financial statements. The evidence of
management's acknowledgment of such responsibility and approval may be in the
relevant minutes of meetings of those charged with governance or similar body or by
obtaining a written representation from management or a signed copy of the financial
statements.
400.275 The auditor should obtain written representations from management on matters material
to the financial statements when other sufficient appropriate audit evidence cannot
reasonably be expected to exist. The possibility of misunderstandings between the
auditor and management is reduced when oral representations are confirmed by
management in writing. Written representations requested from management may be
limited to matters that are considered either individually or collectively material to the
financial statements. Regarding certain items it may be necessary to inform management
of the auditor's understanding of materiality.
400.276 During the course of an audit, management makes many representations to the auditor,
either unsolicited or in response to specific inquiries. When such representations relate
to matters which are material to the financial statements, the auditor will need to:
▪ seek corroborative audit evidence from sources inside or outside the entity;
▪ evaluate whether the representations made by management appear reasonable and
consistent with other audit evidence obtained, including other representations; and

▪ consider whether the individuals making the representations can be expected to be
well informed on the particular matters.
400.277 Matters which might be included in a letter from management or in a confirmatory letter
to management are contained in the example of a written representation letter in Exhibit
400 - 10.
400.278 Representations by management cannot be a substitute for other audit evidence that the
auditor could reasonably expect to be available. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such
cost that an auditor would ordinarily expect to obtain. If the auditor is unable to obtain
sufficient appropriate audit evidence regarding a matter which has, or may have, a
material effect on the financial statements and such evidence is expected to be available,
this will constitute a limitation in the scope of the audit, even if a representation from
management has been received on the matter.
400.279 In certain instances, a representation by management may be the only audit evidence
which can reasonably be expected to be available. For example, the auditor would not
necessarily expect that other audit evidence would be available to corroborate
management's intention to hold a specific investment for long-term appreciation.
400.280 If a representation by management is contradicted by other audit evidence, the auditor

should investigate the circumstances and, when necessary, reconsider the reliability of
other representations made by management.
400.281 When requesting a written representation letter, the auditor would request that it be
addressed to the auditor, contain specified information and be appropriately dated and
signed.
400.282 A written representation letter would ordinarily be dated the same date as the auditor's
report. However, in certain circumstances, a separate representation letter regarding
specific transactions or other events may also be obtained during the course of the audit
or at a date after the date of the auditor's report, for example, on the date of a public
offering.
400.283 A written representation letter would ordinarily be signed by the members of

management who have primary responsibility for the entity and its financial aspects
(ordinarily the senior executive officer and the senior financial officer) based on the best
of their knowledge and belief. In certain circumstances, the auditor may wish to obtain
representation letters from other members of management. For example, the auditor
may wish to obtain a written representation about the completeness of all minutes of the
meetings of shareholders, those charged with governance and important committees
from the individual responsible for keeping such minutes.
400.284 If management refuses to provide a representation that the auditor considers necessary,
this constitutes a scope limitation and the auditor should express a qualified opinion or a
disclaimer of opinion. In such circumstances, the auditor would evaluate any reliance

placed on other representations made by management during the course of the audit and
consider if the other implications of the refusal may have any additional effect on the
auditor's report.
See Exhibit 400-11, Sample Written Representation Letter for the related audit form.

500 Audit Reports
500.1 The final step in the audit process is to evaluate the audit evidence obtained, consider the
impact of any misstatements identified, form an audit opinion, and prepare an
appropriately worded audit report.
500.2 This section addresses:

▪ Basic sections of the auditor’s report
▪ Supplementary information presented with the financial statements
▪ Forms of audit opinion
▪ Additional paragraphs to the auditor’s report
▪ Comparative information
▪ Audits of group financial statements
▪ Using the work of an auditor’s expert
▪ Initial audit engagements – opening balances
▪ Other information in documents containing audited financial statements
PSA 700.6
The objectives of the auditor are to:
(a) To form an opinion on the financial statements based on an evaluation of the conclusions
drawn from the audit evidence obtained; and
(b) To express clearly that opinion through a written report.
500.3 The auditor shall form an opinion on whether the financial statements are prepared, in
all material respects, in accordance with the applicable financial reporting framework.
[PSA 700.10]
500.4 The auditor’s opinion on the financial statements will be made in the context of an
applicable “general purpose” framework. This is a financial reporting framework designed
to meet the common financial information needs of a wide range of users. Acceptable
frameworks for small and medium entities include:
▪ Philippine Financial Reporting Standard for Small and Medium-sized Entities (PFRS for
SMEs);
▪ Philippine Financial Reporting Standards (PFRS); and
▪ Philippine Financial Reporting Standard for Small Entities (PFRS for SEs).
There are two types of general-purpose frameworks: the “fair presentation framework”
and the “compliance” framework.”
500.5 The term “fair presentation framework” is used to refer to a financial reporting
framework that requires compliance with the requirements of the framework and:
Audit Report 500 – 1

(i) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial
statements, it may be necessary for management to provide disclosures beyond
those specifically required by the framework; or
(ii) Acknowledges explicitly that it may be necessary for management to depart from a
requirement of the framework to achieve fair presentation of the financial
statements. Such departures are expected to be necessary only in extremely rare
circumstances. [PSA 700.7b]
500.6 The term “compliance framework” is used to refer a financial reporting framework that
requires compliance with the requirements of the framework, but does not contain the
acknowledgements in (i) or (ii) above for “fair” presentation. [PSA 700.7b]
500.7 The auditor shall evaluate whether the financial statements are prepared, in all material
respects, in accordance with the requirements of the applicable financial reporting
framework. This evaluation shall include consideration of the qualitative aspects of the
entity’s accounting practices, including indicators of possible bias in management’s
judgments. [PSA 700.12]
500.8 In particular, the auditor shall evaluate whether, in view of the requirements of the
applicable financial reporting framework:
▪ The financial statements adequately disclose the significant accounting policies
selected and applied;
▪ The accounting policies selected and applied are consistent with the applicable
financial reporting framework and are appropriate;
▪ The accounting estimates made by management are reasonable;
▪ The information presented in the financial statements is relevant, reliable,
comparable and understandable;
▪ The financial statements provide adequate disclosures to enable the intended users
to understand the effect of material transactions and events on the information
conveyed in the financial statements; and
▪ The terminology used in the financial statements, including the title of each financial
statement, is appropriate. [PSA 700.13]
Basic Sections of the Auditor’s Report

500.9 The basic sections of the report are the following (in order):
▪ Title
▪ Addressee
▪ Auditor’s Opinion
▪ Basis for Opinion
▪ Material Uncertainties Related to Going Concern (if applicable)
▪ Key Audit Matters (required for listed entities)

▪ Responsibilities for the Financial Statements
▪ Auditor’s Responsibilities for the Audit of the Financial Statements
▪ Other reporting responsibilities
▪ Name of the engagement partner (required for listed entities)
▪ Signature of the Auditor
▪ Auditor’s Address
▪ Date of the Auditor’s Report
See Exhibit 500 – 1 for the Illustrative Unqualified Opinion of a Partnership
See Exhibit 500 – 2 for the Illustrative Unqualified Opinion of an Individual Practitioner
Title
PSA 700.21
The auditor’s report shall have a title that clearly indicates that it is the report of an independent
auditor.
500.10 The phrase “Independent Auditor’s Report” appears above the body of the audit report.
A title indicating the report is the report of an independent auditor, affirms that the
auditor has met all of the relevant ethical requirements regarding independence and,
therefore, distinguishes the independent auditor’s report from reports issued by others.
Addressee
PSA 700.22
The auditor’s report shall be addressed as appropriated, based on the circumstances of the
engagement.
500.11 The auditor’s report should be addressed as required by the circumstances of the
engagement. Ordinarily, the auditor’s report on general purpose financial statements is
addressed to those for whom the report is prepared, often either to the shareholders or
to those charged with governance of the client.
Examples of how audit reports are addressed

Client Entity Addressee of the Audit Report
The Board of Directors or Stockholders or both if the dual
address is preferred. The audit report shall not be addressed
Incorporated
only to an officer because it might be construed as being
entity
intended only for his or her information, not for the board of
directors, the lawful governing body.
Partnership The Partners and the Partnership or to The Partnership.

Non-Profit
Organization The Board of Trustees
(NPO)
Unincorporated
The participants.
joint venture
Proprietorship The proprietor.
if the auditor was engaged by an outside party (for example,
prospective investor, creditor, prospective creditor, single
Outside party
stockholder, or court of law), the audit report is addressed to
the engaging party.
Opinion Section
PSA 700.23
The first section of the auditor’s report shall include the auditor’s opinion, and shall have the
heading “Opinion.”
500.12 The Opinion section of the auditor’s report shall also:

(a) Identify the entity whose financial statements have been audited;
(b) State that the financial statements have been audited;
(c) Identify the title of each statement comprising the financial statements;
(d) Refer to the notes, including the summary of significant accounting policies; and
(e) Specify the date of, or period covered by, each financial statement comprising the
financial statements. [PSA 700.24]
Basis for Opinion Section
500.13 The auditor’s report shall include a section, directly following the Opinion section, with
the heading “Basis for Opinion,” that:
(a) States that the audit was conducted in accordance with Philippine Standards on
Auditing;
(b) Refers to the section of the auditor’s report that describes the auditor’s
responsibilities under the PSAs;
(c) Includes a statement that the auditor is independent of the entity in accordance with
the relevant ethical requirements relating to the audit, and has fulfilled the auditor’s
other ethical responsibilities in accordance with these requirements. The statement
shall identify the jurisdiction of origin of the relevant ethical requirements [Code of
Ethics for Professional Accountants in the Philippines (Philippine Code of Ethics)] or
refer to the International Ethics Standards Board for Accountants’ Code of Ethics for
Professional Accountants (IESBA Code); and
(d) States whether the auditor believes that the audit evidence the auditor has obtained
is sufficient and appropriate to provide a basis for the auditor’s opinion. [PSA 700.28]
Going Concern
500.14 Where applicable, the auditor shall report in accordance with PSA 570 (Revised).

See Section 400.248 to 400.266.
See Exhibit 500 – 3 for the Illustrative Material Uncertainty Related to Going Concern
Key Audit Matters
PSA 700.31
For audits of complete sets of general purpose financial statements of listed entities, the auditor
shall communicate key audit matters in the auditor’s report in accordance with PSA 701.
PSA 700.31
When the auditor is otherwise required by law or regulation or decides to communicate key
audit matters in the auditor’s report, the auditor shall do so in accordance with PSA 701.
500.15 KAM is defined as those matters that, in the auditor’s professional judgment, were of
most significance in the audit of the financial statements of the current period. KAM are
selected from matters communicated with TCWG. [PSA 701.8]
500.16 The purpose of communicating key audit matters is to:

▪ Enhance the communicative value of the auditor's report by providing greater
transparency about the audit that was performed; and
▪ Provide additional entity-specific information to intended users of the financial
statements to assist them in understanding those matters that, in the auditor's
professional judgment, were of most significance in the audit of the financial
statements of the current period.
500.17 Communicating KAM in complete sets of general-purpose financial statements is

▪ Mandatory for…
o Listed entities.
o Auditors who may voluntarily, or at the request of management or TCWG,
communicate KAM in the auditor’s report for any type of entity.
▪ Voluntary for…
o Auditors who may voluntarily, or at the request of management or TCWG,
communicate KAM in the auditor’s report for any type of entity.
o SMEs who want to be seen as similar to listed entities or are considering applying
to be listed on a recognized exchange.
As the public and other stakeholders becomes familiar with KAM disclosures, such as
in the audit reports of listed entities, it may become expected in the audit reports of
SMEs.
▪ Not permitted…
o As a substitute for required disclosures in the financial statements.

o As a substitute for reporting a material uncertainty in accordance with PSA 570
that
o may cast significant doubt on the entity's ability to continue as a going concern.
o As a separate audit opinion on individual matters.
o As a substitute for expressing a modified opinion required in accordance with PSA
705 (Revised).
o When the auditor disclaims an opinion on the financial statements.
500.18 The description of individual matters in the auditor’s report and how the matter was
addressed in the audit includes the following:
▪ Describe each KAM
o Why the matter was considered to be a KAM.
o How the matter was addressed in the audit.
o Reference to the related financial statement disclosure(s), if any.
▪ Describe how each matter was addressed in the audit
o Aspects of the auditor’s response or approach that were most relevant to the
matter or specific to the assessed risk of material misstatement.
o Brief overview of procedures performed.
o Indication of the outcome of the auditor’s procedures.
o Key observations with respect to the matter.
See Exhibit 500 – 4 for the Illustrative Key Audit Matter Section
Responsibilities for the Financial Statements
PSA 700.33
The auditor’s report shall include a section with a heading “Responsibilities of Management for
the Financial Statements.” The auditor’s report shall use the term that is appropriate in the
context of the legal framework in the particular jurisdiction and need not refer specifically to
“management.” In some jurisdictions, the appropriate reference may be to those charged with
governance.
500.19 This section of the auditor’s report shall describe management’s responsibility for:
(a) Preparing the financial statements in accordance with the applicable financial
reporting framework, and for such internal control as management determines is
necessary to enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error; and

(b) Assessing the entity’s ability to continue as a going concern and whether the use of
the going concern basis of accounting is appropriate as well as disclosing, if applicable,
matters relating to going concern. The explanation of management’s responsibility
for this assessment shall include a description of when the use of the going concern
basis of accounting is appropriate. [PSA 700.34]
500.20 This section of the auditor’s report shall also identify those responsible for the oversight
of the financial reporting process, when those responsible for such oversight are different
from those who fulfill the responsibilities described in paragraph 34 above. In this case,
the heading of this section shall also refer to “Those Charged with Governance” or such
term that is appropriate in the context of the legal framework in the particular
jurisdiction. [PSA 700.35]
500.21 When the financial statements are prepared in accordance with a fair presentation
framework, the description of responsibilities for the financial statements in the auditor’s
report shall refer to “the preparation and fair presentation of these financial statements”
or “the preparation of financial statements that give a true and fair view,” as appropriate
in the circumstances. [PSA 700.36]
Auditor’s Responsibilities for the Audit of the Financial Statements
PSA 700.37
The auditor’s report shall include a section with the heading “Auditor’s Responsibilities for the
Audit of the Financial Statements.”
500.22 This section of the auditor’s report shall:

(a) State that the objectives of the auditor are to:
(i) Obtain reasonable assurance about whether the financial statements as a whole
are free from material misstatement, whether due to fraud or error; and
(ii) Issue an auditor’s report that includes the auditor’s opinion.
(b) State that reasonable assurance is a high level of assurance, but is not a guarantee
that an audit conducted in accordance with PSAs will always detect a material
misstatement when it exists; and
(c) State that misstatements can arise from fraud or error, and either:
(i) Describe that they are considered material if, individually or in the aggregate,
they could reasonably be expected to influence the economic decisions of users
taken on the basis of these financial statements; or
(ii) Provide a definition or description of materiality in accordance with the
applicable financial reporting framework. [PSA 700.38]
500.23 The Auditor’s Responsibilities for the Audit of the Financial Statements section of the
auditor’s report shall further:

(a) State that, as part of an audit in accordance with PSAs, the auditor exercises
professional judgment and maintains professional skepticism throughout the audit;
and
(b) Describe an audit by stating that the auditor’s responsibilities are:
(i) To identify and assess the risks of material misstatement of the financial
statements, whether due to fraud or error; to design and perform audit
procedures responsive to those risks; and to obtain audit evidence that is
sufficient and appropriate to provide a basis for the auditor’s opinion. The risk of
not detecting a material misstatement resulting from fraud is higher than for one
resulting from error, as fraud may involve collusion, forgery, intentional
omissions, misrepresentations, or the override of internal control.
(ii) To obtain an understanding of internal control relevant to the audit in order to
design audit procedures that are appropriate in the circumstances, but not for
the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. In circumstances when the auditor also has a responsibility to express an
opinion on the effectiveness of internal control in conjunction with the audit of
the financial statements, the auditor shall omit the phrase that the auditor’s
consideration of internal control is not for the purpose of expressing an opinion
on the effectiveness of the entity’s internal control.
(iii) To evaluate the appropriateness of accounting policies used and the
reasonableness of accounting estimates and related disclosures made by
management.
(iv) To conclude on the appropriateness of management’s use of the going concern
basis of accounting and, based on the audit evidence obtained, whether a
material uncertainty exists related to events or conditions that may cast
significant doubt on the entity’s ability to continue as a going concern. If the
auditor concludes that a material uncertainty exists, the auditor is required to
draw attention in the auditor’s report to the related disclosures in the financial
statements or, if such disclosures are inadequate, to modify the opinion. The
auditor’s conclusions are based on the audit evidence obtained up to the date of
the auditor’s report. However, future events or conditions may cause an entity to
cease to continue as a going concern.
(v) When the financial statements are prepared in accordance with a fair
presentation framework, to evaluate the overall presentation, structure and
content of the financial statements, including the disclosures, and whether the
financial statements represent the underlying transactions and events in a
manner that achieves fair presentation.
(c) When PSA 600 applies, further describe the auditor’s responsibilities in a group audit
engagement by stating that:
(i) The auditor’s responsibilities are to obtain sufficient appropriate audit evidence
regarding the financial information of the entities or business activities within the
group to express an opinion on the group financial statements;
(ii) The auditor is responsible for the direction, supervision and performance of the
group audit; and

(iii) The auditor remains solely responsible for the auditor’s opinion. [PSA 700.39]
500.24 The Auditor’s Responsibilities for the Audit of the Financial Statements section of the
auditor’s report also shall:
(a) State that the auditor communicates with those charged with governance regarding,
among other matters, the planned scope and timing of the audit and significant audit
findings, including any significant deficiencies in internal control that the auditor
identifies during the audit;
(b) For audits of financial statements of listed entities, state that the auditor provides
those charged with governance with a statement that the auditor has complied with
relevant ethical requirements regarding independence and communicate with them
all relationships and other matters that may reasonably be thought to bear on the
auditor’s independence, and where applicable, related safeguards; and
(c) For audits of financial statements of listed entities and any other entities for which
key audit matters are communicated in accordance with PSA 701, state that, from the
matters communicated with those charged with governance, the auditor determines
those matters that were of most significance in the audit of the financial statements
of the current period and are therefore the key audit matters. The auditor describes
these matters in the auditor’s report unless law or regulation precludes public
disclosure about the matter or when, in extremely rare circumstances, the auditor
determines that a matter should not be communicated in the auditor’s report
because the adverse consequences of doing so would reasonably be expected to
outweigh the public interest benefits of such communication. [PSA 700.40]
Other Reporting Responsibilities

PSA 700.42
If the auditor addresses other reporting responsibilities in the auditor’s report on the financial
statements that are in addition to the auditor’s responsibilities under the PSAs, these other
reporting responsibilities shall be addressed in a separate section in the auditor’s report with a
heading titled “Report on Other Legal and Regulatory Requirements” or otherwise as
appropriate to the content of the section, unless these other reporting responsibilities address
the same topics as those presented under the reporting responsibilities required by the PSAs in
which case the other reporting responsibilities may be presented in the same section as the
related report elements required by the PSAs.
500.25 If other reporting responsibilities are presented in the same section as the related report
elements required by the PSAs, the auditor’s report shall clearly differentiate the other
reporting responsibilities from the reporting that is required by the PSAs. [PSA 700.43]
500.26 If the auditor’s report contains a separate section that addresses other reporting
responsibilities, the previous sections should include a heading “Report on the Audit of
the Financial Statements.” The “Report on Other Legal and Regulatory Requirements”
shall follow the “Report on the Audit of the Financial Statements.” [PSA 700.44]

500.27 An example of other reporting responsibilities would be the requirement to the auditor
to report on the supplementary information prepared under Revenue Regulation 15-
2010.
Name of the Engagement Partner
PSA 700.45
The name of the engagement partner shall be included in the auditor’s report for audits of
complete sets of general purpose financial statements of listed entities unless, in rare
circumstances, such disclosure is reasonably expected to lead to a significant personal security
threat. In the rare circumstances that the auditor intends not to include the name of the
engagement partner in the auditor’s report, the auditor shall discuss this intention with those
charged with governance to inform the auditor’s assessment of the likelihood and severity of a
significant personal security threat.
Signature of the Auditor
PSA 700.46
The auditor’s report shall be signed.
500.28 The auditor’s signature is either in the name of the audit firm, the personal name of the
auditor or both.
500.29 As provided in SRC Rule No. 68, auditor’s report on financial statements required to be
filed with the Securities and Exchange Commission (SEC) shall contain the following:
▪ Manual signature of the signing auditor/partner’s
▪ Signing auditor/partner’s License, Tax Identification and PTR numbers
▪ Registration number with BOA including its expiration date
▪ Signing auditor/partner’s accreditation number, category and expiration of
accreditation with SEC
Auditor’s Address
PSA 700.47
The auditor’s report shall name the location in the jurisdiction where the auditor practices.

Date of the Auditor’s Report
PSA 700.48
The auditor’s report shall be dated no earlier than the date on which the auditor has obtained
sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial
statements, including evidence that:
(a) All the statements that comprise the financial statements, including the related notes, have
been prepared; and
(b) Those with the recognized authority have asserted that they have taken responsibility for
those financial statements.
These sections are normally found in each auditor’s report, except for the “Key Audit
Matters” and “Name of the Engagement Partner” which is required for listed entities and
for “Material Uncertainty Related to Going Concern” which is case to case.
Supplementary Information Presented with the Financial Statements

PSA 700.52
If supplementary information that is not required by the applicable financial reporting
framework is presented with the audited financial statements, the auditor shall evaluate
whether in the auditor’s professional judgment, supplementary information is nevertheless an
integral part of the financial statements due to its nature or how it is presented. When it is an
integral part of the financial statements, the supplementary information shall be covered by
the auditor’s opinion.
PSA 700.53
If supplementary information that is not required by the applicable financial reporting
framework is not considered an integral part of the audited financial statements, the auditor
shall evaluate whether such supplementary information is presented in a way that sufficiently
and clearly differentiates it from the audited financial statements. If this is not the case, then
the auditor shall ask management to change how the unaudited supplementary information is
presented. If management refuses to do so, the auditor shall identify the unaudited
supplementary information and explain in the auditor’s report that such supplementary
information has not been audited.
500.30 Management and those charged with governance may be required (by law, regulation or
national standards) or may voluntarily choose to include supplementary information with
the financial statements that is not required by the applicable financial reporting
framework. Such information is normally presented in either supplementary schedules or
as additional notes. For example, additional information may include a schedule of
manufacturing costs, summary of effective standards and interpretations under
Philippine Financial Reporting Standards and reconciliation of retained earnings for
dividends declaration. Note however, that SMEs are not required to present the SRC
Annex 68-E Schedules.

500.31 Where supplementary information is presented, the auditor is required to evaluate, using
professional judgment, whether such information is nevertheless an integral part of the
financial statements due to its nature or how it is presented.
▪ Integral to F/S?
o Supplementary information shall be covered by the auditor’s opinion.
▪ NOT integral to F/S?
o Evaluate whether such supplementary information is presented in a way that
sufficiently and clearly differentiates it from the audited financial statements.
o If such information is not clearly differentiated, the auditor shall ask management
to change how the unaudited supplementary information is presented.
o If management refuses to make changes, the auditor shall identify the unaudited
supplementary information and explain in the auditor’s report that such
supplementary information has not been audited.
See Exhibit 500 – 5 for the Illustrative Report on Supplementary Information
FORMS OF AUDIT OPINION

500.32 The auditor shall express an unmodified opinion when the auditor concludes that the
financial statements are prepared, in all material respects, in accordance with the
applicable financial reporting framework. [PSA 700.16]
500.33 If the auditor concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or is unable to obtain
sufficient appropriate audit evidence to conclude that the financial statements as a whole
are free from material misstatement, the auditor shall modify the opinion in the auditor’s
report. [PSA 700.17]
500.34 If financial statements prepared in accordance with the requirements of a fair

presentation framework do not achieve fair presentation, the auditor shall discuss the
matter with management and, depending on the requirements of the applicable financial
reporting framework and how the matter is resolved, shall determine whether it is
necessary to modify the opinion in the auditor’s report. [PSA 700.18]
The Unqualified Opinion

500.35 Issuing an unqualified opinion implies that audit conclusions were formed on the basis of
an audit made in accordance with PSAs and the form and content of the financial
statements properly reflect applicable professional pronouncements.
500.36 An unqualified opinion implies that the auditor is satisfied that the financial statements
present fairly, in all material respects, an entity’s financial position, results of operations,

and cash flows in conformity with generally accepted accounting principles based on the
auditor’s judgment as to whether:
▪ the accounting principles selected and applied have general acceptance;
▪ the accounting principles are appropriate in the circumstances;
▪ the financial statements, including the related notes, are informative of matters that
may affect their use, understanding, and interpretation;
▪ the information presented in the financial statements is classified and summarized in
a reasonable manner, that is, it is neither too detailed nor too condensed, and
▪ the financial statements reflect the underlying transactions and events in a manner
that presents the financial position, results of operations, and cash flows stated
within a range of acceptable limits, that is, limits that are reasonable and practicable
to attain in financial statements.
See Exhibit 500 – 1 and Exhibit 500 – 2 for the Illustrative Unqualified Opinion.
Modified Opinions
500.37 The auditor should express a modified opinion if the auditor cannot express an
unmodified opinion. A modified opinion is a qualified opinion, an adverse opinion or a
disclaimer of opinion on the financial statements.
500.38 An auditor may not be able to express an unqualified opinion when:

▪ The auditor concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or
▪ The auditor is unable to obtain sufficient appropriate audit evidence to conclude that
the financial statements as a whole are free from material misstatement.
[PSA 705.6]
500.39 Uncorrected material misstatements may arise due to disagreements between the
auditor and management, on matters such as:
▪ the acceptability of accounting policies selected,
▪ the method of their application, or
▪ the adequacy of disclosures in the financial statements.
500.40 If such disagreements are material to the financial statements, the auditor should express
a qualified opinion (if material but not pervasive) or an adverse opinion (if material and
pervasive).

Determining the Type of Modification to the Auditor’s Opinion
Qualified Opinion
PSA 705.7
The auditor shall express a qualified opinion when
a. The auditor, having obtained sufficient appropriate audit evidence, concludes that
misstatements, individually or in the aggregate, are material, but not pervasive, to the financial
statements; or
b. The auditor is unable to obtain sufficient appropriate audit evidence on which to base the
opinion, but the auditor concludes that the possible effects on the financial statements of
undetected misstatements, if any, could be material but not pervasive.
500.41 When the auditor expresses a qualified opinion, the auditor shall, in addition to the
specific elements required by PSA 700:
(a) Amend the heading “Basis for Opinion” to “Basis for Qualified Opinion, and
(b) Within this section, include a description of the matter giving rise to the modification.
500.42 When the auditor expresses a qualified opinion due to a material misstatement in the
financial statements, the auditor shall state that, in the auditor’s opinion, except for the
effects of the matter(s) described in the Basis for Qualified Opinion section:
(a) When reporting in accordance with a fair presentation framework, the accompanying
financial statements present fairly, in all material respects [...] in accordance with [the
applicable financial reporting framework]; or
(b) When reporting in accordance with a compliance framework, the accompanying
financial statements have been prepared, in all material respects, in accordance with
[the applicable financial reporting framework].
When the modification arises from an inability to obtain sufficient appropriate audit
evidence, the auditor shall use the corresponding phrase “except for the possible effects
of the matter(s) ...” for the modified opinion. [PSA 705.17]
See Exhibit 500 – 6 for Illustrative Qualified Opinion Due to Material Misstatement of
Financial Statements.
See Exhibit 500 – 7 for Illustrative Qualified Audit Opinion Due to the Auditor’s Inability
to Obtain Sufficient Appropriate Audit Evidence
Adverse Opinion
PSA 705.8
The auditor shall express an adverse opinion when the auditor, having obtained sufficient
appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are
both material and pervasive to the financial statements.
500.43 When the auditor expresses an adverse opinion, the auditor shall, in addition to the
specific elements required by PSA 700:

(a) Amend the heading “Basis for Opinion” to “Basis for Adverse Opinion, and
500.44 When the auditor expresses an adverse opinion, the auditor shall state that, in the
auditor’s opinion, because of the significance of the matter(s) described in the Basis for
Adverse Opinion section:
(a) When reporting in accordance with a fair presentation framework, the accompanying
financial statements do not present fairly [...] in accordance with [the applicable
financial reporting framework]; or
(b) When reporting in accordance with a compliance framework, the accompanying
financial statements have not been prepared, in all material respects, in accordance
with [the applicable financial reporting framework].
[PSA 705.18]
See Exhibit 500 – 8 for Illustrative Adverse Opinion.
Disclaimer of Opinion
PSA 705.9
The auditor shall disclaim an opinion when the auditor is unable to obtain sufficient appropriate
audit evidence on which to base the opinion, and the auditor concludes that the possible effects
on the financial statements of undetected misstatements, if any, could be both material and
pervasive.
PSA 705.10
The auditor shall disclaim an opinion when, in extremely rare circumstances involving multiple
uncertainties, the auditor concludes that, notwithstanding having obtained sufficient
appropriate audit evidence regarding each of the individual uncertainties, it is not possible to
form an opinion on the financial statements due to the potential interaction of the uncertainties
and their possible cumulative effect on the financial statements.
500.45 When the auditor disclaims an opinion, the auditor shall, in addition to the specific
elements required by PSA 700:
(a) Amend the heading “Basis for Opinion” to “Basis for Disclaimer of Opinion, and
500.46 When the auditor disclaims an opinion due to an inability to obtain sufficient appropriate
audit evidence, the auditor shall:
(a) State that the auditor does not express an opinion on the accompanying financial
statements;
(b) State that, because of the significance of the matter(s) described in the Basis for
Disclaimer of Opinion section, the auditor has not been able to obtain sufficient
appropriate audit evidence to provide a basis for an audit opinion on the financial
statements; and
(c) Amend the statement required by PSA 700 (Revised), which indicates that the
financial statements have been audited, to state that the auditor was engaged to
audit the financial statements. [PSA 705.19]

See Exhibit 500 – 9 for Illustrative Disclaimer of Opinion.
Inability to Obtain Sufficient Appropriate Audit Evidence

500.47 This applies when the auditor is unable to obtain sufficient appropriate audit evidence on
which to base the opinion, and concludes that the possible effects on the financial
statements of undetected misstatements, if any, could be material (qualified opinion) or
material and pervasive (disclaimer of opinion). (IFAC Guide, Vol. II, Fourth Edition, page
260)
500.48 The auditor’s inability to obtain sufficient appropriate audit evidence (also referred to as
a limitation on the scope of the audit) may arise from:
▪ Circumstances beyond the control of the entity, such as when the entity’s accounting
records have been destroyed (such as through fire, water, theft, or computer-data
loss) or seized by a government authority;
▪ Circumstances relating to the nature or timing of the auditor’s work. This could occur
where the auditor’s appointment is such that the auditor is unable to observe the
counting of the physical inventories, the accounting records are not complete at the
time of the audit, or where the auditor determines that performing substantive
procedures alone is not sufficient but the entity’s controls are not effective; or
▪ Limitations imposed by management, such as not allowing external confirmation of
certain receivables or restricting access to key personnel, accounting records, or
operating locations. Where this occurs, there may be other audit implications, such
as the assessment of fraud risks and whether to continue with the engagement. If the
limitation is known before the engagement is accepted, the auditor would ordinarily
not accept such a limited engagement.
500.49 Before concluding that a modified opinion is required, the auditor would:
▪ Attempt to obtain sufficient appropriate audit evidence by performing alternative
procedures; and
▪ Discuss the matter with management and those charged with governance to
determine if the issue can be resolved. If the matter cannot be resolved, the auditor
would then communicate the intention to modify the audit opinion and the proposed
wording.
Additional Paragraphs to the Auditor’s Report
PSA 706.6
The objective of the auditor, having formed an opinion on the financial statements, is to draw
users’ attention, when in the auditor’s judgment it is necessary to do so, by way of clear
additional communication in the auditor’s report, to:
(a) A matter, although appropriately presented or disclosed in the financial statements, that is
of such importance that it is fundamental to users’ understanding of the financial statements;
or

(b) As appropriate, any other matter that is relevant to users’ understanding of the audit, the
auditor’s responsibilities or the auditor’s report.
PSA 706.7
For the purposes of the ISAs, the following terms have the meanings attributed below:
(a) Emphasis of Matter paragraph — A paragraph included in the auditor’s report that refers to
a matter appropriately presented or disclosed in the financial statements that, in the auditor’s
judgment, is of such importance that it is fundamental to users’ understanding of the financial
statements.
(b) Other Matter paragraph — A paragraph included in the auditor’s report that refers to a
matter other than those presented or disclosed in the financial statements that, in the auditor’s
judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities or the
auditor’s report.
Emphasis of Matter Paragraph

500.50 If the auditor considers it necessary to draw users’ attention to a matter presented or
disclosed in the financial statements that, in the auditor’s judgment, is of such importance
that it is fundamental to users’ understanding of the financial statements, the auditor
shall include an Emphasis of Matter paragraph in the auditor’s report provided:
(a) The auditor would not be required to modify the opinion in accordance with PSA 705
(Revised) as a result of the matter; and
(b) When PSA 701 applies, the matter has not been determined to be a key audit matter
to be communicated in the auditor’s report. [PSA 706.8]
500.51 When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the
auditor shall:
(a) Include the paragraph within a separate section of the auditor’s report with an
appropriate heading that includes the term “Emphasis of Matter”;
(b) Include in the paragraph a clear reference to the matter being emphasized and to
where relevant disclosures that fully describe the matter can be found in the financial
statements. The paragraph shall refer only to information presented or disclosed in
the financial statements; and
(c) Indicate that the auditor’s opinion is not modified in respect of the matter
emphasized. [PSA 706.9]
500.52 An “Emphasis of Matter” paragraph is not a substitute for:

▪ Modifying the audit opinion when required; or
▪ Management making required disclosures in the financial statements.
500.53 When the auditor expects to include an Emphasis of Matter, the auditor would
communicate with management and those charged with governance on:
▪ The need for the paragraph; and
▪ The proposed wording.
500.54 PSA 570 (Revised) also includes requirements for a separate section in the auditor’s report
related to the going concern basis of accounting and any related issues. Any inclusion

related to going concern should not be identified as an Emphasis of Matter or Other
Paragraph but must be a separate section, with its own heading in the auditor’s report.
500.55 There is no required placement, but the one suggestion is to follow the basis of opinion
section. The paragraph is headed “Emphasis of Matter” or other appropriate heading.
500.56 PSA 706 (Revised) provides the following examples of circumstances where the auditor
may consider it necessary to include an Emphasis of Matter paragraph:
▪ An uncertainty relating to the future outcome of exceptional litigation or regulatory
action.
▪ A significant subsequent event that occurs between the date of the financial
statements and the date of the auditor’s report.
▪ Early application (where permitted) of a new accounting standard that has a material
effect on the financial statements.
▪ A major catastrophe that has had, or continues to have, a significant effect on the
entity’s financial position. [PSA 706.A4]
See Exhibit 500 – 10 for Illustrative Audit Report with Emphasis of a Matter
Other Matter Paragraph

500.57 If the auditor considers it necessary to communicate a matter other than those that are
presented or disclosed in the financial statements that, in the auditor’s judgment, is
relevant to users’ understanding of the audit, the auditor’s responsibilities or the
auditor’s report, the auditor shall include an Other Matter paragraph in the auditor’s
report, provided:
(a) This is not prohibited by law or regulation; and
(b) When PSA 701 applies, the matter has not been determined to be a key audit matter
to be communicated in the auditor’s report. [PSA 706.10]
500.58 When the auditor includes an Other Matter paragraph in the auditor’s report, the auditor
shall include the paragraph within a separate section with the heading “Other Matter,”
or other appropriate heading. [PSA 706.11]
500.59 When the auditor expects to include an Other Matter paragraph, the auditor would
communicate with management and those charged with governance on:
▪ The need for the paragraph; and
▪ The proposed wording.
500.60 Other Matter paragraphs can be used to highlight matters such as:
▪ Restriction on distribution of the auditor’s report—Since financial statements (using
a general purpose framework) are sometimes prepared for a specific purpose, an
Other Matter paragraph could state that the auditor’s report is intended solely for
the intended users and should not be distributed to or used by other parties;

▪ Highlight additional responsibilities—Specific law, regulation, or generally accepted
practice in a jurisdiction may require or permit the auditor to elaborate on the
auditor’s responsibilities; or
▪ Inability to withdraw from the engagement—If the auditor is unable to withdraw or
resign when the possible effects of a scope limitation are pervasive, an Other Matter
paragraph could explain why it is not possible. (IFAC Guide, Vol. II, Fourth Edition,
page 270)
500.61 The paragraph may be included in the Report on Other Legal and Regulatory
Requirements section or may be included as a separate section following the report on
the Audit of the Financial Statements and the Report on Other Legal and Regulatory
Requirements section.
See Exhibit 500 – 11 for Illustrative Audit Report with Other Matter
Comparative Information
PSA 710.5
(a) To obtain sufficient appropriate audit evidence about whether the comparative information
included in the financial statements has been presented, in all material respects, in accordance
with the requirements for comparative information in the applicable financial reporting
framework; and
(b) To report in accordance with the auditor’s reporting responsibilities.
500.62 The auditor shall determine whether the comparatives comply in all material respects
with the financial reporting framework applicable to the financial statements being
audited.
500.63 Comparative information includes the amounts and disclosures included in the financial
statements in respect of one or more prior periods in accordance with the applicable
financial reporting framework. There are two broad approaches taken with respect to
comparative information.
(a) Corresponding figures – Comparative information where amounts and other
disclosures for the prior period are included as an integral part of the current period
financial statements, and are intended to be read only in relation to the amounts and
other disclosures relating to the current period (referred to as “current period
figures”). The level of detail presented in the corresponding amounts and disclosures
is dictated primarily by its relevance to the current period figures.
(b) Comparative financial statements – Comparative information where amounts and
other disclosures for the prior period are included for comparison with the financial
statements of the current period but, if audited, are referred to in the auditor’s
opinion. The level of information included in those comparative financial statements
is comparable with that of the financial statements of the current period.
500.64 In verifying comparative information, the auditor should

▪ Obtain Necessary Audit Evidence

Obtain sufficient appropriate audit evidence that the comparative information meets
the requirements of the applicable financial reporting framework, and whether such
information is appropriately classified. This involves evaluating whether:
o Accounting policies reflected in the comparative information are consistent with
those applied in the current period or, if there have been changes in accounting
policies, whether those changes have been properly accounted for and
adequately presented; and
o Comparative information agrees with the amounts and other disclosures
presented in the prior period or, when appropriate, have been restated.
▪ Identify Any Potential Misstatements
If possible, material misstatement in the comparative information is identified while
performing the current period audit, and the auditor would:
o Perform such additional audit procedures as are necessary in the circumstances
to determine whether a material misstatement exists; and
o Where the prior period financial statements are amended, determine that the
comparative information agrees with the amended financial statements.
If the auditor had audited the prior period’s financial statements, the auditor would
also address the relevant requirements of PSA 560 on subsequent events.
▪ Obtain Written Representations
Request written representations for all periods referred to in the auditor’s opinion.
This would include specific written representation regarding any restatement made
to correct a material misstatement in prior period financial statements.
Corresponding Figures
500.65 The auditor’s opinion would not refer to the corresponding figures except when the
auditor’s report on the prior period included an unresolved modification. The auditor
would modify the current period’s opinion by:
▪ Referring to both the current period’s figures and the corresponding figures when the
effects or possible effects of the matter on the current period’s figures are material;
or
▪ Explaining that the current audit opinion has been modified because of the effects or
possible effects of the unresolved matter on the comparability of the current period’s
figures and the corresponding figures.
500.66 A qualified or adverse opinion on the current period financial statements is required
where a material misstatement exists in the prior period financial statements on which:
▪ An unmodified opinion has been previously issued; and
▪ The corresponding figures have not been properly restated or appropriate disclosures
have not been made.
500.67 If the financial statements of the prior period were audited by a predecessor auditor and
the auditor is permitted by law or regulation to refer to the predecessor auditor’s report
on the corresponding figures and decides to do so, the auditor shall state in an Other
Matter paragraph in the auditor’s report:

a. That the financial statements of the prior period were audited by the predecessor
auditor;
b. The type of opinion expressed by the predecessor auditor and, if the opinion was
modified, the reasons therefore; and
c. The date of that report.
500.68 If the prior period financial statements were not audited, the auditor shall state in an
Other Matter paragraph in the auditor’s report that the corresponding figures are
unaudited. Such a statement does not, however, relieve the auditor of the requirement
to obtain sufficient appropriate audit evidence that the opening balances do not contain
misstatements that materially affect the current period’s financial statements.
500.69 If such a restatement or disclosure is not possible, the audit opinion would be modified
in respect of any corresponding figures included.
500.70 If the auditor is unable to obtain sufficient appropriate audit evidence regarding the
opening balances, the auditor is required by PSA 705 (Revised) to express a qualified
opinion or disclaim an opinion on the financial statements, as appropriate.
Comparative Financial Statements
500.71 The auditor’s opinion would refer to each period for which financial statements are
presented and on which an audit opinion is expressed.
500.72 If the auditor’s opinion on prior period financial statements differs from the opinion
previously expressed, disclose the substantive reasons for the different opinion in an
Other Matter paragraph.
500.73 If the financial statements of the prior period were audited by a predecessor auditor, in
addition to expressing an opinion on the current period’s financial statements, the auditor
shall state in an Other Matter paragraph:
a. That the financial statements of the prior period were audited by a predecessor
auditor;
b. The type of opinion expressed by the predecessor auditor and, if the opinion was
modified, the reasons therefore; and
c. The date of that report.
See Exhibit 500-11 Illustrative Audit Report with Other Matter
500.74 If the auditor concludes that a material misstatement exists that affects the prior period
financial statements on which the predecessor auditor had previously reported without
modification, the auditor shall communicate the misstatement with the appropriate level
of management and those charged with governance and request that the predecessor
auditor be informed. If the prior period financial statements are amended, and the
predecessor auditor agrees to issue a new auditor’s report on the amended financial
statements of the prior period, the auditor shall report only on the current period.

500.75 If the prior period financial statements were not audited, the auditor shall state in an
Other Matter paragraph that the comparative financial statements are unaudited. Such a
statement does not, however, relieve the auditor of the requirement to obtain sufficient
appropriate audit evidence that the opening balances do not contain misstatements that
materially affect the current period’s financial statements.
Audits of Group Financial Statements
PSA 600.8
(a) To determine whether to act as the auditor of the group financial statements;
(b) To communicate clearly with component auditors about the scope and timing of their work
on financial information related to components and their findings; and
(c) To obtain sufficient appropriate audit evidence about the financial information of the
components and the consolidation process to express an opinion whether the group financial
statements are prepared, in all material respects, in accordance with the applicable financial
500.76 The group engagement partner is responsible for the direction, supervision and
performance of the group audit engagement in compliance with professional standards
and regulatory and legal requirements, and whether the auditor’s report that is issued is
appropriate in the circumstances. [PSA 600.11]
500.77 The auditor’s report on the group financial statements shall not refer to a component
auditor, unless required by law or regulation to include such reference. If such reference
is required by law or regulation, the auditor’s report shall indicate that the reference does
not diminish the group engagement partner’s or the group engagement partner’s firm’s
responsibility for the group audit opinion. [PSA 600.11]
500.78 The group engagement partner shall evaluate the effect on the group audit opinion of any
uncorrected misstatements (either identified by the group engagement team or
communicated by component auditors) and any instances where there has been an
inability to obtain sufficient appropriate audit evidence.
Using the Work of An Auditor’s Expert
PSA 620.5
(a) To determine whether to use the work of an auditor’s expert; and
(b) If using the work of an auditor’s expert, to determine whether that work is adequate for the
auditor’s purposes.
500.79 The auditor shall not refer to the work of an auditor’s expert in an auditor’s report
containing an unmodified opinion unless required by law or regulation to do so. If such
reference is required by law or regulation, the auditor shall indicate in the auditor’s report

that the reference does not reduce the auditor’s responsibility for the audit opinion. [PSA
620.14]
500.80 If the auditor makes reference to the work of an auditor’s expert in the auditor’s report
because such reference is relevant to an understanding of a modification to the auditor’s
opinion, the auditor shall indicate in the auditor’s report that such reference does not
reduce the auditor’s responsibility for that opinion. In these circumstances, the auditor
would obtain the permission of the expert before making such a reference. If permission
is refused and the auditor believes a reference is necessary, the auditor may need to seek
legal advice. [PSA 620.15]
Initial Audit Engagements – Opening Balances
PSA 510.3
In conducting an initial audit engagement, the objective of the auditor with respect to opening
balances is to obtain sufficient appropriate audit evidence about whether:
(a) Opening balances contain misstatements that materially affect the current period’s financial
statements; and
(b) Appropriate accounting policies reflected in the opening balances have been consistently
applied in the current period’s financial statements, or changes thereto are properly accounted
for and adequately presented and disclosed in accordance with the applicable financial
500.81 “Opening balances” means those account balances which exist at the beginning of the
period. Opening balances are based upon the closing balances of the prior period and
reflect the effects of transactions of prior periods and accounting policies applied in the
prior period. [PSA 510.4.b]
500.82 If the auditor is unable to obtain sufficient appropriate audit evidence concerning opening
balances, the auditor may issue a qualified or disclaimer of opinion depending on the
materiality and pervasiveness of the effect of the scope limitation. [PSA 510.10]
500.83 If the opening balances contain misstatements which could materially affect the current
period’s financial statements and the effects of the misstatements are not properly
accounted for and adequately disclosed, the auditor may issue a qualified or adverse
opinion depending on the materiality and pervasiveness of the effect of misstatements.
[PSA 510.11]
500.84 If the current period’s accounting policies have not been consistently applied in relation
to opening balances and the change has not been properly accounted for and adequately
disclosed, the auditor may issue a qualified or adverse opinion depending on the
materiality and pervasiveness of the effect of misstatements. [PSA 510.12]
500.85 If the prior period auditor gave a modified report, and the modification remains relevant
and material to the current period, the auditor shall modify the opinion as appropriate.

Other Information in Documents Containing Audited Financial Statements
PSA 720.4
The objective of the auditor is to respond appropriately when documents containing audited
financial statements and the auditor’s report thereon include other information that could
undermine the credibility of those financial statements and the auditor’s report.
500.86 Other information refers to financial and non-financial information (other than the
financial statements and the auditor’s report thereon) which is included, either by law,
regulation or custom, in a document containing audited financial statements and the
auditor’s report thereon. [PSA 720.5a]
500.87 The auditor should read the other information to identify material inconsistencies, if any,
with the audited financial statements. A material inconsistency exists when other
information contradicts information contained in the audited financial statements. A
material inconsistency may raise doubt about the audit conclusions drawn from audit
evidence previously obtained and, possibly, about the basis for the auditor’s opinion on
the financial statements. [PSA 720.6
500.88 An entity ordinarily issues on an annual basis a document which includes its audited
financial statements together with the auditor’s report thereon. This document is
frequently referred to as the annual report. In issuing such a document, an entity may
also include, either by law or custom, other financial and non-financial information.
Examples of other information include a report by management or those charged with

governance on operations, financial summaries or highlights, employment data, planned
capital expenditures, financial ratios, names of officers and directors and selected
quarterly data.
500.89 In certain circumstances, the auditor has a statutory or contractual obligation to report
specifically on other information. In other circumstances, the auditor has no such
obligation. However, the auditor needs to give consideration to such other information
when issuing a report on the financial statements, as the credibility of the audited
financial statements may be undermined by inconsistencies which may exist between the
audited financial statements and other information.
500.90 When there is an obligation to report specifically on other information, the auditor’s
responsibilities are determined by the nature of the engagement and by local legislation
and professional standards. When such responsibilities involve the review of other
information, the auditor will need to follow the guidance on review engagements in the
appropriate PSAs.
500.91 In order that an auditor can consider other information included in the annual report,
timely access to such information will be required. The auditor therefore needs to make
appropriate arrangements with the entity to obtain such information prior to the date of
the auditor’s report. In certain circumstances, all the other information may not be
available prior to such date.

500.92 The objective and scope of an audit of financial statements are formulated on the premise
that the auditor’s responsibility is restricted to information identified in the auditor’s
report. Accordingly, the auditor has no specific responsibility to determine that other
information is properly stated.
Material Inconsistencies
500.93 If, on reading the other information, the auditor identifies a material inconsistency, the
auditor should determine whether the audited financial statements or the other
information needs to be amended.
500.94 If an amendment is necessary in the audited financial statements and the entity refuses
to make the amendment, the auditor should express a qualified or adverse opinion.
500.95 If an amendment is necessary in the other information and the entity refuses to make the
amendment, the auditor should consider including in the auditor’s report an emphasis of
matter paragraph describing the material inconsistency or taking other actions.
The actions taken, such as not issuing the auditor’s report or withdrawing from the
engagement, will depend upon the particular circumstances and the nature and
significance of the inconsistency. The auditor would also consider obtaining legal advice
as to further action.
Material Misstatements of Fact
500.96 While reading the other information for the purpose of identifying material
inconsistencies, the auditor may become aware of an apparent material misstatement of
fact.
500.97 A material misstatement of fact in other information exists when such information, not
related to matters appearing in the audited financial statements, is incorrectly stated or
presented.
500.98 If the auditor becomes aware that the other information appears to include a material
misstatement of fact, the auditor should discuss the matter with the entity’s
management. When discussing the matter with the entity’s management, the auditor
may not be able to evaluate the validity of the other information and management’s
responses to the auditor’s inquiries and would need to consider whether valid differences
of judgment or opinion exist.
500.99 When the auditor still considers that there is an apparent misstatement of fact, the
auditor should request management to consult with a qualified third party, such as the
entity’s legal counsel and should consider the advice received.
500.100 If the auditor concludes that there is a material misstatement of fact in the other
information which management refuses to correct, the auditor should consider taking
further appropriate action. The actions taken could include such steps as notifying those

charged with governance in writing of the auditor’s concern regarding the other
information and obtaining legal advice.

600 Engagement Management
600.1 In managing the audit engagement, certain administrative functions have to be
implemented aside from ensuring the technical requirements of the audit. Engagement
management issues discussed in this section are the following:
▪ Acceptance and/or continuance of audit engagement
▪ Independence issues
▪ Defining the terms of the audit engagement
▪ Resource management
▪ Engagement Briefing and Debriefing
▪ Information gathering
▪ Managing audit documentation
Audit Engagement Acceptance and Continuance
PSQC 1.26
The firm shall establish policies and procedures for the acceptance and continuance of client
relationships and specific engagements, designed to provide the firm with reasonable
assurance that it will only undertake or continue relationships and engagements where the
firm:
a) is competent to perform the engagement and has the capabilities, including time and
resources, to do so;
b) can comply with relevant ethical requirements; and
c) has considered the integrity of the client, and does not have information that would lead it
to conclude that the client lacks integrity.
600.2 Client relationships are fundamental to our professional practice. We aim to build on
our strengths and enhance the nature of our client relationships so that we consistently
add value and exceed our clients' expectations. Before accepting a specific client
engagement, the auditor should consider whether acceptance would create any threats
to compliance with the fundamental principles. For example, a self-interest threat to
professional competence and due care is created if the auditor does not possess, or
cannot acquire, the competencies necessary to properly carry out the engagement.
600.3 Before a firm decides to accept or retain an engagement, the auditor is required to:
▪ Establish the acceptability of the proposed financial reporting framework;
▪ Assess whether the firm can comply with relevant ethical requirements;
▪ Obtain the agreement of management that it acknowledges and understands its
responsibility for:
- The preparation of the financial statements in accordance with the applicable
financial reporting framework;
Engagement Management 600 – 1

- Such internal control as management determines is necessary to enable the
preparation of financial statements that are free from material misstatement,
whether due to fraud or error; and
- To provide the auditor with access to all relevant information and any additional
information that the auditor may request, plus unrestricted access to persons
within the entity from whom the auditor determines it necessary to obtain audit
evidence.
▪ Perform engagement acceptance or continuance procedures. These procedures
would be similar to risk assessment procedures outlined in Section 200. The results
(assuming the engagement is accepted) can later be used as part of the risk
assessment.
(IFAC Guide, Volume 2, Fourth edition, page 22)
Evaluation of prospective clients
600.4 The auditor evaluates the suitability of an audit engagement before it is accepted and
contracted. When we accept an audit, we are making a business decision to act as
auditor of that entity in return for an appropriate fee. Certain matters need to be
assessed before decision could be reached whether to accept or not a prospective audit
engagement. These are:
▪ Engagement risks
▪ Threat to auditor’s independence
Engagement Risks
600.5 We evaluate whether the overall engagement risk associated with our appointment as
auditor exceeds the level of risk that the auditor is prepared to accept.
600.6 The overall engagement risk consists of three components:
▪ entity-related matters (such as the entity's financial position and profitability;

solvency, borrowing levels, ratios, profitability growth; incidences of failure within
the entity's industry; the reputation, character and integrity of management and the
principal owners of the entity; recent changes in management; significant past,
current and potential litigation)
▪ business-related matters (such as the risk of potential litigation costs from an
alleged audit failure; the risk of other costs such as fee realization; and whether our
association with the entity may harm our professional image)
▪ audit-related matters (such as anticipated difficulties in obtaining audit evidence;
whether the proposed audit team possesses sufficient knowledge, skills and
experience to respond to the engagement risks; fulfill our professional obligations
and provide appropriate professional services; aggressive accounting and/or tax
policies; recent changes or prior period adjustments)

Independence Issues
600.7 In evaluating a prospective client, we consider whether there are professional reasons
not to act as auditor when the independence of the auditor, its partners, managers and
professional staff may be threatened or compromised by accepting the appointment as
auditor.
600.8 There must be evidence that the engagement partner has formed a conclusion on
compliance with independence requirements including:
▪ Identifying and evaluating circumstances that create threats to independence.
▪ Evaluating identified threats.
Taking action to eliminate threats or reduce them to an acceptable level by applying
safeguards, or declining the appointment.
Annual independence declaration
600.9 At least annually, before the start of every engagement, the firm shall obtain written
confirmation from its professional staff that they have complied with the independence
requirements.
Exhibit 600 – 1 shows an illustrative Annual Independence Confirmation form.
600.10 In addition to the above considerations, engagements may need to be declined where:
▪ An entity is operating in a specialized industry in which the auditor lacks the
required expertise, and expert assistance is not available.
▪ An entity operates a significant operation where the auditor is not represented, and
there are no alternative audit procedures that can be adopted to cover these
operations.
▪ The entity reporting deadlines coincide with existing client pressures.
▪ An Engagement Quality Control Review is required and no suitably qualified and
objective reviewer is available.
Who performs the evaluation
600.11 A partner, designated as the Engagement Quality Control Reviewer, is responsible for
evaluating the prospective audit engagement. While retaining overall responsibility, the
evaluating partner may delegate some of the evaluation procedures. For example,
gathering certain background information may be delegated.
600.12 The evaluating partner does not delegate discussions with predecessor auditors and
only delegates enquiries of third parties to another partner.

Procedures in evaluating a prospective client
600.13 In conducting an evaluation of a prospective client, the evaluating partner or his

designate must:
▪ consider the engagement risks to be faced in accepting the audit;
▪ consider whether the Auditor has enough capability and manpower to be able to act
as the principal auditor
▪ make enquiries, as appropriate, from the following sources to gather enough
information to arrive at a decision whether to accept or not an audit engagement:
o within the prospective client or third parties
o using investigation services
o from predecessor auditors;
▪ conclude on acceptance
600.14 Before contacting third parties and collecting information on a prospective client, take
steps to ensure that all partners and staff are aware of:
▪ The firm’s policies to protect confidential information maintained on clients;
▪ Requirements of any privacy legislation; and
▪ Requirements of the applicable code of ethics.
600.15 The evaluation of the prospective audit client must be completed prior to accepting an
appointment as auditor. If the evaluation is not completed prior to the deadline for
submitting a proposal, we include comments in the proposal stating that it is subject to
completion of required professional enquiries.
600.16 We document the collection of information, the evaluation process and the conclusion
reached regarding acceptance or rejection of the prospective audit client. An evaluation
of prospective client form should be completed to document the basis for the
conclusion reached. The evaluating partner signs on the form.
See Exhibit 600 – 2 for an illustrative Evaluation of Prospective Client Form.
Re-evaluation of existing client
600.17 Out of the existing audit engagements of the auditor, it is important for the engagement
partners to identify for each audit period which are the clients that need formal re-
evaluation.
600.18 The identification activity focuses on significant changes in the circumstances of the
entity or in the terms or conditions of our audit. The following factors may be
considered:
▪ new legal, regulatory or professional requirements that alter our reporting
responsibilities and the nature, timing, or extent of our audit procedures;
▪ a significant change in the nature, size, or structure of the entity's business;
▪ a significant change in principal owners, management or other personnel;
▪ audit findings which indicate that management may be providing misleading or
incomplete information or there is material weakness in controls and no steps are
being taken to correct the deficiencies.
600.19 In considering continuance of the audit engagement for identified audit client, the
following needs to be considered:
▪ updating our understanding of the entity's business risks and the related audit risks;
▪ obtaining an acceptable level of confidence that the entity's management and
principal owners have the integrity to provide us with meaningful representations
and full disclosure in connection with our audit;
▪ considering our ability to address the audit risks;
▪ considering the business risk that we face in continuing with the audit.
600.20 When the engagement partner concludes that the auditor's relationship with an existing
client requires formal re-evaluation we follow the process for acceptance of prospective
audits, adapting it as necessary.
600.21 We document the formal re-evaluation process and conclusions reached. The
evaluation needs to describe the reasons for the formal re-evaluation, the methods
used to conduct the formal re-evaluation and the conclusions reached. The
engagement partner approves the re-evaluation.
Withdrawing from engagement
600.22 The auditor's objectivity may be threatened, or appear to be threatened, if it is involved

in, or threatened with litigation in relation to a client. In such cases, the auditor shall
consult the firm’s Practice Risk Manager or a designated person before considering
continuance.
600.23 Before discussing client information with a proposed auditor, we consider the following:
▪ legal or ethical requirements
▪ whether we have obtained the entity's permission
▪ other unusual circumstances, for example, impending, threatened, or potential
litigation or disciplinary proceedings.
In the context of the above, we respond promptly and fully to reasonable enquiries
made by the successor auditor.
600.24 It is vital that the auditor is not exposed to the risk of its reputation or future
profitability by accepting new clients without proper evaluation procedures. To adhere
to the aspect of client confidentiality, the firm should inform the entity that it will seek
information from certain persons as noted above.

Defining The Terms Of The Audit Engagement
PSA 210.3
The objective of the auditor is to accept or continue an audit engagement only when the basis
upon which it is to be performed has been agreed, through:
a) Establishing whether the preconditions for an audit are present; and
b) Confirming that there is a common understanding between the auditor and management,
and, where appropriate, those charged with governance of the terms of the audit
engagement.
600.25 The auditor and the client should agree on the terms of the engagement. The agreed
terms and conditions shall be recorded in an audit engagement letter or other suitable
form of contract. The objective of the auditor is to accept or continue an audit
engagement only when the basis upon which it is to be performed has been agreed,
through:
▪ Establishing whether the preconditions for an audit are present; and
▪ Confirming that there is a common understanding between the auditor and
management and, where appropriate, those charged with governance of the terms
of the audit engagement
Preconditions for an Audit
600.26 In order to establish whether the preconditions for an audit are present, the auditor
shall: (Refer to PSA 210.6)
a. Determine whether the financial reporting framework to be applied in the

preparation of the financial statements is acceptable, and
b. Obtain the agreement of management that it acknowledges and understands its
responsibility for the preparation of the financial statements in accordance with the
applicable financial reporting framework; for such internal control as management
determines is necessary to enable the preparation of financial statement that are
free from material misstatements; to provide the auditor with access to all
information of which management is aware that is relevant to the preparation of
the financial statements.
600.27 On recurring audits, the auditor shall assess whether circumstances require the terms of
the engagement to be revised and whether there is a need to remind the client of the
existing terms of the engagement.
Obtaining an engagement letter
600.28 An engagement letter is a contract between the auditor and the client. The use and
value of such engagement contract, and the risks posed by not having one, is frequently
demonstrated in litigation.

600.29 Obtaining an engagement letter upon acceptance of a new audit engagement provides
reasonable assurance that potential misunderstandings are identified and resolved at
the start of the relationship. It helps in the efficient conduct of our work and
maintenance of good client relationships.
600.30 On new audit engagement for which we have submitted a successful proposal, we also
issue a separate engagement letter.
600.31 We obtain an engagement letter:

▪ upon acceptance of a new audit engagement;
▪ when there is a significant change in the nature or scope of an existing client's
operations or of our services to the client;
▪ periodically for a recurring audit engagement.
▪ a recent change of senior management, board of directors or ownership;
▪ legal requirements or client internal service contracting policy
600.32 In multi-location audits, the engagement partner decides whether separate engagement
letters are needed for the audit of components (such as divisions, branches,
subsidiaries, joint ventures or associate companies, etc.) within a multi-location audit.
600.33 Factors to consider include:

▪ who appoints the auditor of the component
▪ whether a separate audit report or a separate set of financial statements is to be
issued on the component
▪ legal requirements, in some jurisdictions separate engagement letters may be
required.
▪ the extent of any work performed by other auditors
▪ degree of ownership by the principal entity
▪ degree of independence of the component's management.
600.34 The engagement partner at the originating location is responsible for ensuring that all
components are appropriately bound to the terms and conditions of the engagement.
600.35 For joint audit with another auditor, we obtain the agreement of the other auditor with
respect to a joint engagement letter that includes a description of the responsibilities of
the participating auditors.
600.36 If we are providing services to companies that are currently subject to, or are expected
to be subject to, litigation or regulatory investigation, we generally include a paragraph
indicating that additional fees are assessed for services provided in connection with
these matters. We consider a similar paragraph when providing assurance services on
financial statements that we believe the client may use in subsequent merger
negotiations.

600.37 For clients in certain regulated industries, we may be required to issue an engagement
letter that conforms to wording recommended by the regulators.
Contents of an engagement letter
600.38 The engagement letter contains the terms and conditions of the audit and sets forth the
respective responsibilities of the auditor and the client and defines the limitations of our
responsibilities. It reduces or minimizes the risk that the client may rely on us
inappropriately to protect the entity against certain risks or to perform certain functions
that we consider to be the client's responsibility.
600.39 The contents of an engagement letter shall include:

▪ the objective of the audit the of financial statements;
▪ management's responsibility for the financial statements;
▪ the scope of the audit, including reference to applicable legislation, regulations, or
pronouncements of professional bodies to which we adhere;
▪ the form of any reports or other communication of results of the audit;
▪ the level of confidentiality required, and limitations on the distribution of our
report;
▪ the fact that because of the test nature and other inherent limitations of an audit,
together with the inherent limitations of any accounting system and related
controls, there is an unavoidable risk that even some material misstatement may
remain undiscovered;
▪ unrestricted access to whatever records, documentation and other information
requested in connection with the audit.
▪ expectation of receiving from management written representations concerning
representations made in connection with the audit;
▪ request for the entity to agree to the terms of the audit by acknowledging receipt of
the engagement letter;
▪ basis on which fees are computed and any billing arrangements.
600.40 If applicable, the engagement letter covers the following additional subjects:
▪ arrangements regarding the planning of the audit;
▪ arrangements concerning the involvement of other auditors and external experts in
some aspects of the audit;
▪ arrangements concerning the involvement of internal auditing and other entity
staff;
▪ arrangements to be made with the predecessor auditor, if any, in the case of an
initial audit;
▪ any restriction of our liability when such possibility exists;
▪ a reference to any further agreements between the auditor and the client.

600.41 If law or regulation prescribes in sufficient detail the terms of the audit engagement, the
auditor need not record them in a written agreement, except for the fact that such law
or regulation applies and that management acknowledges and understands its
responsibilities as set out in paragraph 600.26(b) of this section.
Updating the Engagement Letter
600.42 When no changes have occurred, the auditor is required to assess whether there is a
need to remind the entity of the existing terms of the audit engagement. The terms of
engagement may be reconfirmed at the time of the auditor’s reappointment without
the need to obtain a new letter each year.
600.43 The engagement letter is required to be revised when the circumstances change.
Matters that may constitute a change in circumstances include:
▪ Any revised or special terms of the engagement, e.g., reporting KAM (key audit
matters) where this was not previously the case;
▪ A recent change in senior management;
▪ A significant change in the nature or size of the entity’s business;
▪ A change in the financial reporting framework adopted in the preparation of the
financial statements;
▪ A change in other reporting requirements; and
▪ Some indication that management misunderstands the objective and scope of the
audit.
600.44 Where management does not agree to and acknowledge its responsibilities as set out in
PSA 210.6 (b) as set out in paragraph 600.26 (b) of this section, or the financial reporting
framework is not acceptable, the auditor is required by PSA 210.8 to decline the
engagement unless required by law or regulation.
PSA 210.15
If prior to completing the audit engagement, the auditor is requested to change the audit
engagement to an engagement that conveys a lower level of assurance, the auditor shall
determine whether there is reasonable justification for doing so.
600.45 For example, if there is a change in the circumstances of the entity affecting the need
for an audit, we may consider this to be a reasonable basis for requesting a change in
the engagement. However, if information is incorrect, incomplete or otherwise
unsatisfactory, we may not consider this to be a reasonable basis for requesting a
change in the engagement.
PSA 210.16
If the terms of the audit engagement are changed, the auditor and management shall agree
on and record the new terms of the engagement in an engagement letter or other suitable
from of written agreement.

PSA 210.17
If the auditor is unable to agree to a change of the terms of the audit engagement and is not
permitted by management to continue the original audit engagement, the auditor shall:
a) Withdraw from the audit engagement where possible under applicable law or regulation;
and
b) Determine whether there is any obligation, either contractual or otherwise, to report the
circumstances to other parties, such as those charged with governance, owners or
regulators.
600.46 For example, if the auditor is unable to obtain sufficient appropriate audit evidence
regarding receivables and management asks the auditor to change the engagement to a
review engagement to avoid a qualified audit opinion or a disclaimer of an opinion, the
auditor does not consider this a reasonable justification to change the terms of
engagement.
600.47 An engagement letter is a legally enforceable contract to provide professional services,

and is not used as a selling document. Specifically, care is exercised to avoid statements
regarding resources or results that realistically cannot be delivered.
600.48 The engagement letter generally is silent regarding access to our working papers unless
we are specifically required to make them available. For example, regulatory authorities
who require access to working papers, in which case the engagement letter conforms to
those requirements.
Refer to Exhibit 600 – 3 for an illustrative Audit Engagement Letter.
Signing, addressing and confirming an engagement letter
600.49 The engagement partner signs or approves the engagement letter to indicate his overall
responsibility over the audit. The client’s acceptance and approval of the engagement
letter shall be obtained before the commencement of the audit, to avoid
misunderstanding and confusion of the terms and conditions of the engagement.
600.50 The letter has to be addressed to the entity that engages the auditor and is marked for
the attention of the client official (such as Chief Executive Officer or chairman of the
audit committee) or group (such as, board of directors or audit committee) responsible
for engaging the services of the auditor. For multi-location audits separate engagement
letters may be required for some or all of the components.
600.51 The auditor obtains written confirmation of the terms of the audit, generally by asking
the client to sign and return a copy of the engagement letter. In case it is a recurring
audit, a letter may be sent to the client to re-consider the engagement for the
succeeding audits.

Maintaining Independence, Professional Ethics And Skepticism
600.52 As part of the auditor’s administrative tasks over audit engagements, the Firm needs to
implement policies to prevent conflict of interest and ensure compliance with auditing
standards and code of ethics in the audit of financial statements of clients.
600.53 Also, it is part of an effective risk management program to succeed as a professional
services organization to keep professional practice staff and other members of the Firm
understand and implement the Firm’s policies on the following:
▪ Independence
▪ Professional ethics
▪ Professional skepticism
Independence
600.54 Each auditor is required to affirm his or her independence at the time of employment
and annually thereafter. He should report apparent independence violations involving
him, his spouse, and dependents and the corrective action taken or proposed to be
taken on a timely basis when identified.
600.55 As required by independence rules, generally, the auditor personnel are not permitted
to serve an organization or entity included in the auditor’s restricted entity list as a
director, officer, voting trustee, employee, adviser, promoter, or underwriter or in any
other capacity that might raise questions as to the auditor’s present or future
independence.
600.56 Certain factors that are evaluated to determine impairment of independence are:
▪ Financial interests
▪ Personal or employment relationships
▪ Other auditor services conflicting with audit engagements
▪ Past due fees from client
600.57 We should comply with the "Philippine Code of Ethics for Professional Accountants" at
all times.
600.58 In addition to independence which is maintained by all professional staff of the Firm, the
ethical principles governing our professional responsibilities include:
▪ Integrity - We are straightforward and honest in performing our professional
services.
▪ Objectivity - We are fair and do not allow prejudice or bias, conflict of interest or
influence of others to override our objectivity.
▪ Professional competence and due care - We plan and perform our work and
prepare our report with due care, competence and diligence.

▪ Confidentiality - We respect the confidentiality of information acquired during the
course of our audit. We do not use or disclose any such information without proper
and specific authority unless there is a legal or professional right or duty to disclose.
▪ Professional behavior - We act in a manner consistent with the good reputation of
the profession and the auditor. We refrain from any conduct that brings discredit to
the profession or the auditor.
Professional Skepticism
600.59 The auditor shall plan and perform an audit with professional skepticism recognizing
that circumstances may exist that cause the financial statements to be materially
misstated. [PSA 200.15]
600.60 The auditor shall exercise professional judgment in planning and performing an audit
of financial statements [PSA 200.16]
600.61 Professional skepticism includes being alert to the following: [PSA 200.A18]:
▪ Audit evidence that contradicts other audit evidence obtained
▪ Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence
▪ Conditions that may indicate possible fraud
▪ Circumstances that suggest the need for audit procedures in addition to those
required the auditing standards
600.62 Maintaining professional skepticism throughout the audit is necessary so that the
auditor can reduce the risks of
▪ Overlooking unusual circumstances
▪ Over generalizing when drawing conclusions from audit observations
▪ Using inappropriate assumptions in determining the nature, timing, and extent of
the audit procedures and evaluating the results thereof
600.63 When we plan our audit, we consider management's integrity and the likely effect on
the financial statements. For example, we consider the reasons for, and implications of,
conditions such as:
▪ Transactions selected for testing are not supported by proper documentation or are
not appropriately authorized.
▪ Supporting records or files, which should be readily available, are not promptly
produced when requested.
▪ Audit procedures detect errors apparently known to entity personnel, but not
voluntarily disclosed to us.
600.64 When such conditions exist, we reconsider the planned audit procedures and may apply
additional or other audit procedures focused on the condition observed. We consider
the number of differences from expectations or the frequency with which we are unable
to obtain satisfactory explanations, when reconsidering the risk of significant
misstatement for related audit objectives.
600.65 Such conditions may also cause us to question management's integrity. If we are
concerned about management's integrity, we consider the risk that management may
intentionally distort the financial statements, perhaps through the manner in which
significant accounting policies are applied.
600.66 Accounting policies relating to revenue recognition, asset valuation, capitalization and
accounting estimates may be particularly prone to abuse because they involve judgment
or may be difficult to substantiate.
600.67 When our audit findings raise concerns about management's integrity, a fundamental
concern is to consider whether we can continue acting as auditor for the entity.
600.68 We do not assume that management is dishonest nor do we assume unquestioned

honesty. We recognize the need for objective evaluation of the conditions we observe
and of the audit evidence we obtain in forming our opinion as to whether the financial
statements are free of material misstatement.
Resource management
600.69 When planning for each audit engagement, we ensure that the resources to be used
match the required level of effort that has to be spent. Significant aspect of the
resource to use in such engagements are people – professional staff.
600.70 The Firm attracts and retains talented people enough for the requirement of the
engagements or jobs. The Firm provides an environment in which people thrive, where
they want to stay, and where they can achieve their full potential. To achieve this
objective, the Firm’s Human resource Department takes on a vital role.
600.71 The Firm shall maintain and use a staff scheduling system that systematically considers
the allocation of the Firm’s human resource to the different audit and other related
services to be provided to the clients.
Engagement Briefing and De-briefing
Briefing
600.72 The audit team leader (partner, manager, senior associate) conducts orientation
meetings, initially during planning, in accordance with the guidelines described in
Section 300 of this Manual on Audit Team Discussions, paragraphs 112 to 116, and
subsequently during the phasing of the audit process.
600.73 During the performance of the audit activities, we determine whether changes are
required in our timetable and/or overall audit plan. The audit team assesses whether
the objectives set during planning are still applicable.
600.74 Corrective action includes changes in the timing and/or nature of the planned activities
as well as changes in resources. In these cases, the team leader conducts additional
briefing to communicate the required changes.
De-briefing
600.75 At the conclusion of the audit engagement, the team leader conducts a de-briefing
session with the audit team to determine whether the team:
▪ has complied with applicable Firm policies and other required activities for audits;
▪ has obtained sufficient appropriate audit evidence to form audit opinion;
▪ has delivered our audit report and other communications on a timely basis.
600.76 During this session, the team also seeks to identify best practice points and lessons
learnt and input them into an appropriate compilation of knowledge. Generally, the
team discusses:
▪ what went well in the audit
▪ what went not so well
▪ what were the benefits of the approach adopted
▪ what are the matters that need to be addressed in the next period's audit.
600.77 As part of debriefing the audit team:

▪ Consider events during the audit. Audit team discuss factual and technical
information about the entity, the entity's business and the audit conducted to
receive ideas from the audit team and to provide constructive comments. This
allows the audit team to learn more about the audit beyond their individual roles.
▪ Consider significant judgmental audit issues. Audit team members identify the
important audit decisions and factors entering into them to develop the judgmental
skills of the audit team.
▪ Analyze the activities within the audit. Audit team members consider the activities
that were successful and those for which improvements are possible. We set criteria
against which we judge the quality of delivery or cost effectiveness of the service.
▪ Consider management's feedback. Audit team members obtain management's
feedback on those audit activities they considered successful and those for which
improvements are possible. We also request management's feedback on our
proposed recommendations to improve the quality of delivery or cost effectiveness
of our service.
▪ Produce recommendations. Audit team members participate in a discussion to
produce constructive recommendations to improve the quality of delivery or cost
effectiveness of our service. We also prepare an action plan setting out the issues
identified, the actions to be taken, the responsible audit team member and the
timetable.

▪ Monitor the implementation of recommendations. Team members incorporate
recommendations into the following period's audit plan, as appropriate.
▪ Re-assign people from the audit team and redirect efforts to other engagements.
The engagement partner is responsible for setting the direction for improvement of
both individual and team performance in the future.
▪ Completing individual appraisals.
600.78 Proceedings and matters discussed in the debriefing session shall be documented and
approved by the team leader. The notes of debriefing meetings are discarded once the
relevant points have been incorporated into the planning of the following period's audit.
Client and Staff Forecasting
600.79 Part of managing an audit engagement is to allocate appropriately the staff resource
required of each client. The Firm maintains a client and staff scheduling system that
supports the Firm’s policy of allocation of staff resources to all audit and other
engagements considering the internal staff availability and urgency of the job
engagement.
600.80 To support such scheduling system for staff forecast on each audit client, the audit
senior associate needs to prepare the staff assignment forecast. The staff forecast
should be supported by the Audit Budget before such is submitted to the designated
Staff Scheduler for inclusion in the client and staff forecast database.
Exhibit 600-4 shows an example of Staff Assignment Forecast form.
Information Gathering and Maintenance

600.81 The conduct of audit engagement deals with significant volume of information that are
obtained from different sources to support the audit opinion and other conclusions and
report from the audit.
600.82 Audit assistants assigned to an audit engagement shall obtain sufficient knowledge of
the business to enable them to carry out the audit work delegated to them.
600.83 This is achieved by documenting the auditors’ knowledge of the entity in the business
understanding documents, risk analysis document and process analysis documents.
600.84 The following sections discusses the sources and type of information gathered for the
audit and how these are secured and shared, if required, with other parties other than
the engagement team concerned.
Sources and Type of Information for Auditing
600.85 Auditors obtain information from:

▪ Client
▪ Auditor knowledge bases
▪ Third-party knowledge bases
600.86 Auditors obtain much of the information from the entity through meetings with
management or other personnel. Sources of information from the client which are
necessary for the audit include:
▪ minutes of the meetings of the board of directors;
▪ organization charts that identify management and their areas of responsibility;
▪ key performance indicators monitored by management;
▪ strategic plans, including mission and objectives;
▪ operating plans and budgets;
▪ product, process and technology literature;
▪ key customer and vendor information;
▪ strategic business improvement initiatives planned or in progress.
600.87 With regard to the auditor’s knowledge bases, the following information may be
obtained:
▪ industry and country specific information
▪ general economic information
▪ best practices
▪ experience from other engagements.
600.88 Third-party knowledge bases include:

▪ trade associations
▪ news papers
▪ periodicals and publications relating to the client or industry where it belongs
▪ industry analysis.
Managing audit documentation
PSA 230.2
Audit documentation that meets the requirements of PSA 230 and the specific documentation
requirements of other relevant PSAs provides:
a) Evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective of the auditor; and
b) Evidence that the audit was planned and performed in accordance with PSAs and
applicable legal and regulatory requirements.

PSA 230.3
Audit documentation serves a number of additional purposes including the following:
a. Assisting the engagement team to plan and perform the audit
b. Assisting members of the engagement team responsible for supervision to direct and
supervise the audit work, and to discharge their review responsibilities in
accordance with PSA 220
c. Enabling the engagement team to be accountable for its work
d. Retaining a record of matters of continuing significance to future audits
e. Enabling the conduct of quality control reviews and inspections in accordance with PSQC 1
f. Enabling the conduct of external inspections in accordance with applicable legal, regulatory
or other requirements.
600.89 Working papers are records kept by the auditor of the procedures applied, and the tests
performed, the information obtained and the pertinent conclusions reached. Examples
include: schedules, transcripts, analyses, notes and other memoranda (including
computer files) prepared and accumulated in connection with an audit.
600.90 Managing the audit working papers is important in providing evidence that the audit
was performed appropriately (in relation to standards of auditing and other legal
requirements)
Guide in preparing working papers
PSA 230.05
The objective of the auditor is to prepare documentation that provides:
a. A sufficient and appropriate record of the basis for the auditor’s report; and
b. Evidence that the audit was planned and performed in accordance with PSAs and
applicable legal and regulatory requirements.
600.91 Auditors design working papers to suit the needs of each audit, taking account of the
auditor’s policies and legal and professional requirements. Overall guidelines in
preparing the working papers are:
▪ use of standard working papers is recommended
▪ working papers should be clear and concise
▪ working papers use professional language
▪ all outstanding points are cleared to finalize the working papers
▪ discard review points once cleared.
600.92 The form and content of working papers are affected by matters such as the:
▪ Nature of the engagement.
▪ Nature of the audit procedures to be performed.
▪ Form of the auditor's report.

▪ Identified risks of material misstatement
▪ Size and complexity of the entity.
▪ Condition of the entity's accounting and internal control systems.
▪ Needs in the particular circumstances for direction, supervision and review of work
performed by assistants.
▪ Audit methodology and tools used.
600.93 Also, to improve audit efficiency, the auditor may utilize schedules, analyses and other
documentation prepared by the entity. In such circumstances, the auditor would need
to be satisfied that those materials have been properly prepared.
600.94 Working papers ordinarily include:

▪ Information concerning the organizational structure of the audit client.
▪ Extracts or copies of important legal documents, agreements and minutes.
▪ Information concerning the industry, economic environment and legislative
environment within which the entity operates.
▪ Evidence of the planning process including audit programs and any changes thereto.
▪ Evidence of the auditor's understanding of the accounting and internal control
systems.
▪ Evidence of control risk assessments and any revisions thereof.
▪ Evidence of the auditor's consideration of the work of internal auditing and
conclusions reached.
▪ Analyses of transactions and balances.
▪ Analyses of significant ratios and trends.
▪ A record of the nature, timing and extent of audit procedures performed and the
results of such procedures.
▪ Evidence that the work performed by assistants was supervised and reviewed.
▪ An indication as to who performed the audit procedures and when they were
performed.
▪ Details of procedures applied regarding components whose financial statements are
audited by another auditor.
▪ Copies of communications with other auditors, experts and other third parties.
▪ Copies of letters or notes concerning audit matters communicated to or discussed
with the entity, including the terms of the engagement and material weaknesses in
internal control.
▪ Letters of representation received from the entity.
▪ Conclusions reached by the auditor concerning significant aspects of the audit,
including how exceptions and unusual matters, if any, disclosed by the auditor's
procedures were resolved or treated.
▪ Copies of the financial statements and auditor's report.
Standard audit working papers
600.95 The Firm shall adopt and use standard working papers to facilitate the audit supervision
and review while providing a means to control its quality. The auditors need to consider
the factors stated in statement 600.92 when applying the use of standard working
papers. While certain portion of the standard working paper may not be applicable to
certain clients, especially the small and owner-managed clients, the auditor need not
remove such portion but just to indicate that it is not applicable.
600.96 The table below lists standard working papers auditors may consider.
Working Paper File/Folder Title Appendix Ref.
Permanent Working Paper File/Folder PWP
Current Working Paper File/Folder CWP
Client Financial Statements File/Folder CFS
Client Income Tax Return File/Folder CITR
Client Letter File CLTR
Electronic Format Working Papers
600.97 Audit working papers may be printed or retained electronically. To determine that
electronic documents are maintained by the one who is conversant with the contents of
the document and that extraneous information is not being retained, the following
guidance applies to electronic media:
▪ completion of the audit

Upon completion of an audit, finalized documents on disk drives maintained by the
audit team, including support staff, are moved to either the appropriate file server
or to disks for storage with the working paper files. Additional electronic copies of
entity-related documents are not retained, except as set forth in this paragraph.
▪ professional staff
Following completion of an audit, the professional staff assigned are in possession
of no audit-specific information, whether on their personal computers, on their
support staff's computers or otherwise.
▪ personal computers
Annually, all individuals review the information stored on their personal computers,
and their support staff's computers, for compliance with the retention guidance.
▪ Auditor’s Internet addresses
Correspondence sent from, or received at, the auditor’s address is subject to the
same policies, including retention policies, as other correspondence.
Working paper organization and indexing
600.98 Well organized working papers facilitate the review of the audit and provide efficient
access to audit evidence supporting the audit conclusion. Much of audit working papers
apply to either the period under audit or to one period to the next. As such, working
papers may be grouped generally into current files and permanent files,
correspondingly.
600.99 In the case of recurring audits, some working paper files may be classified as
"permanent" audit files which are updated with new information of continuing
importance, as distinct from current audit files which contain information relating
primarily to the audit of a single period.
Current files
600.100 Current files contain working papers relating primarily to the audit of a specific period.
Each period's current audit working papers include all the appropriate information
needed to support the opinion for specific audit.
600.101 These working papers may need to be newly created each period, or they may be
continuous, updating working papers from the prior period. If information is brought
forward, we retain a copy on the previous audit current file. For example, analytical
procedures, analyses of trends and ratios, calculations of important accounting
estimates.
600.102 Current working papers file generally include:

▪ evidence of our consideration of the work of internal auditing and conclusions
reached;
▪ details of procedures applied regarding components whose financial statements are
audited by other auditors;
▪ copies of communications with other auditors, external experts and other third
parties;
▪ copies of letters or notes concerning audit matters communicated to or discussed
with the entity, including the terms of the audit and material weaknesses;
▪ analyses of transactions, balances and significant ratios and trends;
▪ evidence that work performed was supervised and reviewed;
▪ letters of representation received from the entity.
600.103 When we issue our audit opinion we retain a copy of current working papers that
support our opinion. Where these working papers may be useful for the succeeding
period's audit, we retain a copy as of the date of our audit report. We then update the
original during the succeeding period's audit.
Permanent files
600.104 These continuing use working papers do not need to be recreated each period. Instead,
we update them, primarily by adding new information and by discarding information
that is no longer relevant. Permanent files usually consist of working papers and
documents relating to or containing:
▪ Information concerning the legal and organizational structure of the entity.
▪ Extracts or copies of important legal documents, agreements and minutes.
▪ Information concerning the industry, economic environment and legislative
environment within which the entity operates and any updates thereto.
▪ audit programs template as tailored to specific audit engagement and any changes
thereto.
▪ Evidence of the auditor's understanding of the accounting and internal control
systems and any changes thereto.
Report files
600.105 To better organize the working papers and facilitate access to these, it may be
recommended that a separate file for reports related to an engagement be maintained.
This file may contain the following:
▪ Auditor’s report and audited financial statements
▪ Report on the review of internal control system, if required as part of the audit
▪ Management report
▪ Other reports issued in relation to the audit engagement
Other files
600.106 All other working papers used by the audit team that may not be classified under the
above grouping may be filed under other files. Most of the documents included in this
file are engagement administration and management related files.
Working papers indexing
600.107 In order to facilitate the access to and review of working papers, the auditor implements
a standard working paper indexing system. Such system also allows common
understanding to all members of the audit team and the audit division staff when
locating for specific files in the working papers.
600.108 The standard working papers indexing system recommends the following as the
standard index numbers when indexing working papers.

Working Paper Title Appendix Ref.
Planning P
Internal Control Evaluation and Risk Assessment ICRA
Trial Balance TB
Working Balance Sheet WBS
Working Profit and Loss WPL
Cash A-10
Receivables A-20
Inventory A-30
Property, Plant and Equipment A-40
Investments /Financial Assets A-50
Accounts Payable L-10
Accrued Expenses L-20
Income Tax Payable L-30
Notes Payable / Long-Term Liabilities L-40
Shareholders’ Equity E-10
Revenue R-10
Cost of Sales COS-10
Operating Expenses OE-10
Interest Expense IE-10
Restricting access to working papers
600.109 We should adopt appropriate procedures for maintaining the confidentiality and safe
custody of the working papers and for retaining them for a period sufficient to meet the
needs of the practice and in accordance with legal and professional requirements or
record retention.

600.110 Audit working papers are the property of the auditor. We only make our working
papers available to third parties in defined circumstances and subject to certain
conditions.
600.111 The engagement partner considers requests to provide working papers or other
documents for inspection. We provide access to working papers only with the prior
approval of the engagement partner.
600.112 In considering a request, the engagement partner may decide to consult with the
Practice Risk Manager or a designated firm officer before deciding which working papers
may be inspected.
600.113 Consultation is required in the following circumstances:

▪ a request for access to working papers is potentially or actually adversarial in nature
▪ in the event of legal proceedings
▪ in the event of investigations by government bodies or examiners
▪ there is pending, threatened or potential litigation against the auditor
▪ requests by counsel.
600.114 We retain control at all times over our own working papers and documents. If we
permit a third party to inspect our working papers, a representative of the firm usually
supervises the review.
Availability of working papers to clients
600.115 If a client requests access to or copies of our audit working papers, we apply the
following guidelines:
▪ we may provide copies of audit working papers to clients at the discretion of the
engagement partner after considering the reasons for the request and the likely use
of the copies;
▪ except in unusual circumstances, we do not give audit programs to client personnel
other than internal auditing, and then only to the extent necessary to facilitate their
involvement with the audit.
Availability of working papers to principal auditors
600.116 The effectiveness of an audit in which each auditor is jointly and severally responsible
for the whole audit depends on co-operation and communication between the joint
auditors. Generally, we permit joint auditors full access to review working papers.
600.117 When we audit the financial statements of a subsidiary or related entity, the principal
auditors may wish to consult us. In some countries, there are statutory or professional
obligations for other auditors to comply with requests for information from principal
auditors. If there is a statutory requirement, we comply with it and as a matter of

courtesy explain to the client that we are doing so. In other cases, we first obtain the
client's express permission.
600.118 Where we are the auditors of a related entity, we may wish to obtain an
acknowledgement by the principal auditor that they acquire no rights against us as a
result of gaining access to our working papers.
Availability of working papers to successor auditors
600.119 When another auditor replaces the current auditor, the current auditor may receive a
request to permit the successor auditors to review his/her working papers. The current
auditor considers these requests and may grant access, provided the client gives
permission to do so, in writing.
600.120 The current auditor also obtain the successor auditors' agreement and acceptance of a
letter that states:
▪ the purpose and limitations of the successor auditors' review;
▪ that the successor auditors will not provide specialist testimony or provide litigation
support services concerning the quality of our audit.
600.121 Generally, the letter also addresses the limits on the successor auditors' ability to use
the current auditor’s working papers as audit evidence and the successor auditors'
obligations regarding copies or information otherwise derived from the current
auditor’s working papers. The current auditor provides a copy of this letter to the
former client.
600.122 The engagement partner decides the extent to which working papers are made
available. Generally, the current auditor responds to the successor auditors' specific
enquiries and make available working papers relating to matters of continuing
accounting significance.
600.123 Certain working papers concerning the conduct of the audit, such as those relating to
the assessments of the risk of a significant misstatement and audit program, do not
generally contain information of continuing accounting significance. Successor auditors
are professionally responsible for forming their own judgments about the risk of a
significant misstatement occurring and selecting appropriate audit procedures. They are
not entitled to substitute the current auditor judgment for their own. Consequently,
the current auditor do not generally make available working papers relating to these
aspects.
600.124 Access need not include information related to engagement administration, such as
administrative materials, time summaries, interoffice arrangements and billing
information. The current auditor resolves problems with the former client, such as
unpaid fees, before giving the successor auditors access to our working papers.

Copying of working papers
600.125 As a general guideline, auditors are discouraged from photocopying, although the
reviewers are free to make notes. If the engagement partner permits photocopying, the
firm’s representative controls it, reviewing the working papers before they are copied.
600.126 Auditors do not allow copying of working papers related to the performance of the audit
work, such as:
▪ audit programs;
▪ the working papers that express conclusions, judgments, and explain annotations
and similar working papers;
▪ documents relating to computer assisted audit techniques, such as record layouts of
an entity's files, listings of file interrogation programs and printouts;
▪ documents relating to non-audit services.
600.127 Regulators may also request photocopies of working papers. Auditors generally provide
regulators with photocopies of working papers that are pertinent to the objectives of
their review. If photocopies are provided, they are generally marked to request
confidential treatment by the regulator.
600.128 Auditors generally do not provide photocopies of working papers to other third parties.
Auditors may, at the client's request, provide copies of client documents that are more
readily obtained from our working papers.
600.129 Auditors do not generally supply copies of the client's documents to successor auditors,
who may obtain them directly from the client.
Assembly of the Final Audit File
PSA 230.14
The auditor shall assemble the audit documentation in an audit file and complete the
administrative process of assembling the final audit file on a timely basis after the date of the
auditor’s report.
PSA 230.A21
An appropriate time limit within which to complete the assembly of the final audit file is
ordinarily not more that 60 days after the date of the auditor’s report.
PSA 230.A22
The completion of the assembly of the final audit file after the date of the auditor’s report is an
administrative process that does not involve the performance of new audit procedures or the
drawing of new conclusions. Changes may, however, be made to the audit documentation
during the final assembly process if they are administrative in nature.

600.130 Upon completion of an audit, we determine that the working papers are in proper order
and complete. Working papers are to be properly filed and carefully maintained so they
can be readily located when necessary.
PSA 230.A23
PSQC No. 1 requires firms to establish policies and procedures for the retention of
engagement documentation. The retention period for audit engagement ordinarily is not
shorter than five years from the date of the auditor’s report, or, if later, the date of the group
auditor’s report.

700 Quality Controls
PSQC 1.3
The firm should establish a system of quality control designed to provide it with reasonable
assurance that the firm and its personnel comply with professional standards and regulatory
and legal requirements, and that reports issued by the firm or engagement partners are
appropriate in the circumstances.
700.1 A system of quality control consists of policies designed to provide reasonable assurance
that engagements are performed in accordance professional standards, and the
procedures necessary to implement and monitor compliance with those policies.
Objectives – quality control for audit engagements
700.2 The objective of the auditor is to implement quality control procedures at the
engagement level that provide the auditor with reasonable assurance that:
▪ The audit complies with professional standards and applicable legal and regulatory
requirements; and
▪ The auditor’s report issued is appropriate in the circumstances.
700.3 Within the context of the firm’s system of quality control, audit engagement teams have
a responsibility to implement quality control procedures that are applicable to the audit
engagement and provide the firm with relevant information to enable the functioning of
that part of the firm’s system of quality control relating to independence.
700.4 Engagement teams are entitled to rely on the firm’s system of quality control, unless
information provided by the firm or other parties suggests otherwise.
Quality control
700.5 The firm shall ensure that it fully complies with the quality control requirements as
stipulated in PSQC 1 and PSA220. Each partner and each of the firm’s personnel has a
personal responsibility for quality and is expected to comply with the firm’s
requirements in respect to quality as stipulated in this Manual and those stipulated in
PSQC 1 and PSA 220.
700.6 The firm should establish a system of quality control designed to provide it with
reasonable assurance that:
▪ the firm and its personnel comply with professional standards and regulatory and
legal requirements, and
▪ that reports issued by the firm or engagement partners are appropriate in the
circumstances.
Quality Controls 700 – 1

700.7 The firm’s system of quality control include policies and procedures addressing each of
the following elements:
▪ Leadership responsibilities for quality within the firm.

▪ Relevant ethical requirements.
▪ Acceptance and continuance of client relationships and specific engagements.
▪ Human resources.
▪ Engagement performance.
▪ Monitoring.
Leadership Responsibilities for Quality within the Firm
700.8 The Firm promotes an internal culture based on the recognition that quality is essential
in performing engagements. The firm’s managing board of partners, assumes ultimate
responsibility for the firm’s system of quality control.
700.9 The firm shall achieve quality in all the engagements that the firm performs. Promoting
such an internal culture includes: (PSQC1. A5)
▪ Establishment of policies and procedures that address performance evaluation,

compensation, and promotion (including incentive system) with regard to its
personnel, in order to demonstrate the firm’s overriding commitment to quality;
▪ Assignment of management responsibilities so that commercial considerations do

not override the quality of work performed; and
▪ Provision of sufficient resources for the development, documentation and support

of its quality control policies and procedures.
700.10 The firm’s leadership and the examples it sets significantly influence the internal culture
of the firm. The promotion of a quality-oriented internal culture depends on clear,
consistent and frequent actions and messages from all levels of the firm’s management
emphasizing the firm’s quality control policies and procedures.
Relevant Ethical Requirements
700.11 The Firm’s policies and procedures are designed to provide reasonable assurance that
the firm and its personnel comply with relevant ethical requirements. Emphasis is made
on the fundamental principles, which are reinforced in particular by the leadership of
the firm, education and training, monitoring, and a process for dealing with non-
compliance.
Independence Requirements
700.12 The Firm’s policies and procedures are designed to provide reasonable assurance that
the firm, its personnel and, where applicable, others subject to independence

requirements, maintain independence where required. The policies and procedures
established should enable the firm to communicate its independence requirements to
those who are subject these requirements, identify and evaluate circumstances and
relationships that create threats to independence, and to take appropriate action, and
be notified of breaches of independence requirements, and to enable it to take
appropriate actions to resolve such situations.
700.13 At least annually, the firm shall obtain written confirmation of compliance with its
policies and procedures on independence from all firm personnel required to be
independent by the Code and national ethical requirements. Written confirmation may
be in paper or electronic form.
Familiarity Threats
PSQC1.25
The firm shall establish policies and procedures:
a) Setting out criteria for determining the need for safeguards to reduce the familiarity threat
to an acceptable level when using the same senior personnel on an assurance engagement
over a long period of item; and
b) Requiring, for audits of financial statements of listed entities, the rotation of the
engagement partner and the individuals responsible for engagement quality control
review, and, where applicable, others subject to rotation requirements, after a specified
period in compliance with relevant ethical requirements.
700.14 A familiarity threat occurs when, by virtue of a close relationship with an assurance
client, its directors, officers or employees, a firm or a member of the assurance team
becomes too sympathetic to the client’s interests.
700.15 The Firm sets out criteria for determining the need for safeguards to reduce familiarity
threats to an acceptable level when using the same senior personnel on an assurance
engagement over a long period of time; and the rotation of the engagement partner
after a specified period.
Acceptance and Continuance Procedures
700.16 The Firm’s policies and procedures for the acceptance and continuance of client
relationships and specific engagements are designed to provide the Firm with
reasonable assurance that it will only undertake or continue relationships and
engagements where it:
▪ Has considered the integrity of the client and does not have information that would
lead it to conclude that the client lacks integrity;
▪ Is competent to perform the engagement and has the capabilities, time and
resources to do so; and
▪ Can comply with ethical requirements.

700.17 Where issues have been identified, and the Firm decides to accept or continue the client
relationship or a specific engagement, the Firm documents how the issues were
resolved.
700.18 Matters that the Firm considers regarding client integrity include:
▪ Identity and business reputation of the client’s principal owners, key management,
related parties and those charged with its governance.
▪ The nature of the client’s operations, including its business practices.
▪ Information concerning the attitude of the client’s principal owners, key
management and those charged with its governance towards such matters as
aggressive interpretation of accounting standards and the internal control
environment.
▪ Whether the client is aggressively concerned with maintaining the firm’s fees as low
as possible.
▪ Indications of an inappropriate limitation in the scope of work.
▪ Indications that the client might be involved in money laundering or other criminal
activities.
Firm Capability, Competence, Time and Resources
700.19 In considering whether the firm has the capabilities, competence, time and resources to
undertake a new engagement from a new or an existing client, the firm reviews the
specific requirements of the engagement and existing partner and staff profiles at all
relevant levels.
700.20 Some factors to consider in determining Firm capability, competence, time and
resources include:
▪ Firm personnel knowledge of relevant industries or subject matters, and experience
with relevant regulatory or reporting requirements, or the ability to gain the
necessary skills and knowledge effectively;
▪ Sufficient personnel with the necessary capabilities and competence;
▪ Experts are available, if needed;
▪ Individuals meeting the criteria and eligibility requirements to perform engagement
quality control review are available, where applicable; and
▪ Ability to complete the engagement within the reporting deadline
700.21 Where the Firm obtains information that would have caused it to decline an
engagement if that information had been available earlier, the Firm should consider the
following:
▪ applicable professional and legal responsibilities, including whether there is a
requirement for the Firm to report to the person or persons who made the
appointment or, in some cases, to regulatory authorities; and
▪ the possibility of withdrawing from the engagement or from both the engagement
and the client relationship.

Policies and Procedures on Auditor Withdrawal
700.22 Policies and procedures on withdrawal from an engagement or from both the
engagement and the client relationship shall include the following:
a. Discussing with the appropriate level of the client’s management and those charged
with its governance regarding the appropriate action that the Firm might take based
on the relevant facts and circumstances.
b. If the Firm determines that it is appropriate to withdraw, discussing with the
appropriate level of the client’s management and those charged with its governance
withdrawal from the engagement or from both the engagement and the client
relationship, and the reasons for the withdrawal.
c. Considering whether there is a professional, regulatory or legal requirement for the
Firm to remain in place, or for the Firm to report the withdrawal from the
engagement, or from both the engagement and the client relationship, together
with the reasons for the withdrawal, to regulatory authorities.
d. Documenting significant issues, consultations, conclusions and the basis for the
conclusions.
Human Resources
700.23 The Firm’s policies and procedures are designed to provide the Firm with reasonable
assurance regarding sufficiency of personnel with the capabilities, competence, and
commitment to applicable ethical principles.
700.24 The policies and procedures address the following personnel issues: recruitment,
performance evaluation, capabilities, competence, career development, promotion,
compensation; and the estimation of personnel needs. (PSQC1.A24)
700.25 The Firm emphasizes in its policies and procedures the need for continuing training for
all levels of Firm personnel, and provides the necessary training resources and
assistance to enable personnel to develop and maintain the required capabilities and
competence.
Performance Evaluation
700.26 The Firm’s performance evaluation, compensation and promotion procedures give due
recognition and reward to the development and maintenance of competence and
commitment to ethical principles.
700.27 In particular, the Firm:

▪ Makes personnel aware of the Firm’s expectations regarding performance and
ethical principles;
▪ Provides personnel with evaluation of, and counseling on, performance, progress
and career development; and

▪ Helps personnel understand that advancement to positions of greater responsibility
depends, among other things, upon performance quality and adherence to ethical
principles, and that failure to comply with the firm’s policies and procedures may
result in disciplinary action.
Assignment of Engagement Teams
700.28 The Firm should assign responsibility for each engagement to an engagement partner.
700.29 The Firm’s policies and procedures on assignment of engagement teams require that:
▪ The identity and role of the engagement partner should be communicated to key
members of client management and those charged with governance.
▪ The engagement partner should have the appropriate capabilities, competence,
authority and time to perform the role.
▪ The responsibilities of the engagement partner should be clearly defined and
communicated to that partner.
▪ The firm should assign appropriate staff with the necessary capabilities, competence
and time to perform engagements in accordance with professional standards and
regulatory and legal requirements, and to enable the firm or engagement partners
to issue reports that are appropriate in the circumstances.
▪ The capabilities and competence are considered when assigning engagement teams,
and in determining the level of supervision required.
Engagement Performance
700.30 The Firm shall establish consistency in the quality of engagement performance. This is
often accomplished through written or electronic manuals, software tools or other
forms of standardized documentation, and industry or subject matter-specific guidance
materials.
700.31 Matters concerning engagement performance may include: (PSQC1.A32)

▪ How engagement teams are briefed on the engagement to obtain an understanding
of the objectives of their work.
▪ Processes for complying with applicable engagement standards.
▪ Processes of engagement supervision, staff training and coaching.
▪ Methods of reviewing the work performed, the significant judgments made and the
form of report being issued.
▪ Appropriate documentation of the work performed and of the timing and extent of
the review.
▪ Processes to keep all policies and procedures current.
Consultation
700.32 The Firm’s policies and procedures are designed to provide the firm with reasonable
assurance that:
▪ Appropriate consultation takes place on difficult or contentious matters;

▪ Sufficient resources are available to enable appropriate consultation to take place;
▪ The nature and scope of such consultations are documented; and
▪ Conclusions resulting from consultations are documented and implemented.
700.33 Consultation includes discussion, at the appropriate professional level, with individuals
within or outside the firm who have specialized expertise, to resolve a difficult or
contentious matter. Consultation uses appropriate research resources as well as the
collective experience and technical expertise of the firm. Consultation helps to promote
quality and improves the application of professional judgment.
700.34 The Firm seeks to establish a culture in which consultation is recognized as a strength
and encourages personnel to consult on difficult or contentious matters. Those
consulted should be given all the relevant facts that will enable them to provide
informed advice on technical, ethical or other matters.
700.35 Consultation should be with those having appropriate knowledge, seniority and
experience within the firm (or, where applicable, outside the firm) on significant
technical, ethical and other matters.
External consultants
700.36 A Firm needing to consult externally, may take advantage of advisory services provided
by other firms, professional and regulatory bodies, or commercial organizations that
provide relevant quality control services. Before contracting for such services, the Firm
considers whether the external provider is suitably qualified for that purpose.
Documentation of Consultations
700.37 Documentation of consultations with other professionals that involve difficult or

contentious matters is agreed by both the individual seeking consultation and the
individual consulted. The documentation is sufficiently complete and detailed to enable
an understanding of the issue on which consultation was sought; and the results of the
consultation, including any decisions taken, the basis for those decisions and how they
were implemented.
Differences of Opinion
700.38 There shall be policies and procedures for dealing with and resolving differences of
opinion within the engagement team, with those consulted and, where applicable,
between the engagement partner and the engagement quality control reviewer.
Conclusions reached should be documented and implemented.
700.39 There shall be policies and procedures that would encourage identification of
differences of opinion at an early stage, provide clear guidelines as to the successive
steps to be taken thereafter, and require documentation regarding the resolution of the
differences and the implementation of the conclusions reached. The report should not
be issued until the matter is resolved.

Supervision and Review
700.40 Supervision and review responsibilities are determined on the basis that more
experienced engagement team members, including the engagement partner, supervise
and review the work performed by less experienced team members.
700.41 Supervision includes the following:

▪ Tracking the progress of the engagement.
▪ Considering the capabilities and competence of individual members of the
engagement team.
▪ Addressing significant issues arising during the engagement, considering their
significance and modifying the planned approach appropriately.
▪ Identifying matters for consultation or consideration by more experienced
engagement team members.
Review
700.42 Work performed is reviewed by a team member who is generally senior to the preparer,
to consider whether:
▪ the work has been performed according to the plan;
▪ the work performed and the results obtained have been adequately documented;
▪ all important audit matters have been resolved or are reflected in audit conclusions;
▪ the objectives of the audit procedures have been achieved;
▪ the conclusions expressed are consistent with the results of the work performed
and support the audit opinion.
Review of Working Papers
700.43 The output of the audit activities are documented in the working papers for each audit
engagement. The review and supervision activities in such audits are also documented
in the working papers or alternative documentations. The review aims to accomplish
the following:
▪ support the opinion on the financial statements
▪ show that the audit complies with professional and Firm’s requirements
700.44 Someone other than the preparer reviews the working papers. Working papers subject
to review include those maintained solely on computer media. The reviewer, who is
generally senior to the preparer, considers a variety of matters including whether:
▪ the audit work has been performed in accordance with our Firm’s policies and
professional standards;
▪ the objectives of the audit procedures are achieved and conclusions expressed are
consistent with the results of the audit work performed and support the audit
opinion on the financial statements;

▪ the audit working papers are relevant to the audit and adequately document the
audit evidence obtained;
▪ issues were properly identified during the audit, brought to the attention of the
engagement partner, and resolved or reported to management, as appropriate;
▪ constructive recommendations to improve the quality of delivery or cost
effectiveness of our service can be identified.
700.45 The engagement partner is responsible for reviewing audit working papers relating to
critical audit objectives. The manager is responsible for the review of the work
performed. In case the working papers were already reviewed by the audit in-charge,
the manager's review may be limited to the extent reliance could be placed on the in-
charge capability and experience.
700.46 Reviews are generally more effective, result in more efficient follow-up and improve
communication with management if they are performed at the entity's premises and
done continuously throughout the audit and promptly upon completion of the audit
work.
700.47 Reviewers may write down questions, for example, about work performed or
documentation of the work, to facilitate follow-up. We document follow-up procedures
in the relevant working paper.
700.48 Completed working papers are self-sufficient without reference to reviewers' questions.
They contain neither pending matters nor reviewers' notes. Points raised during the
review of working papers are cleared, and where appropriate, the working papers are
revised. Review notes are not retained after the audit report has been signed.
700.49 Differences of opinion may arise between people involved in an audit engagement due
to the extent of professional judgment required in the resolution of complex accounting
and auditing issues. Such differences of opinion may be resolved by consulting a team
member who is generally at a higher level of responsibility.
700.50 If the manager and engagement partner disagree, the concurring reviewer and/or other
designated partner, such as the Practice Risk Management Partner or designee is
consulted.
700.51 For appropriate engagements, an engagement quality control review should be

performed. Such review provides an objective evaluation of the significant judgments
made by the engagement team and the conclusions reached in formulating the report.
700.52 An engagement quality control review is required for all audits of financial statements of
listed entities.
700.53 The Firm’s policies and procedures shall require the completion of the engagement
quality control review before the report is issued.

700.54 Firm policies and procedures should set out criteria against which all other audits and
reviews of historical financial information, and other assurance and related services
engagements should be evaluated to determine whether an engagement quality control
review should be performed. An engagement quality control review for all
engagements meeting said criteria.
When is a non-audit engagement subject to quality control review?
700.55 Criteria that a firm considers when determining which engagements other than audits of
financial statements of listed entities are to be subject to an engagement quality control
review include the following: (PSQC1.A41)
▪ The nature of the engagement, including the extent to which it involves a matter of
public interest.
▪ The identification of unusual circumstances or risks in an engagement or class of
engagements.
▪ Whether laws or regulations require an engagement quality control review.
700.56 The Firm’s policies and procedures shall set out:

▪ The nature, timing and extent of an engagement quality control review;
▪ Criteria for the eligibility of engagement quality control reviewers
▪ Documentation requirements for an engagement quality control review.
Nature, Timing and Extent of the

700.57 An engagement quality control review ordinarily involves discussion with the
engagement partner, a review of the financial statements or other subject matter
information and the report, and, in particular, consideration of whether the report is
appropriate.
700.58 It also involves a review of selected working papers relating to the significant judgments
the engagement team made and the conclusions they reached.
700.59 The extent of the review depends on the complexity of the engagement and the risk
that the report might not be appropriate in the circumstances. The review does not
reduce the responsibilities of the engagement partner.
700.60 The engagement quality control reviewer conducts the review in a timely manner at
appropriate stages during the engagement so that significant matters may be promptly
resolved to the reviewer’s satisfaction before the report is issued.
700.61 Where the engagement quality control reviewer makes recommendations that the
engagement partner does not accept and the matter is not resolved to the reviewer’s
satisfaction, the report is not issued until the matter is resolved by following the firm’s
procedures for dealing with differences of opinion.

Criteria for the Eligibility of
Engagement Quality Control Reviewers
700.62 The Firm’s policies and procedures should address the appointment of engagement
quality control reviewers and establish their eligibility through the technical
qualifications required to perform the role, including the necessary experience and
authority and the degree to which an engagement quality control reviewer can be
consulted on the engagement without compromising the reviewer’s objectivity.
700.63 The Firm’s policies and procedures on the technical qualifications of engagement quality
control reviewers address the technical expertise, experience and authority necessary to
perform the role.
Sufficient and appropriate technical expertise
700.64 The engagement quality control reviewer for an audit of the financial statements of a
listed entity is an individual with sufficient and appropriate experience and authority to
act as an audit engagement partner on audits of financial statements of listed entities.
Sufficient and appropriate technical expertise, experience and authority depends on the
circumstances of the engagement.
Objectivity of the Engagement Quality Control Reviewer
700.65 The Firm’s policies and procedures are designed to maintain the objectivity of the
engagement quality control reviewer.
700.66 The engagement quality control reviewer is not selected by the engagement partner
and does not otherwise participate in the engagement during the period of review;
700.67 The engagement quality control reviewer does not make decisions for the engagement
team; and is not subject to other considerations that would threaten the reviewer’s
objectivity.
Consultation with the Engagement Quality Control Reviewer
700.68 The engagement partner may consult with the engagement quality control reviewer
during the engagement. Such consultation need not compromise the engagement
quality control reviewer’s eligibility to perform the role.
700.69 Where the nature and extent of the consultations become significant, however, care is
taken by both the engagement team and the reviewer to maintain the reviewer’s
objectivity. Where this is not possible, another individual within the firm or a suitably
qualified external person is appointed to take on the role of either the engagement
quality control reviewer or the person to be consulted on the engagement.

700.70 The firm’s policies provide for the replacement of the engagement quality control
reviewer where the ability to perform an objective review may be impaired.
Suitably qualified external persons
700.71 Suitably qualified external persons may be contracted where sole practitioners or small
firms identify engagements requiring engagement quality control reviews.
Alternatively, some sole practitioners or small firms may wish to use other firms to
facilitate engagement quality control reviews.
Completion of the Assembly of Final Engagement Files
700.72 The Firm should establish policies and procedures for engagement teams to complete
the assembly of final engagement files on a timely basis after the engagement reports
have been finalized.
700.73 Law or regulation may prescribe the time limits by which the assembly of final
engagement files for specific types of engagement should be completed. Where no such
time limits are prescribed in law or regulation, the firm establishes time limits
appropriate to the nature of the engagements that reflect the need to complete the
assembly of final engagement files on a timely basis.
700.74 In the case of an audit, for example, such a time limit is ordinarily not more than 60 days
after the date of the auditor’s report.
700.75 Where two or more different reports are issued in respect of the same subject matter
information of an entity, the firm’s policies and procedures relating to time limits for the
assembly of final engagement files address each report as if it were for a separate
engagement.
Confidentiality, Safe Custody, Integrity, Accessibility and

Retrievability of Engagement Documentation
700.76 The Firm’s policies and procedures are designed to maintain the confidentiality, safe
custody, integrity, accessibility and retrievability of engagement documentation.
700.77 The Firm’s personnel must observe at all times the confidentiality of information
contained in engagement documentation, unless specific client authority has been given
to disclose information, or there is a legal or professional duty to do so.
700.78 Accessibility or retrievability of the underlying data may be compromised if the

documentation could be altered, added to or deleted without the firm’s knowledge, or if
it could be permanently lost or damaged.

700.79 Appropriate controls are designed and implemented for engagement documentation to
achieve the following objectives:
▪ Enable the determination of when and by whom engagement documentation was
created, changed or reviewed;
▪ Protect the integrity of the information at all stages of the engagement, especially
when the information is shared within the engagement team or transmitted to
other parties via the Internet;
▪ Prevent unauthorized changes to the engagement documentation; and
▪ Allow access to the engagement documentation by the engagement team and other
authorized parties as necessary to properly discharge their responsibilities.
Original paper documentation
700.80 For practical reasons, original paper documentation may be electronically scanned for
inclusion in engagement files. In that case, the Firm implements appropriate procedures
requiring engagement teams to:
▪ Generate scanned copies that reflect the entire content of the original paper
documentation, including manual signatures, cross-references and annotations;
▪ Integrate the scanned copies into the engagement files, including indexing and
signing off on the scanned copies as necessary; and
▪ Enable the scanned copies to be retrieved and printed as necessary.
Retention of Engagement Documentation
700.81 The Firm’s policies and procedures for the retention of engagement documentation for
a period shall be sufficient to meet the needs of the firm or as required by law or
regulation.
700.82 The needs of the Firm for retention of engagement documentation, and the period of
such retention, will vary with the nature of the engagement and the firm’s
circumstances, for example, whether the engagement documentation is needed to
provide a record of matters of continuing significance to future engagements.
700.83 The retention period may also depend on other factors, such as whether local law or
regulation prescribes specific retention periods for certain types of engagements, or
whether there are specific legal or regulatory requirements.
700.84 In the specific case of audit engagements, the retention period ordinarily is no shorter
than seven years from the date of the auditor’s report, or, if later, the date of the group
auditor’s report.

700.85 Procedures that the Firm adopts for retention of engagement documentation include
those that:
▪ Enable the retrieval of, and access to, the engagement documentation during the
retention period, particularly in the case of electronic documentation since the
underlying technology may be upgraded or changed over time.
▪ Provide, where necessary, a record of changes made to engagement documentation
after the engagement files have been completed.
▪ Enable authorized external parties to access and review specific engagement
documentation for quality control or other purposes.
Ownership of Engagement Documentation
700.86 Unless otherwise specified by law or regulation, engagement documentation is the

property of the firm. The firm may, at its discretion, make portions of, or extracts from,
engagement documentation available to clients, provided such disclosure does not
undermine the validity of the work performed, or, in the case of assurance
engagements, the independence of the firm or its personnel.
700.87 All working papers, schedules and memoranda made by members of the audit team in
the course of an examination, including those prepared and submitted by the client,
incident to or in the course of an examination, by any member of the audit team, except
reports submitted by the auditor to a client shall be treated confidential and privileged
and remain the property of the auditor in the absence of a written agreement between
the auditor and the client, to the contrary, unless such documents are required to be
produced through subpoena issued by any court, tribunal, or government regulatory or
administrative body.
Monitoring of Quality Controls
700.88 The Firm’s policies and procedures shall be designed to provide it with reasonable
assurance that the policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice.
700.89 Such policies and procedures should include an ongoing consideration and evaluation of
the firm’s system of quality control, including a periodic inspection of a selection of
completed engagements.
700.90 The purpose of monitoring compliance with quality control policies and procedures is to
provide an evaluation of:
▪ Adherence to professional standards and regulatory and legal requirements;
▪ Whether the quality control system has been appropriately designed and effectively
implemented; and
▪ Whether the firm’s quality control policies and procedures have been engagement
partners are appropriate in the circumstances.

700.91 The firm entrusts responsibility for the monitoring process to a partner or partners or
other persons with sufficient and appropriate experience and authority in the firm to
assume that responsibility.
700.92 Monitoring of the firm’s system of quality control is performed by competent individuals
and covers both the appropriateness of the design and the effectiveness of the
operation of the system of quality control.
Inspections
700.93 The inspection of a selection of completed engagements is ordinarily performed on a

cyclical basis. Engagements selected for inspection include at least one engagement for
each engagement partner over an inspection cycle, which ordinarily spans no more than
three years.
700.94 The manner in which the inspection cycle is organized, including the timing of selection
of individual engagements, depends on many factors, which include:
▪ The size of the firm.
▪ The number and geographical location of offices.
▪ The results of previous monitoring procedures.
▪ The degree of authority both personnel and offices have (for example, whether
individual offices are authorized to conduct their own inspections or whether only
the head office may conduct them).
▪ The nature and complexity of the firm’s practice and organization.
▪ The risks associated with the firm’s clients and specific engagements.
700.95 The inspection process includes the selection of individual engagements, some of which
may be selected without prior notification to the engagement team.
700.96 In determining the scope of the inspections, the firm may take into account the scope or
conclusions of an independent external inspection program. However, an independent
external inspection program does not act as a substitute for the firm’s own internal
monitoring program.
Disposition of Deficiencies Noted
700.97 The Firm shall evaluate the effect of deficiencies noted as a result of the monitoring
process and shall determine whether they are either:
a. Instances that do not necessarily indicate that the firm’s system of quality control is
insufficient to provide it with reasonable assurance that it complies with
professional standards and regulatory and legal requirements, and that the reports
issued by the firm or engagement partners are appropriate in the circumstances; or
b. Systemic, repetitive or other significant deficiencies that require prompt corrective
action.

700.98 The Firm shall communicate to relevant engagement partners and other appropriate
personnel deficiencies noted as a result of the monitoring process and
recommendations for appropriate remedial action.
700.99 Where the results of the monitoring procedures indicate that a report may be
inappropriate or that procedures were omitted during the performance of the
engagement, the Firm should determine what further action is appropriate to comply
with relevant professional standards and regulatory and legal requirements. It should
also consider obtaining legal advice.
Communication of the Results of Monitoring
700.100 At least annually, the firm shall communicate the results of the monitoring of its
quality control system to engagement partners and other appropriate individuals within
the Firm, including the Firm’s Managing Board of Partners.
700.101 Such communication shall enable the Firm and these individuals to take prompt and
appropriate action where necessary in accordance with their defined roles and
responsibilities.
700.102 Information communicated shall include the following:

▪ A description of the monitoring procedures performed.
▪ The conclusions drawn from the monitoring procedures.
▪ Where relevant, a description of systemic, repetitive or other significant deficiencies
and of the actions taken to resolve or amend those deficiencies.
700.103 The reporting of identified deficiencies to individuals other than the relevant
engagement partners ordinarily does not include an identification of the specific
engagements concerned, unless such identification is necessary for the proper discharge
of the responsibilities of the individuals other than the engagement partners.
Complaints and Allegations
700.104 The Firm shall establish policies and procedures designed to provide the Firm with
reasonable assurance that it deals appropriately with:
a. Complaints and allegations that the work performed by the Firm fails to comply with
professional standards and regulatory and legal requirements; and
b. Allegations of non-compliance with the firm’s system of quality control.
700.105 Complaints and allegations (which do not include those that are clearly frivolous) may
originate from within or outside the Firm. They may be made by Firm personnel, clients
or other third parties. They may be received by engagement team members or other
firm personnel.

700.106 As part of this process, the Firm establishes clearly defined channels for Firm personnel
to raise any concerns in a manner that enables them to come forward without fear of
reprisals.
700.107 The Firm investigates such complaints and allegations in accordance with established
policies and procedures. The investigation is supervised by a partner with sufficient and
appropriate experience and authority within the Firm but who is not otherwise involved
in the engagement, and includes involving legal counsel as necessary.
700.108 In cases where resources are limited, the Firm uses the services of a suitably qualified
external person or another firm to carry out the investigation. Complaints, allegations
and the responses to them are documented.
700.109 Where the results of the investigations indicate deficiencies in the design or operation
of the Firm’s quality control policies and procedures, or noncompliance with the Firm’s
system of quality control by an individual or individuals, the Firm takes appropriate
action.
Documentation
700.110 The Firm’s policies and procedures require appropriate documentation to provide
evidence of the operation of each element of its system of quality control.
700.111 How such matters are documented is the Firm’s decision. Factors considered when
determining the form and content of documentation evidencing the operation of each
of the elements of the system of quality control include the following:
▪ The size of the firm and the number of offices.
▪ The degree of authority both personnel and offices have.
▪ The nature and complexity of the firm’s practice and organization.
700.112 The Firm retains this documentation for a period of time sufficient to permit those
performing monitoring procedures to evaluate the Firm’s compliance with its system of
quality control, or for a longer period if required by law or regulation.
See Exhibit 700 – 01 for IFAC’s Guide to Quality Control for Small-and Medium-Sized Practices
This publication may be downloaded from the IFAC website:
http://www.ifac.org.
The approved text is published in the English language.

Small and Medium-sized Practitioners
LIST OF EXHIBITS
Sec. 300 - Audit Planning
Exhibit 300 – 01 Audit Strategy Checklist

Exhibit 300 – 02 Audit Planning Memorandum
Exhibit 300 – 03 Sources of Understanding of the Client and Its Environment Checklist
Exhibit 300 – 04 Understanding of the Client and Its Environment
Exhibit 300 – 05 Sources of Fraud Risks
Exhibit 300 – 06 Assessment of Non-compliance with Laws and Regulations
Exhibit 300 – 07 Materiality Worksheet
Exhibit 300 – 08 Risk Assessment Worksheet
Exhibit 300 – 09 Related Parties and Related Party Transactions
Exhibit 300 – 10 Analytical Review Procedures
Exhibit 300 – 11 Use of the Auditor’s Experts
Exhibit 300 – 12 Test of Controls - Purchasing Cycle
Exhibit 300 – 13 Substantive Test - Trade Accounts Payable
Exhibit 300 – 14 Time Budget
Sec. 400 - Audit Process
Exhibit 400 – 01 Internal Control Component Checklist

Exhibit 400 – 02 Sample Test of Control
Exhibit 400 – 03 Accounting Estimates Audit Program
Exhibit 400 – 04 Provisions, Contingencies, Commitments Audit Program
Exhibit 400 – 05 Audit Issues and Resolution Worksheet
Exhibit 400 – 06 Unadjusted Differences Worksheet
Exhibit 400 – 07 Other Information To Be Issued With Audited Financial Statements
Checklist
Exhibit 400 – 08 Going Concern Audit Program
Exhibit 400 – 09 Subsequent Events Audit Program
Exhibit 400 – 10 Illustrative Management Letter
Exhibit 400 – 11 Illustrative Written Representation Letter
Exhibit 400 – 12 Sample Work Program – Cash and Bank Balances
Exhibit 400 – 13 Sample Work Program – Participation at Inventory Count
Exhibit 400 – 14 Sample Work Program – Property, Plant and Equipment
List of Exhibits Page 1 of 2

Sec. 500 - Audit Report
Exhibit 500 – 01 Illustrative Unqualified Opinion of a Partnership

Exhibit 500 – 02 Illustrative Unqualified Opinion of an Individual Practitioner
Exhibit 500 – 03 Illustrative Audit Report with Material Uncertainty Related to
Going Concern
Exhibit 500 – 04 Illustrative Audit Report with Key Audit Matter
Exhibit 500 – 05 Illustrative Audit Report on Supplementary Schedule
Exhibit 500 – 06 Illustrative Qualified Opinion Due to Material Misstatement
Exhibit 500 – 07 Illustrative Qualified Opinion Due to the Auditor Inability to Obtain
Sufficient Appropriate Audit Evidence
Exhibit 500 – 08 Illustrative Adverse Opinion
Exhibit 500 – 09 Illustrative Disclaimer of Opinion
Exhibit 500 – 10 Illustrative Audit Report with Emphasis of a Matter
Exhibit 500 – 11 Illustrative Audit Report with Other Matter
Sec. 600 - Engagement Management
Exhibit 600 – 01 Illustrative - Annual Independence Confirmation

Exhibit 600 – 02 Illustrative - Evaluation of Prospective Client Form
Exhibit 600 – 03 Illustrative - Audit Engagement Letter
Exhibit 600 – 04 Client and Staff Forecast Form
Sec. 700 - Quality Controls
Exhibit 700 – 01 IFAC’s Guide to Quality Control for Small-and Medium-Sized Practices
List of Exhibits Page 2 of 2

Client Name: Client Code:
Period End : Partner: Manager:
Prepared by: Date:
Subject : Audit Strategy Checklist
Reviewed by: Date:
Objective: This checklist sets out the items required to be considered in developing the audit strategy.
WP
Factor to Consider Comment
Ref
The financial reporting framework on which
the financial information to be audited has
been prepared, including any need for
reconciliations to another financial reporting
framework.
Industry-specific reporting requirements such
as reports mandated by industry regulators.
The expected audit coverage, including the
number and locations of components to be
included.
The nature of the control relationships
between a parent and its components that
determine how the group is to be
consolidated.
The extent to which components are audited
by other auditors.
The nature of the business segments to be
audited, including the need for specialized
knowledge.
The reporting currency to be used, including
any need for currency translation for the
financial information audited.
The need for a statutory audit of standalone
financial statements in addition to an audit for
consolidation purposes.
The availability of the work of internal auditors
and the extent of the auditor’s potential
reliance on such work.
The entity’s use of service organizations and
how the auditor may obtain evidence
concerning the design or operation of controls
performed by them.
The effect of information technology on the
audit procedures, including the availability of
Exhibit 300 – 01 Page 1 of 4

Prepared by: Date:
Reviewed by: Date:
data and the expected use of computer-

assisted audit techniques.
WP
Ref
The coordination of the expected coverage and
timing of the audit work with any reviews of
interim financial information and the effect on
the audit of the information obtained during
such reviews.
The discussion of matters that may affect the
audit with firm personnel responsible for
performing other services to the entity.
The availability of client personnel and data.
The entity’s timetable for reporting with
government agencies, those charged with
governance, and the audit committee, such as
at interim and final stages of the audit.
The organization of meetings with
management and those charged with
governance to discuss the nature, extent and
timing of the audit work.
The discussion with management and those
charged with governance regarding the
expected type and timing of reports to be
issued and other communications, both
written and oral, including the auditor’s report,
management letters and communications to
those charged with governance.
Communication with auditors of components
regarding the expected types and timing of
reports to be issued and other communications
in connection with the audit of components.
The expected nature and timing of
communications among engagement team
members, including the nature and timing of
team meetings and timing of the review of
work performed.

Prepared by: Date:
Reviewed by: Date:
Whether there are any other expected

communications with third parties, including
any statutory or contractual reporting
responsibilities arising from the audit.
WP
Ref
With respect to materiality:
- Setting materiality for planning
purposes.
- Setting and communicating materiality
for auditors of components.
- Reconsidering materiality as audit
procedures are performed during the
course of the audit.
- Identifying the material components
and account balances.
Audit areas where there is a higher risk of
The impact of the assessed risk of material
misstatement at the overall financial statement
level on direction, supervision and review.
The selection of the engagement team
(including, where necessary, the engagement
quality control reviewer) and the assignment
of audit work to the team members, including
the assignment of appropriately experienced
team members to areas where there may be
higher risks of material misstatement.
Engagement budgeting, including considering
the appropriate amount of time to set aside for
areas where there may be higher risks of
The manner in which the auditor emphasizes
to engagement team members the need to
maintain a questioning mind and to exercise
professional skepticism in gathering and
evaluating audit evidence.
Results of previous audits that involved
evaluating the operating effectiveness of

Prepared by: Date:
Reviewed by: Date:
internal control, including the nature of

identified weaknesses and action taken to
address them.
WP
Ref
Evidence of management’s commitment to the
design and operation of sound internal control,
including evidence of appropriate
documentation of such internal control.
Volume of transactions, which may determine
whether it is more efficient for the auditor to
rely on internal control.
Importance attached to internal control
throughout the entity to the successful
operation of the business.
Significant business developments affecting
the entity, including changes in information
technology and business processes, changes in
key management, and acquisitions, mergers
and divestments.
Significant industry developments such as
changes in industry regulations and new
reporting requirements.
Significant changes in the financial reporting
framework, such as changes in accounting
standards.
Other significant relevant developments, such
as changes in the legal environment affecting
the entity.
Assessment of prior year audit issues including
audit adjustments.
Checking of BIR filings, legal cases and other

compliance reporting requirements.

Prepared by: Date:
Subject : Audit Planning Memorandum
Reviewed by: Date:
Overall Audit Objective

The purpose of this Planning Memorandum is to define the audit strategy and audit planning decisions
for the audit of the financial statements for (Company Name) as of and for the year ending (yearend).
Terms of engagement
Summarize below the pertinent terms and details under the letter of engagement dated _____________:
Financial reporting framework
The terms of engagement require the team to carry out an audit of financial statements and express an
opinion on whether the financial statements comply, in all material respects, with
____________________ (indicate financial reporting framework, such as PFRS).
Indicate below the recent developments in accounting standards which may impact the engagement:

Prepared by: Date:
Reviewed by: Date:
Additional scope (if any) including accounting and tax
Indicate any additional matters to be included in the scope of the engagement. For accounting and tax
matters, ensure that the firm is in compliance with independence requirements. Consider also the review
of tax and correspondence files with the client.
Indicate also the nature of documents or other information to be issued together with the audited
financial statements, and the impact of these documents and other information on the audit engagement.
Results of Review of Compliance with Independence Requirements
Indicate below the results of review of compliance with independence requirements with respect to the
client.
Understanding of the Entity and Its Environment
Summarize the results of obtaining an understanding of the entity and its regulatory environment,
including:
 significant changes in industry conditions,
 changes in the entity’s operations,
 changes in governance structure,
 changes in reporting, legal and regulatory requirements, and
 changes in accounting and reporting systems
and their impact on the engagement.

Prepared by: Date:
Reviewed by: Date:
Client-Specific Matters
In this section, summarize the details of points forward from prior period engagements, and the results
of review of prior year audit files and permanent files. Include also details of other entity-specific
matters which may have an effect on the engagement.
Extent on reliance on the work of internal audit, any other experts and other auditors and service
organisations
Where the client has internal auditors, or uses a service organization (BPO), indicate the extent of reliance
to be placed on the work of these entities. Where experts are to be engaged, include it also in the space
provided, identifying both the area/account where experts are required (i.e., inventories), and the
possible expert to be contracted (i.e., appraiser/statistician/lawyer).
Reporting and Communication

Prepared by: Date:
Reviewed by: Date:
Include in this section:
 the reporting timetable to client,

 nature of reports to be issued,
 the outcomes of meetings with management and those charged with governance, and
 significant issues arising from meeting with the client
Include also the nature and timing of reports including specific reporting requirements to regulators
Logistics and Special Audit Requirements
Include in this section the tentative dates and coverage of special audit requirements, such as inventory
counts, multi-location audits, and external confirmations. Include also the consideration of going
concern assumption and specific written representations of management, and their impact on the audit
engagement.

Prepared by: Date:
Reviewed by: Date:
Coordination with other auditors
Indicate in this section whether other auditors are involved in the engagement, the extent of
participation, and the agreed terms of coordination with these other auditors, including timetable for
completion of audits and dates of progress meetings.
Materiality
Indicate below the agreed audit materiality levels for this engagement.
Preliminary Analytical Procedures
Indicate below the results of preliminary analytical procedures performed.

Prepared by: Date:
Reviewed by: Date:
Fraud, Error and Non-compliance
Indicate below the results of procedures to identify and assess the risk of material misstatements,
including the risk of fraud and non-compliance with laws and regulations. Include the responses of the
team to the identified risks.
Consideration of Internal Control
Indicate below the preliminary assessment on reliance on components of the client’s internal controls.
Audit Approach
The overall audit approach is:

 With Reliance or Less Substantive
 No-Reliance or Primarily Substantive.
(The team should state here the basis of the overall assessment based on the results of the previous
section, Consideration of Internal Control)

Prepared by: Date:
Reviewed by: Date:
By selecting this approach, we expect to perform the following major audit procedures:
The selected major procedures supporting either of the approach will have to be stated below. For
example, if reliance approach is identified, the following major audit steps will be included:
 Select key business processes
 Identify process level controls
 Test relevant controls
 Perform substantive procedures to address remaining audit objectives after testing controls
 Conclude on the audit and report to management results of the audit
Sampling Techniques
Indicate below the planned sampling methods and sample sizes, based on the audit approach to be
used.
Key Client Officers and Contacts

The names and position titles as well as the contact numbers of all client personnel important for the
audit has to be listed below:
Name Title Phone number

Prepared by: Date:
Reviewed by: Date:
Engagement Team
The audit team members, including the involved experts, assembled for the particular client’s audit will
be listed in the table below:
Name Title Phone number

Engagement partner
Quality review partner
Audit manager
Senior associate
Associate
Tax partner
Tax manager/other tax staff (to list)
IT Audit partner (to list)
IT Audit manager/other IT audit staff (to list)
Other specialists (to list)
Audit Timing and Expected Output
To be listed in the table show below are the different output expected to be derived by the audit team
from their work:
Output Deadline Date Sample Format

Subject : Sources of Understanding of the Prepared by: Date:

Client and its Environment Checklist Reviewed by: Date:
Objective: This checklist sets out the sources of information regarding understanding of the client and
its environment.
Instruction: Before approval of the audit plan, check if the following sources of understanding of the
entity and its environment have been considered, and cross-reference to the relevant working paper:
Source Considered? WPRef

Previous experience with the client and its industry.
Points forward from previous audit
Permanent file of client
Discussion with people within the entity
Discussion with internal audit personnel

Internal audit reports
Discussion with predecessor external auditors
Discussion with legal and other advisers who provided services to the client
Within the firm [Department/Division: __________________________]
Outside the firm [Name of Law Firm or Consultant:___________________]
Discussion with knowledgeable people outside the entity (see Section 300.34)
Publications within the industry (see Section 300.34)
Legislation and regulations that significantly affect the entity
Visits to the entity's premises and plant facilities [indicate dates: _________]
Please indicate date for each plant facilities visited.
Example:
Warehouse A – visited April X, 200X
Warehouse B – visited May X, 200X
Documents produced by the entity

Subject : Understanding of the Client and its Prepared by: Date:

Environment Reviewed by: Date:
Objective: This checklist summarizes the information to be obtained regarding understanding of the
client and its environment.
Instruction: Fill out the required information on the spaces provided. Use a separate sheet where
necessary. This form should be reproduced in 2 copies: one included in the permanent file for further
update in future engagements, and another to be included in the current audit file.
GENERAL INFORMATION
Complete registered business
name
Date of incorporation
Registered office address
 Banking and finance  Insurance
 Manufacturing  Real-estate
Sector  Trading/retailing  Education
 Service  Other (please specify
 Utilities ________________)
 Private
 Public, non-listed
Nature of ownership
 Public, listed
 Other (please specify ________________)
Primary business activities
Peripheral business activities
Main products and services

Company contact personnel
(indicate name and contact details)
Brief history (for disclosure in the

notes to financial statements)
Exhibit 300 - 04 Page 1 of 5


MARKET POSITION AND COMPETITION

 Industry leader (indicate basis _________________)
Position within the industry
 Other (indicate ranking versus competitors _______)
1. _________________________________
2. _________________________________
Competitors (indicate position if
3. _________________________________
possible)
4. _________________________________
5. _________________________________
ORGANIZATION AND OWNERSHIP

Principal Shareholders
% Active in Client’s
Complete Name Ownership Title Operations?
1.
2.
3.
4.
5.
Directors/Those Charged with Governance

% Brief Description of
Complete Name Ownership Board Duties and Responsibilities
1.
2.
3.
4.
5.


Organization Chart
Senior Management
Brief Description of Duties and
Complete Name Position Responsibilities


ACCESSIBILITY AND FACILITIES

Category Address/Location Type WP Ref.
 Owned
Offices  Leased
 Rented
 Owned
Branches  Leased
 Rented
 Owned
Plant and
 Leased
machinery
 Rented
 Owned
Other  Leased
 Rented
GENERAL OPERATIONS
Logistics
SALES: Describe the main or key products and services offered, the pricing policies of the client and also
the market segments serviced by the client.
PURCHASES: Describe the main or key sources of supply, the purchasing policies and patterns of the
client. Include also the market segments serviced by the client.
PRODUCTION: Describe below the key phases of the production process employed by the company in
coming up with the goods and services offered.
GENERAL OPERATIONS


Major Supplier Information

Name Estimated Annual Volume of WP Ref.
Transactions (%)
GENERAL OPERATIONS
Major Customer Information
Name Estimated Annual Volume of WP Ref.
Transactions (%)

Exhibit 300 – 05: Sources of Fraud Risk
Fraud Risk Factors Sources of Risk

• Financial stability or profitability is threatened by economic, industry, or
the entity’s operating conditions.
 
• Excessive pressure exists for management to meet the requirements or
expectations of third parties or those charged with governance
(such as earnings targets or compliance with onerous
environmental regulations, etc.).
 
• Personal financial obligations may create pressure on management or
employees with access to cash or other assets susceptible to theft
to misappropriate those assets.
 
Incentives and • Adverse relationships between the entity and employees with access to
Pressures cash or other assets. For example:
– Known or anticipated future employee layoffs,  
– Recent or anticipated changes to employee
compensation or benefit plans, and  
– Promotions, compensation, or other rewards
inconsistent with expectations.
 
• The personal financial situation of management or those charged with
governance may be threatened by the entity’s financial
performance (such as financial interests, compensation,
guarantees, etc.).  
Rationalizations
• Management is interested in employing inappropriate means to:

– Minimize reported earnings for tax-motivated reasons,
an
– Increase reported earnings to avoid violating bank
covenants, increase the sale price of the entity, or meet
targets set by a third party.
 
• Employee behavior indicates displeasure or dissatisfaction with the
Attitudes and entity.  
Rationalizations
• Low morale exists among senior management.
 
• Management is tolerant of some employee thefts. For example, no

disciplinary action is taken when an employee is caught stealing.  
• Management does not enforce the entity’s values or ethical standards.

 
• Management disregards the need for monitoring or reducing risks
related to the misappropriations of assets.  
Attitudes
• Management has a known history of violations of laws and regulations,
or allegations of fraud.
 
• Management exhibits changes in behavior or lifestyle that may indicate
assets have been misappropriated.
 
• Senior managers demonstrate a poor ethical example (such as in
operating expense accounts and committing petty thefts, etc.).
Attitudes and  
Rationalizations • Management has overridden existing controls.
 
• Management has failed to take appropriate remedial action on known
deficiencies in internal control.
 
• The owner-manager makes no distinction between personal and
business transactions.  
• Disputes exist between shareholders in a closely-held entity.

 
• Management makes recurring attempts to justify marginal or
inappropriate accounting on the basis of materiality.  
• The relationship between management and the current or predecessor

auditor is strained.

Assets susceptible to misappropriation
• Large amounts of cash on hand or processed.  
• Inventory items that are small in size, of high value, or in high demand.  
• Easily convertible assets, such as bearer bonds, diamonds, or computer

chips.
Opportunities  
• Property, plant, and equipment are small in size, marketable, or lack
observable identification of ownership.
Inadequate internal controls
• Inadequate oversight by those charged with governance of

management’s processes for identifying and responding to the
risks of fraud.  
• Inadequate segregation of duties or checks.  
• Inadequate oversight of senior management expenditures.  
• Inadequate management oversight of employees responsible for assets.
 
• Inadequate job-applicant screening for employees with access to assets.
 
• Inadequate record keeping with respect to assets.  
• Inadequate authorization and approval of transactions.  
• Inadequate physical safeguards over cash, investments, inventory, or
property, plant, and equipment.  
• Lack of complete and timely reconciliations of assets.  
• Lack of timely and appropriate documentation of transactions (e.g.,
credits for merchandise returns).  
• Lack of mandatory vacations for employees performing key control
functions.  
• Inadequate management understanding of information technology,
which enables information-technology employees to perpetrate a
misappropriation.  
• Inadequate access controls over automated records, including controls
over and review of computer systems event logs.  
Reference IFAC Guide, Volume 2, Third edition, pages 91-92

Subject : Assessment of Non-Compliance with Prepared by: Date:

Relevant Laws and Regulations Reviewed by: Date:
Objective: This checklist sets out the procedures required to assess the client’s possible non-compliance
with relevant laws and regulations.
Instruction: Complete the following procedures:
Procedure WP Comment
Ref
For initial audit clients, obtain authorization
from the client to write to and discuss with the
predecessor auditor regarding audit issues
related to compliance with laws and regulation.
If the client denies permission to discuss these
matters with the predecessor auditor, that fact
should be documented.
Obtain or update a general understanding of the
legal and regulatory framework applicable to
the client and the industry and how the client is
complying with that framework.
Obtain a sufficient understanding of these laws
and regulations in order to consider them when
auditing the assertions related to the
determination of the amounts to be recorded
and the disclosures to be made. See Section
300.47 – 300.48.
Consider the existing understanding of the
client and its environment to obtain an
understanding of applicable laws and
regulations.
Inquire with management concerning the
client’s policies and procedures regarding
compliance with laws and regulations.
Inquire with management as to the laws or

regulations that may be expected to have a
primary effect on the operations of the client.
Discuss with management the policies or

procedures adopted for identifying, evaluating
and accounting for litigation claims and
assessments.
Exhibit 300 -06 Page 1 of 5


Ref
Identify instances of non-compliance with laws
and regulations where non-compliance may be
considered when preparing financial statements.
Inquire of management as to whether the client

is in compliance with such laws and regulations.
Review correspondence with relevant licensing

or regulatory authorities.
Be alert for instances of possible non-

compliance while performing other audit
procedures, such as when:
 reading minutes of meetings;
 inquiring of the entity's management
and legal counsel concerning litigation,
claims and assessments; and
 performing substantive tests of details
of transactions or balances.
Determine if, the auditor is specifically required

to report, as part of other reporting
responsibilities, whether the client complies
with certain provisions of laws or regulations. If
so required, perform the necessary test of
compliance with these laws and regulations.
When there is an awareness of information

concerning a possible instance of non-
compliance, obtain an understanding of the
nature of the act and the circumstance in which
it has occurred; and set out any other
procedures necessary to obtain sufficient other
information to evaluate the possible effect on
the financial statements.


Ref
When it is believed that there may be non-
compliance:
 document the findings;
 determine the effect of non-compliance
with laws and regulation on the
operations of the entity.
 discuss the findings with management,
without delay, if non-compliance is
believed to be intentional and material
to the financial statements;
 consider the implications of non-
compliance in relation to other aspects
of the audit, particularly the reliability of
management representations;
 communicate with the audit committee,
those charged with governance and
senior management regarding the
findings, taking care to ensure that the
parties communicated to are not
involved in the acts of noncompliance.
 Seek legal advice if there is suspicion
that members of senior management,
including those charged with
governance, are involved in the acts of
noncompliance.


Ref
When evaluating the possible effect on the
financial statements, consider:
 The potential financial consequences,
such as fines, penalties, damages, threat
of expropriation of assets, enforced
discontinuation of operations and
litigation.
 Whether the potential financial
consequences require disclosure.
 Whether the potential financial
consequences are so material and
pervasive as to call into question the fair
presentation of the financial statements.
When adequate information about the

suspected noncompliance cannot be obtained,
the auditor should consider the effect of the lack
of audit evidence on the auditor's report.
Obtain a written representation from

management that they have disclosed to the
auditor all known actual or possible non-
compliance with laws and regulations whose
effects may be considered when preparing
financial statements.
Consider the implications of noncompliance in

relation to other aspects of the audit,
particularly the reliability of management
representations.
If management does not provide satisfactory

information that it is in fact in compliance,
consult with the entity's lawyer about the
application of the laws and regulations to the
circumstances and the possible effects on the
financial statements.


Ref
When it is not considered appropriate to consult
with the client's lawyer or when the auditor is
not satisfied with the lawyer’s opinion, consult
the firm’s own lawyer as to whether a violation
of a law or regulation is involved, the possible
legal consequences and what further action, if
any, the auditor should take.
Seek legal advice if decision has to be made

whether the noncompliance, should be reported
to regulatory agencies when required by
statute, law or courts of law.

Subject : Materiality Worksheet Prepared by: Date:

Reviewed by: Date:
Objective: This worksheet is used for determining materiality levels to be used in an audit engagement.
Instruction: Supply the needed information and calculate the materiality levels to be used during the
audit engagement. Refer to Section 300.49 to 300.59 of the Audit Manual for guidance.
Bases/References for Materiality Purposes
Item Current year FS Current year Budget

Total assets
Pre-tax profit
Total owners’ equity
If the current year budget is not available, use the prior year financial statements instead.
Overall Materiality PhP _______________________

Reasons for selecting this level of materiality:
Performance Materiality PhP _______________________

Reasons for selecting this level of materiality:
Indicate reasons for subsequent changes to materiality level, if any:

Prepared by: Date:
Subject : Risk Assessment Worksheet
Reviewed by: Date:
Objective: This worksheet aims to provide a comprehensive risk assessment of the client, based on the
understanding obtained as a result of risk assessment procedures. Audit areas with higher risk are
highlighted – and are required to be given more priority and attention.
Instructions: Supply the needed information. For each audit area, assess and record the risk(s) [high,
less than high] and determine the appropriate response to the assessed risk:
1. Inherent risk (IR) The susceptibility of an assertion to a misstatement, that could be material,
individually or when aggregated with other misstatements assuming that there were no related
internal controls (Paragraph 200.6 of Sec. 200 of the Manual provides examples that the
engagement team may consider when assessing inherent risk).
2. Control risk (CR) The risk that a material misstatement could occur in an assertion and that could
be material, individually or when aggregated with other misstatements, will not be prevented or
detected and corrected on a timely basis by the entity’s internal controls (Paragraph 200.7 of
Section 200 provides examples that the engagement team may consider in assessing control risk).
Legend:
E Existence VA Valuation and allocation A Accuracy
RO Rights and obligations PD Presentation and disclosure O Occurrence
C Completeness CO Cut-off
BALANCE SHEET ACCOUNTS
Account: INTANGIBLE ASSETS AND GOODWILL
Assertion WPRef IR CR Comment

E
RO
VA
PD
Note any items which are of relevance to risk assessment on Intangible Assets:

Prepared by: Date:
Reviewed by: Date:
Account: PROPERTY, PLANT AND EQUIPMENT

E
RO
VA
PD
Note any items which are of relevance to risk assessment on Property, Plant and Equipment:
Account: INVESTMENT PROPERTY

E
RO
VA
PD
Note any items which are of relevance to risk assessment on Investment Property,:

Prepared by: Date:
Reviewed by: Date:
Account: INVESTMENTS IN ASSOCIATES

This section also applies to investments in subsidiaries.
E
RO
VA
PD
Note any items which are of relevance to risk assessment on Investments in Associates:
Account: NON-CURRENT FINANCIAL ASSETS

E
RO
VA
PD
Note any items which are of relevance to risk assessment on Non-current Financial Assets:

Prepared by: Date:
Reviewed by: Date:
Account: INVENTORIES and BIOLOGICAL ASSETS

E
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Inventories and Biological Assets:
Account: TRADE AND OTHER RECEIVABLES

E
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Trade and Other Receivables:

Prepared by: Date:
Reviewed by: Date:
Account: CASH ON HAND and IN BANK

E
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Cash on Hand and in Bank:
Account: TRADE AND OTHER PAYABLES

E
RO
VA
PD
CO

Prepared by: Date:
Reviewed by: Date:
Note any items which are of relevance to risk assessment on Trade and Other Payables:
Account: NON-CURRENT LIABILITIES and BORROWINGS

E
RO
VA
PD
Note any items which are of relevance to risk assessment on Non-current Liabilities and Borrowings:
Account: PROVISIONS, CONTINGENCIES AND COMMITMENTS

E
RO
VA
PD
CO

Prepared by: Date:
Reviewed by: Date:
Note any items which are of relevance to risk assessment on Provisions, Contingencies and
Commitments:
NOMINAL ACCOUNTS
Account: INCOME ACCOUNTS

E
PD
CO
Note any items which are of relevance to risk assessment on Income Accounts:

Prepared by: Date:
Reviewed by: Date:
Account: COST OF GOODS SOLD

E
PD
CO
Note any items which are of relevance to risk assessment on Cost of Goods Sold:
Account: Salaries and Wages

E
PD
CO

Prepared by: Date:
Reviewed by: Date:
Note any items which are of relevance to risk assessment on Salaries and Wages:
Account: OTHER EXPENSES

E
PD
CO
Note any items which are of relevance to risk assessment on Other Expenses:

Prepared by: Date:
Reviewed by: Date:
RESPONSE TO RISK ASSESSMENT
For each audit area, list the identified risks of material misstatements. Record also any significant risks
identified in the course of audit procedures performed to date. Record the audit approach to each
assessed risk.
Audit Area Identified Risk Audit Approach to Assessed Risk

e.g.,Accounts receivable, Sales e.g., Alterations and e.g., Increase the sample size of
inconsistencies have been noted confirmations of accounts
in several sales invoices (WPRef receivable.
B-21 to 23)
Use a separate sheet as necessary.

Subject : Related Parties and Related Party Prepared by: Date:

Transactions Reviewed by: Date:
Objective: This checklist sets out the audit procedures relevant to related parties and related party
transactions.
Procedure WPRef Comments

Obtain the entity’s list of related parties.
Ensure that the list of related party transactions is
complete by:
 Correlating the list with those charged with
governance, with key management and
with shareholders
 Inquiry of management regarding related
party transactions, including obtaining
support for management responses
 Reading minutes of meetings for possible
previously unidentified related parties and
related party transactions.
 Considering the results of other audit
procedures performed, including possible
transactions with special or abnormal
terms of trade.
With reference to supporting documents,
determine the substance of related party
transactions, including whether such transactions
are conducted on arm’s length basis.
For transactions which are not arm’s length,
determine if the contracting party is a related
party, and if so, whether proper accounting and
disclosure has been made.
Check for unrecorded related party transactions,
such as personal guarantees of bank loans,
transactions for personal use, income or expense
shifting and smoothing, and volume discounts
being given to another entity.
Be alert for unethical reasons behind related party
transactions, such as manipulation of profit,
manipulation of profit-based incentives, reduction
of taxes, cover-ups to meet bank loan
requirements.
Based on the results of tests performed, determine
the additional substantive procedures to be
performed.

Subject : Related Parties and Related Party Prepared by: Date:

Transactions Reviewed by: Date:
Ensure that related party transactions have been

properly recorded, and appropriately disclosed.
The following related parties and related party transactions have been identified and warrant further
investigation:
Cleared by:
Matter Proposed Tests
Initials/Date

Prepared by: Date:
Subject : Analytical Review Procedures
Reviewed by: Date:
Objective: This audit form aims to facilitate the use of analytical review procedures as risk assessment
procedures in the course of the audit engagement.
Instruction: Complete, as appropriate, the following steps:

Prepare a worksheet containing figures for the
audited financial statements of the prior year, and
the unaudited financial statements for the year
under audit).
Perform the following analyses:

1. Growth in income
2. Growth in operating expenses
3. Growth in pre-tax profit
Formula: (Current year – Prior Year) / Prior Year
Perform, as appropriate, the following analyses:
1. Gross profit margin

(GP / Income)
2. Operating profit margin
(Oper. Profit / Income)
3. Net profit margin
(Pre-tax profit / Income)
4. Return on capital employed
(Pre-tax profit / [assets – current liab])
5. Return on equity
(Pre-tax profit / shareholders’ equity)
6. Return on assets
(Pre-tax profit / Total assets)

1. Days in accounts receivable
(Ave. AR / Income) x 365
2. Days in inventory
(Ave. Invty / Income) x 365
3. Days in accounts payable
(Ave. AP / Income) x 365

Prepared by: Date:
Subject : Analytical Review Procedures
Reviewed by: Date:

1. Current ratio
(Current assets / Current liabilities)
2. Acid test ratio
(Current assets – invty / Current liabilities)
3. Times interest earned
(Operating profit / Interest expense)
Summarize the results of analyses. Consider also

comparison of balances of current year and prior
year. Determine the most appropriate interpretation
of the results.
Based on the interpretation of the analyses, update
the risk assessment, the audit strategy, and the audit
plan.
Determine possible areas where informal advice can
be given to the client as a result of the results of
analyses.

Prepared by: Date:
Subject : Use of the Auditor’s Expert
Reviewed by: Date:
Objective: This audit form aims to facilitate the use of auditor’s experts in an audit engagement.
Instruction: Complete the following steps:

Evaluate whether the auditor’s expert has the
necessary competence, capabilities and objectivity
suitable for the engagement, based on the
following:
 Personal experience with previous work of
the expert
 Discussion with the expert
 Discussion with other auditors who are
familiar with the expert’s work
 Knowledge of the expert’s qualifications,
membership in professional societies, etc.
 Published papers, books and journals
 Firm quality control policies and
procedures
Assess the objectivity of the auditor’s expert,
considering the possibility of interests or
relationships present between the expert and the
audit client.
Consider requesting for written representation
from the auditor’s expert in relation to objectivity.
Obtain a sufficient understanding of the field of
expertise of the auditor’s expert, by considering:
 Relevance of the field to the audit
 Professional and other regulatory
requirements applicable to the field
 Assumptions, methods and models used by
the expert, and the appropriateness of the
same for financial reporting purposes
 Sources and types of data that the expert
uses in his/her work
Agree with the auditor’s expert on the following
matters:
 Nature, scope and objectives of the
expert’s work
 Respective roles and responsibilities of the
auditor and the expert
- Party to test the source data

Prepared by: Date:
Reviewed by: Date:
- Consent to discuss the expert’s work

with the client and other parties
- Consent to include details of the
expert’s work in the case of a modified
report.
- Access to and retention of engagement
documentation
 Nature, timing and extent of
communication between the auditor and
the expert, including the form of any
reports.
 Confidentiality requirements
Evaluate the adequacy of the auditor’s expert’s
work for the auditor’s purposes.
 Discuss the findings with the expert
 Review the engagement documentation of
the expert.
 Corroborative procedures, such as:
- Observation of the expert’s work
- Examining published data
- Confirming relevant matters with third
parties
- Performing detailed analytical
procedures
- Reperformance of computations
In case of inconsistencies noted between the
findings of the expert and the documentation,
consult, as necessary, with another expert in the
same field.
Discuss the work of the auditor’s expert with the
appropriate level of management.
Test the proper presentation of the work of the
expert as shown in his report.
Test the appropriateness of the significant
assumptions and methods used by the auditor’s
expert.
Test the reasonableness and validity of the source
data being used by the auditor’s expert in his work.
Obtain the final report directly from the auditor’s
expert.
Review the auditor’s expert’s report.

Prepared by: Date:
Reviewed by: Date:
If the work of the auditor’s expert is deemed to be

insufficient for the purposes of the auditor, agree
with the expert on the additional procedures to be
performed.

Prepared by: Date:
Subject : Test of Controls – Purchasing Cycle
Reviewed by: Date:
Objective: This checklist sets out the procedures required to test controls in the purchasing cycle.
Instruction: Complete the following procedures:
WP Done
Procedure Comment
Ref by
Select inventory analysis reports used by the
client to monitor inventory levels and
determine whether the reports were
prepared on a timely basis and appear
complete.
Perform a walk-through of the client’s
replenishment and allocation system to assess
its effectiveness.
Select a sample of receiving reports and
compare them to the corresponding journal
entries and purchase orders to evaluate the
effectiveness of the systems’ three-way match
control.
Obtain a copy of the findings of the Internal
Audit Department regarding three-way match
control.
Evaluate the findings of Internal Audit.
Perform a walkthrough of the supplier
contract manager’s review of purchase
returns and assess performance.
Evaluate the effectiveness of the client’s
supplier reconciliation process by inspecting a
sample of reconciliation and the client’s
resolution and follow up on any discrepancies.
Assess residual business risk based on results
of control test work. Consider the audit
implications of residual risk and revise
assessments as needed.
Consider the implications of any findings
related to the client’s business while
performing these procedures and report the
findings to management and those charged
with governance, as appropriate.

Audit Manual Part1

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Audit Manual Part1

Загружено:

Авторское право:

Доступные форматы

PICPA Audit Guide for

Small and Medium-Sized Practitioners

Ma. Asuncion M. Golez

Sec. 200 – Concepts and Principles 200-1 - 200-26

PICPA Audit Guide Table of Contents - 1

Sec. 300 – Audit Planning 300-1 - 300-34

PICPA Audit Guide Table of contents - 2

Sec. 400 – Audit Process 400-1 - 400-55

PICPA Audit Guide Table of contents - 3

PICPA Audit Guide Table of contents - 4

Sec. 500 – Audit Reports 500-1 - 500-26

PICPA Audit Guide Table of contents - 5

Sec. 600 – Engagement Management 600-1 - 600-26

PICPA Audit Guide Table of contents - 6

Sec. 700 – Quality Controls 700-1 - 700-17

PICPA Audit Guide Table of contents - 7

PICPA Audit Guide Table of contents - 8

Organization of the manual

Study and Evaluation of Internal Controls

Perform Audit Tests

Completing the Audit Engagement

Issuance of the Audit Report

Audit Risk Management

200.3 The audit concepts described in this section include:

Concepts and Principles 200 - 1

Concepts and Principles 200 - 2

Residual Risks of Material Misstatement

Concepts and Principles 200 - 3

Concepts and Principles 200 - 4

200.19 Non-routine transactions may include:

Concepts and Principles 200 - 5

200.24 Management is responsible for accounting estimates. To fulfill this responsibility,

Concepts and Principles 200 - 6

Risk of Material Misstatement

200.31 A misstatement is a difference between the amount, classification, presentation, or

Concepts and Principles 200 - 7

Concepts and Principles 200 - 8

Financial Statement Assertions and Audit Objectives

200.38 PSA 315, par. A111 classifies assertions as follows:

Concepts and Principles 200 - 9

Assertions about account balances at period end include:

Assertions about presentation and disclosure include:

Concepts and Principles 200 - 10

Critical audit objectives

For example, the auditor considers, among others:

Concepts and Principles 200 - 11

200.54 There are three levels of materiality:

200.55 The assessment of materiality is a matter of the auditor’s professional judgment. In

Concepts and Principles 200 - 12

▪ Have a reasonable knowledge of business, economic activities, and accounting, and

200.60 As a result of the interaction of quantitative and qualitative considerations in the

Concepts and Principles 200 - 13

200.62 This sub-section discusses:

Sufficiency of audit evidence

Concepts and Principles 200 - 14

Before or at the Period End?

Concepts and Principles 200 - 15

Techniques to obtain audit evidence

Concepts and Principles 200 - 16

200.82 Although corroboration of evidence obtained through inquiry is often of particular

Concepts and Principles 200 - 17

200.88 Analytical procedures consist of evaluations of financial information made by a study of

Concepts and Principles 200 - 18

Risk Assessment Procedures