Академический Документы
Профессиональный Документы
Культура Документы
Assurance Services/Engagements:
Assurance services – independent professional services in which a practitioner issues a written
communication that expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of the evaluation or measurement
of a subject matter against criteria
Assurance engagement – an engagement in which a practitioner expresses a conclusion designed
to enhance the degree of confidence of the intended users other than the responsible party about
the outcome of the evaluation or measurement of a subject matter against criteria
Limited assurance engagements – engagements that provide only a “moderate” or “limited” level of
assurance
The objective of a limited assurance engagement is a reduction in assurance engagement risk to
an acceptable level as the basis for a negative form of expression of the practitioner’s conclusion.
Thus, the risk in limited assurance engagement is greater than for a reasonable assurance
engagement.
Direct reporting engagements – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that has
performed the evaluation or measurement that is not available to the intended users
The criteria to be used are suitable and are available to the intended users
The practitioner has access to sufficient appropriate evidence to support the practitioner’s
conclusion;
The practitioner’s conclusion, in the form appropriate to either a reasonable assurance
engagement or a limited assurance engagement, is to be contained in a written report, and
The practitioner is satisfied that there is a rational purpose for the engagement.
The term practitioner is broader than the term “auditor” as used in professional standards, which
only refers to practitioner performing audit or review engagements with respect to historical
financial information.
Responsible party – person/s who is responsible for the subject matter or the assertion (subject
matter information)
For example, an entity’s management is responsible for the preparation and presentation of financial
statements or the establishment and implementation of internal control.
Intended user/s – person, persons or class of persons for whom the practitioner prepares the
assurance report; they are the users to whom the practitioner usually addresses the report
Physical characteristics (for example, capacity of a facility) for which the subject matter
information may be a specifications document
Systems and processes (for example, entity’s internal control or IT system) for which the
subject matter information may be an assertion about effectiveness
Behavior (for example, corporate governance, compliance with regulation, human resource
practices) for which the subject matter information may be a statement of compliance or a
statement of effectiveness
Suitable Criteria:
Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an
assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without
frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.
Whether criteria are established or specifically developed affects the work that the practitioner
carries out to assess their suitability for a particular engagement.
Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its
reliability
The practitioner should provide a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. In addition, the practitioner considers other reporting
responsibilities, including communicating with those charged with governance when it is appropriate to do so.
Attestation Services:
An attestation service is a type of assurance service in which a practitioner is engaged to issue a
written communication that expresses a conclusion about the reliability of a written assertion that is the
responsibility of another party. Attestation generally refers to an expert's written communication of a
conclusion about the reliability of someone else's assertions.
Non-assurance Engagements:
Not all engagements are assurance engagements. Other engagements performed by practitioners that
do not meet the definition of assurance engagement are classified as non-assurance engagements or
services. Non-assurance engagements are those that do not result in the practitioner’s expression of a
conclusion that provides a level of assurance, whether negative assurance or other form of assurance. The
practitioner does not convey to the intended users any assurance as to the reliability of an assertion.
The practitioner’s primary purpose for performing non-assurance services is to provide advice and
technical assistance that will enable a client to conduct its business more effectively.
Tax Services:
Tax compliance – includes the preparation of tax returns (for individuals, corporations, estates and
trusts, and other entities) and acting as client’s representative to tax authorities or in tax litigations
Tax planning – includes the determination of the tax consequences of planned or potential
transactions (legally minimizing client’s tax liability) followed by making suggestions on the most
desirable course of action
Management Consulting:
Management advisory (consulting) services – refers to the function of providing professional
advisory (consulting) services, the primary purpose of which is to improve client’s use of its capabilities and
resources to achieve the objectives of the organization. Advisory (consulting) services are professional
services that provide advice and assistance to clients by improving their condition directly. Advice or
assistance to clients may cover the entity’s organization, operations, risk management, systems design and
implementation, process personnel, corporate finances, or other activities.
Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one
party for use by another party. The level of assurance is the degree of the practitioner’s satisfaction or
degree of certainty the practitioner has attained and wishes to convey to intended users. Such level or
degree of assurance depends on the procedures performed and the evidence collected by the practitioner.
Non-Assurance Services
Point of Assurance Services (Related Services)
distinction Audit Review Agreed-upon Compilation
procedures
Objective To express To report whether To perform audit To assist the client in
opinion on anything has come procedures agreed financial statements
fairness of to the auditor’s on with the client preparation by using
financial attention that causes and any appropriate accounting expertise
statement him to believe that third parties as opposed to auditing
the financial identified in the expertise
statements are not report
fair
Characteristic Audit opinion Substantially less in Recipients of Accounting
s enhances the scope of procedures the report must expertise, rather
credibility of than audit form their own than auditing, is
financial conclusions used
statements from the report Users derive some
Report is benefit because
restricted to the service has
contracting been performed
parties with due
professional skill
and care
Other pronouncements:
ᜀ Ā ᜀ Ā ᜀ Ā ᜀ
hilippine Standards on Quality Control (PSQCs) – to be applied for all services that fall under the
AASC’s engagement standards, namely, audit, review, other assurance, and related services
ᜀ Ā ᜀ Ā ᜀ Ā ᜀ
hilippine Framework for Assurance Engagements – to be applied for assurance engagements
PSAs, PSREs, PSAEs, and PSRSs are collectively referred to as the AASC's Engagement Standards.
The AASC issues Practice Statements to provide interpretive guidance and practical assistance
to practitioners in implementing the Engagement Standards and to promote good practice.
Sets out characteristics that must be exhibited before a practitioner can accept an assurance
engagement.
In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who perform assurance
engagements are governed by:
The Code of Ethics for Professional Accountants in the Philippines
The Philippine Standards on Quality Control (PSQCs)
The Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements.
Practitioner’s association with the subject matter: A practitioner is associated with financial
information when:
The practitioner reports on information about that subject matter, that is, the practitioner attaches a
report to that financial information; or
The practitioner consents to the use of the his name in a professional connection with that subject
matter
If the practitioner is not associated in this manner, third parties can assume no responsibility of the
practitioner.
INTRODUCTION TO AUDITING
Auditing, Defined:
Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions
about economic actions and events to ascertain the degree of correspondence between those assertions and
established criteria and communicating the results to the interested users.”
Important Concepts:
Systematic process – auditing involves structured/logical series of sequential steps or
procedures known as the audit process
Assertions about economic actions and events – assertions are the subject matter of
auditing
In the context of audit of financial statements, assertions are representations of
management, explicit or otherwise, that are embodied in the financial statements.
lOMoARcPSD|4363002
Assertions include the accounts, balances/amounts and disclosures appearing on the face
of the financial statements (and in the notes to financial statements) and which the
management claims to be free of misstatements.
Audit evidence gathered and evaluated by the auditor may support or contradict the
assertions of management.
Established criteria – the standards or benchmarks that are needed to judge the validity of
the assertions on the financial statements
In the context of audit of financial statements, the established criteria are the applicable
financial reporting framework (for example, the PFRS).
Communicating the results to the interested users – The ultimate objective of audit is
the communication of audit findings/opinion on the fairness of the financial statements to
interested users.
Communicating results is achieved through issuance of a written audit report which
contains the audit opinion (or disclaimer of opinion).
Interested users are the wide variety of financial statements users who rely on the
auditor’s opinion such as the stockholders, creditors, potential investors and creditors,
management, government agencies, and the public (in general).
An audit can help reduce information risk, that is, the risk that the financial statements that will be
used for decision-making are materially misleading, unreliable or inaccurate.
Four conditions/reasons that gave rise to a demand for independent audit of financial statements:
Another condition that gave rise to demand for audit of financial statements is the
stewardship or agency theory which means that management wants the credibility an audit
adds to the financial statement to enhance stewardship of the financial statement and to
lessen the owner’s mistrust of the management.
Auditing concepts and standards are based on the following postulates and assumptions which form part
of the elements of theoretical framework of auditing:
An audit benefits the public. – the primary beneficiary of reliable financial statements are the
wide variety of users (intended users)
Financial data and statements to be audited are verifiable. – if financial statements are not
verifiable, there can be no audit
Financial statements or data are verifiable if two or more qualified individuals, working
independently, each reach essentially similar conclusions.
The auditor should always maintain independence with respect to the client whose
financial statements are subject to audit. – audit opinion and the audit report would be of little
or no value if auditor is not independent
Effective internal control system reduces the possibility of errors and fraud affecting the
financial statements. – Internal control affects the reliability of the financial statements. The
stronger the internal control is, the lesser the possibility of errors and fraud, and consequently, the
more reliance on internal control can be placed or assurance that it can generate reliable accounting
data and financial statements.
There should be no long-term conflict between the auditor and the client management.
– Short-term conflicts may exist between the management who prepare the data and auditors who
examine the data but such conflicts must be resolve since both must be interested in fairness of the
financial statements.
Consistent application of GAAP results in fair presentation of FS. – The criterion in financial
statement audit is an identified or applicable financial reporting framework, which is usually the PFRS.
What was held true in the past will continue to hold true in the future in the absence of
known conditions to the contrary. – Experience and knowledge accumulated from auditing a
client in prior years can be used to determine the appropriate audit procedures that need to be
performed.
Synonyms:
Audit of financial statements is sometimes called:
Independent audit because in an audit of financial statements the auditor is independent
of the client subject to audit.
External audit because it is performed by an external auditor who is not an employee of
the client subject to audit.
Financial audit
Various descriptions:
Independent auditing has been described in a variety of ways, as follows:
It involves objective examination of and reporting on financial statements prepared by
lOMoARcPSD|4363002
management
It is a discipline which attests to the results of accounting and other functional operations
and data.
It lends credibility to the financial statements.
It provides increased assurance to users as to the fairness of the financial statements.
Its essence is to determine whether the client’s financial statements are fairly stated. It
enhances the degree of confidence of interested users in the financial statements.
It provides reasonable assurance that the financial statements fairly reflect the economic
substance of the transactions and events reflected in those statements.
To report on the financial statements and to communicate such report in accordance with
the auditor’s findings.
In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to
draw conclusions on which to base that opinion. The auditor’s opinion is on the fairness of the
audited financial statements.
The auditor's opinion helps establish the credibility of the financial statements.
Auditor’s report:
the primary product of an audit engagement
the end product of the audit process
a written report that contains auditor’s opinion about the fairness of the FS
the medium through which the auditor communicates the results of his or her work
Example of Standard Independent Auditor’s Report (pls. refer to PSA 700; pls. memorize)
An FS audit is:
NOT a certification or guarantee as to accuracy or fairness of the FS.
NOT an assurance as to future viability of the entity.
NOT an assurance as to efficiency or effectiveness of the client’s business operations.
lOMoARcPSD|4363002
NOT attestation as to the financial strength of an entity, the wisdom of its management
decisions, or the risk of doing business with it.
Financial Statements:
Financial statements are a structured representation of historical financial information (including
related notes which comprise a summary of significant accounting policies and other explanatory
information), intended to communicate an entity’s economic resources or obligations at a point in time
or the changes therein for a period of time in accordance with a financial reporting framework.
The term “financial statements” ordinarily refers to a complete set of financial statements, but
can also refer to a single financial statement.
Examples:
Communication with those charged with governance
Auditor’s responsibilities relating to fraud in an audit of financial statements
with the applicable financial reporting framework. In other words, the management is
primarily responsible for the fairness of the financial statements.
The auditor’s responsibility for the financial statements is confined to the expression of
opinion on them. The audit of the financial statements does not relieve management or
those charged with governance of their responsibilities over the financial statements because
the auditor merely audits the financial statements.
However, an auditor may make suggestions on the form and content of financial statements
or may draft statement.
Applicable financial reporting framework means the financial reporting framework adopted by
management (and, where appropriate, those charged with governance) in the preparation of the financial
statements that is acceptable in view of the nature of the entity and the objective of the financial
statements, or that is required by law or regulation.
The applicable financial reporting framework often encompasses financial reporting standards established
by:
An authorized or recognized standards setting organization (such as
PFRSC) Legislative or regulatory requirements
Where conflicts exist between the financial reporting framework and the sources from which
direction on its application may be obtained, or among the sources that encompass the financial
reporting framework, the source with the highest authority prevails.
Financial reporting frameworks encompass primarily the financial reporting standards established by
an organization that is authorized or recognized to promulgate standards to be used by entities for
preparing general purpose financial statements are often designed to achieve fair presentation, for
example, International Financial Reporting Standards (PFRSs).
Relevant ethical requirements – The auditor shall comply with relevant ethical requirements,
including those pertaining to independence, relating to financial statement audit engagements.
Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics)
promulgated by the Board of Accountancy
Compliance with the Code of Ethics is necessary in order to ensure the highest quality of
performance and to maintain public confidence in the profession and in the context of audit of
financial statements, maintain public confidence in the auditor’s work.
Part A of the Code of Ethics – establishes the fundamental principles of professional ethics
relevant to the auditor when conducting an audit of financial statements and provides a
conceptual framework for applying those principles
The fundamental principles of professional ethics are:
Integrity
Objectivity
Professional competence and due care
Confidentiality, and
Professional behavior
Part B of the Code of Ethics – illustrates how the conceptual framework is to be applied
in specific situations
Independence
It is in the public interest that the auditor be independent of the entity subject to
the audit.
The auditor’s independence from the entity safeguards the auditor’s ability to form an audit
opinion without being affected by influences that might compromise that opinion.
Independence enhances the auditor’s ability to act with integrity, to be objective
and to maintain an attitude of professional skepticism.
Independence requirements comprise of both:
Independence of mind
Independence in appearance
National requirements that are more restrictive
Philippine Standard on Quality Control (PSQC) – require the CPA firm to establish and
maintain its system of quality control designed to provide it with reasonable assurance that the
firm and its personnel comply with relevant ethical requirements, including those pertaining to
independence
Professional scepticism – The auditor shall plan and perform an audit with professional scepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.
The auditor may accept records and documents as genuine unless the auditor has reason
to believe the contrary. In cases of doubt about the reliability of information or indications
of possible fraud, the PSAs require that the auditor investigate further and determine what
modifications or additions to audit procedures are necessary to resolve the matter.
Maintaining professional skepticism throughout the audit is necessary to reduce the risks of:
lOMoARcPSD|4363002
The auditor cannot be expected to disregard past experience of the honesty and integrity of
the entity’s management and those charged with governance. Nevertheless, a belief that they
are honest and have integrity does not relieve the auditor of the need to maintain professional
skepticism in conducting the audit.
Professional judgement – The auditor shall exercise professional judgment in planning and
performing an audit of financial statements.
Professional judgment is essential to the proper conduct of an audit. This is because interpretation
of relevant ethical requirements and the PSAs and the informed decisions required throughout the
audit cannot be made without the application of relevant knowledge and experience to the facts and
circumstances.
The exercise of professional judgment in any particular case is based on the facts and
circumstances that are known by the auditor. Consultation on difficult or contentious matters
during the course of the audit, both within the engagement team and between the
engagement team and others at the appropriate level within or outside the firm assist the
auditor in making informed and reasonable judgments.
Professional judgment can be evaluated based on whether the judgment reached reflects a
competent application of auditing and accounting principles and is appropriate in the light of,
and consistent with, the facts and circumstances that were known to the auditor up to the date
of the auditor’s report.
Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable
assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to
base the auditor’s opinion.
Audit evidence includes information used by the auditor in arriving at the conclusions
on which the auditor’s opinion is based. Audit evidence includes both:
Information contained in the accounting records underlying the financial statements
and Other information
lOMoARcPSD|4363002
Appropriateness is the measure of the quality of audit evidence; that is, its relevance and
its reliability in providing support for the conclusions on which the auditor’s opinion is based. The
reliability of evidence is influenced by its source and by its nature, and is dependent on the
individual circumstances under which it is obtained.
Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an
acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to
base the auditor’s opinion, is a matter of professional judgment.
Note:
Audit evidence is necessary to support the auditor’s opinion and report.
It is cumulative in nature and is primarily obtained from audit procedures
performed during the course of the audit.
Audit evidence comprises both information that supports and corroborates
management’s assertions, and any information that contradicts such assertions.
Most of the auditor’s work in forming the auditor’s opinion consists of obtaining
and evaluating audit evidence.
The sufficiency and appropriateness of audit evidence are interrelated.
Obtaining more audit evidence, however, may not compensate for its poor quality.
Audit risk
Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial
statements are materially misstated. Audit risk is a function of the risks of material misstatement
and detection risk.
Audit risk does not include the risk that the auditor might express an opinion that the
financial statements are materially misstated when they are not. Audit risk is a technical term
related to the process of auditing; it does not refer to the auditor’s business risks such as loss
from litigation, adverse publicity, or other events arising in connection with the audit of
financial statements.
Risk of material misstatements is the risk that the financial statements are
materially misstated prior to audit. Risk of material misstatement may exist at two levels:
Overall financial statement level – refer to risks of material misstatement that relate
pervasively to the financial statements as a whole and potentially affect many assertions
Assertion level – refer to risks of material misstatement that relate to classes
of transactions, account balances, and disclosures
Risks of material misstatement at assertion level (inherent risk and control risk) are the
entity’s risks; they exist independently of the audit of the financial statements. Such risks are
assessed in order to determine the nature, timing and extent of further audit procedures
necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor
to express an opinion on the financial statements at an acceptably low level of audit risk. The
assessment of risks is a matter of professional judgment, rather than a matter capable of
precise measurement.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could be material,
either individually or when aggregated with other misstatements.
Detection risk relates to the nature, timing and extent of the auditor’s procedures that
are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a
function of the effectiveness of an audit procedure and of its application by the auditor.
For a given level of audit risk, the acceptable level of detection risk bears an inverse
relationship to the assessed risks of material misstatement at the assertion level. For
example, the greater the risks of material misstatement the auditor believes exists, the less
the detection risk that can be accepted and, accordingly, the more persuasive the audit
evidence required by the auditor.
The following matters assist to enhance the effectiveness of an audit procedure and of its
application and reduce the possibility that an auditor might select an inappropriate audit
procedure, misapply an appropriate audit procedure, or misinterpret the audit results:
Adequate planning
Proper assignment of personnel to the engagement team
The application of professional scepticism, and
Supervision and review of the audit work performed
Detection risk, however, can only be reduced, not eliminated, because of the
inherent limitations of an audit. Accordingly, some detection risk will always exist.
Complying with relevant requirements means the auditor shall comply with
each requirement of a PSA unless, in the circumstances of the audit:
The entire PSA is not relevant (for example, if an entity does not have an
internal audit function, nothing in PSA 610 is relevant)
The requirement is not relevant because it is conditional (implicit or explicit)
and the condition does not exist.
Examples of conditional requirements:
The requirement to modify the auditor’s opinion if there is a limitation of
scope represents an explicit conditional requirement.
The requirement to communicate significant deficiencies in internal control
identified during the audit to those charged with governance, which
depends on the existence of such identified significant deficiencies; and
The requirement to obtain sufficient appropriate audit evidence regarding the
presentation and disclosure of segment information in accordance with the
applicable financial reporting framework, which depends on that framework
lOMoARcPSD|4363002
requiring or permitting
Having an understanding of the entire text of a PSA (including its application and other
explanatory material) to understand its objectives and to apply its requirements properly
Prohibition from the auditor from representing compliance with PSAs in the auditor’s report
when he has not complied with the requirements of PSAs relevant to the audit
The use of the objectives stated in relevant PSAs in planning and performing the audit to
achieve the overall objectives of the auditor.
In using the objectives, the auditor is required to have regard to the interrelationships among
the PSAs. This is because the PSAs deal in some cases with general responsibilities and in
others with the application of those responsibilities to specific topics.
The auditor is required to use the objectives to evaluate whether sufficient appropriate
audit evidence has been obtained in the context of the overall objectives of the auditor. If
as a result the auditor concludes that the audit evidence is not sufficient and appropriate,
then the auditor may follow one or more of the following approaches:
Evaluate whether further relevant audit evidence has been, or will be, obtained as a
result of complying with other PSAs;
Extend the work performed in applying one or more requirements; or
Perform other procedures judged by the auditor to be necessary in
the circumstances.
In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs).
PAPSs provide interpretative guidance and practical assistance to auditors in implementing the
PSAs and to promote good practice in the accountancy profession.
The Glossary of Terms relating to PSAs contains a complete listing of terms defined in the PSAs.
It also includes descriptions of other terms found in PSAs to assist in common and consistent
interpretation and translation.
lOMoARcPSD|4363002
The scope, effective date and any specific limitation of the applicability of a specific PSA is
made clear in the PSA. Unless otherwise stated in the PSA, the auditor is permitted to apply a
PSA before the effective date specified therein.
In performing an audit, the auditor may be required to comply with legal or regulatory
requirements in addition to the PSAs. The PSAs do not override law or regulation that
governs an audit of financial statements. In the event that such law or regulation differs from
the PSAs, an audit conducted only in accordance with law or regulation will not automatically
comply with PSAs.
The need for the auditor to depart from a relevant requirement is expected to arise only where the
requirement is for a specific procedure to be performed and, in the specific circumstances of the audit,
that procedure would be ineffective in achieving the aim of the requirement.
The PSAs do not call for compliance with a requirement that is not relevant in the circumstances of
the audit.
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance
about whether the financial statements as a whole are free from material misstatement, whether
due to fraud or error. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate
audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to
draw reasonable conclusions on which to base the auditor’s opinion.
For purposes of specifying additional considerations to audits of smaller entities, a “smaller entity” refers
to an entity which typically possesses qualitative characteristics such as:
Concentration of ownership and management in a small number of individuals (often a single
individual – either a natural person or another enterprise that owns the entity provided the
owner exhibits the relevant qualitative characteristics); and
One or more of the following:
Straightforward or uncomplicated transactions;
Simple record-keeping;
Few lines of business and few products within business lines;
Few internal controls;
Few levels of management with responsibility for a broad range of controls; or
Few personnel, many having a wide range of duties.
These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller
entities do not necessarily display all of these characteristics.
The PSAs refer to the proprietor of a smaller entity who is involved in running the entity on a day-to-
day basis as the “owner-manager.”
The auditor should plan and perform the audit with an attitude of professional
skepticism recognizing that circumstances may exist that may cause the FS to be materially
misstated.
Because of the possibility that the FS may be materially misstated, the auditor should conduct
the audit with an attitude of professional skepticism. For example, the auditor would ordinarily
lOMoARcPSD|4363002
expect to find evidence to support management representations and not assume they are necessarily
correct.
Attitude of professional skepticism: means the practitioner makes a critical assessment, with a
questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or
brings into question the reliability of documents or representations by the responsible party. In
planning and performing the audit, the auditor neither assumes that the management is honest nor
assumes unquestioned honesty.
Although an independent FS audit in accordance with PSAs lends credibility to the FS, such audit is
designed to provide only reasonable assurance, rather than absolute assurance, that the FS taken as a whole
are free from material misstatement, whether due to fraud or error. In other words, the level of assurance
provided by an audit of detecting a material misstatement is referred to as reasonable assurance.
Reasonable assurance means high, but not absolute, assurance.
Reasonable assurance refers to the gathering of the audit evidence necessary for the auditor to
conclude that there are no material misstatements in the FS, taken as a whole. This concept recognizes the
existence of audit risk.
When reasonable assurance cannot be obtained and a qualified opinion cannot be expressed, the
auditor should:
Disclaim an opinion, or
Withdraw from the engagement (if legally permitted)
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about whether
the financial statements as a whole are free from material misstatement, whether
The nature of audit procedures – there are practical and legal limitations on the auditor’s ability
to obtain audit evidence
For example:
lOMoARcPSD|4363002
There is the possibility that management or others may not provide, intentionally or
unintentionally, the complete information that is relevant to the preparation of the financial
statements or that has been requested by the auditor. Accordingly, the auditor cannot be
certain of the completeness of information, even though the auditor has performed audit
procedures to obtain assurance that all relevant information has been obtained.
Fraud may involve sophisticated and carefully organized schemes designed to conceal it.
Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an
intentional misstatement that involves, for example, collusion to falsify documentation which
may cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither
trained as nor expected to be an expert in the authentication of documents.
An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not
given specific legal powers, such as the power of search, which may be necessary for such an
investigation.
The need for the audit to be conducted within a reasonable period of time and at a reasonable cost.
Timeliness of Financial Reporting and the Balance between Benefit and Cost
A48. The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit
procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive.
Appropriate planning assists in making sufficient time and resources available for the conduct of the audit.
Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and there is
a balance to be struck between the reliability of information and its cost. This is recognized in certain financial
reporting frameworks (see, for example, the IASB’s “Framework for the Preparation and Presentation of Financial
Statements”). Therefore, there is an expectation by users of financial statements that the auditor will form an
opinion on the financial statements within a reasonable period of time and at a reasonable cost, recognizing that it
is impracticable to address all information that may exist or to pursue every matter exhaustively on the
assumption that information is in error or fraudulent until proved otherwise.
A50. In light of the approaches described in paragraph A49, the ISAs contain requirements for the
planning and performance of the audit and require the auditor, among other things, to:
Have a basis for the identification and assessment of risks of material misstatement at the
financial statement and assertion levels by performing risk assessment procedures and
related activities;21 and
Use testing and other means of examining populations in a manner that provides a
reasonable basis for the auditor to draw conclusions about the population.
A51. In the case of certain assertions or subject matters, the potential effects of the inherent limitations
on the auditor’s ability to detect material misstatements are particularly significant. Such assertions or
subject matters include:
Fraud, particularly fraud involving senior management or collusion. See ISA 240 for further
discussion.
The existence and completeness of related party relationships and transactions. See ISA 55023
for further discussion.
The occurrence of non-compliance with laws and regulations. See ISA 250.24 for
further discussion.
Future events or conditions that may cause an entity to cease to continue as a going
concern. See ISA 570.25 for further discussion.
Relevant ISAs identify specific audit procedures to assist in mitigating the effect of the inherent limitations.
A52. Because of the inherent limitations of an audit, there is an unavoidable risk that some material
misstatements of the financial statements may not be detected, even though the audit is properly planned and
performed in accordance with ISAs. Accordingly, the subsequent discovery of a material misstatement of the
financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit
lOMoARcPSD|4363002
in accordance with ISAs. However, the inherent limitations of an audit are not a justification for the auditor
to be satisfied with less than persuasive audit evidence. Whether the auditor has performed an audit in
accordance with ISAs is determined by the audit procedures performed in the circumstances, the sufficiency
and appropriateness of the audit evidence obtained as a result thereof and the suitability of the auditor’s
report based on an evaluation of that evidence in light of the overall objectives of the auditor.
Limitations of Financial Statements Audit: (Reasons why absolute assurance in auditing is not
attainable or why reducing audit risk to zero is not attainable)
Absolute assurance in auditing is not attainable because of inherent limitations in an audit that affect the
auditor’s ability to detect material misstatements. These limitations result from factors such as:
The auditor’s work requires exercise of professional judgment such in the following matters:
Identifying and addressing risk factors
Deciding what evidence to gather
Making decisions about materiality and audit risk
Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent
of audit procedures)
Evaluating management’s judgments in applying the entity’s applicable financial reporting
framework.
Assessing the sufficiency and appropriateness of audit evidence
Drawing of conclusions based on the evidence gathered
Forming an opinion (the phrase “in our opinion” in the auditor’s report is intended to inform that
auditors based their conclusions on professional judgment)
Use of testing / sampling risk – An audit is conducted on a test basis or by examining only
sample of less than 100% of a population. This may introduce some risk that a misstatement will not
be detected.
Inherent limitations of accounting and internal control – Although the auditor performs audit
procedures to detect material misstatements, such procedures may not be effective in detecting
misstatements resulting from the possibility of:
management override of controls
circumvention of internal control
collusion among employees
Nature of audit evidence available – This is the fact that most of the evidence available to the
auditor is persuasive, rather than conclusive, in nature.
Undetected fraud – Fraud is specifically designed not to be detected. Thus, there is always the
possibility that fraud will not be detected.
Availability of audit evidence – Insufficient support may be available for drawing absolute
conclusions on specific assertions such as fair value estimates.
Other limitations may affect the persuasiveness of audit evidence available to draw
conclusions on particular assertions (for example, transactions between related parties).
Not a limitation of audit: Physical limitations of auditors due to fatigue and stress.
Materiality: the magnitude of misstatement or omission; the ability to influence the economic
decision of reasonable FS user
The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the
FS are fair or are presented fairly, in all material respects, in accordance with the applicable financial
reporting framework.
lOMoARc PSD|4363002
When is a misstatement or omission material? It is material if it could influence the economic decision
of FS users. If it is probable that the judgment of a reasonable person would have been changed or
influenced by the omission or misstatement of information, then that information is material.
Meaning of the term "present fairly, in all material respects": The auditor considers only those
matters that are significant to the FS users; the phrase refers to the auditors expression of opinion
An of financial statements is the type of audit most frequently performed by CPAs (due to
the widespread use of audited financial statements) on a fee basis and for more than one
client.
Financial audit is also called:
External audit – because it is performed by external auditors, whether individual CPAs or
CPA firms, who are not employees of the client
Independent audit – because the auditor is independent of the client subject to audit
Financial audit
Compliance audit: a review of an entity’s degree of compliance with applicable laws and
rules/regulations or contracts; usually performed by government auditors
Examples: Examination conducted by:
i) BIR examiners: compliance of taxpayers with tax law, rules or regulations
ii) BSP examiners: compliance of banks with banking laws, rules or regulations
iii) COA auditors: compliance of government transactions/expenditures with the requirements
of applicable laws, rules or regulations
Operational audit involves a systematic review and evaluation of the specific operating units
(or procedures, methods or activities) of an organization in relation to specified objectives for the
purpose of measuring/assessing its performance in terms of efficiency and effectiveness of
operations, identifying opportunities for improvement and making recommendations to improve
performance (such as introduction of controls to reduce waste).
Also called performance audit or management audit
Example: Evaluation of a company’s computerized accounting system
Usually performed by internal auditors
Efficiency relates to use of its resources, while effectiveness relates to accomplishing
objectives.
According to types of auditor or their affiliation with the entity being examined:
Internal audit: audit performed by entity’s own employees known as internal auditors;
internal auditors investigate and apprise the effectiveness and efficiency of operations and
internal controls of the firm
Internal auditing is defined as "an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization accomplish its objectives by
bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management,
control, and governance processes."
Internal auditing is an appraisal control that measures and evaluates other controls. The increased complexity and
sophistication of business operations have required management to rely on this appraisal control.
Internal auditors review the adequacy of the company's internal control system primarily to ascertain
whether the system provides reasonable assurance that the company's objectives and goals will be achieved
efficiently and economically. Efficient performance implies the use of minimal resources to meet the
company's objectives and goals. Economical performance is the accomplishment of objectives and goals at a
cost commensurate with the task.
Internal auditors assist in the prevention of fraud by examining and evaluating the system of internal control.
Internal auditors are required to review the means employed by the company to safeguard its assets from
various types of losses such as those resulting from fire, theft, unscrupulous or illegal activities, and
exposure to the elements.
A governmental audit is typically designed to determine whether the auditee has complied with applicable
laws and regulations.
The types of audits conducted by the Commission on Audit (COA) are financial audit and performance audit.
Performance audits include economy, efficiency, and program audits. Included in the scope of financial and
performance audits is determining whether the entity has complied with applicable laws and regulations.
Government auditors are required to prepare a written report on the entity's internal control and assessment
of control risk made as part of a financial statement audit. The auditor's report should include the following:
The scope of the auditor's work in obtaining an understanding of the entity's internal control and in
his/her assessment of control risk.
The entity's significant controls including those that are established to ensure compliance with
laws and regulations that have a material impact on the financial
statements.
The conditions, including the identification of material weaknesses, identified as a result of the
auditor's work.
The Government Auditing Standards require auditors to prepare a written report on the entity's internal
control. This report should include the conditions, including the identification of material weaknesses,
discovered as a result of the auditor's work. However, the report should not give any form of assurance
on the design and effectiveness of the entity's internal control.
Government auditors are required to obtain an understanding of the possible financial statement effects
of laws and regulations having direct and material effects on amounts reported. Also, they are required
to make an assessment whether management has identified such laws that might have such effects.
The audit of a government program involves obtaining information about the costs, outputs, benefits, and
effects of the program. Auditors attempt to measure the accomplishments and relative success of the
program based on the actual intent of the legislation that established the program.
Types of Auditors:
Independent auditors or external auditors – are CPA firms and individual practitioners
who perform audit services on contractual basis for more than one client
Independent auditor – because the auditor is independent with respect to the client
whose FS are being audited; External auditor – the auditor is an outsider (not an
employee of the client)
Practitioners perform operational audits and compliance audits as part of consultancy
services
Internal auditors – they are employed by the entity thus they are not independent.
However, to operate effectively, an internal auditor must be independent of the line
functions of the entity. Internal auditors perform operational and compliance audits.
Government auditors – employed in government agencies
lOMoARcPSD|4363002
The relationship between an external auditor and an internal auditor is that both of them
use basically an identical approach; however, there are differences in the application of auditing
techniques.
The audit committee is composed of outside directors who are independent of management. The
primary purpose is to assure that the directors are exercising due care and external and internal
auditors are independent of management.
The auditor should determine whether the financial reporting framework adopted by management in
preparing the FS is acceptable. An acceptable financial reporting framework is what is referred to as the
“applicable financial reporting framework.” The auditor determines whether the financial reporting
framework adopted by management is acceptable in view of the nature of the entity (for example, whether it
is a business enterprise, a public sector entity or a not for profit organization) and the objective of the FS.
In FS audit, financial reporting frameworks that are acceptable as valid criteria include:
Philippine Financial Reporting Standards (PFRSs)
Philippine Accounting Standards (PASs)
International Accounting Standards (IASs)
Other authoritative basis
Financial statements need to be prepared in accordance with one, or a combination of the above-cited
financial reporting framework.
Characteristics/Attributes of a Profession:
Mastery of a particular intellectual skill, acquired by training and education;
Adherence by its members to a common code of values and conduct established by its administering
body, including maintaining an outlook which is essentially objective; and
Acceptance of a duty to society as a whole (usually in return for restrictions in use of a title or in the
granting of a qualification)
The Code of Ethics for CPAs in the Philippines – the document that contains the norms and
principles governing the practice of the accountancy profession in the highest standards of ethical
conduct
Public interest – the collective well-being of the public the CPA serves
Public interest imposes responsibility on the accountancy profession and on its members
Public – community of people and institutions who rely on the objectivity and integrity of
CPAs; consists of clients, credit grantors, governments, employers, employees, investors, the
business and financial community, and others who make such reliance
CPA – a person who holds a valid Certificate of Registration and a Professional Identification card issued by
the PRC/BOA to those who satisfactorily complied with all the legal and procedural requirements for such
issuance, including in appropriate cases, having passed the CPA licensure examination
Also referred to as professional accountant
A member of the accountancy profession in the Philippines
The PRC derives its authority from the PRC Modernization Act of 2000.
The PRC is the government agency that has overall jurisdiction over the regulatory boards
(such as the Board of Accountancy) in the Philippines.
Objectives of RA 9298:
The standardization and regulation of accounting
education; The examination for registration of CPAs; and
The supervision, control, and regulation of the practice of accountancy in the Philippines.
Securities and Exchange Commission (SEC) – the government agency that regulates the
registration and operations of corporations (whether stock or non-stock), partnerships and other
forms of associations in the Philippines
Composition of SEC: a chairperson and four (4) commissioners appointed by the President of
the Philippines for a term of 7 years
Bangko Sentral ng Pilipinas (BSP) – regulates and supervises the banking industry
The primary objective of the BSP is to maintain price stability conducive to a balanced and
sustainable economic growth. It also aims to promote and preserve monetary stability and the
convertibility of the peso.
Commission on Audit (COA) – the government agency examines whether government units
handle their funds in compliance with existing laws and regulations and whether their programs are
being conducted effectively, efficiently and economically
Submit to the President, at the time fixed by law, an annual financial report of the government,
its subdivisions, agencies and instrumentalities, including GOCCs, and recommend measures
necessary to improve their efficiency and effectiveness.
Perform such other duties and functions as may be prescribed by law.
The COA is the highest and final authority in state auditing. Its jurisdiction and responsibility
is defined by the Philippine Constitution (under Article IX – D).
The COA acts as the sole external auditor of all government departments and agencies,
including government-owned or controlled corporations.
COA Audit: The COA conducts a comprehensive audit that includes financial, compliance,
and management audits.
At no time shall all Members of the COA belong to the same profession.
Insurance Commission (IC) – government agency regulates and supervises the insurance industry
for the promotion of national interest
Bureau of Internal Revenue (BIR) – government agency that enforce tax laws; the BIR is
empowered to collect taxes to raise revenues for the use and support of the government
lOMoARcPSD|4363002
Standard-Setting
Bodies: a. Local/Domestic:
Financial Reporting Standards Council (FRSC) – accounting standard-setting body/council
created by the BOA
FRSC Composition/Membership:
Chairman (had been or presently a senior practitioner in any of the scope
of accounting practice) 1
BOA 1
SEC 1
BSP 1
BIR 1
COA 1
A major organization composed of preparers and users of FS 1
Accredited National Professional Organization of CPAs (APO) – PICPA:
Public practice 2
Commerce and industry 2
Academe/Education 2
Government 2 8
Total members 15
AASC Composition/Membership:
Chairman (had been or presently a senior accounting practitioner in public 1
accountancy)
BOA 1
SEC 1
BSP 1
COA 1
Association or organization of CPAs 1
in active public practice of accountancy
Accredited National Professional Organization of CPAs - PICPA:
Public practice 6
Commerce and industry 1
Academe/Education 1
Government 1 9
Total members 15
BIR representation. The BIR, although represented in the FRSC, is not represented in
the AASC.
Appointment. The Chairman and members of the FRSC and AASC shall be appointed by
the PRC upon the recommendation of the BOA in connection with the APO (PICPA).
Term of office. The Chairman and members of both the FRSC and AASC shall have a
term of 3 years renewable for another term.
Main function of FRSC and AASC: To assist BOA in carrying out its powers and
functions on monitoring the conditions affecting the practice of accountancy and adoption
of such measures, including promulgation of accounting and auditing standards, rules and
regulations and best practices
Foreign/International:
International Federation of Accountants (IFAC) – the recognized global/worldwide
organization for the accountancy profession
The International Federation of Accountants (IFAC) is the worldwide organization for the
accountancy profession. Founded in 1977, its mission is “to serve the public interest, IFAC will
continue to strengthen the worldwide accountancy profession and contribute to the
development of strong international economies by establishing and promoting adherence to
high-quality professional standards, furthering the international convergence of such standards
and speaking out on public interest issues where the profession’s expertise is most relevant.”
lOMoARcPSD|4363002
IFAC is comprised of 158 members and associates in 123 countries worldwide, representing
approximately 2.5 million accountants in public practice, industry and commerce, the public
sector, and education. No other accountancy body in the world and few other professional
organizations have the broad-based international support that characterizes IFAC.
The Mission of PICPA is to enhance the integrity of the accountancy profession, serve the best
interest of its members and other stakeholders, and contribute to the attainment of the
country's national objectives.
Sectoral Organizations
Serve the needs of CPAs in different scopes of practice
Provide seminars, programs and workshops that specifically serve the interests of the CPAs in
their respective sectors
Each sector has its own organization as follows:
Public Practice – Association of CPAs in Public Practice (ACPAPP)
Commerce and Industry – Association of CPAs in Commerce and Industry (ACPACI)
Education/Academe – Association of CPAs in Education (ACPAE)
Government – Government Association of CPAs (GACPA)
In case of death or withdrawal of all partners, the surviving partner may continue to practice under
the partnership name for a period of not more than 2 years after becoming a sole proprietor.
Prohibition on Use of Name: CPAs shall practice only under a name allowed by law and:
Shall NOT include any fictitious name
Shall NOT indicate specialization (such as tax specialist or
expert) Shall NOT misleading as to the type of organization
They shall not commence public practice until a valid Certificate of Registration to practice public
accountancy has been issued to such CPA(s). The Certificate of Accreditation attests that the
applicant is duly accredited to practice public accountancy in the Philippines.
The BOA created Quality Review Committee (QRC) to conduct quality review on applicants
for registration to practice accountancy and render a report which shall be attached to the
application for registration.
Validity of registration for accreditation is for a period of 3 years (renewable after 3 years on or
before September 30 on the year of expiry). The registration of applicants approved during any
month of the year shall expire on December 31 on the third year following its approval.
Example: If the application for registration of a CPA firm is approved on July 31, 2004, the
registration shall expire on December 31, 2006 and therefore it shall file for renewal on or before
September 30, 2006 for the three year period beginning January 1, 2007. The next renewal will
be on or before September 30, 2009.
Payment of privilege tax as a CPA on occupations with the city or municipality where they practice
public accountancy
Business permits (from local and national government)
Accreditation with other government agencies:
SEC – also accredits external auditors
An external auditor should file with the SEC a representation letter for audit clients
whenever his audit client files its financial statements with the SEC
BSP – Rendering/offering of independent audits to banks and other financial institutions under
BSP supervision requires BSP accreditation
BIR – also accredits external auditors
Foreign CPAs:
The practice of accountancy in the Philippines is limited to Filipino CPAs.
A foreign CPA is not allowed to be as owner, sole proprietor, partner or any staff thereof, unless
he/she is qualified to practice accountancy in the Philippines (unless the foreign CPA qualifies to
practice under Sections 34 and 35 of RA 9298.)
Under no circumstances shall the correspondent relationship, membership, or business dealings with
foreign CPAs be a scheme for the foreign CPAs to engage in the practice of public accountancy in the
Philippines which under the present laws is limited to Filipino CPAs
Professional Fees:
Amount of fees to be charged to clients: Fees charged should be a fair reflection of the value of the
professional services, taking into account the following:
The skill and knowledge required
The level of training and experience of the persons necessarily engaged on the work
The time necessarily occupied by each person engaged on the work, and
The degree of responsibility and urgency that the work entails
lOMoARcPSD|4363002
A fee lower than previous fee is acceptable if calculated using the above factors.
Other factors to be considered are those influenced by legal, social and economic conditions in
the Philippines.
No standard amount of fee: A CPA in public practice may determine or quote whatever fee
deemed appropriate. He may quote a fee lower than another but not too low (or significantly lower)
nor excessive. If fees that are too low:
It is considered unethical
There would be a risk of a perception that the quality of work could be impaired
Methods of billing clients (billing arrangements): The methods of determining professional fees
are:
Per diem basis – the charges are based on the actual time spent at a rate depending on the
experience and expertise of the members of the engagement team
Also known as actual time charges basis
It is computed as actual time spent x rate per hour as agreed upon
Fixed fee or Flat fee basis – lump-sum fee for the entire engagement. The charges for out-of-
pocket expenses are separate from the audit fee and are to be billed separately
Maximum fee basis – a combination of fixed fee and per diem basis. The billing is similar to per
diem basis subject to a maximum limit as agreed between the practitioner and the client
Retainer fee basis – the client pays a uniform/fixed monthly charge, plus additional fee annually,
payable upon submission of the audit report
Prohibition against contingent fee: An assurance engagement should not be performed for a fee that
is contingent on the result of the assurance work or on items that are the subject matter of the assurance
engagement.
Contingent fee – a fee calculated on a predetermined basis relating to the outcome or result of a
transaction or the result of the work performed
Contingent fee is unacceptable billing arrangement because it impairs independence and
objectivity.
Some reasons why the above are not considered contingent fees:
Fees fixed by courts and other public authority, although may be uncertain in nature
at that moment, are not known and cannot be influenced by the auditor and the
client.
Fees based on determination by taxing authorities are a matter of judicial proceedings
which do not involve third parties.
A professional accountant in public practice should not bring the profession into disrepute when
marketing professional services. The professional accountant in public practice should be honest and truthful
and should NOT:
NOT make exaggerated claims for services offered, qualifications possessed or experience gained; or
NOT make disparaging references to unsubstantiated comparisons to the work of another.
If the professional accountant in public practice is in doubt whether a proposed form of advertising or
marketing is appropriate, the professional accountant in public practice should consult with the
relevant professional body.
Sources of Clients:
Referrals from businessmen, clients (present or previous), financial and government institutions,
other CPAs, and legal and other professional firms
Walk-in clients
Auditing Standards:
Popularly known as the Generally Accepted Auditing Standards (GAAS)
The general guidelines that the auditors must follow in conducting the audit.
The minimum standards of auditor’s performance that must be achieved on each audit engagement
The guidance for measuring the quality of the auditor’s performance
Adequate technical training and proficiency: This standard refers to professional competence
Independence: This standard requires that the auditor must be impartial when dealing with the
client or without bias with respect to the client entity. The auditor must be independent in fact and in
appearance.
Independence of mind – The state of mind that permits the expression of a conclusion without
being affected by influences that compromise professional judgment, allowing an individual to act
with integrity, and exercise objectivity and professional skepticism; this is also known as
“independence in fact” or “independence in mental attitude.”
Independence in appearance – The avoidance of facts and circumstances or situations that
are so significant that would lead a reasonable and informed third party or the public to believe
or conclude that the auditor is not independent. In other words, independence in appearance
requires that activities or relationships that even suggest or imply a possible lack of
independence must be avoided by the auditor.
Due professional care: This standard requires that an auditor, in fulfilling his duties, should act
diligently and carefully, exercise reasonable prudence, and apply judgment in a conscientious
manner, carefully weighing the relevant factors before reaching a decision.
Due professional care is often called the "average auditor" concept. The auditor
should do what the average auditor would do and never less, including review of work
performed by assistants and maintaining an attitude of professional skepticism.
Due professional care does not mean/imply infallibility or exercise of error-free
judgment. The auditor is not and cannot be held responsible for losses because of
errors of pure judgment.
Exercise of due professional care in the performance of the audit requires:
Observance of the standards of field work and reporting
Critical review of the audit work performed at every level of supervision
Degree of skill commonly possessed by others in the profession
Exercise of the same components of professional care as a reasonable
auditor would exercise
Exercise of professional skepticism
STANDARDS OF FIELD WORK – the standards / criteria for planning and evidence-gathering
Sufficient understanding of the entity and its environment, including internal control:
As part of the planning activities, the auditor is required to obtain sufficient understanding of the
entity and its environment. This means that the auditor should obtain a more detailed knowledge
of the client's business and the environment/industry in which the entity operates.
A sufficient understanding of internal control is to be obtained to plan the audit. Appropriate
internal controls provide the auditor with confidence that material misstatements will be
prevented or detected on a timely basis.
Strong internal control implies that the auditor will require less evidence.
Weak internal control implies that the auditor will require more evidence.
Evidence gathering is sometimes called substantive testing. Any testing that confirms
the ending balance of an account is known as a test of a balance. Evidence gathered
to support an account by looking at the various transactions that have affected it
during the period is called a test of details.
All specific audit work is performed in order to gather evidence.
The quantity and quality of evidence to be gathered depends on the judgment of the
auditor.
The decision as to how much evidence to be accumulated requires
professional judgment; not provided in the PSAs; the rule is, evidence must be
sufficient to afford a reasonable basis for opinion
lOMoARcPSD|4363002
Whether the financial statements are in accordance with GAAP/PFRS: Conformity with
GAAP/PFRS is explicit in the auditor’s report
Explicit statement means that the auditor should state whether or not the financial
statements subject to audit are prepared in accordance with GAAP/PFRS.
When an overall opinion cannot be expressed, as where the auditor disclaims an opinion, the
reasons therefore should be stated.
In short:
If GAAP/PFRS is consistently applied: no express statement as to
consistency is necessary because consistency is implicit in the auditor’s report
If GAAP/PFRS is not consistently applied: auditor shall identify in the
auditor’s report such inconsistency
Opinion regarding the financial statements taken as a whole: expression of audit opinion
is explicit in the auditor’s report
One of the recognized objectives of the accountancy profession is to attain the highest levels of
performance. To achieve this objective, there is a need for assurance that all professional services provided
lOMoARcPSD|4363002
by CPAs are carried out to the highest quality or standards of performance. Reasonable assurance of meeting
such need is provided through a system of quality control.
A system of quality control refers to quality control policies and procedures adopted by CPA firms that
are designed to provide reasonable assurance that the firm and its personnel comply with professional
standards and regulatory and legal requirements and that reports issued by the firm or engagement partners
are appropriate in the circumstances.
Mandatory requirement for CPA firms to establish SQC: Under Philippine Standard on Quality Control 1
(PSQC 1) CPA firms are required to establish and implement a system of quality control.
Nature and Extent of a System of Quality Control: The nature and extent of the SQC developed by
CPA firms vary from firm to firm due to various factors such as:
Size of the CPA firm
Nature of its practice
Operating characteristics
Its organization
Geographical dispersion
Cost-benefit consideration
Whether it is part of a network
Elements of System of Quality Control: Although the nature and extent of the system of quality control
developed by CPA firms vary from one firm to another, a system of quality control must have the following
elements:
Leadership responsibilities for quality within the firm – The CPA firm should establish policies
and procedures that:
Promote an internal culture based on recognition that quality is essential in the performance of
the engagements
Require CPA firm’s leader (CEO/ managing board of partners or its equivalent), to assume
ultimate responsibility for the firm’s system of quality control.
Ethical requirements, including independence –
The CPA firm should establish policies and procedures to provide reasonable assurance that the
firm and its personnel comply with relevant ethical requirements (including independence):
Acceptance and continuance of client relationships and specific engagements – The CPA
firm should establish policies and procedures to provide reasonable assurance that the CPA firm will
only undertake or continue relationships and engagements where it:
a. Has considered the client’s integrity
b. Is competent to perform the engagement and has the capabilities, time and resources to do so;
and
c. Can comply with ethical requirements
Human resources – The CPA firm should establish policies and procedures to provide reasonable
assurance that it has sufficient personnel with the capabilities, competence, and commitment to
ethical principles necessary to perform the engagement.
Engagement performance – The CPA firm should establish policies and procedures to provide
reasonable assurance that engagements are performed in accordance with professional standards
and regulatory and legal requirements, and that the firm or engagement partner issue reports that
are appropriate in the circumstances.
Monitoring – The CPA firm should establish policies and procedures to provide reasonable
assurance that quality control are relevant, adequate and operating effectively and complied with in
practice and should include an ongoing consideration and evaluation of the firm’s system of quality
control, including a periodic inspection of a selection of completed engagements.
The purpose of monitoring compliance with quality control policies and procedures is to provide an
evaluation of:
a. Adherence to professional standards and regulatory and legal requirements;
lOMoARcPSD|4363002
b. Whether the quality control system has been appropriately designed and effectively
implemented; and
Whether the firm’s quality control policies and procedures have been appropriately applied, so
that reports that are issued by the firm or engagement partners are appropriate in the
circumstances.
Distinction between GAAS/PSA and SQC: GAAS/PSAs relate to each individual audit engagement,
whereas SQC relates to all professional activities/services of the firms practice as a whole.
Quality review – an oversight into (or study or appraisal of) the quality of audit of FS through a review
of quality control measures established by CPA firms and individual CPAs in public practice to ensure
compliance with accounting and auditing standards and practices
which are to be used for publication or for credit purposes, or to be filed with a court or
government agency, or to be used for any other purpose
The design, installation, and revision of accounting system
The preparation of income tax returns when related to accounting procedures
The representation of clients before government agencies on tax and other matters
related to accounting
Renders professional assistance in matters relating to accounting procedures and the
recording and presentation of financial facts or data
The IRR provides that business or company in the private sector should employ a duly
registered CPA if:
Paid-up capital is at least P5.0 million; and/or
Annual revenue is at least P10.0 million
Sector – is the area of practice of accountancy namely public accountancy, commerce and
industry, academe/education and government
Certificate of Accreditation – a certificate under seal, issued by the PRC upon the
recommendation by the BOA, attesting that Individual CPAs, including the staff members
thereof, firms including the sole proprietors and the staff members thereof and
partnerships of CPAs including the partners and the staff members thereof, are duly
lOMoARcPSD|4363002
Composition of BOA:
BOA shall be composed of a chairman and 6 members (all of which are to be
appointed by the President of the Philippines)
BOA shall elect a vice-chairman from among its members for a term of 1 year.
According to the IRR, the 4 sectors in the practice of accountancy shall as much as
possible be equitably represented in the BOA.
accountancy (those that offer BSA degree) or where review classes in preparation for
the licensure examination are being offered or conducted (such as RESA, PRTC and
CPAR), nor shall he/she be a member of the faculty or administration thereof at the time
of his/her appointment to the BOA, and
Not be a director/officer of the APO (PICPA) at the time of his/her appointment – this is
an additional requirement under the IRR
Powers and Functions of the BOA: The BOA shall exercise the following specific powers,
functions and responsibilities:
To prescribe and adopt the rules and regulations necessary for carrying out the
provisions of this Act (RA 9298)
To supervise the registration, licensure and practice of accountancy in the Philippines;
To administer oaths
To issue, suspend, revoke, or reinstate the Certificate of Registration for the practice of
the accountancy profession
To adopt its own official seal
To prescribe and/or adopt a Code of Ethics for the practice of accountancy
To monitor the conditions affecting the practice of accountancy and adopt such
measures, including promulgation of accounting and auditing standards, rules and
regulations and best practices as may be deemed proper for the enhancement and
maintenance of high professional, ethical, accounting and auditing standards
To conduct an oversight into the quality of audits of financial statements through a
review of the quality control measures
To investigate violations of this Act as IRR, to issue summons, subpoena and subpoena
ad testificandum and subpoena duces tecum to violators or witness thereof and compel
their attendance to such investigation or hearings and the production of documents in
connection therewith
The Board may, motu propio in its discretion, make such investigations as it deems
necessary to determine whether any person has violated any provisions of this law, any
accounting or auditing standard or rules duly promulgated by the BOA as part of the
rules governing the practice of accountancy
To issue a cease or desist order to any person, association, partnership or corporation
engaged in violation of any provision of this Act, any accounting or auditing standards or
rules duly promulgated by the BOA as part of the rules governing the practice of
accountancy in the Philippines
To punish for contempt of the BOA, both direct and indirect, in accordance with the
pertinent provisions of and penalties prescribed by the Rules of Court
To prepare, adopt, issue or amend the syllabi of the subjects for examinations in
consultation with the academe, determine and prepare questions for the licensure
examination which shall strictly be within the scope of the syllabi of the subjects for
examinations as well as administer, correct and release the results of the licensure
examinations
To ensure, in coordination with the Commission on Higher Education (CHED) or other
authorized government offices that all higher educational instruction and offering of
accountancy comply with the policies, standards and requirements of the course
prescribed by CHED or other authorized government offices in the areas of curriculum,
faculty, library and facilities; and
To exercise such other powers as may be provided by law as well as those which may
be implied from, or which are necessary or incidental to the carrying out of, the express
powers granted to the BOA to achieve the objectives and purposes of this Act.
lOMoARcPSD|4363002
The President’s power to appoint carries with it the power to suspend or removed a
BOA member based on the abovementioned grounds.
When a member of the BOA has been sued of crimes involving moral turpitude, it is
not a valid ground for suspension or removal of BOA members.
ETC Composition/Membership:
Chairman (had been or presently a senior accounting practitioner 1
in the academe/education)
BOA 1
Accredited National Professional Organization of CPAs - PICPA:
Public practice 1
Commerce and industry 1
Academe/Education 2*
Government 1 5
Total 7
*1 private school and 1 public school offering Bachelor of Science in Accountancy
Appointment. The Chairman and members of the ETC shall be appointed by the
PRC upon the recommendation of the BOA in connection with the APO (PICPA).
Term of office. The Chairman and the members of the ETC shall have a term of 3
years renewable for another term.
CPA Examinations:
All applicants for registration for the practice of accountancy shall be required to undergo a
licensure examination to be given by the BOA in such places and dates as the PRC may designate
subject to compliance with the requirements prescribed by the PRC in accordance with Republic Act
No. 8981.
offices, and
d. Has not been convicted of any criminal offense involving moral turpitude
Scope of Examinations:
The CPA examination shall cover, but are not limited to, the following subjects:
1. Theory of Accounts (80 – 100 items)
2. Business Law and Taxation (50 – 70 items)
3. Management Services (50 – 70 items)
4. Auditing Theory (80 – 100 items)
5. Auditing Problems (40 – 50 items)
6. Practical Accounting I (40 – 50 items)
7. Practical Accounting II (40 – 50 items)
Removal Examination:
The candidates with conditional status shall take an examination in the remaining subjects within
2 years from the preceding examination.
If the candidate fails to obtain at least a general average of 75% and a rating of at least 65% in
each of the subjects reexamined, he/she shall be considered as failed in the entire examination.
The original exam and the removal exam are counted as one exam only.
The examination in which the candidate was conditioned together with the removal
examination on the subject in which he/she failed shall be counted as one complete
examination.
The IRR provides that the required refresher course (whether regular or special
refresher course) shall be offered only by an educational institution granting a degree
of BSA.
Oath:
All successful candidates in the CPA examination, prior to entering upon the practice of the
profession, shall be required to take an oath of profession before:
Any member of the BOA; or
Any government official authorized by the PRC; or
Any person authorized by law to administer oaths
The BOA shall not register either, any person who has falsely sworn, or misrepresented
himself/herself in his/her application for examination.
Registration shall not be refused and a name shall not be removed from the roster of
CPAs on conviction for a political offense (or for an offense, in the opinion of the BOA,
that does not disqualify a person from practicing accountancy)
Practitioner must observe the rule on confidentiality (subject to certain exceptions such
as production of documents through subpoena issued by any court, tribunal, or
government regulatory or administrative body).
The members in the said integrated and accredited national professional organization shall
receive benefits and privileges appurtenant thereto upon payment of required fees and dues.
Membership in the integrated organization shall not be a bar to membership in any other
association of CPA.
CPE Objective:
To provide and ensure the continuous education of a registered professional with the
latest trends in the profession brought about by modernization and scientific and
technological advancements;
To raise and maintain the professional's capability for delivering professional services;
To attain and maintain the highest standards and quality in the practice of his
profession;
To make the profession globally competitive; and
To promote the general welfare of the public.
CPE program – consists of properly planned and structured activities, the implementation
of which requires the participation of a determinant group of professionals to meet the
requirements of voluntarily maintaining and improving the professional standards and ethics
of the profession
All CPAs shall comply with the rules and regulations on CPE.
CPE Program:
Program activities and sources of accreditation:
Seminars
Conventions
Masteral degree and doctoral degree
Authorship
Self-directed learning package
Post-graduate/in-house training
Resource speaker
Peer reviewer
CPE provider
CPE program, activities or sources
Foreign Reciprocity:
A person not a citizen of the Philippines may be allowed to practice accountancy in the
Philippines:
Where there is foreign reciprocity (in accordance with provisions of existing laws,
international treaty obligations including mutual recognition agreements entered into by the
Philippine government with other countries)
Upon presentation of proof that his country admits citizens of the Philippines to the practice
of accountancy without restriction
Penal Provisions:
Any person who shall violate any of the provisions of this Act or any of its IRR shall, upon
conviction, be punished by:
Fine – not less than P 50,000.00, or
Imprisonment – for a period not exceeding 2 years, or
l OMo ARcPSD|43 630 02
Both
lOMoARcPSD|4363002
Under the Code of Ethics for CPAs, the successor auditor has the responsibility
to initiate communication with the predecessor auditor. However, the
communication requires prior client’s permission/consent (preferably in
writing) to avoid violation of confidentiality principle.
b. Other Considerations:
Auditability of client’s financial statements – determine whether the auditor
will be able to accumulate sufficient appropriate audit evidence to render an
opinion on the financial statements by considering:
The adequacy of accounting records
Quality of internal control
High level of public scrutiny and media interest
The financial health of the client
Ability to pay audit fees
Independence – The CPA firm or auditor shall identify, evaluate and respond
to any threat to independence
The CPA firm or auditor must be independent of the client
whose financial statements are subject to audit.
Audit opinion is not credible or of little or no value if the auditor is
not independent.
Ability to serve the client properly – the CPA firm or auditor must
have capability, time and resources to perform the audit
Examples:
Availability of appropriately qualified staff when the work
is required
The firm is able to complete the engagement within the
reporting deadline (proximity of the deadline)
Consider the need for expert’s assistance and any conflicts
of interest
Firm personnel have knowledge of relevant industries
The firm has sufficient personnel with the necessary
capabilities and competence.
stateme nts.
Financial statements prepared in accordance with a financial reporting
framework designed to meet the financial information needs of specific users are
referred to as special purpose financial statements.
The nature of the financial statements (for example, whether the financial statements
are a complete set of financial statements or a single financial statement); and
Whether law or regulation prescribes the applicable financial reporting framework.
If the preconditions for an audit are not present, the auditor shall not accept
the proposed audit engagement, unless acceptance is required by law or
regulation. Preconditions for an audit are within the control of the entity.
There is a common understanding between the auditor and management (and, where
appropriate, those charged with governance) of the terms of the audit engagement.
The auditor shall agree on the terms of the audit engagement with
management or those charged with governance, as appropriate. Such agreed
terms shall be recorded in an audit engagement letter or other suitable form
of written engagement.
Preliminary conference: A preliminary conference with the client is scheduled after the
CPA has determined that:
The firm is independent
The firm is competent to perform the audit
The firm can serve the client properly, and
The client’s reputation is one of integrity
The terms of engagement are usually agreed with the client during a preliminary
conference with the client, and formalized through a signed engagement letter. During
the preliminary conference, the auditor and client agree on the following issues:
➢The specific services to be rendered
➢The cooperation and work expected to be performed by the client’s
personnel ➢Expected start and completion dates of the engagement
➢The possibility that the completion date may be changed if unforeseen a
udit problems arise if unforeseen audit problems arise if adequate
cooperation from client’s personnel is not received
➢The nature and limitations of the audit engagement
➢An estimate of the fee to be charged for the engagement
Engagement letter – an agreement between the CPA firm or auditor and the client for the
conduct of the audit. It is a letter from the auditor to the client management, and when
signed by the client it serves as a formal written contract between them.
Engagement letter should be sent to the client preferably before the start of the
engagement.
Principal Contents:
Objective and scope of the audit of the financial statements
Responsibilities of the auditor
Responsibilities of management
Identification of financial reporting framework for the preparation of
the financial statements
Reference to any form and content of any reports to be issued by the
auditor and a statement that there may be circumstances in which a
report may differ from its expected form and content
In addition, and audit engagement letter may make reference to, for example:
lOMoARcPSD|4363002
Audits of Components:
Factors to consider whether to send a separate engagement letter to the component when the
auditor of the parent company is also the auditor of its component (subsidiary, branch or division):
Who appoints the auditor of the component
Whether a separate auditor’s report is to be issued on the component
Legal requirements in relation to audit appointments
The extent of any work performed by other auditors
Degree of ownership by parent, and
Degree of independence of the component’s management from the parent entity
If there is a reasonable justification for the change – stop the original engagement and
agree on the new terms of engagement. And then proceed with the new engagement
To avoid confusing the users of the new report, do not mention the following in
the new report:
The original engagement
Any procedures that may have been performed in the original
engagement (except where
the engagement is changed to an engagement to undertake agreed- upon
procedures and thus the reference to the procedures performed is a normal part of
the report)
If there is no reasonable justification – refuse the client’s request, and continue to
perform the original engagement and issue the original report
If the auditor is not permitted to continue the original engagement, the auditor
should withdraw from the engagement and consider reportorial responsibilities to
the BOD or shareholders of the client.
Change to a lower level assurance engagement: The auditor shall not agree where
there is no justification/basis for the change to a lower level assurance engagement.
The auditor should agree if there is reasonable basis, such as:
a. A change in circumstances affecting the entity’s requirements or need for the
service
For example, the client's bank required an audit before committing to a loan,
but the client subsequently acquired alternative financing.
A misunderstanding as to the nature of an audit or related service originally requested
A restriction on the scope of the engagement, whether imposed by management or
caused by circumstances
Withdraw from the engagement – if the auditor is unable to agree to the change and is
not permitted/allowed to continue the original engagement because of his disagreement
lOMoARcPSD|4363002
AUDIT PLANNING
Audit Planning:
Audit planning involves establishing the overall audit strategy for the engagement and developing an
audit plan, in order to reduce audit risk to an acceptably low level
Objective of the auditor in planning the audit: So that the audit will be performed in an effective
manner
Who are involved in planning the audit: Engagement partner and other key members of the
engagement team (because of their experience and insight to enhance the effectiveness and efficiency of
the planning process)
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins
shortly after (or in connection with) the completion of the previous audit and continues until the completion
of the current audit engagement. In other words, planning is a continuous function that last throughout the
audit.
Planning stage of audit – the time before fieldwork starts, when the auditor is gathering information about
the client and its environment and designing overall audit strategy and audit plan
The earlier the auditor is appointed, the more efficient the audit plan and performance can be. Thus,
early appointment of the auditor allows the auditor to plan a more efficient audit.
It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the
auditor should consider whether late appointment will pose limitations on the audit that may lead to a
qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client.
In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall:
Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that
guides the development of the more detailed audit plan (Note 1)
Develop an audit plan that addresses the various matters identified in the overall audit strategy
Audit plan includes a description of:
The nature, timing and extent of planned risk assessment procedures (Note 2)
The nature, timing and extent of planned further audit procedures (at the assertion level) – to be
performed during testing stage
Further audit procedures include:
Tests of controls – tests of the operating effectiveness of internal control
Substantive tests/procedures – include tests of details and analytical procedures
Other planned audit procedures (that are required to be carried out to comply with PSAs)
Modifying (updating) the overall audit strategy and the audit plan as necessary during
the course of the audit
Revision is necessary because
of: Unexpected events
Changes in conditions
Audit evidence obtained from the results of audit procedures
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete and or sequential processes, but are closely inter-related since changes in one may result
in consequential changes to the other.
Planning the nature, timing and extent of direction, supervision of the engagement team
members and the review of their work
The nature, timing and extent of direction, supervision of audit engagement team members and
review of their work depend on the following factors:
Size and complexity of the entity – Audits of small entities requires lesser (or even no)
direction, supervision, and review of the work of assistants
Area of audit – Difficult aspects of audit demand increased direction, supervision, and a
more detailed review of work of assistants.
Risks of material misstatement – As the assessed risk of material misstatement increases,
a given area of the audit, the auditor ordinarily increases the extent and timeliness of
direction, supervision and review
Capabilities and competence of personnel performing the audit work.
Note 1:
Considering the factors that are significant in directing the engagement team’s efforts
Examples:
Determining the appropriate materiality levels (Note 1.2)
Preliminary identification of areas where there may be higher risks of material misstatement
(Note 1.3)
The impact of assessed risk of material misstatement at the overall financial statement level on
direction, supervision and review
The manner in which professional skepticism is emphasized to engagement team
members Management commitment to a sound internal control
Volume of transactions, which may determine whether it is more efficient for the auditor to rely
on internal control
Importance attached to internal control throughout the entity to the successful operation of the
business
Significant business developments affecting the entity (such as changes in information
technology, changes in key management, acquisitions, mergers and divestments)
lOMoARcPSD|4363002
Significant industry developments (such as changes in industry regulations and new reporting
requirements)
Significant changes in financial reporting framework (such as changes in accounting standards)
Other significant relevant developments (such as changes in the legal environment affecting the
entity)
Considering the results of preliminary engagement activities and, where applicable, whether knowledge
gained on other engagements performed by the engagement partner for the entity is relevant, and
Examples:
Results of previous audit regarding evaluation of internal control, identified weaknesses and
action taken to address them
The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity
Ascertaining the nature, timing and extent of resources necessary to perform the engagement.
Examples:
Selection of the engagement team
Assignment of audit work to team members (experienced team members are assigned to areas
where there may be higher risks of material misstatement
Engagement budgeting (more audit time is set aside for areas where there may be higher risks
of material misstatement)
Concept of materiality:
Materiality is the amount (threshold or cut-off point) at which judgment of informed decision
makers based on the financial statement may be altered (changed or influenced).
An item or information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
In determining appropriate level of materiality, the auditor uses professional judgment using
his perception of the needs of reasonable users of the financial statements.
Documentation on materiality: Documentation should include the amounts and the factors
considered in their determination:
Materiality level for the financial statements as a whole
Materiality level or levels for a particular classes of transactions, account balances or
disclosures, if applicable
Performance materiality
Any revision of materiality levels (a to c) as the audit progresses
Materiality levels:
Materiality at financial statement as a whole – it is the smallest aggregate level that could
misstate/distort any of the financial statements
Note 1.3 – Preliminary identification of areas where there may be higher risks of material
misstatement
Risks of material misstatements may be greater for significant non-routine transactions which
involves:
Greater management intervention to specify the accounting treatment
Greater manual intervention for data collection and processing
Complex calculations or accounting principles
Risk of material misstatements may be greater for significant judgmental matters such
as: Accounting estimates
Revenue recognition may be subject to differing interpretation
Required judgment may be subjective or complex or require assumptions about the effects of
future events (for example, judgment about fair value)
Significant risk of relating to risk of material misstatement due to fraud
There are areas where special audit consideration may be necessary, for example:
Existence of related parties and related party transactions
Related party transaction – a transfer of resources, services or obligations between
related parties, regardless of whether a price is charged
Note 2:
Note 2.1 – Required understanding of the entity and its environment, including internal control:
1. Understanding of the environment – external factors:
lOMoARcPSD|4363002
Relevant industry’s factors – the industry in which the entity operates may give rise to
specific risks of material misstatements arising from the nature of the business or the degree of
regulation
Examples of industry factors:
Industry conditions such as the competitive environment, supplier and customer relationships
and technological developments
Specific examples of industry factors:
Market and competition (including demand, capacity, and price
competition) Cyclical or seasonal activity
Product technology relating to the entity’s products
Energy supply and cost
Regulatory factors – include the regulatory environment
Accounting principles and industry specific practices
Regulatory framework for a regulated industry
Laws/legislations or regulations that significantly affect the entity’s operations, including
direct supervisory activities
Taxation
Legal and political environment
Government policies currently affecting the conduct of the entity’s
business Environmental requirements affecting the industry and the entity
Applicable financial reporting framework
Other external factors affecting the entity – such as general economic conditions, interest
rates and availability of financing, and inflation or currency revaluation
Entity – internal factors:
Nature of the entity: An understanding of the nature of an entity enables the auditor to
understand the classes of transactions, account balances, and disclosures to be expected in the
financial statements. Factors to consider include:
Entity’s operations
Ownership and governance structures
Types of investments that the entity is making and plans to make
Entity structure (locations, subsidiaries, etc.) – complex structures may give rise to risks of
material misstatement
How the entity is financed
How related party transactions are identified and accounted for
Entity’s selection and application of accounting policies – consider whether accounting
policies are:
Appropriate for the entity’s business
Consistent with the applicable financial reporting framework,
and Used in the relevant industry
Entity’s objectives and strategies, and those related business risks that may result in
risks of material misstatement of the financial statements
1. Objectives – relate to entity’s mission, vision or values statement
2. Strategies – pertain to operational approaches by which management intends to achieve its
objectives
3. Business risks – risks of inability to achieve the objectives
The term “business risk” is broader than the risks of material misstatement in the
financial statements. Not all business risks give rise to risk of material misstatement.
An understanding of business risks increases the likelihood of identifying the risks of
material misstatement. However, the auditor does not have a responsibility to identify or
assess all business risks.
Measurement and review of the entity’s financial performance
Performance measures, whether external or internal, create pressures on the entity that may
motivate management to take action to improve the business performance or to
manipulate/misstate the financial statements.
Internal control – The auditor shall obtain an understanding of internal control relevant to the
audit.
Internal control is designed, implemented and maintained to address identified business risks
that threaten the achievement of any of the entity’s objectives that concern:
The reliability of the entity’s financial reporting;
The effectiveness and efficiency of its operations; and
Its compliance with applicable laws and regulations.
An understanding of internal control assists the auditor in identifying types of potential
misstatements and factors that affect the risks of material misstatement, and in designing the
nature, timing, and extent of further audit procedures.
Identify risks of material misstatement (inherent risk and control risk) based on understanding the
entity and its environment, including the entity’s relevant internal control. The auditor shall provide
reasonable assurance of detecting material misstatements, whether arising from errors or fraud.
Risk of material misstatement (RMM) – the risk that the financial statements contain a
material misstatement.
Components of RMM:
The risks of material misstatement are a combination of inherent risk and control risk:
Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
Inherent risk may also be described as follows:
The concept of inherent risk recognizes that the risk of misstatement is greater for
some assertions than for others.
Inherent risk is the risk that financial statements are likely to be materially misstated.
Control risk – the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be prevented or detected
and corrected on a timely basis by the entity’s internal control
Control risk is a function of the effectiveness of the entity’s internal control.
Control risk is the type of risk that the management has the most control over in the
short term.
Some control risk will always exist because of the inherent limitations of any internal
control system.
Risk of material misstatement (inherent risk and control risk) cannot be eliminated or controlled by
the auditor because these are entity’s risks that exist independently of the audit of financial
statements.
The factor that distinguishes fraud from error is whether the underlying action is
intentional or unintentional.
The most serious types of fraud usually involve management. This results from the
fact that management is primarily responsible for the design and implementation of internal
control in the first place.
The most popular ways to manipulate financial statements involves journal entries and
accounting estimates because if manipulation is discovered management can easily deny
involvement. A bias in estimates can be attributed to excessive conservatism or optimism. An
unsupported journal entry, if discovered, can be characterized as a simple mistake. This differs
from strategies such as falsified records that, if discovered by the auditor, would be quite
difficult for management to deny.
Management fraud vs. employee fraud – the risk of not detecting a material
misstatement resulting from management fraud is greater than for employee fraud
Reasons:
Management has the most opportunity to commit fraud, while employees need to
exploit weakness in internal control in order to commit fraud.
Management has the ability to override or bypass an existing effective internal control.
Management can influence the preparation and presentation of financial statements.
Significant risk – an identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration
Inquires of management and others within the entity that is likely to assist the auditor in
identifying risk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal auditors, in-
house legal counsel, and other client personnel
Analytical procedures
Analytical procedures – evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data
Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if
likelihood of misstatement is low
Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no related
controls to mitigate such risks
Sources of assessment include knowledge of entity and its environment and preliminary
analytical procedures.
Assess the level of Control Risk (such as low, medium, or high) – for example, low control risk
if internal control is effective, or high control risk if internal control is not effective
Control risk – the risk that a material misstatement, either individually or when aggregated with
other misstatements, that could occur will not be prevented or detected and corrected on a
timely basis by the entity’s internal control
Sources of assessment include knowledge of internal control and observation and inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and control risk is high, the auditor should:
Place more emphasis on obtaining external evidence
Reduce reliance on internal evidence
Design more effective substantive procedures
Determine the acceptable level of detection risk: The acceptable level of detection risk depends
on the assessed level of inherent and control risk (inverse relationship)
Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion
Detection risk is a function of the effectiveness of an auditing procedure and its application by
the auditor
Detection risk is significantly affected by the nature, timing, and extent of the auditor’s
substantive procedures
Detection risk is a complement of assurance provided by substantive tests (for example, a
10% detection risk means a 90% assurance of detecting material misstatement)
Detection risk can be increased or decreased by the auditor by performing substantive tests
but can never be reduced to zero because of the inherent limitations in the procedures
carried out, the human judgments required, and the nature of the evidence examined.
The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
In summary, the auditor performs audit procedures to assess the risks of material misstatement
and seeks to limit detection risk by performing further audit procedures based on that assessment.
Internal control (IC) – the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the achievement of an
entity’s objectives.
Internal control is a process. Internal control is not an end in itself but a means of achieving the
entity's objectives.
Internal control is effected by those charged with governance, management and other
lOMoARcPSD|4363002
Internal control can be expected to provide reasonable assurance of achieving the entity's
objectives – this is due to inherent limitations of any system of internal control; although internal
control is designed to prevent, detect and correct problems, an effective internal control can only
minimize but not eliminate material misstatements, whether due to fraud or error.
Internal control is designed to help achieve the entity's objectives. Internal control is geared
towards the achievement of the entity's objectives.
According to objectives:
Financial reporting controls – controls to achieve reliability of financial reporting objective
Operational effectiveness controls – controls to achieve operational effectiveness objective
Compliance controls – controls to achieve compliance objective
There is a direct relationship between the entity’s objectives and the internal control it
implements to provide reasonable assurance about their achievement. Both the entity’s
objectives and controls relate to financial reporting, operations and compliance.
According to functions:
Preventive controls – to deter problems before they
arise Examples:
Segregation of employee duties
Control physical access to assets, facilities and information
Detective controls – to discover problems as they arise
Examples:
Preparing bank reconciliation
Preparing monthly trial balance
Corrective controls – to remedy problems discovered with detective
controls Example:
Maintaining backup copies of transactions and master files
lOMoARcPSD|4363002
Internal control objective relevant to the audit: not all entity’s objectives and internal control are
relevant to the auditor’s risk assessment
May be relevant to the auditor – operational and compliance objectives are not usually relevant to the
audit but may relevant to the auditor only if they relate to data the auditor evaluates to determine
the reliability of some financial statement assertions
Examples of operational controls that are not normally be relevant to the audit production and
staff scheduling, quality control, and employee compliance with health and safety requirements.
However, these may be relevant to the auditor if:
Controls related to the safeguarding of assets often relate to both operations and financial
reporting and objectives. The auditor would generally consider only those controls related to
financial reporting, such as controls that limit access to the programs used to process cash
disbursements.
Components of Internal Control: the interrelated components of internal control represent means used
by an entity to help it achieve its objectives (CRIME)
Component 2 – Risk Assessment: An entity’s risk assessment for financial reporting purposes is its
identification, analysis, and management of risks relevant to the preparation of financial statements that are
fairly presented in conformity with generally accepted accounting principles. (Note that this component
concerns the assessment by management of risk facing the entity, not the auditor's assessment of control
risk.)
The auditor shall obtain an understanding of the information system, including the related business
processes, relevant to financial reporting, including the following areas:
The classes of transactions in the entity’s operations that are significant to the financial statements;
The procedures, within both information technology (IT) and manual systems, by which those
transactions are initiated, recorded, processed, corrected as necessary, transferred to the general
ledger and reported in the financial statements;
The related accounting records, supporting information and specific accounts in the financial
statements that are used to initiate, record, process and report transactions; this includes the
correction of incorrect information and how information is transferred to the general ledger.
The records may be in either manual or electronic form;
How the information system captures events and conditions, other than transactions, that are
significant to the financial statements;
The financial reporting process used to prepare the entity’s financial statements, including significant
accounting estimates and disclosures; and
Controls surrounding journal entries, including non-standard journal entries used to record non-
recurring, unusual transactions or adjustments.
The information system relevant to financial reporting objectives, which includes the accounting system,
consists of the methods and records established to record, process, summarize, and report entity transactions (as
well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.
Accounting system: means the series of tasks and records of an entity by which transactions are
lOMoARcPSD|4363002
processed as a means of maintaining financial records. The tasks identify, assemble, analyze, calculate,
classify, record, summarize and report transactions and other events.
Component 4 – Control Activities: Control activities are the policies and procedures that help ensure
management’s directives are carried out and that necessary steps to address risks are taken. Control
activities address risks that if not mitigated would threaten the achievement of the entity’s objectives.
The auditor should obtain a sufficient understanding of control activities to assess the risks of material
misstatement at the assertion level and to design further audit procedures responsive to assessed risks.
Categories of Control activities: Categories of specific control activities that may be relevant to an
audit:
Information processing controls – ensure that transactions are valid, properly authorized,
and completely and accurately recorded
General controls – which are controls that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper
operation of information systems. General controls apply to information processing
throughout the company.
Examples of general controls:
Program change controls
Controls that restrict access to programs or data
Controls over the implementation of new releases of packaged software applications
Controls over system software that restrict access to or monitor the use of system
utilities that could change financial data or records without leaving an audit trail
Controls over data center/network
Physical controls – are physical controls for safeguarding assets involve security devices and
lOMoARcPSD|4363002
Physical segregation and security of assets, including adequate safeguards such secured
facilities over access to assets and records.
Examples of physical controls:
Protective or security devices
Bonded or independent custodians
Physical and security of assets:
Cash – placed in cash boxes, vault or safe deposit boxes
Cash – deposited in a bank
Inventory – placed in a warehouse
PPE items – tagged with non-movable labels
Authorization for access to computer programs and data files (for example, requiring
password prior to access)
Authorized access to assets and records (such as through the use of computer access
codes, prenumbered forms, and required signatures on documents for the removal or
disposition of assets)
Required signatures on documents for the removal or disposition of assets
Periodic counting and comparison with amounts shown on control
records Examples:
Comparing the results of cash, security and inventory counts with accounting
records
Reconciliations
The extent to which physical controls intended to prevent theft of assets are relevant to
the reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation.
A proper segregation of duties (or incompatible functions) requires that one person should
not be responsible for all phases of a transaction. It requires assigning different people the
responsibilities of:
Authorizing transactions
Recording transactions – recordkeeping
Maintaining custody of assets involved in the transactions
This means that different employees authorize transactions in the asset, record the
transactions, and have custody of the asset.
Component 5 – Monitoring the Controls: Monitoring is a process that assesses the quality of internal
control performance on an ongoing basis. Management’s monitoring of controls includes considering whether
they are operating as intended and that they are modified as appropriate for changes in conditions.
Monitoring assesses the effectiveness of the internal control’s performance over time. The objective is to
ensure the controls are working properly and, if not, to take necessary corrective actions. Management
accomplishes monitoring of controls through ongoing activities, separate evaluations or a combination of the
two.
Management’s monitoring activities may also include using information from external parties such as
complaints from customers or comments from regulatory bodies that may indicate problems, highlight areas
in need of improvement, or require communications relating to internal control from external auditors.
In smaller entities, there are often few employees, which can limit the extent to which segregation of
duties is practicable and the paper trail of documentation available. But internal control still exists. In such
lOMoARcPSD|4363002
entities, the control environment (management’s commitment to ethical values, competence, attitude
toward control, and their day-to-day actions) will be very important to evaluate. This will involve assessing
the behavior, attitudes, and actions of management.
The presence of a highly involved owner-manager can be both an internal control strength and an
internal control weakness. The strength is that the person (assuming his or her competence) will be
knowledgeable about all aspects of operations and that it is highly unlikely material errors will be missed.
The weakness is that the person is also in a good position to override internal controls.
IT Benefits
IT is used by an entity to improve the efficiency and effectiveness of its internal control. The auditor
should consider the effect of such benefits as part of assessing internal control. Benefits may include:
The ability to process large volumes of transactions and data accurately and consistently.
Improved timeliness and availability of information.
Facilitation of data analysis and performance monitoring.
Reduction in the risk that controls will be circumvented.
Enhanced segregation of duties through effective implementation of security controls.
IT Risks
The use of IT may also create additional internal control risks. The auditor must evaluate the
entity's use of IT to determine whether and to what extent the following risks exist:
Potential reliance on inaccurate systems.
Unauthorized access to data, which may result in loss of data and/or data inaccuracies.
Unauthorized changes to data, systems, or programs.
Failure to make required changes or updates to systems or programs.
Obtain sufficient understanding of the internal control relevant to the audit – involves
obtaining understanding of the design and operation of internal control relevant to the audit
The auditor should use the understanding of the five components of internal control sufficient
to evaluate the design and determine if the control has been implemented.
While the five components of internal control provide a useful framework for identifying and
evaluating controls, the auditor should be more concerned with whether and how a specific
control prevents, or detects and corrects, material misstatements, than with the classification
of controls into categories.
Internal control is relevant to the entire entity and each of the five components of internal
control may affect any of the three entity objectives, but not all of an entity's objectives and
related controls are relevant to the audit. Generally, those controls that pertain to financial
reporting objective are most relevant to the audit; it is primarily those controls that the
auditor must consider and understand. The auditor need not assess all controls related to
financial reporting, but rather applies professional judgment in determining which controls to
assess.
Evaluate the design of relevant control – involves determining whether the control,
individually or in combination with other controls, is capable of effectively preventing or
detecting and correcting material misstatements
Determine whether the control has been implemented – whether the control is placed
in operation; a control has been implemented if the control exists and is being used by the
entity
Perform preliminary assessment of control risk – the assessment of control risk is based on
understanding of internal control
Assess control risk at a high level:
(1) If internal control is poor or not effective, or
(2) If it is inefficient to rely on internal control (inefficient to perform tests of controls)
Note: Even if the internal control is effective, the auditor should assess control risk at a
high level if it is inefficient to obtain evidence to justify the assessment of control risk at
less than high level. The PSA requires the auditor to document the basis which is the
evidence to justify the assessment of control risk at less than high level.
Perform tests of controls – tests of controls are performed when the auditor plans to rely on
internal control; the auditor will only test those controls that he plans to rely upon (controls that
are likely to prevent or detect and correct material misstatement relevant to the financial
statements)
Tests of controls –
Tests performed to test the operating effectiveness (as to design and operation) of internal
controls that are likely to detect or prevent material misstatements in support of a reduced
assessed level of control risk. Thus, tests of controls are performed to substantiate the reduced
assessed level of control risk
Tests performed confirm that the controls tested are working effectively
Unlike substantive tests of details, tests of controls are not required audit procedure.
The greater the reliance the auditor plans to place on internal control, the more extensive the
tests of those controls that need to be performed.
Tests of controls generally consist of one (or combination of the following evidence gathering
techniques:
Inquiry
Observation
Inspection
Reperformance
Results of tests of controls does not confirm effectiveness of controls – the auditor should
revise the preliminary risk assessment of control risk from less than high to high level; the
auditor should also make the necessary revision on the overall audit strategy, audit plan and
preliminary audit program
Results of tests of controls confirm effectiveness of controls – the auditor may rely on entity’s
internal control and decrease substantive testing
Required Documentation:
The basis for that assessment – results of tests of controls confirming the assessment of
control risk at below high/maximum level
The auditor should communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance of an entity.
Governance refers to the role of persons entrusted with the supervision, control and direction of an
entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its
objectives, financial reporting, and reporting to interested parties.
Consideration of internal control in financial statement audit is not sufficient to express an opinion on an
entity’s controls because only those controls on which an auditor intends to rely are reviewed, tested, and
evaluated. Moreover, the auditor is not required to identify or search for internal control weaknesses.
Nature of Assertions:
Financial statements are not statements of facts. They are a collection of claims and assertions,
made implicitly or explicitly by the entity’s management, about the recognition, measurement,
presentation, and disclosure of information in the financial statements.
Levels of Assertions:
Financial statement level – entity’s management representation that the financial
statements as a whole are presented fairly, in all material respects, in accordance with the
applicable financial reporting framework
For example, management asserts the financial statements are free from material
misstatements.
Account balance or class of transactions level – entity’s management representation that
the underlying account balances and class of transactions, including related disclosures, are free
of material misstatements
For example, when considering the sales balance, management is asserting that sales
revenue is complete (completeness assertion), the transactions occurred (occurrence
assertion), and transactions have been appropriately recorded in the accounting records
(accuracy assertion).
Audit Objectives:
The auditor develops audit objectives that relate to management assertions about the financial
statement components. To achieve audit objectives, the auditor shall design audit procedures and
gather sufficient appropriate audit evidence whether the assertions are in accordance with the
applicable financial reporting framework.
Audit objectives are used to verify management assertions. Thus, there should be proper
matching of auditor’s objectives with management assertions.
AUDIT PROCEDURES
lOMoARcPSD|4363002
Based on audit objectives, the auditor should plan and perform audit procedures. Audit
procedures are the means for obtaining sufficient appropriate audit evidence to satisfy financial
statement assertions and to support audit opinion on the fairness of the financial statements. They
are the detailed instructions for the collection of a particular type of evidence that is to be obtained
during the audit. Since audit procedures are performed to verify management assertions, they
would differ depending on the particular assertion or account audited.
Risk assessment procedures – procedures to obtain an understanding of the entity and its
environment, including its internal control, in order to identify and assess the risks of material
misstatement (RMM)
Risk assessment procedures include:
Inquiry of management and other personnel
Analytical procedures (as a planning tool)
Observation and inspection
Risk assessment procedures alone do not provide audit evidence sufficient to support an
audit opinion. Risk assessment procedures must be supplemented by tests of controls,
when necessary, and substantive procedures.
Further audit procedures – The auditor shall design and perform audit procedures whose
nature, timing, and extent are based on and are responsive to the assessed RMM at the
assertion level.
Further audit procedures are actually audit procedures classified according to purpose
lOMoARcPSD|4363002
Audit Techniques:
lOMoARcPSD|4363002
The auditor applies audit techniques (methods) to gather corroborative evidence and uses his
professional judgment to determine which audit techniques would best result to the audit evidence
he needs.
AUDIT PROGRAM
An audit program is a detailed listing of the nature, timing and extent of planned audit
procedures (tests of controls and/or substantive tests) that the auditor will perform to gather
sufficient appropriate evidenced. It is a set of instructions to assistants involved in the audit and as
a means to control and record the proper execution of work.
AUDIT EVIDENCE
The auditor shall design and perform audit procedures that are appropriate in the
circumstances for the purpose of obtaining reasonable assurance or sufficient appropriate audit
evidence to reduce audit risk at acceptably low level thereby enable the auditor to draw reasonable
conclusions on which to base the auditor’s opinion.
Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating
audit evidence. The auditor shall conclude whether sufficient appropriate audit evidence has been
obtained based on his professional judgment.
Corroborating evidence – corroborating information that are used by the auditor to verify
the fairness of the accounting records
Documents (such as checks, bank statements, contracts and minutes of meetings)
Information/evidence from other sources such as:
Previous audits
Quality control procedures for client acceptance and continuance
Confirmations from third parties
Industry analysts’ reports
Comparable data about competitors
(benchmarking) Client written representation
Information obtained by he auditor from audit procedures such as inquiry, observation,
inspection and computation
Other information developed by, or available to, the auditor that permits the auditor to
reach conclusions through valid reasoning
representation
External or independent sources (outside the entity) – for example, confirmations
from third parties analysts’ reports, and comparable data about competitors
(benchmarking data)
Direct knowledge of the auditor
Audit evidence may also come from:
Information obtained from testing the accounting records (accounting records are
an important source of audit evidence) – for example, through analysis and review,
reperforming procedures followed in the financial reporting process, and reconciling
related types and application s of the same information
Non-financial original records
Audit evidence may include information prepared using the work of a management’s
expert.
In some cases the absence of information (for example, management's refusal to
provide a requested representation) is used by the auditor, and therefore, also
constitutes audit evidence.
Sufficiency – the measure of the quantity or amount of audit evidence that the auditor
shall accumulate
Sufficiency is determined based on the auditor’s professional judgment.
Audit evidence is sufficient if there is enough of it to afford a reasonable basis for an
audit opinion on the financial statements.
Factors affecting sufficiency of audit evidence:
Auditor’s judgment as to the quantity of audit evidence is influenced by:
Auditor’s assessment of the risks of misstatement – the higher the assessed risks,
the more audit evidence is likely to be required
For example, as risk of material misstatement increases in Accounts Receivable,
audit evidence required also increases.
Quality or competence of audit evidence – the higher the quality, the less may be
required. Obtaining more audit evidence, however, may not compensate for its poor
quality.
Materiality of item being examined – more material amounts, more evidence to
support its validity
Experience gained during previous audit may indicate the amount of evidence taken
before and whether such evidence was enough
Type of information available
Merely obtaining more audit evidence may not compensate for audit evidence of lower
quality. The auditor should exercise professional judgment and professional skepticism in
evaluating the sufficiency and appropriateness of audit evidence to support the audit
lOMoARcPSD|4363002
opinion.
Appropriateness – measures the quality of audit evidence, that is, its relevance and its
reliability in providing support for the conclusions on which the auditor's opinion is based
Relevance – deals with the logical connection with, or bearing upon, the purpose of
audit procedures and the assertion under consideration
Audit evidence is considered relevant if it pertains to the assertions being
evaluated or to the specific audit objective being tested. For example:
Obtaining audit evidence relating to the physical existence of inventory is not
relevant in obtaining audit evidence relating to the valuation of inventory.
Accounts receivable confirmations are relevant to the existence of receivables,
but not to their valuation (i.e., a customer can confirm that a receivable exists,
but this does not necessarily imply that the customer has the intent or the
ability to pay).
The relevance of information to be used as audit evidence may be affected by the
direction of testing.
A given set of audit procedures may provide audit evidence that is relevant to
certain assertions, but not to others.
Obtaining audit evidence regarding a particular assertion, for example, the
existence of inventory, is not a substitute for obtaining audit evidence regarding
another assertion.
Audit evidence from different sources or of a different nature may often be
relevant to the same assertion.
More assurance is ordinarily obtained from consistent audit evidence obtained from
different sources or of a different nature than from items of audit evidence
considered individually.
Persuasive Evidence:
Audit evidence is persuasive if it is sufficient both in quantity and quality to support audit
opinion. Thus, sufficiency and appropriateness of audit evidence are the determinants of
persuasiveness of audit evidence. The auditor may need to rely on audit evidence that is
persuasive rather than conclusive. However, to obtain reasonable assurance, the auditor must not
be satisfied with audit evidence that is less than persuasive.
Cost-benefit considerations:
The auditor should consider the relationship between the cost of obtaining audit evidence and
the usefulness of the information obtained.
The valid bases for omitting an audit test/procedure for which there is no alternative are:
Relative risk (or inherent risk) involved
Relationship between the cost of obtaining audit evidence and the usefulness of the
information obtained
Degree of reliance on the relevant internal controls (or Assessment of control risk at a low
level)
Difficulty and expense involved in testing a particular item is not a valid basis for an auditor of
deciding to omit an audit procedure.
When information to be used as audit evidence has been prepared using the work of a
management’s expert, the auditor shall, to the extent necessary, having regard to the significance
of that expert’s work for the auditor’s purposes:
Evaluate the competence, capabilities and objectivity of that expert
Competence – relates to the nature and level of expertise of the management’s expert
Capability – relates to the ability of the management’s expert to exercise that
competence in the circumstances
Objectivity – relates to the possible effects that bias, conflict of interest or the influence of
others may have on the professional or business judgment of the management expert
Sources of information regarding competence, capabilities and objectivity of a
management’s expert:
Personal experience with previous work of that
expert Discussions with that expert
lOMoARcPSD|4363002
Discussions with others who are familiar with that expert’s work
Knowledge of that expert’s qualifications, membership of a professional body or
industry association, license to practice, or other forms of external recognition
Published papers or books written by that expert
An auditor’s expert, if any, who assists the auditor regarding the information
produced by the management expert
Evaluate the appropriateness of that expert’s work as audit evidence for relevant
assertion
The auditor shall consider:
The relevance and reasonableness of that expert’s findings or conclusions, their
consistency with other audit evidence, and whether they have been appropriately
reflected in the financial statements;
If the expert’s work involves use of significant assumptions and methods, the relevance
and reasonableness of those assumptions and methods; and
If that expert’s work involves significant use of source data the relevance,
completeness, and accuracy of that source data
AUDIT SAMPLING
Definition of terms:
Sampling – testing of less than 100% of the items within a population to form a conclusion about
the population
Audit sampling – applying audit procedures to less than 100% of the items within an account
balance or class of transactions, such that all sampling units have a chance of selection, to form a
conclusion about the balance or class
lOMoARcPSD|4363002
Error – either control deviations, when performing tests of control, or misstatements, when
performing substantive procedures.
Total error – either the rate of deviation (in case of tests of control) or total misstatement (in case
of substantive procedures)
Anomalous error – means an error that arises from an isolated event that has not recurred other
than on specifically identifiable occasions and is therefore not representative of errors in the
population
Sampling risk – the possibility that the auditor’s conclusion, based on a sample may be different
from the conclusion reached if the entire population were subjected to the same audit procedure. Non-
sampling risk – arises from factors that cause the auditor to reach an erroneous conclusion for any
reason not related to the size of the sample. For example, most audit evidence is persuasive
rather than conclusive, the auditor might use inappropriate procedures, or the auditor
might misinterpret evidence and fail to recognize an error.
Population – the entire set of data from which a sample is selected and about which the auditor
wishes to draw conclusions. For example, all of the items in an account balance or a class of
transactions constitute a population. A population may be divided into strata, or sub-populations,
with each stratum being examined separately. The term population is used to include the term
stratum.
Confidence levels – the mathematical complements of sampling risks
Sampling unit – the individual items constituting a population, for example checks listed on deposit
slips, credit entries on bank statements, sales invoices or debtors’ balances, or a monetary unit
Stratification – the process of dividing a population into subpopulations, each of which is a group of
sampling units which have similar characteristics (often monetary value)
Tolerable error –
Tolerable error amount – in substantive procedures, it is the maximum total error in a
population that the auditor is willing to accept
Tolerable deviation rate – in tests of control, it is the maximum rate of deviation from the
prescribed control procedure the auditor is willing to accept without changing control risk
assessment or planned reliance on internal control.
Expected error –
Expected error amount – in substantive tests, it is the auditor's best estimate of the amount of
error the auditor expects to find in the population
Expected deviation rate – in tests of control, it is the auditor's best estimate of the rate of
deviation from a prescribed control procedure in the population
Whether audit sampling is a required: Audit sampling is not required part of any audit procedure
because when designing audit procedures, the auditor should determine appropriate means of selecting items
for testing as follows:
Selecting specific items from a population judgmentally based on such factors as knowledge of
the client’s business, preliminary assessments of inherent and control risks, and the characteristics
of the population being tested (subject to non-sampling risk)
Audit sampling: Sampling is essential throughout audits as auditors attempt to gather sufficient
appropriate evidence in a cost efficient manner.
Situations where sampling may not apply: Sampling concepts generally do not apply to:
Risk assessment procedures performed to obtain an understanding of internal control.
Tests of automated application controls when effective general controls are present.
(Generally, such controls would only be tested once or a few times.)
Analyses of security and access controls, or other controls that do not provide documentary
evidence of performance (e.g., controls related to segregation of duties).
Some tests related to the operation of the control environment or the accounting system
(e.g., examination of the effectiveness of activities performed by those charged with
governance).
Statistical sampling – any approach to sampling that has the following characteristics:
Random selection of a sample; and
Use of probability theory to evaluate sample results, including measurement of sampling risk
In statistical sampling, auditors specify the sampling risk they are willing to accept and then
calculate the sample size that provides that degree of reliability. Results are evaluated quantitatively.
Statistical sampling measures quantitatively the risk from testing only part of an audit population.
Nonstatistical sampling – the sample size is not determined mathematically. Auditors use their
judgment in determining sample size, and sample results are evaluated judgmentally. Conclusions
may be drawn in more precise ways when using statistical sampling methods.
It is acceptable for auditors to use either or combination of statistical and nonstatistical sampling.
Both sampling approaches involve judgment in planning, executing the sampling plan, and
evaluating the results of the sample.
Both sampling approaches can provide sufficient competent evidence.
Sampling methods are used by auditors in both control testing and substantive testing.
Basic distinction between statistical sampling and nonstatistical sampling: Statistical sampling is a
mathematical approach to inference, whereas nonstatistical sampling is a more subjective approach.
Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgment. The auditor must exercise professional judgment in both statistical and nonstatistical sampling to:
Define the population and the sampling unit;
Select the appropriate sampling method;
Evaluate the appropriateness of audit evidence;
Evaluate the nature of deviations or errors;
Consider sampling risk; and
Evaluate the results obtained from the sample and project those results to the population.
Types of sampling:
lOMoARcPSD|4363002
Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of
transactions and balances (usually, variables sampling). In both attributes sampling and variables sampling,
the plans may be either nonstatistical or statistical.
Attribute sampling – estimates the quality characteristic of a population; it estimates the rate of
deviation for internal controls that the auditor decides to rely upon
Applicability of attribute sampling: primarily used for test of controls because attribute sampling
deals with estimating deviation from internal control procedures
Sampling risk:
The possibility that the auditor’s conclusion, based on a sample may be different from the conclusion
reached if the entire population were subjected to the same audit procedure.
The risk that the sample is not representative of the population and that the auditor's conclusion will
be different from the conclusion had the auditor examined 100% of the population.
The possibility that even though a sample is properly chosen, it may not be representative of the
population.
Risk that affects audit effectiveness and may lead to an inappropriate audit
opinion (“Beta risk” or “Type II error”) – the risk the auditor will conclude that:
In the case of a test of control, that control risk is lower than it actually is, or
In the case of a substantive test, that a material error does not exist when in fact it does
Risk affects audit efficiency as it would usually lead to additional work to establish
that initial conclusions were incorrect (“Alpha risk” or “Type I error”) – the risk the
auditor will conclude that:
In the case of a test of control, that control risk is higher than it actually is, or
In the case of a substantive test, that a material error exists when in fact it does not
Sampling risk: aspects of audit risk that are due to sampling; the risk or the possibility that, when a
test of controls or a substantive test is restricted to a sample, the auditor's conclusions may be
different from the conclusions which would have been reached had the tests been applied to all items
in the account balance or class of transactions
Risk of incorrect acceptance – the risk that the recorded account balance (based on the
sample) is not materially misstated when in fact it is materially misstated (i.e., sample results
fail to identify an existing material misstatement).
This means that the auditor wrongly concludes material error in an account
balance does not exist when in fact it does.
Risk of incorrect rejection – the risk that the recorded account balance (based on the
sample) is materially misstated when in fact it is not materially misstated (i.e., sample results
mistakenly indicate a material misstatement).
This means that the auditor wrongly concludes that material error in an
account balance exists when in fact it does not.
Sampling risks in tests of controls: (Risk of assessing control risk to low and Risk of
assessing control risk to high)
a. Risk of assessing control risk too low – the risk that the assessed level of control risk
(based on the sample) is lower than the true level of control risk (i.e., sample results indicate
a lower deviation rate than actually exists in the population).
This means that the auditor wrongly concludes that the control risk is low or
that client’s internal control system can be relied upon.
lOMoARcPSD|4363002
Risk of assessing control risk too high – the risk that the assessed level of control risk
(based on the sample) is higher than the true level of control risk (i.e., sample results
indicate a greater deviation rate than actually exists in the population).
This means that the auditor wrongly concludes that the control risk is high or
that the client’s internal control system cannot be relied upon.
Nonsampling risk: all aspects of audit risk that are not due to sampling. Nonsampling risk is the
possibility that auditors will arrive at an erroneous conclusion not because of the chosen sample but
due to other factors.
Nonsampling risk is always present and cannot be measured.
Nonsampling risk can be controlled by adequate planning and supervision of audit work and
proper adherence to quality control standards.
Examples of nonsampling risk:
The auditor might use/select inappropriate procedures (audit procedures that are not
appropriate to achieve a specific objective)
The auditor might misinterpret evidence or the results of audit tests
and fail to recognize an error (for example, failure by the auditor to recognize misstatements
in documents examined)
Sampling risk and non-sampling risk can affect the components of audit risk. For
example, when performing tests of control, the auditor may find no errors in a sample and conclude
that control risk is low, when the rate of error in the population is, in fact, unacceptably high
(sampling risk). Or there may be errors in the sample which the auditor fails to recognize (non-
sampling risk).
Attribute sampling is a statistical sampling method used to estimate the rate (%) of
occurrence (exception) of a specific characteristic or attribute. Samples taken to test the operating
effectiveness of controls are intended to provide a basis for the auditor to conclude whether the
controls are being applied as prescribed. Attribute sampling generally deals with yes/no questions.
For example, "Are time cards properly authorized (i.e., to assure recorded hours were worked)?", or
"Are invoices properly voided (e.g., stamped "paid") to prevent duplicate payments?"
Discovery sampling – a special type of attribute sampling appropriate when the auditor
believes the population deviation rate is zero or near zero. It is used when the auditor is looking
for a very critical characteristic or deviations (e.g., fraud). The auditor predetermines the desired
reliability (confidence) level (e.g., 95%) and the maximum acceptable tolerable rate (e.g., 1%),
and a table is then used to determine sample size. If no deviations are found in the sample, the
auditor can be 95% certain that the rate of deviation in the population does not exceed 1%. If
deviations are found, a regular attribute sampling table may be used to estimate the deviation
rate in the population, and audit procedures may need to be expanded.
Classical variables sampling – a statistical sampling method used to estimate the numerical
measurement of a population, such as a peso value (e.g., accounts receivable balance). This
sampling method is used primarily in substantive testing. The objective of variables sampling is to
obtain evidence about the reasonableness of monetary amounts. The auditor estimates the true
value of the population by computing a point estimate of the population and computing a
precision interval around this point estimate. Classical variables sampling measures sampling risk
by using the variation of the underlying characteristic of interest.
Mean-per-unit estimation – a sampling plan that uses the average value of the items
in the sample to estimate the true population value (i.e., estimate = average sample
value x number of items in population). MPU does not require the book value of the
population to estimate true population value.
Ratio estimation – a sampling plan that uses the ratio of the audited (correct) values
of items to their book values to project the true population value. Ratio estimation is a
highly efficient technique when the calculated audit amounts are approximately
proportional to the client's book amounts.
Difference estimation – a sampling plan that uses the average difference between the
audited (correct) values of items and their book values to project the actual population
value. Difference estimation is used instead of ratio estimation when the differences are
not nearly proportional to book values.
Factors influencing determination of sample size for tests of control and substantive procedures:
When the deviation in the sample is at the expected deviation rate or less, the auditor can continue
using his planned assessment of control risk. If it happens to be greater than expected,
reassessment of risk is necessary. Usually, an increase in such should be made.
The stronger the internal control, the lower the control risk, the lower the tolerable deviation rate.
Principal sample selection methods: Appropriate sample selection methods could reduce sampling risk.
Systematic selection – the number of sampling units in the population is divided by the sample
size to give a sampling interval regardless of the amount involved (for example 50, and having
determined a starting point within the first 50, each 50th sampling unit thereafter is selected).
Haphazard selection – the auditor selects the sample without following a structured technique, but
the method is intended to avoid or predictability (for example avoiding difficult to locate items, or
always choosing or avoiding the first or last entries on a page) and thus attempt to ensure that all
items in the population have a chance of selection. Haphazard selection is not appropriate when
using statistical sampling.
Value-weighted selection – sets the high-value items as priority to be included in the sample
Block selection – involves selecting a block(s) of contiguous items from within the population.
Block selection cannot ordinarily be used in audit sampling because most populations are structured
such that items in a sequence can be expected to have similar characteristics to each other, but
different characteristics from items elsewhere in the population.
Stratification – grouping of items of similar size and each group is treated as a separate
population. For example, assume 1,000 items are stratified into two groups: the 100 largest items
will all be examined individually, but sampling techniques will be applied to the remaining 900 items.
In this case, the population size for the sampling application would be 900, not 1,000. Stratification is
used when there is a wide range (variability) in the monetary size of items in the population.
be sampled.
AUDIT DOCUMENTATION
The auditor should prepare, on a timely basis, audit documentation that provides:
A sufficient and appropriate record of the basis for the auditor’s report; and
Evidence that the audit was performed in accordance with PSAs and applicable legal and
regulatory requirements.
Audit documentation:
It refers to the documentation of audit evidences collected and evaluated by the auditor to support
the audit opinion.
The records kept by the auditor that documents:
The procedures applied
The tests performed
The information or evidenced obtained, and
The conclusions the auditor reached in the engagement
Also called “working papers” or “workpapers” or audit file
lOMoARcPSD|4363002
File documentation plays a critical role in the planning and performance of the audit. During an audit
engagement, data are compiled and included in the audit working papers. It provides the record that work
was in fact performed and it forms the basis for the auditor’s report. It will also be used for quality control
reviews, monitoring of adherence to the accounting firm’s standards, and possibly inspections by third
parties.
Primary
To support the auditor's conclusions/opinion/report on the financial statements (and not to
support the FS).
To provides a basis for determining the appropriate audit report.
To support the auditor's representation that an adequate audit was conducted in accordance with
PSA/GAAS
To provide evidence of the audit work performed
To assist the auditor in the planning, performance, review, supervision and coordination of the
engagement and in preparation of the audit report
To show that the accounting records agree or reconcile with the financial statements
Provide supervisory personnel the opportunity to assess the sufficiency of evidence obtained
during the audit
Other objectives:
To assist the auditor in planning future audits
To enable the audit team to be accountable for its work
To provide information useful in rendering other services (MAS or tax
consulting) To provide adequate defense in case of litigation
To enable an experienced auditor to conduct quality control reviews and inspections in
accordance with quality control standards
To enable an experienced auditor to conduct external inspections in accordance with applicable
legislation, regulations or other requirements
To comply with the quality control standards, firms should have policies and procedures that specifically
address engagement documentation. These documentation policies should be documented and
communicated to all staff.
Factors to consider by the auditor in deciding the form, content and extent of audit
documentation:
Nature of the audit procedures to be performed;
Risks of material misstatement;
Extent of judgment required in performing the work and evaluating the results;
The significance of the audit evidence obtained;
Nature and extent of exceptions identified;
The need to document a conclusion or the basis for a conclusion not readily determinable from the
documentation of the work performed or audit evidence obtained; and
Audit methodology and tools used
lOMoARcPSD|4363002
Current audit file – contains evidence gathered and conclusions reached relevant to the audit
of a particular year. It is designed to support management assertions. Includes all papers
accumulated during the current year’s audit:
Copy of the financial statements
Audit plan and audit programs
Working (top) trial balance – listing of unadjusted ending balances of accounts (contains
columns for adjusting and reclassifying entries)
Adjusting and reclassifying entries – adjustments are made to correct material errors
while reclassifications are made to properly present information in the financial
statements
Lead or top schedule (assembly sheet) – shows the major components of an amount
reported in the financial statements; this working paper show the grouping of related
accounts; it eliminates voluminous details from the auditor’s working trial balance by
classifying and summarizing similar or related items
Supporting schedules – schedules that support specific amounts on the financial
statements; usually the largest portion of the audit file
Audit memoranda – includes documentation on discussions of certain items such as
internal control, inventory observation, errors identified, and problems encountered
Account analysis – shows the activity during the period in a particular short-term account
Correspondence with other parties such as lawyers, customers, banks, and management
Audit notes – used to record items of work to be done and questions concerning the
audit investigation
Abstract or copies of minutes of board of directors’ meeting
Audit documentation or working papers are the property of the auditor/audit firm and the client
has no right to the working papers prepared by the auditor.
Confidentiality of working papers: Although working papers are the personal property of the
auditor, they can not be shown to third parties under the rule on confidentiality unless it falls
lOMoARcPSD|4363002
under the certain exceptions such as production of documents through subpoena issued by any
court, tribunal, or government regulatory or administrative body.
Although certain working papers may sometimes serve as a useful reference source for his client,
auditor’s working papers should not be regarded as part or substitute for the client's accounting
records.
The audit documentation for a specific audit engagement is assembled in an audit file.
The procedures being performed in completing the audit are necessary. These procedures are usually
performed by audit managers or other senior members of the audit team who have extensive audit
experience with the client because the procedures involve many subjective judgments by the auditor. These
procedures do not pertain to specific transaction cycles or accounts.
Auditor’s responsibility
Review related party transactions to ensure that they have been properly identified, recorded and
disclosed in the financial statements
Obtain a written representation from management concerning:
Completeness of information on identification of related parties; and
Adequacy of disclosure in the FS
The auditor needs to have the level of knowledge of the entity’s business and industry that will
enable identification of the events and transactions and practices that may have material effect on
the financial statements.
An audit cannot be expected to detect all related party transactions.
Reasons for the review: The auditor should modify the auditor’s report in case of:
Inability to obtain sufficient appropriate audit evidence concerning related parties and transactions
with such parties
Inadequate disclosure in the FS
Subsequent events refer to events occurring between period end (the date of the financial
statements or the balance sheet date) and the date of the auditor’s report that may affect the
financial statements and the auditor’s report.
These events are also called post-balance sheet events/transactions since they occur after or
subsequent to the balance sheet date.
Subsequent events may also refer to facts discovered after the date of the auditor’s report.
The period between the date of the financial statements and the date of the auditor's report is called
the subsequent period. During this period, the auditor has an active responsibility to investigate
certain subsequent events.
Those requiring adjustment – those that provide evidence of conditions that existed at the date
of the financial statements.
Examples:
Settlement of litigation in excess of amount recorded
Loss on uncollectible accounts resulting from of customer’s continued deteriorating financial
condition leading to bankruptcy
Those requiring disclosure – events that are indicative of conditions that arose after the date of
the financial statements.
Examples:
Issuance of bonds/stocks after the BS
date Major purchase of a business
Loss on inventory due to fire that occurred in the subsequent
period Loss of plant due to flood
Loss on uncollectible receivable because of a major catastrophe suffered by the customer after
the BS date
Subsequent events relevant to the auditor: limited to those subsequent events (both requiring
adjustment or disclosure) that occur subsequent to date of the FS and the date of the auditor’s report
The auditor should perform procedures designed to obtain sufficient appropriate audit evidence
that all events up to the date of the auditor’s report that may require adjustment of, or disclosure in,
the financial statements have been identified.
Inquiry:
Inquiring of management as to whether any subsequent events have occurred which
might affect the financial statements.
Inquiring of the entity’s legal counsel concerning litigation claims, and assessments
Reading minutes of the meetings (of shareholders, those charged with governance, audit
and executive committees) including those held after period end and inquiring about
matters discussed at meetings for which minutes are not yet available.
Reading the entity’s latest available interim financial statements as well as budgets and
cash flow forecasts and other related management reports; compare them with the
financial statements under audit.
Obtaining representation letter from management regarding whether any events occurred
during the subsequent period that require adjustments to or disclosure in the financial
statements.
To consider/evaluate the effect of subsequent events (whether such events are properly
accounted for and adequately disclosed) on the financial statements and on the auditor’s
report
When subsequent events that materially affect the financial statements are identified, the
auditor should consider whether such events are properly accounted for and adequately disclosed in
the financial statements.
Litigation and claims involving an entity may have a material effect on the financial statements and thus
may be required to be disclosed and/or provided for in the financial statements.
The auditor should carry out procedures to identify existence of any litigations and claims
involving the entity which may result in a material misstatement of the financial statements. Such
procedures would include the following:
Make appropriate inquiries of management including obtaining representations
Review minutes of those charged with governance and correspondence with the entity’s legal
counsel
Examine legal expense accounts, and
Use any information obtained regarding the entity’s business including information obtained
from discussions with any in-house legal department.
The auditor should seek direct communication with the entity’s lawyers when litigation or claims
have been identified or when the auditor believes they may exist. The letter would ordinarily specify
the following:
A list of litigation and claims;
Management’s assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved; and
lOMoARcPSD|4363002
A request that the entity’s legal counsel confirm the reasonableness of management’s
assessments and provide the auditor with further information if the list is considered by the
entity’s legal counsel to be incomplete or incorrect.
The letter, which should be prepared by management and sent by the auditor, should request
the lawyer to communicate directly with the auditor.
If management refuses to give the auditor permission to communicate with the entity’s legal
counsel, this would be a scope limitation and should ordinarily lead to a qualified opinion or a
disclaimer of opinion. Where the entity’s legal counsel refuses to respond in an appropriate manner
and the auditor is unable to obtain sufficient appropriate audit evidence by applying alternative audit
procedures, the auditor would consider whether there is a scope limitation which may lead to a
qualified opinion or a disclaimer of opinion.
Performing analytical procedures in the overall review at/near the end of the audit
Analytical procedures involve analysis of significant ratios and trends including the resultant
investigation of fluctuations and relationships that are inconsistent with other relevant information or
expectation:
Analytical procedures are required to be performed during the planning and overall review
stages.
Purpose of performing analytical procedures in the overall review stage of the audit: to
ensure that the auditor’s overall conclusion as to whether the financial statements as a whole are
consistent with the auditor’s understanding of the entity.
Auditor’s focus when performing analytical procedures in the overall review stage:
Identifying unusual fluctuations or transactions or unexpected account balances that were not
previously identified
Requires investigation, adequate explanation and appropriate corroborative evidence by
performing additional tests of details
Assessing the validity of the conclusions reached and evaluating the overall financial statements
presentation
Financial statements are ordinarily prepared based on going concern basis, contrary to the quitting
concern basis, in the absence of information to the contrary. This means that the assets and
liabilities are recorded on the basis that the entity will be able to realize its assets and discharge its
liabilities in the normal course of business.
Going concern assumption – an entity is ordinarily viewed as continuing in business for the
foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors pursuant to laws and regulations.
Management’s responsibility:
a. Management should assess the entity’s ability to continue as a going concern – making a
judgment about the future outcome of uncertain events or conditions (for a period of one year
from balance sheet date)
b. To disclosure (based on the result of assessment)
Auditor’s responsibility:
Overall evaluation of the appropriateness of management’s use of the going concern assumption
in the preparation of the financial statements
Identifying material uncertainties about the entity’s ability to continue as a going concern that
need to be disclosed in the financial statements
Whether such events or conditions are adequately disclosed in the financial statements
lOMoARcPSD|4363002
The auditor has no responsibility to predict future events or conditions that may cause an entity to
cease to continue as a going concern. Thus, auditors are not required to design audit procedures
solely to detect going concern problems.
Events or conditions that may give rise to business risks, that individually or collectively, may cast
doubt about the entity’s ability to continue as a going concern:
Factors that can mitigate the adverse effects of identified material going concern
uncertainty: The auditor should consider whether management has plans for and the ability to
implement alternative means of maintaining adequate cash flows to mitigate events and conditions that
may cast doubt about the entity’s ability to continue as a going concern.
Audit procedures to identify conditions and events that may cast doubt about an entity’s
ability to continue as a going concern:
Analytical procedures
Subsequent events review
Review of compliance with debt and loan
agreements Reading minutes of meetings
lOMoARcPSD|4363002
Auditor’s responsibility: The auditor should obtain appropriate written representations from
management.
Other purposes:
It confirms oral representations made by management during the audit
It reduces the possibility of misunderstanding between the auditor and the client concerning
the matters that are the subject of the representations
It documents management’s acceptance acknowledgment of its responsibility for fair
presentation of the financial statements
It may provide corroborative evidence when audit evidence may not be reasonably expected
to be available
For example: Audit evidence to corroborate management’s intention to hold a specific
investment for long-term appreciation or to discontinue a line of business
It complements, but do not replace or substitute, other audit procedures or other audit
evidence that the auditor could reasonably expect to be available
f. Schedules, analyses, and reports prepared by the entity, and management’s notations and
comments therein.
That management acknowledges its responsibility for the design and implementation of internal
control to prevent and detect error
That management believes the effects of those uncorrected financial statement misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole
(Entity Letterhead)
This representation letter is provided in connection with your audit of the financial statements of
ABC Company for the year ended December 31, 19X1 for the purpose of expressing an opinion as
to whether the financial statements present fairly, in all material respects, the financial position of
ABC Company as of December 31, 19X1 and of the results of its operations and its cash flows for
the year then ended in accordance with (indicate applicable financial reporting framework).
We acknowledge our responsibility for the fair presentation of the financial statements
in accordance with (indicate applicable financial reporting framework).
We confirm, to the best of our knowledge and belief, the following representations:
There have been no irregularities involving management or employees who have a significant
role in internal control or that could have a material effect on the financial statements.
We have made available to you all books of account and supporting documentation and all
minutes of meetings of shareholders and the board of directors (namely those held on March
15, 19X1 and September 30, 19X1, respectively).
We confirm the completeness of the information provided regarding the identification of related
parties.
If required, add “On behalf of the board of directors (or similar body).”
The Company has complied with all aspects of contractual agreements that could have a
material effect on the financial statements in the event of noncompliance.
There has been no noncompliance with requirements of regulatory authorities that could have a
material effect on the financial statements in the event of noncompliance.
The following have been properly recorded and, when appropriate, adequately disclosed in the
financial statements:
The identity of, and balances and transactions with, related parties.
Losses arising from sale and purchase commitments.
Agreements and options to buy back assets previously sold.
Assets pledged as collateral.
We have no plans or intentions that may materially alter the carrying value or classification of
assets and liabilities reflected in the financial statements.
We have no plans to abandon lines of product or other plans or intentions that will result in any
excess or obsolete inventory, and no inventory is stated at an amount in excess of net
realizable value.
The Company has satisfactory title to all assets and there are no liens or encumbrances on the
company’s assets, except for those that are disclosed in Note X to the financial statements.
We have recorded or disclosed, as appropriate, all liabilities, both actual and contingent, and
have disclosed in Note X to the financial statements all guarantees that we have given to third
parties.
Other than . . . described in Note X to the financial statements, there have been no events
subsequent to period end which require adjustment of or disclosure in the financial statements
or Notes thereto.
lOMoARcPSD|4363002
The . . . claim by XYZ Company has been settled for the total sum of XXX which has been
properly accrued in the financial statements. No other claims in connection with litigation have
been or are expected to be received.
There are no formal or informal compensating balance arrangements with any of our cash and
investment accounts. Except as disclosed in Note X to the financial statements, we have no
other line of credit arrangements.
We have properly recorded or disclosed in the financial statements the capital stock repurchase
options and agreements, and capital stock reserved for options, warrants, conversions and
other requirements.
Yours truly,
Legal representation letter – client’s letter of inquiry to lawyer who have been consulted by the
client concerning litigation, claims, or assessments to provide corroborative evidential matter; such
letter of inquiry should be mailed only by the auditor after preparation by the client and review by
the auditor
Application of materiality:
Representations may be limited to matters that are considered either individually or collectively
material to the financial statements
Materiality limits would not apply when obtaining written client representation on:
Fraud or irregularities involving management
Availability of minutes of meetings
Omitted audit procedures may be discovered (after the audit report has been submitted) during a
firm's internal inspection program or during peer review.
Auditor’s action:
The auditor should assess the importance of the omitted procedures to his ability to support
the audit opinion.
The auditor should determine whether other audit procedures that were applied tend to
compensate for the omitted audit procedures. If so, no further action is necessary.
If, on the other hand, the omitted audit procedures impair the auditor's ability to support the
previously issued opinion, and there are people relying (or likely to rely) on the report, then
the auditor should promptly undertake to apply the omitted procedures or the corresponding
alternative procedures.
If, after applying the omitted procedures, the auditor determines that the financial
statements are materially misstated and that the auditor's report is inappropriate, the auditor
should discuss the matter with the management and take steps to prevent future reliance on
the report.
Introduction
Auditor’s Opinions
Unmodified (unqualified) opinion—The opinion expressed when the FSs are prepared, in all
material respects, in accordance with the applicable FRF.
Modified opinion—The three types of are:
Qualified opinion – the auditor is satisfied that the FSs are presented fairly, except for a specific
aspect of them.
Adverse opinion – the auditor does not believe the FSs are fairly presented.
Disclaimer of opinion – the auditor does not know if the FSs are presented fairly.
The table below illustrates how the auditor’s judgment about the affects the type of opinion to be expressed.
Nature of Matter Giving Rise to the Material but Not Material and Pervasive
Modification Pervasive
FSs are materially misstated Qualified opinion Adverse opinion
Inability to obtain SAAE (Scope limitation):
Due to management imposed Qualified opinion Resign, if appropriate; or
limitation Disclaimer of opinion
Other limitations Qualified opinion Disclaimer of opinion
Pervasive effects or possible effects on the FSs are those that, in the auditor’s judgment:
Are not confined to specific elements, accounts or items of the FSs;
If so confined, represent or could represent a substantial proportion of the FSs; or
In relation to disclosures, are fundamental to users’ understanding of the FSs.
Auditor’s Reports
The auditor’s report shall be in writing (hard copy format or an electronic medium).
The following are the parts of a standard auditor’s report with unqualified opinion without emphasis of
matter paragraph and other matter paragraph:
Title
Addressee
Sub-title (if the report includes “Other Reporting Responsibilities” paragraph in (h))
Introductory Paragraph
Management’s Responsibility for the financial statements
Auditor’s Responsibility
Auditor’s Opinion
Other Reporting Responsibilities, if applicable
Signature of the Auditor
Date of the Auditor’s Report
Auditor’s Address
Title
The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor. For
example, “Independent Auditor’s Report,” affirms that the auditor has met all of the relevant ethical
requirements regarding independence and distinguishes the independent auditor’s report from reports
issued by others.
lOMoARcPSD|4363002
Addressee
The auditor’s report is normally addressed to those for whom the report is prepared, often either to the
shareholders and/or to TCWG of the entity.
Introductory Paragraph
This section describes the responsibilities of those in the organization responsible for the FSs and internal
control relevant to the preparation of FSs that are free from material misstatement, whether due to fraud
or error.
Auditor’s Responsibility
This section states that the responsibility of the auditor is to express an opinion on the FSs based on
the audit.
Auditor’s Opinion
This includes a section with the heading “Opinion.” Use the phrase: The financial statements present fairly,
in all material respects, in accordance with [the applicable financial reporting framework].
If the auditor addresses other reporting responsibilities (e.g., reportorial requirement of regulatory
authorities) in the auditor’s report on the FSs that are in addition to to report on the FSs, these shall be
addressed in a separate section in the auditor’s report that shall be sub-titled “Report on Other Legal
and Regulatory Requirements”.
The auditor’s report shall be signed. The auditor’s signature is either in the name of the audit firm,
the personal name of the auditor or both, as appropriate.
In the Philippines, Securities Regulation Code (SRC) Rule 68 requires that the auditor’s report on FSs filed
with the Securities and Exchange Commission (SEC), which will likewise be filed with the Bureau of Internal
Revenue (BIR), be manually signed. In case of an auditing firm, the certifying partner shall sign his/her own
signature and shall indicate that he/she is signing for the firm, the name of which is also indicated in the
report. The auditor is also required to state the signing accountant’s license number, Tax Identification No.
(TIN), Privilege Tax Receipt (PTR) No., registration number with the PRC/BOA, and accreditation issued by
the SEC.
The auditor’s report shall be dated no earlier than the date on which the auditor has obtained SAAE on
which to base the auditor’s opinion on the FSs, including evidence that:
All the statements that comprise the FSs, including the related notes, have been prepared; and
Those with the recognized authority have asserted that they have taken responsibility for those FSs.
The date of the auditor’s report informs the user of the auditor’s report that the auditor has considered the
effect of events and transactions of which the auditor became aware and that occurred up to that date.
lOMoARcPSD|4363002
In the Philippines, under SRC Rule 68, management is required to submit to the SEC, together with the FSs,
a ‘Statement of Management Responsibility’ that indicates, that the company’s Board of Directors reviewed
and approved the FSs before such statements are submitted to the stockholders of the company.
A paragraph included in the auditor’s report that refers to a matter appropriately presented or disclosed in
the FSs, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of
the FSs. The auditor can include emphasis of matter paragraph provided the auditor has obtained SAAE that
the matter is not materially misstated in the FSs. The inclusion of this paragraph in the auditor’s report does
not affect the auditor’s opinion.
When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
Include it immediately after the Opinion paragraph;
Use the heading “Emphasis of Matter,” or other appropriate heading;
Include in the paragraph a clear reference to the matter being emphasized and to where
relevant disclosures that fully describe the matter can be found in the FSs; and
Indicate that the auditor’s opinion is not modified in respect of the matter emphasized
A paragraph included in the auditor’s report that refers to a matter other than those presented or disclosed
in the FSs that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s
responsibilities or the auditor’s report.
The auditor shall include this paragraph immediately after the Opinion paragraph and any Emphasis of
Matter paragraph, or elsewhere in the auditor’s report if the content of the Other Matter paragraph is
relevant to the Other Reporting Responsibilities section.
Opinion Paragraph
The auditor shall use the heading “Qualified Opinion,” “Adverse Opinion,” or “Disclaimer of Opinion,”
as appropriate, for the opinion paragraph.
We have audited [if disclaimer of opinion, We were engaged to audit] the accompanying financial
statements of [Name of Client], which comprise the statements of financial position as at [Reporting Date],
2012 and 2011, and the statements of [comprehensive income, income, operations, or other appropriate
title used in the financial statements], statements of changes in equity and statements of cash flows for the
years then ended, and a summary of significant accounting policies and other explanatory information.
Management is responsible for the preparation and fair presentation of these financial statements in
accordance with [Applicable Financial Reporting Framework], and for such internal control as
management determines is necessary to enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditors’ Responsibility
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted
our audits in accordance with Philippine Standards on Auditing. Those standards require that we comply with
ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the
financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend on the auditors’ judgment, including the assessment
of the risks of material misstatement of the financial statements, whether due to fraud or error. In making
those risk assessments, the auditors consider internal control relevant to the entity’s preparation and fair
presentation of the financial statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as evaluating the overall
presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for
our [qualified or adverse, as appropriate] audit opinion.
Our responsibility is to express an opinion on these financial statements based on conducting the audit in
accordance with Philippine Standards on Auditing. Because of the matter described in the Basis for
Disclaimer of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence
to provide a basis for an audit opinion.
In our opinion, the financial statements present fairly, in all material respects, the financial position of
[Name of Client] as at [Reporting Date], 2012 and 2011, and its financial performance and its cash flows for
the years then ended in accordance with [Applicable financial reporting framework].
The Company’s inventories are recognized in the statement of financial position at P16 million Based on the
audit evidence obtained, we believe that an adjustment to inventories of P5 million is required to recognize
slow moving items at their net realized value. The tax effect of this adjustment is P1.5 million. Accordingly,
we believe that shareholders’ equity and profit for the year are overstated by P3.5 million respectively.]
Qualified Opinion
In our opinion, except for the effects of the matters descried in the basis for qualified opinion paragraph, the
financial statements present fairly, in all material respects, the financial position of [Name of Client] as of
[Reporting Date], 2012 and 2011, and its financial performance and its cash flows for the years ended in
accordance with Philippine Financial Reporting Standards.
lOMoARcPSD|4363002
As discussed in Note X to the financial statements, the Company’s financing arrangements expired and the
amount outstanding was payable on December 31, 20XI. The company has been unable to re-negotiate or
obtain replacement financing and is considering filling for bankruptcy. Based on the audit evidence obtained,
we believe that the company will not be able to meet its obligations in the ordinary course of business.
Accordingly, we do not agree with management’s preparation and presentation of financial statements on a
going concern basis. Had the financial statements been prepared on a liquidation basis of accounting, we
believe that it would have had a significant negative effect on the company’s financial position and financial
performance.
Adverse Opinion
Adverse Opinion
In our opinion, because of the significance of the matter discussed in the basis for adverse opinion
paragraph, the financial statements do not present fairly, in all material respects the financial position [Name
of Client] as of [Reporting Date], 2012 and 2011, and of its financial performance and its cash flows for the
years then ended in accordance with Philippine Financial Reporting Standards.
The company’s investment in its joint venture XYZ (Country X) Company is carried at xxx on the company’s
statement of financial position, which represents over 90% of the company’s net assets as at December 31,
2012. We were not allowed access to the management and the auditors of XYZ, including XYZ’s auditors’
audit documentation. As a result, we were unable to determine whether any adjustments were necessary in
respect of the company’s proportional share of XYZ’s assets that it controls jointly, its proportional share of
XYZ’s liabilities for which it is jointly responsible, its proportional share of XYZ’s income and expenses for
the year, and the elements making up the statement of changes in equity and statement of cash flow.
Disclaimer of Opinion
Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we
have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.
Accordingly, we do not express an opinion on the financial statements.
Emphasis of Matter
We draw attention to Note X to the financial statements, which appropriately describe the significant
uncertainty related to the outcome of a lawsuit in which the company is the defendant. The lawsuit alleges
infringement of certain patent right and claims royalties and punitive damages in the amount of P10 million
to the outcome of the lawsuit, the company believes that it will be able to successfully defend its case and,
accordingly, no provision for any liability that may result has been recognized in the financial statements. Our
opinion is not qualified in respect of this matter.
By:
[NAME OF PARTNER]
Partner
CPA License No.
SEC A.N.
TIN
lOMoARcPSD|4363002
BIR AN.
PTR No., Issued on [Date, Place of Issue]
Makati City, Philippines
[Date of Auditors’ Report]
Supplementary information – information that is presented together with the FSs that is not required by
the applicable FRF used to prepare the FSs, normally presented in either supplementary schedules or as
additional notes.
The auditor shall evaluate whether such supplementary information is clearly differentiated from the audited
FSs. If such supplementary information is not clearly differentiated, the auditor shall ask management to
change how the unaudited supplementary information is presented. If management refuses to do so, the
auditor shall explain in the auditor’s report that such supplementary information has not been audited. The
fact that supplementary information is unaudited does not relieve the auditor of the responsibility to read
that information to identify material inconsistencies with the audited financial statements.
Comparative Information
The two broad approaches to the auditor’s reporting responsibilities in respect of comparative
information are:
Corresponding figures –comparative information where amounts and other disclosures for the prior
period are included as an integral part of the current period FSs, and are intended to be read only in
relation to the amounts and other disclosures relating to the current period (referred to as “current
period figures”). The level of detail presented in the corresponding amounts and disclosures is dictated
primarily by its relevance to the current period figures; and
Comparative FSs –comparative information where amounts and other disclosures for the prior period
are included for comparison with the FSs of the current period but, if audited, are referred to in the
auditor’s opinion. The level of information included in those comparative FSs is comparable with that of
the FSs of the current period.
Audit Procedures
If the auditor becomes aware of a possible material misstatement in the comparative information while
performing the current period audit, the auditor shall perform such additional audit procedures necessary to
obtain SAAE, including requesting written representations for all periods referred to in the auditor’s opinion.
Audit Reporting
Corresponding figures
The auditor’s opinion shall not refer to the corresponding figures because the auditor’s opinion is on
the current period FSs includes corresponding figures, except:
Modification in auditor’s report on the prior period remain unresolved
Misstatement in prior period FSs
Prior period FSs not audited
Prior period FSs audited by a predecessor auditor
The auditor shall modify the auditor’s opinion on the current period’s FSs.
If the auditor obtains audit evidence that a material misstatement exists in the prior period FSs on which
an unmodified opinion has been previously issued, and the corresponding figures have not been properly
restated, the auditor shall express a qualified opinion or an adverse opinion in the auditor’s report on the
current period FSs.
When the prior period FSs that are misstated have not been amended and an auditor’s report has not been
reissued, but the corresponding figures have been properly restated or appropriate disclosures have been
made in the current period FSs, the auditor’s report may include an Emphasis of Matter paragraph.
The auditor shall state in an Other Matter paragraph in the auditor’s report that the corresponding figures
are unaudited.
The auditor shall state (if nor prohibited by law to do so) in an Other Matter paragraph in the auditor’s report:
That the FSs of the prior period were audited by the predecessor auditor;
The type of opinion expressed and, if the opinion was modified, the reasons therefore; and
The date of that report.
The auditor’s opinion shall refer to each period for which FSs are presented on which an audit opinion
is expressed.
The opinion expressed on the prior period FSs may be different from the opinion previously expressed if the
auditor becomes aware of circumstances or events that materially affect the FSs of a prior period during
the course of the audit of the current period. The auditor shall disclose the substantive reasons for the
different opinion in an Other Matter paragraph.
In addition to expressing an opinion on the current period’s FSs, the auditor shall state in an Other
Matter paragraph:
that the FSs of the prior period were audited by a predecessor auditor;
the type of opinion expressed and, if the opinion was modified, the reasons therefore; and
the date of that report,
unless the predecessor auditor’s report on the prior period’s FSs is reissued with the FSs.
If the prior period FSs were not audited, the auditor shall state in an Other Matter paragraph that the
comparative FSs are unaudited.
Other information refers to financial and non-financial information (other than the FSs and the auditor’s
report thereon) which is included, either by law, regulation or custom, in a document containing audited
FSs and the auditor’s report thereon. Other information may comprise, for example:
A report by management or TCWG on operations.
Financial summaries or highlights.
Employment data.
Planned capital expenditures.
Financial ratios.
Names of officers and directors.
Selected quarterly data.
“Documents containing audited FSs” refers to annual reports (or similar documents), that are issued to
owners (or similar stakeholders), containing audited FSs and the auditor’s report, as well as other
documents containing audited FSs, such as those used in securities offerings.
lOMoARcPSD|4363002
The auditor’s opinion does not cover other information and the auditor has no specific responsibility
for determining whether or not other information is properly stated. However, the auditor reads the
other information because the credibility of the audited FSs and the auditor’s report may be
undermined by material inconsistencies between the audited FSs and other information.
Material Inconsistencies
If, on reading the other information, the auditor identifies a material inconsistency, the auditor
shall determine whether the audited FSs or the other information needs to be revised.
Material Inconsistencies Identified in Other Information Obtained Prior to the Date of the Auditor’s Report
If revision of the audited FSs is necessary and management refuses to make the revision, the auditor
shall modify the opinion in the auditor’s report.
If revision of the other information is necessary and management refuses to make the revision, the
auditor shall communicate this matter to TCWG; and
Include in the auditor’s report an Other Matter paragraph describing the material inconsistency.
Withhold the auditor’s report.
Withdraw from the engagement, if possible.
Seek advice from the auditor’s legal counsel.
Material Inconsistencies Identified in Other Information Obtained Subsequent to the Date of the
Auditor’s Report
If revision of the audited FSs is necessary, the auditor shall follow the relevant requirements in
“Subsequent Events”.
If revision of the other information is necessary and management agrees to make the revision, the auditor
shall carry out the procedures necessary under the circumstances, which may include reviewing the steps
taken by management to ensure that individuals in receipt of the previously issued FSs, the auditor’s
report thereon, and the other information are informed of the revision.
If revision of the other information is necessary, but management refuses to make the revision, the auditor
shall notify TCWG of the auditor’s concern regarding the other information and take any further
appropriate action, which may include obtaining advice from the auditor’s legal counsel.
If, on reading the other information for the purpose of identifying material inconsistencies, the auditor
becomes aware of an apparent material misstatement of fact, the auditor shall discuss the matter with
management. Misstatement of fact occurs when other information that is unrelated to matters appearing
in the audited FSs that is incorrectly stated or presented. A material misstatement of fact may undermine
the credibility of the document containing audited FSs.
If the auditor concludes that there is a material misstatement of fact in the other information which
management refuses to correct, the auditor shall notify TCWG of the auditor’s concern and take any
further appropriate action, which may include obtaining advice from the auditor’s legal counsel.
Introduction
Special purpose FSs are FSs prepared in accordance with a special purpose framework designed to meet
the financial information needs of specific users.
The financial reporting framework (FRF) must be acceptable. The financial information needs of the intended
users are a key factor in determining the acceptability of the FRF and is a matter of professional judgment.
lOMoARcPSD|4363002
The auditor shall comply with (a) relevant ethical requirements, including independence and (b) all
PSAs relevant to the audit.
The auditor’s report shall include an Emphasis of Matter paragraph alerting users of the auditor’s report that
the FSs are prepared in accordance with a special purpose framework and that, as a result, the FSs may not
be suitable for another purpose. In addition to the above, the auditor may consider it appropriate to indicate
that the auditor’s report is intended solely for the specific users.
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the balance
sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow
statement for the year then ended, and a summary of significant accounting policies and other explanatory
information. The financial statements have been prepared by management of ABC Company based on the
financial reporting provisions of Section Z of the contract dated January 1, 20X1 between ABC Company and
DEF Company (“the contract”).
Management is responsible for the preparation of these financial statements in accordance with the
financial reporting provisions of Section Z of the contract; this includes the design, implementation and
maintenance of internal control relevant to the preparation of financial statements that are free from
material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted
our audit in accordance with Philippine Standards on Auditing. Those standards require that we comply
with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether
the financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of
the risks of material misstatement of the financial statements, whether due to fraud or error. In making those
risk assessments, the auditor considers internal control relevant to the entity’s preparation of the financial
statements in order to design audit procedures that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates
made by management, as well as evaluating the overall presentation of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for
our audit opinion.
Opinion
In our opinion, the financial statements of ABC Company for the year ended December 31, 20X1 are
prepared, in all material respects, in accordance with the financial reporting provisions of Section Z of
the contract.
Without modifying our opinion, we draw attention to Note X to the financial statements, which describes
the basis of accounting. The financial statements are prepared to assist ABC Company to comply with the
financial reporting provisions of the contract referred to above. As a result, the financial statements may
not be suitable for another purpose. Our report is intended solely for ABC Company and DEF Company and
should not be distributed to or used by parties other than ABC Company or DEF Company.
lOMoARcPSD|4363002
[Auditor’s signature]
[Auditor’s address]
Introduction
The auditor shall comply with relevant ethical requirements, including independence and all PSAs relevant
to the audit.
If the auditor is not also engaged to audit the entity’s complete set of financial statements, the auditor
shall determine whether the audit of a single financial statement or of a specific element of those financial
statements in accordance with PSAs is practicable.
Form of opinion
The auditor’s decision as to the expected form of opinion is a matter of professional judgment. It may be
affected by whether use of the phrase “presents fairly, in all material respects” in the auditor’s opinion on a
single financial statement or on a specific element of a financial statement prepared in accordance with a
fair presentation framework is generally accepted in the particular jurisdiction.
If the auditor undertakes an engagement to report on a single financial statement or on a specific element
of a financial statement in conjunction with an engagement to audit the entity’s complete set of financial
statements, the auditor shall express a separate opinion for each engagement.
If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the
entity’s complete set of financial statements as a whole, PSA 705 does not permit the auditor to include in
the same auditor’s report an unmodified opinion on a single financial statement that forms part of those
financial statements or on a specific element that forms part of those financial statements. This is because
such an unmodified opinion would contradict the adverse opinion or disclaimer of opinion on the entity’s
complete set of financial statements as a whole.
If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the
entity’s complete set of financial statements as a whole but, in the context of a separate audit of a specific
element that is included in those financial statements, the auditor nevertheless considers it appropriate to
express an unmodified opinion on that element, the auditor shall only do so if:
The auditor is not prohibited by law or regulation from doing so;
That opinion is expressed in an auditor’s report that is not published together with the auditor’s
report containing the adverse opinion or disclaimer of opinion; and
The specific element does not constitute a major portion of the entity’s complete set of
financial statements.
[Appropriate Addressee]
We have audited the accompanying balance sheet of ABC Company as at December 31, 20X1 and a summary of
significant accounting policies and other explanatory information (together “the financial statement”).
lOMoARcPSD|4363002
Management is responsible for the preparation and fair presentation of this financial statement in accordance with
those requirements of the Financial Reporting Framework in Jurisdiction X relevant to preparing such a financial
statement, and for such internal control as management determines is necessary to enable the preparation of the
financial statement that is free from material misstatement, whether due to fraud or error.
Auditor’s Responsibility
Our responsibility is to express an opinion on the financial statement based on our audit. We conducted
our audit in accordance with Philippine Standards on Auditing. Those standards require that we comply
with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether
the financial statement is free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statement. The procedures selected depend on the auditor’s judgment, including the assessment of
the risks of material misstatement of the financial statement, whether due to fraud or error. In making
those risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair
presentation of the financial statement in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates, if any, made by management, as well as evaluating the overall
presentation of the financial statement.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our
audit opinion.
Opinion
In our opinion, the financial statement presents fairly, in all material respects, the financial position of
ABC Company as at December 31, 20X1 in accordance with those requirements of the Financial Reporting
Framework in Jurisdiction X relevant to preparing such a financial statement.
[Auditor’s signature]
[Auditor’s address]
Introduction
Summary FSs refer to historical financial information that is derived from FSs but that contains less detail
than the FSs, while still providing a structured representation consistent with that provided by the FSs of
the entity’s economic resources or obligations at a point in time or the changes therein for a period of time.
Engagement Acceptance
The auditor shall accept an engagement to report on summary FSs only when the auditor has been engaged
to conduct an audit of the FSs from which the summary FSs are derived.
Form of Opinion
When the auditor has concluded that an unmodified opinion on the summary FSs is appropriate, the
auditor’s opinion shall use one of the following phrases:
The summary FSs are consistent, in all material respects, with the audited FSs, in accordance with
[the applied criteria]; or
The summary FSs are a fair summary of the audited FSs, in accordance with [the applied criteria].
When the auditor’s report on the audited FSs contains a qualified opinion, an Emphasis of Matter paragraph,
or an Other Matter paragraph, but the auditor is satisfied that the summary FSs are consistent, in all
material respects, with or are a fair summary of the audited FSs, in accordance with the applied criteria, the
auditor’s report on the summary FSs shall:
lOMoARcPSD|4363002
State that the auditor’s report on the audited FSs contains a qualified opinion, an Emphasis of
Matter paragraph, or an Other Matter paragraph; and
Describe:
The basis for the qualified opinion on the audited FSs, and that qualified opinion; or the Emphasis of
Matter or the Other Matter paragraph in the auditor’s report on the audited FSs; and
The effect thereof on the summary FSs, if any.
When the auditor’s report on the audited FSs contains an adverse opinion or a disclaimer of opinion,
the auditor’s report on the summary FSs shall
State that the auditor’s report on the audited FSs contains an adverse opinion or disclaimer of opinion;
Describe the basis for that adverse opinion or disclaimer of opinion; and
State that, as a result of the adverse opinion or disclaimer of opinion, it is inappropriate to express
an opinion on the summary FSs.
If the summary FSs are not consistent, in all material respects, with or are not a fair summary of the
audited FSs, the auditor shall express an adverse opinion on the summary FSs.
When distribution or use of the auditor’s report on the audited FSs is restricted, or the auditor’s report on
the audited FSs alerts readers that the audited financial statements are prepared in accordance with a
special purpose framework, the auditor shall include a similar restriction or alert in the auditor’s report on
the summary FSs.
[Appropriate Addressee]
The accompanying summary financial statements, which comprise the summary balance sheet as at
December 31, 20X1, the summary income statement, summary statement of changes in equity and summary
cash flow statement for the year then ended, and related notes, are derived from the audited financial
statements of ABC Company for the year ended December 31, 20X1. We expressed an unmodified audit
opinion on those financial statements in our report dated February 15, 20X2. Those financial statements, and
the summary financial statements, do not reflect the effects of events that occurred subsequent to the date
of our report on those financial statements.
The summary financial statements do not contain all the disclosures required by [describe financial
reporting framework applied in the preparation of the audited financial statements of ABC Company].
Reading the summary financial statements, therefore, is not a substitute for reading the audited financial
statements of ABC Company.
Management is responsible for the preparation of a summary of the audited financial statements
in accordance with [describe established criteria].
Auditor’s Responsibility
Our responsibility is to express an opinion on the summary financial statements based on our
procedures, which were conducted in accordance with Philippine Standard on Auditing (PSA) 810,
“Engagements to Report on Summary Financial Statements.”
Opinion
In our opinion, the summary financial statements derived from the audited financial statements of
ABC Company for the year ended December 31, 20X1 are consistent, in all material respects, with (or
a fair summary of) those financial statements, in accordance with [describe established criteria].
[Auditor’s signature]
lOMoARcPSD|4363002
[Auditor’s address]
Review Engagements
The objective of a review of FSs is to enable a practitioner to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the practitioner’s
attention that causes the practitioner to believe that the FSs are not prepared, in all material respects, in
accordance with the applicable financial reporting framework (negative assurance).
The practitioner should comply with the Code of Ethics general principles, such as:
Independence;
Integrity;
Objectivity;
Professional competence and due care;
Confidentiality;
Professional behavior; and
Technical standards.
The practitioner should plan and perform the review with an attitude of professional skepticism.
Terms of engagement
The practitioner and the client should agree on the terms of the engagement.
Planning
The practitioner should plan the work so that an effective engagement will be performed. In planning a
review of financial statements, the practitioner should obtain or update the knowledge of the business.
Documentation
The practitioner should document matters which are important in providing evidence to support the review
report, and evidence.
The practitioner should apply judgment in determining the specific nature, timing and extent of review
procedures, which are primarily through inquiry and analytical procedures to obtain sufficient appropriate
evidence and to be able to draw conclusions.
The practitioner should apply the same materiality considerations as would be applied if an audit opinion on
the FSs were being given.
The practitioner should inquire about events subsequent to the date of the FSs that may require adjustment
of or disclosure in the FSs. The practitioner does not have any responsibility to perform procedures to identify
events occurring after the date of the review report.
If the practitioner has reason to believe that the information subject to review may be materially misstated,
the practitioner should carry out additional or more extensive procedures as are necessary to be able to
express negative assurance or to confirm that a modified report is required.
The review report should contain a clear written expression of negative assurance.
The report on a review of FSs should contain the following basic elements, ordinarily in the following layout:
a) Title;
lOMoARcPSD|4363002
Addressee;
Opening or introductory paragraph i
Scope paragraph
Statement of negative assurance;
Date of the report;
Practitioner’s address; and
Practitioner’s signature.
The practitioner should date the review report as of the date the review is completed.
We have reviewed the accompanying financial statements of ABC Company, which comprise the statement
of financial position as at December 31, 19XX, and the statement of comprehensive income, statement of
changes in equity and statement of cash flows for the year then ended. These financial statements are the
responsibility of the Company’s management. Our responsibility is to issue a report on these financial
statements based on our review.
We conducted our review in accordance with the Philippine Standard on Review Engagements 2400. This
Standard requires that we plan and perform the review to obtain moderate assurance as to whether the
financial statements are free of material misstatement. A review is limited primarily to inquiries of company
personnel and analytical procedures applied to financial data and thus provides less assurance than an
audit. We have not performed an audit and, accordingly, we do not express an audit opinion.
Based on our review, nothing has come to our attention that causes us to believe that the accompanying
financial statements are not presented fairly, in all material respects, in accordance with Philippine Financial
Reporting Standards (or Philippine Financial Reporting Standard for Small and Medium-sized Entities).
PRACTITIONER
Date
Address
Introduction
“Prospective financial information” means financial information based on assumptions about events that may
occur in the future and possible actions by an entity. It is highly subjective in nature and its preparation
requires the exercise of considerable judgment. Prospective financial information can be in the form of:
a forecast,
a projection or
a combination of both, for example, a one year forecast plus a five year projection.
A “forecast” means prospective financial information prepared on the basis of assumptions as to future
events which management expects to take place and the actions management expects to take as of the date
the information is prepared (best-estimate assumptions).
Hypothetical assumptions about future events and management actions which are not necessarily
expected to take place, such as when some entities are in a start-up phase or are considering a major
change in the nature of operations; or
A mixture of best-estimate and hypothetical assumptions.
Such information illustrates the possible consequences as of the date the information is prepared if the
events and actions were to occur (a “what-if” scenario).
Management is responsible for the preparation and presentation of the prospective financial information,
including the identification and disclosure of the assumptions on which it is based. The auditor may be asked
to examine and report on the prospective financial information to enhance its credibility whether it is
intended for use by third parties or for internal purposes.
When reporting on the reasonableness of management’s assumptions the auditor provides only a moderate
level of assurance. However, when in the auditor’s judgment an appropriate level of satisfaction has been
obtained, the auditor is not precluded from expressing positive assurance regarding the assumptions.
Acceptance of Engagement
Before accepting an engagement to examine prospective financial information, the auditor would consider,
amongst other things:
The intended use of the information;
Whether the information will be for general or limited distribution;
The nature of the assumptions, that is, whether they are best-estimate or hypothetical
assumptions; The elements to be included in the information; and
The period covered by the information.
The auditor should not accept, or should withdraw from, an engagement when the assumptions are clearly
unrealistic or when the auditor believes that the prospective financial information will be inappropriate for its
intended use.
The auditor and the client should agree on the terms of the engagement.
The auditor should obtain a sufficient level of knowledge of the business to be able to evaluate whether all
significant assumptions required for the preparation of the prospective financial information have been
identified.
Period Covered
The auditor should consider the period of time covered by the prospective financial information. Since
assumptions become more speculative as the length of the period covered increases, as that period
lengthens, the ability of management to make best-estimate assumptions decreases.
Examination Procedures
When determining the nature, timing and extent of examination procedures, the auditor’s considerations
should include:
The likelihood of material misstatement;
The knowledge obtained during any previous engagements;
Management’s competence regarding the preparation of prospective financial information;
The extent to which the prospective financial information is affected by the management’s judgment; and
The adequacy and reliability of the underlying data.
When the auditor believes that the presentation and disclosure of the prospective financial information is not
adequate, the auditor should express a qualified or adverse opinion in the report on the prospective financial
information, or withdraw from the engagement as appropriate. An example would be where financial
information fails to disclose adequately the consequences of any assumptions which are highly sensitive.
When the examination is affected by conditions that preclude application of one or more procedures
considered necessary in the circumstances, the auditor should either withdraw from the engagement or
disclaim the opinion and describe the scope limitation in the report on the prospective financial information.
lOMoARcPSD|4363002
We have examined the forecast in accordance with Philippine Standard on Assurance Engagements.
Management is responsible for the forecast including the assumptions set out in Note X on which it is based.
Based on our examination of the evidence supporting the assumptions, nothing has come to our attention
which causes us to believe that these assumptions do not provide a reasonable basis for the forecast.
Further, in our opinion the forecast is properly prepared on the basis of the assumptions and is presented in
accordance with Philippine Financial Reporting Standards.
Actual results are likely to be different from the forecast since anticipated events frequently do not occur as
expected and the variation may be material.
This projection has been prepared for (describe purpose). As the entity is in a start-up phase the projection
has been prepared using a set of assumptions that include hypothetical assumptions about future events and
management’s actions that are not necessarily expected to occur. Consequently, readers are cautioned that
this projection may not be appropriate for purposes other than that described above.
Based on our examination of the evidence supporting the assumptions, nothing has come to our attention
which causes us to believe that these assumptions do not provide a reasonable basis for the projection,
assuming that (state or refer to the hypothetical assumptions). Further, in our opinion the projection is
properly prepared on the basis of the assumptions and is presented in accordance with Philippine Financial
Reporting Standards.
Even if the events anticipated under the hypothetical assumptions described above occur, actual results are
still likely to be different from the projection since other anticipated events frequently do not occur as
expected and the variation may be material.
lOMoARcPSD|4363002
Introduction
The objective of an agreed-upon procedures engagement is for the auditor to carry out procedures of an
audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report
on factual findings.
An engagement to perform agreed-upon procedures may involve the auditor in performing certain
procedures concerning individual items of financial data (for example, accounts payable, accounts receivable,
purchases from related parties and sales and profits of a segment of an entity), a financial statement (for
example, a balance sheet) or even a complete set of financial statements.
As the auditor simply provides a report of the factual findings of agreed-upon procedures, no assurance is
expressed. Instead, users of the report assess for themselves the procedures and findings reported by the
auditor and draw their own conclusions from the auditor’s work.
The report is restricted to those parties that have agreed to the procedures to be performed since others,
unaware of the reasons for the procedures, may misinterpret the results.
The auditor should comply with the Code of Ethics general principles, such as:
Integrity;
Objectivity;
Professional competence and due care;
Confidentiality;
Professional behavior; and
Technical standards.
The auditor should conduct an agreed-upon procedures engagement in accordance with this PSRS and the
terms of the engagement.
Matters that would be included in the engagement letter include the following:
A listing of the procedures to be performed as agreed upon between the parties.
A statement that the distribution of the report of factual findings would be restricted to the specified
parties who have agreed to the procedures to be performed.
Planning
The auditor should plan the work so that an effective engagement will be performed.
Documentation
The auditor should document matters which are important in providing evidence to support the report of
factual findings, and evidence that the engagement was carried out in accordance with this PSRS and the
terms of the engagement.
The auditor should carry out the procedures agreed upon and use the evidence obtained as the basis for the
report of factual findings.
The procedures applied in an engagement to perform agreed-upon procedures may include the following:
Inquiry and analysis.
Recomputation, comparison and other clerical accuracy
checks. Observation.
Inspection.
Obtaining confirmations.
Reporting
The report on an agreed-upon procedures engagement needs to describe the purpose and the agreed-upon
procedures of the engagement in sufficient detail to enable the reader to understand the nature and the
extent of the work performed.
lOMoARcPSD|4363002
We have performed the procedures agreed with you and enumerated below with respect to the accounts
payable of ABC Company as at (date), set forth in the accompanying schedules (not shown in this example).
Our engagement was undertaken in accordance with the Philippine Standard on Related Services. The
procedures were performed solely to assist you in evaluating the validity of the accounts payable and are
summarized as follows:
We obtained and checked the addition of the trial balance of accounts payable as at (date) prepared by
ABC Company, and we compared the total to the balance in the related general ledger account.
We compared the attached list (not shown in this example) of major suppliers and the amounts owing at
(date) to the related names and amounts in the trial balance.
We obtained suppliers’ statements or requested suppliers to confirm balances owing at (date).
We compared such statements or confirmations to the amounts referred to in 2. For amounts which did
not agree, we obtained reconciliations from ABC Company. For reconciliations obtained, we identified and
listed outstanding invoices, credit notes and outstanding checks, each of which was greater than Pxxx.
We located and examined such invoices and credit notes subsequently received and checks subsequently
paid and we ascertained that they should in fact have been listed as outstanding on the reconciliations.
Because the above procedures do not constitute either an audit or a review made in accordance with
Philippine Standards on Auditing, we do not express any assurance on the accounts payable as of (date).
Had we performed additional procedures or had we performed an audit or review of the financial statements
in accordance with Philippine Standards on Auditing, other matters might have come to our attention that
would have been reported to you.
Our report is solely for the purpose set forth in the first paragraph of this report and for your information and
is not to be used for any other purpose or to be distributed to any other parties. This report relates only to
the accounts and items specified above and does not extend to any financial statements of ABC Company,
taken as a whole.
AUDITOR
Date
Address
Compilation Engagements
Introduction
A compilation engagement would ordinarily include the preparation of financial statements (which may or
may not be a complete set of financial statements) but may also include the collection, classification and
summarization of other financial information.
The objective of a compilation engagement is for the accountant to use accounting expertise, as opposed to
auditing expertise, to collect, classify and summarize financial information. This ordinarily entails reducing
detailed data to a manageable and understandable form without a requirement to test the assertions
underlying that information. The procedures employed are not designed and do not enable the accountant to
express any assurance on the financial information. However, users of the compiled financial information
derive some benefit as a result of the accountant's involvement because the service has been performed with
professional competence and due care.
lOMoARcPSD|4363002
The accountant should comply with the Code of Professional Ethics general principles, such as:
integrity;
objectivity;
professional competence and due care;
confidentiality;
professional behavior; and
technical standards.
An engagement letter confirms the accountant's acceptance of the appointment and helps avoid
misunderstanding regarding such matters as the objectives and scope of the engagement, the extent of the
accountant's responsibilities and the form of reports to be issued.
Planning
The accountant should plan the work so that an effective engagement will be performed.
Documentation
The accountant should document matters which are important in providing evidence that the engagement
was carried out in accordance with this PSA and the terms of the engagement.
Procedures
The accountant requires a general understanding of the nature of the entity's business transactions, the form
of its accounting records and the accounting basis on which the financial information is to be presented
through experience with the entity or inquiry of the entity's personnel.
If the accountant becomes aware that information supplied by management is incorrect, incomplete, or
otherwise unsatisfactory, the accountant should consider performing the above procedures and request
management to provide additional information or if the accountant becomes aware of material
misstatements, the accountant should try to agree appropriate amendments with the entity. If such
additional information or amendments are not made and the financial information is considered to be
misleading, the accountant should withdraw from the engagement.
Responsibility of Management
The accountant should obtain an acknowledgment from management of its responsibility for the appropriate
presentation of the financial information and of its approval of the financial information.
The financial information compiled by the accountant should contain a reference such as "Unaudited,"
"Compiled without Audit or Review" or "Refer to Compilation Report" on each page of the financial
information or on the front of the complete set of financial statements.
On the basis of information provided by management we have compiled, in accordance with the Philippine
Standard on Related Services, the balance sheet of ABC Company as of December 31, 19XX and statements
of income, changes in equity and cash flows for the year then ended. Management is responsible for these
financial statements. We have not audited or reviewed these financial statements and accordingly express no
assurance thereon.
Accountant
Date
Address
lOMoARcPSD|4363002
A CIS environment exists when a computer of any type or size is involved in the processing by the
entity of financial information of significance to the audit, whether the computer is operated by
the entity or by a third party
The overall objective and scope of an audit does not change in a CIS environment
A CIS environment may affect:
The procedures followed in obtaining a sufficient understanding of the accounting
and internal control systems
The consideration of the inherent and control risk
The design and performance of tests of controls and substantive procedures
The auditor should have sufficient knowledge of the CIS to plan, direct, and review the
work performed
If specialized skills are needed, the auditor would seek the assistance of a professional possessing
such skills, who may be either on the auditor’s staff or an outside professionals
In planning the portions of the audit which may be affected by the client’s CIS environment, the
auditor should obtain an understanding of the significance and complexity of the CIS activities
and the availability of data for use in the audit
When the CIS are significant, the auditor should also obtain an understanding of the CIS
environment and whether it may influence the assessment of inherent and control risks
The auditor should consider the CIS environment in designing audit procedures to reduce audit
risk to an acceptably low level. The auditor can use either manual audit procedures, computer-
assisted audit techniques, or a combination of both to obtain sufficient evidential matter
Organizational Structure
Characteristics of a CIS organizational structure includes:
a. Concentration of functions and knowledge
Although most systems employing CIS methods will include certain manual operations,
generally the number of persons involved in the processing of financial information is significantly reduced.
b. Concentration of programs and data
Transaction and master file data are often concentrated, usually in machine-readable form,
either in one computer installation located centrally or in a number of installations distributed throughout
the entity.
Nature of Processing
The use of computers may result in the design of systems that provide less visible evidence than those
using manual procedures. In addition, these systems may be accessible by a larger number of persons.
System characteristics that may result from the nature of CIS processing include:
Absence of input documents
Data may be entered directly into the computer system without supporting document
In some on-line transaction systems, written evidence of individual data entry authorization
(e.g., approval for order entry) may be replaced by other procedures, such as
authorization controls contained in computer programs (e.g., credit limit approval)
Lack of visible audit trail
The transaction trail may be partly in machine-readable form and may exist only for a limited
period of time (e.g., audit logs may be set to overwrite themselves after a period of time or when the
allocated disk space is consumed)
Lack of visible output
Certain transactions or results of processing may not be printed or only summary data may
be printed
CIS perform functions exactly as programmed and are potentially more reliable than annual
systems, provided that all transactions types and conditions that could occur are anticipated and
incorporated into the system. On the other hand, a computer program that is not correctly programmed and
tested may consistently process transactions or other data erroneously
b. Programmed control procedures
The nature of computer processing allows the design of internal control procedures
in computer programs
Single transaction update of multiple or data base computer files
A single input t the accounting system may automatically update all records associated with
the transaction
d. Systems generated transactions
Certain transactions may be initiated by the CIS itself without the need for an input
document
e. Vulnerability of data and program storage media
Large volumes of data and the computer programs used to process such data may be
stored on portable or fixed storage media, such as magnetic disks and tapes. These media are vulnerable to
theft, loss, or intentional or accidental destruction.
GENERAL CIS CONTROLS – to establish a framework of overall control over the CIS activities and
to provide a reasonable level of assurance that the overall objectives of internal control are achieved
CIS APPLICATION CONTROLS – to establish specific control procedures over the application systems
in order to provide reasonable assurance that all transactions are authorized, recorded and are processed
completely, accurately and on a timely basis. CIS application controls include:
Controls over Input – designed to provide reasonable assurance that:
Transactions are properly authorized before being processed by the computer
Transactions are accurately converted into machine readable form and recorded in the
computer data files
Transactions are not lost, added, duplicated or improperly changed
Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a
timely basis.
Controls over processing and computer data files – designed to provide reasonable assurance
that: Transactions, including system generated transactions, re properly processed by the
computer
Transactions are not lost, added, duplicated or improperly changed
Processing errors (i.e., rejected data and incorrect transactions) are identified and
corrected on a timely basis
lOMoARcPSD|4363002
NETWORK ENVIRONMENT
A network environment is a communication system that enables computer users to share
computer equipment, application software, data, and voice and video transmissions
A file server is a computer with an operating system that allows multiple users in a network to
access software applications and data files
Basic types of networks
Local area network (LAN)
Wide area network (WAN)
metropolitan area network (MAN)
HARDWARE
COMPUTER HARDWARE – consists of the configuration of physical electronic equipment
CONSOLE – a special CRT (Cathode Ray Tube) used for communication between the operator
and the computer.
PERIPHERAL EQUIPMENT – all non-CPU hardware that may be placed under the control of
the processor. This consists of input, storage, output, and communication devices
CONTROLLERS – units designed to operate (control) specific input/output devices
CHANNELS – units designed to handle the transfer of data into or out of primary storage (memory)
BUFFER MEMORY (BUFFER) – temporary storage unit used to hold data during input/output
operations
OFF-LINE – peripheral equipment not in direct communication with the CPU
ON-LINE – peripheral equipment in direct communication with, and under the control of the CPU
INPUT DEVICES – provides a means of transferring data into CPU storage
Magnetic tape reader – capable of sensing information recorded as magnetized spots on
magnetic tape. It is also used as an output device and storage medium.
Magnetic ink character reader( MICR) – reads characters by scanning
temporarily magnetized characters using magnetic ink
Optical character recognition (OCR) – reads characters directly from documents based
on their shapes and positions on the source document
Cathode ray tube (CRT) – a typewriter-like device that decodes keystrokes into
electronic impulses
Key-to-tape and Key-to-disk – systems in which input data can be entered directly
onto magnetic tape, magnetic disk, or floppy disk through CRT
STORAGE DEVICES – devices which store data that can be subsequently used by the CPU
Random access – data can be accessed directly regardless of how it is physically stored
(e.g., magnetic disk)
Sequential access – data must be processed in the order in which it is physically
stored (e.g., magnetic tape)
OUTPUT DEVICES – produce readable data or machine-readable data when further processing is
required. Examples are CRT, printer, and CRT COM (Computer output to Micro film)
TERMINALS – CRT devices or microcomputers used for input/output (communication) with the CPU
POINT-OF-SALE DEVICES – a terminal connected to a computer. It takes the place of a cash register or
similar devices which allows instant recording and is capable of keeping perpetual inventory
MODEM – a device for interfacing communications equipment within communication networks
Software consists of computer programs which instruct the computer hardware to perform the
desired processing.
OPERATING SYSTEM – controls the functioning of the CPU and its peripheral equipment. Several
different operating systems allow a single configuration of hardware to function in the following
modes:
MULTIPROGRAMMING – the operating system processes a program until an input/output
operation is required. Since input or output can be handled by peripheral devices, such
as channels and controllers, the CPU can begin executing another program’s instructions.
Several programs appear to be concurrently processing
MULTIPROCESSING – multiple CPUs process data while sharing peripheral devices,
allowing two or more programs to be process simultaneously
VIRTUAL STORAGE – the operating system separates user programs into segment
pages automatically. It appears as though there is unlimited memory available for
programs, even though the program is still confined to a physical segment of memory.
UTILITY PROGRAM – performs a commonly required process, such as storing and merging
APPLICATION PROGRAM – performs the desired processing tasks (e.g., payroll preparation)
SOURCE PROGRAM – written by a programmer in a source language (e.g., COBOL) that will
be converted into an object program
OBJECT PROGRAM – converted source program that was changed using a complier to create a set
of machine-readable instructions
COMPILER – converts a source program to a machine language object program
INTERPRETER – converts each source code instruction to object code each time it is executed
DATABASE MANAGEMENT SYSTEM (DBMS) – a software package for the purpose of
creating, accessing, and maintaining a database
TELECOMMUNICATIONS MONITOR PROGRAM – provides edit capabilities and file maintenance
to users, monitors on-line terminals, and handles input to application programs
ELECTRONIC DATA INTERCHANGE (EDI) – the electronic exchange of transactions, from one entity’s
computer to another entity’s computer through an electronic communications network. In electronic fund
transfer (EFT) Systems, for example, electronic transactions replace checks as a mean of payment.
EDI controls include:
Authentication – controls must exist over the origin, proper submission, and proper delivery
of EDI communications to ensure that the EDI messages are accurately sent and received to
and from authorized customers and suppliers.
Encryption – involves conversion of plain text data to cipher text data to make EDI messages
unreadable to unauthorized persons
VAN controls – a value added network (VAN) is a computer service organization that
provides network, storage, and forwarding (mailbox) services for EDI messages
AUDIT APPROACHES
Auditing around the computer – the auditor ignores or bypasses the computer processing function
of an entity’s EDP system
Auditing with the computer – the computer is used as an audit tool
Auditing through the computer – the auditor enters the client’s system and examines directly
the computer and its system and application software
Public databases
Word processing software