Auditing and Assurance Principles Overview of Audit 1 Module 001 Overview of Audit LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Define what is auditing 2. Enumerate the different types of audits and auditors 3. Understand the advantages of audit and inherent limitations of audit Course Module LO 1 What is Auditing? As defined by the Philippine Standards on Auditing (PSA), auditing is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework. Another definition of auditing as defined by the American Accounting Association (AAA), it is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between these assertions and established criteria and communicating results to interested users. The above definitions convey the following notions with regards to auditing: Auditing is a systematic process An audit involves series of steps and procedures which are carried out in logical order. Objectively obtaining and evaluating evidence Objectively obtaining evidence means that the one conducting the audit should exercise an impartial attitude, meaning to say, free from bias and conflicts of interests. Evaluating evidence comes in the form of which the gathered information must be corroborated. Such gathered information may come from the documents of the company, interview with management and the like,of which calls for the need of validation and verification process. Regarding assertions about economic actions and events Assertions are the representations of management that explains the economic actions and events that happen during the audit period. Accordingly, the role of an auditor is to validate such assertions or management representations. Auditing and Assurance Principles Overview of Audit 3 To ascertain the degree of correspondence between these assertions and established criteria In conducting the audit, auditors use standards in order to ascertain the assertions made by the management. Established criteria are usually the standards that are being used to validate assertions or management representations. So, taking into an instance the audit of financial statements, the auditor will perform audit procedures in order to ascertain that the financial statements prepared by the management(this is the assertions) conforms with the Generally Accepted Accounting Principles (GAAP)(this is the established criteria). Communicating results to interested users This involves the process of communicating the audit findings to users of financial statements by way of issuing the what we called, “auditor’s opinion”. These users can be both internal and external users. Internal users These are the users of financial information who are working within the company and use financial information primarily on planning, controlling and making decision for the betterment of the company’s operations. They are the company’s management itself – Senior/top-level management, middle level management and low-level management. Course Module External users These are the users of financial information who are outside of an organization and does not directly run its operations but uses financial information of the company to make decisions particularly if decisions involve investing or granting credit to the company. LO 2 Types of Audits The following are the types audit that can be conducted: 1. Financial Audit 2. Operational Audit 3. Tax Audit 4. Compliance Audit 5. Information System Audit Financial Audit - This is the type of audit that confirms the fairness of all the information reported in a company’s financial statement. - This is the most common type of audit being conducted by an independent Certified Public Accountant (CPA). Operational Audit - This is a type of audit that involves an evaluation of processes, procedures, and results of the operations of a business with the intention of improving the current processes and procedures of the company. - This type of audit may be conducted internally or through hiring an external entity to do the audit on the company’s behalf. Tax Audit - This is a type of audit that involves examination of the tax returns submitted by an individual or business entity, with the intention of determining whether income tax payment is valid and correct and if such payment has been made on the proper period that such tax payments has been made. Auditing and Assurance Principles Overview of Audit - 5 In the Philippine setting, this is the type of audit being conducted by the CPAs working in the assessment division of Bureau of Internal Revenue (BIR) Compliance Audit - This is a type of audit that determines whether the company’s current policies and procedures is in compliance with internal or regulatory standards. - This type of audit is most commonly conducted in regulated industries. Information Systems Audit - This is a type of audit that involves a review of the controls over software development, data processing, and access to computer systems - The type of audit is intended in order to determine any issues that could impair the ability of information technology (IT) systems to provide accurate information to users, as well as to ensure that unauthorized users do not have access to the data and such data are well protected from such unauthorized users. LO 3 Advantagesof Audit Audits are usually conducted in order to asses the fairness and reliability of the information being provided. Thus, audit primarily gives the following advantages: 1. It safeguards the financial interest of persons who are not associatedwith the management of the entity, whether they are partners orshareholders. 2. It acts as a moral check on the employees from committingdefalcations or embezzlement. 3. Audited statements of account are helpful in setting liability for taxes,negotiating loans and for determining the purchase consideration for abusiness. 4. This are also use for settling trade disputes or higher wages or bonusas well as claims in respect of damage suffered by property, by fire orsome other calamity. Course Module 5. An audit can also help in the detection of wastage and losses to showthe different ways by which these might be checked, especially those thatoccur due to the absence of inadequacy of internal checks or internalcontrol measures. 6. Audit ascertains whether the necessary books of accounts and alliedrecords have been properly kept and helps the client in making gooddeficiencies or inadequacies in this respect. 7. As an appraisal function, audit reviews the existence and operations ofvarious controls in the organizations and reports weakness, inadequacy,etc., in them. 8. Government may require audited and certificated statement before itgives assistance or issues a license for a particular trade. Moreover, through outlining the advantages of performing an audit on a specific perspective of stakeholders, the following are its advantages taking on the viewpoint of a businessman and an investor. Businessman's point of Investor's point of view Other Advantages. view 1. Detection of errorsandfrauds of 5. Government acceptance 6. Update accounts improvement 8. Useful for agency 2. Boosting of shares valuation 4. Good security of 3. Settlements of claims 4. Evidence in court 5. Settlement of accounts 6. Facilitates taxation assets 7. Suggestions 2. Moral check investments 3. Builds reputation valuation 1. Evaluate financial status 3. Proper 2. Loan from banks 4. Proper 1. Protects interest for Auditing and Assurance Principles Overview of Audit LO 4 7 Inherent Limitations of Audit Though audits provide reliance on the information being provided to users of such information, there are still inherent limitations that should be noted. Generally speaking, the following are the inherent limitations of audit: 1. Non-detection of errors and/or frauds - Auditor may not be able to detect certain frauds which are committed with intentions. 2. Dependence on explanation by others: - Though exercised by skepticism, auditor hasto depend on the explanation and information given by the responsible personnel of the company. 3. Dependence on opinions of others - Auditor has to rely on the views or opinions given by different experts such as Lawyers, Engineers, Architects,Appraisers and other professionals, since an auditor is not an expert in all the fields. 4. Conflict with others - Auditor may have differences of opinion with the accountants, management, engineers, etc. In such case, a personal judgement may be employed, of which may differ from person to person. 5. Effect of inflation and other economic related issues - Financial statements may not disclose true picture even after audit due to inflationary trends and other economic related issues 6. Corrupt practices may influence the auditors Course Module - The management may use corrupt practices to influence the auditors in order to get a favorable report about the current status of the company, i.e., bribery. 7. No assurance - Auditor cannot give any assurance about future profitability and prospects of the company. 8. Inherent limitations of the financial statements - Financial statements do not reflect current market values of the assets and liabilities. Estimations are based on personal judgement of the owners, of which are being used as basis for a company policy. 9. Detailed checking is not possible - Auditor cannot check each and every transaction due to large volume of daily transactions. Consequently, auditors opt to use sampling techniques, of which has also its own limitations. Specifically, inherent limitations of audit are the following: 1. The work of an auditorinvolves exercise of judgment. Examples: i. Deciding the extent of audit procedures and in assessing the reasonableness of the judgment and estimates made by the management in preparing the financial statements. ii. Reasonable conclusions of an auditor about the results of the audit being conducted is being drawn from the evidence available to the auditor. Because of this, the audit evidence obtained by an auditor is generally persuasive in nature rather than conclusive in nature. Because of these factors, the auditor expresses an opinion based only on the audit evidences that has been obtained. Therefore, absolute certainty in auditing is rarely attainable. Auditing and Assurance Principles Overview of Audit 9 There is also likelihood that some material misstatements of the financial information resulting from fraud or error, if either exists, may not be detected. 2. The entire audit process is generally dependent upon the existence of an effective system of internal control. Further, this gives an impression that there is always some risk associated in an internal control system failing to operate as designed. Thus, internal control system also suffers from certain inherent limitations. Any system of internal control may be ineffective against fraud if there are collusion among employees or fraud committed by management. Certain levels of management may be in a position to override controls. Example: i. Managers directing subordinates to record transactions incorrectly or to conceal them, or by suppressing information relating to transactions. Such inherent limitations of internal controls system also contribute to inherent limitations of an audit. Course Module LO 5 Types of Auditors The following are the types of auditors: 1. Independent/External Auditors 2. Internal Auditors 3. Government Auditors Independent/External Auditors - This type of auditor is a professional audit services provider who performs an independent examination of financial statement and express opinion if such financial report is free from any material misstatements. - Independent auditors are usually Certified Public Accountants (CPAs) who are either individual practitioners or members of public accounting firms who render professional auditing services to clients. Internal Auditors - This is a type of auditor who are employees of the organization where they conduct an audit. - This type of auditors is involved in an independent evaluation of evidence, called internal auditing, within an organization as a service to the organization. - The objective of internal auditing is to assist the management of the organization in the effective discharge of its responsibilities and helps maintain sound internal control system. Government Auditors - This is a type of auditor who are working with various government agencies. - In the Philippines, the most common agencies that performs audit are those working in the Commission of Audit (COA) which conducts audit on the disbursements and other transactions of government officials. END OF MODULE Auditing and Assurance Principles Overview of Audit 11 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Retrieved and excerpted from: http://archive.mu.ac.in/myweb_test/study%20TYBCom%20Accountancy%20Auditi ng-II.pdf Course Module Auditing and Assurance Principles Code of Ethics 1 Module 002 Code of Ethics LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Determine the role of International Ethics Standards Board for Accountants 2. Determine the role of International Federation of Accountants 3. Understand the Part A of the Code of Ethics for Professional Accountants 4. Understand the Part B of the Code of Ethics for Professional Accountants Course Module LO 1 International Ethics Standards Board for Accountants The International Ethics Standards Board for Accountants (IESBA) is an independent standardsetting body that develops an internationally appropriate Code of Ethics for Professional Accountants (the Code). The objective of the IESBA, as outlined in its Terms of Reference, is to serve the public interest by setting high-quality ethics standards for professional accountants. The IESBA’s long-term objective is convergence of the Code's ethical standards for professional accountants, including auditor independence standards, with those issued by regulators and national standard setters. Convergence to a single set of standards can enhance the quality and consistency of services provided by professional accountants throughout the world and can improve the efficiency of global capital markets. The IESBA’s membership consists of 18 board members from around the world, of whom no more than 9 are practitioners and no fewer than 3 are public members. Public Members - individuals who are expected to reflect, and are seen to reflect, the wider public interest Members are appointed by the International Federation of Accountants (IFAC) Board, based on recommendations fromthe IFAC Nominating Committee and with the approval of the Public InterestOversight Board (PIOB), which oversees the activities of the IESBA. The standard-setting process of the IESBA includes the involvement of the PIOB andthe IESBA’s Consultative Advisory Group (CAG), which provides public interestinput into the development of the IESBA’s standards and guidance. In developing its standards, the IESBA is required to be transparent in its activities, and to adhere to due process as approved by the PIOB. Board meetings, includingmeetings by teleconference, are open to the public, and agenda papers are available onits website. Auditing and Assurance Principles Code of Ethics LO 2 3 International Federation of Accountants The International Federation of Accountants (IFAC) serves the public interest bycontributing to the development of strong and sustainable organizations, markets, andeconomies. IFAC: advocates for transparency, accountability, and comparability offinancial reporting; helps develop the accountancy profession; and communicates theimportance and value of accountants to the global financial infrastructure. Founded in1977, IFAC is currently comprised of 172 members and associates in 129 countriesand jurisdictions, representing approximately 2.5 million accountants in publicpractice, education, government service, industry, and commerce. As part of its public interest mandate, IFAC contributes to the development, adoption,and implementation of high-quality international ethics standards for accountants,primarily through its support of the International Ethics Standards Board forAccountants (IESBA). IFAC provides human resources, facilities management,communications support, and funding to this independent standard-setting board, andfacilitates the nominations and selection process for board members. The IESBA sets its own agendas and approves its publications in accordance with itsdue process and without IFAC’s involvement. Course Module IFAC has no ability to influence theagendas or publications. IFAC publishes the handbooks, standards, and otherpublications and owns the copyrights. The IESBA’s independence is safeguarded in a number of ways: formal, independent public interest oversight for standard setting by the PublicInterest Oversight Board (seewww.ipiob.org for more information), whichincludes a rigorous due process involving public consultation a public call for nominations, and formal, independent oversight of thenominations/selection process by the Public Interest Oversight Board full transparency, both in terms of due process for standard setting, as well aspublic access to agenda materials, meetings, and a published basis forconclusions with each final standard the involvement of a Consultative Advisory Group and observers in thestandard-setting process, and the requirement that IESBA members, as well as nominating/employingorganizations, commit to the board’s independence, integrity, and publicinterest mission. Auditing and Assurance Principles Code of Ethics LO 3 5 Part A of the Code of Ethics for Professional Accountants (GENERAL APPLICATION OF THE CODE) SECTION 100 - Introduction and Fundamental Principles 100.1 A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in the public interest. Therefore, a professional accountant’s responsibility is not exclusively to satisfy the needs of an individual client or employer. In acting in the public interest, a professional accountant shall observe and comply with this Code. If a professional accountant is prohibited from complying with certain parts of this Code by law or regulation, the professional accountant shall comply with all other parts of this Code. 100.2 This Code contains three parts. Part A establishes the fundamental principles of professional ethics for professional accountants and provides a conceptual framework that professional accountants shall apply to: (a) Identify threats to compliance with the fundamental principles; (b) Evaluate the significance of the threats identified; and (c) Apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level. Safeguards are necessary when the professional accountant determines that the threats are not at a level at which a reasonable and informed third party would be likely to conclude, weighing all the specific facts and circumstances available to the professional accountant at that time, that compliance with the fundamental principles is not compromised. A professional accountant shall use professional judgment in applying this conceptual framework. 100.3 Parts B and C describe how the conceptual framework applies in certain situations. Course Module They provide examples of safeguards that may be appropriate to address threats to compliance with the fundamental principles. They also describe situations where safeguards are not available to address the threats, and consequently, the circumstance or relationship creating the threats shall be avoided. Part B applies to professional accountants in public practice. Part C applies to professional accountants in business. Professional accountants in public practice may also find Part C relevant to their particular circumstances. 100.4 The use of the word “shall” in this Code imposes a requirement on the professional accountant or firm to comply with the specific provision in which “shall” has been used. Compliance is required unless an exception is permitted by this Code. Fundamental Principles 100.5 A professional accountant shall comply with the following fundamental principles: (a) Integrity - to be straightforward and honest in all professional and business relationships. (b) Objectivity - to not allow bias, conflict of interest or undue influence of others to override professional or business judgments. (c) Professional Competence and Due Care - to maintain professional knowledge and skill at the level required to ensure that a client or employer receives competent professional services based on current developments in practice, legislation and techniques and act diligently and in accordance with applicable technical and professional standards. (d) Confidentiality - to respect the confidentiality of information acquired as a result of Auditing and Assurance Principles Code of Ethics 7 professional and business relationships and, therefore, not disclose any such information to third parties without proper and specific authority, unless there is a legal or professional right or duty to disclose, nor use the information for the personal advantage of the professional accountant or third parties. (e) Professional Behavior - to comply with relevant laws and regulationsand avoid any action that discredits the profession. Conceptual Framework Approach 100.6 The circumstances in which professional accountants operate may create specific threats to compliance with the fundamental principles. It is impossible to define every situation that creates threats to compliance with the fundamental principles and specify the appropriate action. In addition, the nature of engagements and work assignments may differ and, consequently, different threats may be created, requiring the application of different safeguards. Therefore, this Code establishes a conceptual framework that requires a professional accountant to identify, evaluate, and address threats to compliance with the fundamental principles. The conceptual framework approach assists professional accountants in complying with the ethical requirements of this Code and meeting their responsibility to act in the public interest. It accommodates many variations in circumstances that create threats to compliance with the fundamental principles and can deter a professional accountant from concluding that a situation is permitted if it is not specifically prohibited. 100.7 When a professional accountant identifies threats to compliance with the fundamental principles and, based on an evaluation of those threats, determines that they are not at an acceptable level, the professional accountant shall determine whether appropriate safeguards are available and can be applied to eliminate the Course Module threats or reduce them to an acceptable level. In making that determination, the professional accountant shall exercise professional judgment and take into account whether a reasonable and informed third party, weighing all the specific facts and circumstances available to the professional accountant at the time, would be likely to conclude that the threats would be eliminated or reduced to an acceptable level by the application of the safeguards, such that compliance with the fundamental principles is not compromised. 100.8 A professional accountant shall evaluate any threats to compliance with the fundamental principles when the professional accountant knows, or could reasonably be expected to know, of circumstances or relationships that may compromise compliance with the fundamental principles. 100.9 A professional accountant shall take qualitative as well as quantitative factors into account when evaluating the significance of a threat. When applying the conceptual framework, a professional accountant may encounter situations in which threats cannot be eliminated or reduced to an acceptable level, either because the threat is too significant or because appropriate safeguards are not available or cannot be applied. In such situations, the professional accountant shall decline or discontinue the specific professional service involved or, when necessary, resign from the engagement (in the case of a professional accountant in public practice) or the employing organization (in the case of a professional accountant in business). 100.10 A professional accountant may inadvertently violate a provision of this Code. Depending on the nature and significance of the matter, such an inadvertent violation may be deemed not to compromise compliance with the fundamental principles provided, once the violation is discovered, the violation is corrected promptly and any necessary safeguards are applied. 100.11 When a professional accountant encounters unusual circumstances in which the application of a specific requirement of the Code would result in a disproportionate outcome or an outcome that may not be in the public interest, it is recommended that the professional accountant consult with a member body or the relevant Auditing and Assurance Principles Code of Ethics 9 regulator. Threats and Safeguards 100.12 Threats may be created by a broad range of relationships and circumstances. When a relationship or circumstance creates a threat, such a threat could compromise, or could be perceived to compromise, a professional accountant’s compliance with the fundamental principles. A circumstance or relationship may create more than one threat, and a threat may affect compliance with more than one fundamental principle. Threats fall into one or more of the following categories: (a) Self-interest threat - the threat that a financial or other interest will inappropriately influence the professional accountant’s judgment or behavior; (b) Self-review threat - the threat that a professional accountant will not appropriately evaluate the results of a previous judgment made or service performed by the professional accountant, or by another individual within the professional accountant’s firm or employing organization, on which the accountant will rely when forming a judgment as part of providing a current service; (c) Advocacy threat - the threat that a professional accountant will promote a client’s or employer’s position to the point that the professional accountant’s Course Module objectivity is compromised; (d) Familiarity threat - the threat that due to a long or close relationship with a client or employer, a professional accountant will be too sympathetic to their interests or too accepting of their work; and (e) Intimidation threat - the threat that a professional accountant will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the professional accountant. 100.13 Safeguards are actions or other measures that may eliminate threats or reduce them to an acceptable level. They fall into two broad categories: (a)Safeguards created by the profession, legislation or regulation; and (b)Safeguards in the work environment. 100.14 Safeguards created by the profession, legislation or regulation: Educational, training and experience requirements for entry into the profession. • Continuing professional development requirements. • Corporate governance regulations. • Professional standards. • Professional or regulatory monitoring and disciplinary procedures. External review by a legally empowered third party of the reports, returns, communications or information produced by a professional accountant. 200.11 In the work environment, the relevant safeguards will vary depending on thecircumstances. Work environment safeguards comprise (a) firm-widesafeguards and (b) engagement-specific safeguards. 200.12 Examples of firm-wide safeguards in the work environment include: Auditing and Assurance Principles Code of Ethics 11 Leadership of the firm that stresses the importance of compliance withthe fundamental principles. Leadership of the firm that establishes the expectation that membersof an assurance team will act in the public interest. Policies and procedures to implement and monitor quality control ofengagements. Documented policies regarding the need to identify threats tocompliance with the fundamental principles, evaluate the significanceof those threats, and apply safeguards to eliminate or reduce the threatsto an acceptable level or, when appropriate safeguards are notavailable or cannot be applied, terminate or decline the relevantengagement. Documented internal policies and procedures requiring compliancewith the fundamental principles. Policies and procedures that will enable the identification of interestsor relationships between the firm or members of engagement teamsand clients. Policies and procedures to monitor and, if necessary, manage thereliance on revenue received from a single client. Using different partners and engagement teams with separate reportinglines for the provision of non-assurance services to an assurance client. Policies and procedures to prohibit individuals who are not membersof an engagement team from inappropriately influencing the outcomeof the engagement. Timely communication of a firm’s policies and procedures, includingany changes to them, to all partners and professional staff, andappropriate training and education on such policies and procedures. Designating a member of senior management to be responsible foroverseeing the adequate functioning of the firm’s quality controlsystem. Advising partners and professional staff of assurance clients andrelated entities from which independence is required. Course Module A disciplinary mechanism to promote compliance with policies andprocedures. Published policies and procedures to encourage and empower staff tocommunicate to senior levels within the firm any issue relating tocompliance with the fundamental principles that concerns them. 200.13 Examples of engagement-specific safeguards in the work environment include: Having a professional accountant who was not involved with the nonassurance service review the non-assurance work performed or otherwise advise as necessary. Having a professional accountant who was not a member of the assurance team review the assurance work performed or otherwise advise as necessary. Consulting an independent third party, such as a committee of independent directors, a professional regulatory body or another professional accountant. Discussing ethical issues with those charged with governance of the client. Disclosing to those charged with governance of the client the nature of services provided and extent of fees charged. 200.14 Involving another firm to perform or re-perform part of the engagement. Rotating senior assurance team personnel. Depending on the nature of the engagement, a professional accountant in public practice may also be able to rely on safeguards that the client has implemented. However, it is not possible to rely solely on such safeguards to reduce threats to an acceptable level. 200.15 Examples of safeguards within the client’s systems and procedures include: The client requires persons other than management to ratify or approve the appointment of a firm to perform an engagement. The client has competent employees with experience and seniority to make managerial decisions. The client has implemented internal procedures that ensure objective choices in commissioning non-assurance engagements. The client has a corporate governance structure that provides appropriate oversight and communications regarding the firm’s services. Auditing and Assurance Principles Code of Ethics LO 4 13 Part B of the Code of Ethics for Professional Accountants (PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE) SECTION 210 - Professional Appointment Client Acceptance 210.1 Before accepting a new client relationship, a professional accountant in public practice shall determine whether acceptance would create any threats to compliance with the fundamental principles. Potential threats to integrity or professional behavior may be created from, for example, questionable issues associated with the client (its owners, management or activities). 210.2 Client issues that, if known, could threaten compliance with the fundamental principles include, for example, client involvement in illegal activities (such as money laundering), dishonesty or questionable financial reporting practices. 201.3 A professional accountant in public practice shall evaluate the significance of any threats and apply safeguards when necessary to eliminate them or reduce them to an acceptable level. Examples of such safeguards include: Obtaining knowledge and understanding of the client, its owners, managers and those responsible for its governance and business activities; or Securing the client’s commitment to improve corporate governance practices or internal controls. 210.4 Where it is not possible to reduce the threats to an acceptable level, the professional accountant in public practice shall decline to enter into the client relationship. Course Module 210.5 It is recommended that a professional accountant in public practice periodically review acceptance decisions for recurring client engagements. Engagement Acceptance 210.6 The fundamental principle of professional competence and due care imposes an obligation on a professional accountant in public practice to provide only those services that the professional accountant in public practice is competent to perform. Before accepting a specific client engagement, a professional accountant in public practice shall determine whether acceptance would create any threats to compliance with the fundamental principles. For example, a self-interest threat to professional competence and due care is created if the engagement team does not possess, or cannot acquire, the competencies necessary to properly carry out the engagement. 210.7 A professional accountant in public practice shall evaluate the significance of threats and apply safeguards, when necessary, to eliminate them or reduce them to an acceptable level. Examples of such safeguards include: Acquiring an appropriate understanding of the nature of the client’s business, the complexity of its operations, the specific requirements of the engagement and the purpose, nature and scope of the work to be performed; Acquiring knowledge of relevant industries or subject matters; Possessing or obtaining experience with relevant regulatory or reporting requirements; Assigning sufficient staff with the necessary competencies; Using experts where necessary; Agreeing on a realistic time frame for the performance of the engagement; or Complying with quality control policies and procedures designed to provide reasonable assurance that specific engagements are accepted only when they can be performed competently. 210.8 When a professional accountant in public practice intends to rely on the advice or work of an expert, the professional accountant in public practice shall determine Auditing and Assurance Principles Code of Ethics 15 whether such reliance is warranted. Factors to consider include: reputation, expertise, resources available and applicable professional and ethical standards. Such information may be gained from prior association with the expert or from consulting others. Changes in a Professional Appointment 210.9 A professional accountant in public practice who is asked to replace anotherprofessional accountant in public practice, or who is considering tenderingfor an engagement currently held by another professional accountant inpublic practice, shall determine whether there are any reasons, professionalor otherwise, for not accepting the engagement, such as circumstances thatcreate threats to compliance with the fundamental principles that cannot beeliminated or reduced to an acceptable level by the application of safeguards. For example, there may be a threat to professional competence and due careif a professional accountant in public practice accepts the engagement beforeknowing all the pertinent facts. 210.1 A professional accountant in public practice shall evaluate the significance of any threats. Depending on the nature of the engagement, this may require direct communication with the existing accountant to establish the facts and circumstances regarding the proposed change so that the professional accountant in public practice can decide whether it would be appropriate to accept the engagement. For example, the apparent reasons for the change in appointment may not fully reflect the facts and may indicate disagreements with the existing accountant that may influence the decision to accept the appointment. 210.11 Safeguards shall be applied when necessary to eliminate any threats or reduce them to an acceptable level. Course Module Examples of such safeguards include: When replying to requests to submit tenders, stating in the tender that, before accepting the engagement, contact with the existing accountant will be requested so that inquiries may be made as to whether there are any professional or other reasons why the appointment should not be accepted; Asking the existing accountant to provide known information on any facts or circumstances that, in the existing accountant’s opinion, the proposed accountant needs to be aware of before deciding whether to accept the engagement; or Obtaining necessary information from other sources. When the threats cannot be eliminated or reduced to an acceptable level through the application of safeguards, a professional accountant in public practice shall, unless there is satisfaction as to necessary facts by other means, decline the engagement. 200.12 A professional accountant in public practice may be asked to undertake work that is complementary or additional to the work of the existing accountant. Such circumstances may create threats to professional competence and due care resulting from, for example, a lack of or incomplete information. The significance of any threats shall be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. An example of such a safeguard is notifying the existing accountant of the proposed work, which would give the existing accountant the opportunity to provide any relevant information needed for the proper conduct of the work. 210.13 An existing accountant is bound by confidentiality. Whether that professional accountant is permitted or required to discuss the affairs of a client with a proposed accountant will depend on the nature of the engagement and on: (a) Whether the client’s permission to do so has been obtained; or (b) The legal or ethical requirements relating to such communications and disclosure, whichmay vary by jurisdiction. Auditing and Assurance Principles Code of Ethics 210.14 17 A professional accountant in public practice will generally need to obtain the client’s permission, preferably in writing, to initiate discussion with an existing accountant. Once that permission is obtained, the existing accountant shall comply with relevant legal and other regulations governing such requests. Where the existing accountant provides information, it shall be provided honestly and unambiguously. If the proposed accountant is unable to communicate with the existing accountant, the proposed accountant shall take reasonable steps to obtain information about any possible threats by other means, such as through inquiries of third parties or background investigations of senior management or those charged with governance of the client. SECTION 220 - Conflicts of Interest 220.1 A professional accountant in public practice shall take reasonable steps to identify circumstances that could pose a conflict of interest. Such circumstances may create threats to compliance with the fundamental principles. For example, a threat to objectivity may be created when a professional accountant in public practice competes directly with a client or has a joint venture or similar arrangement with a major competitor of a client. A threat to objectivity or confidentiality may also be created when a professional accountant in public practice performs services for clients whose interests are in conflict or the clients are in dispute with each other in relation to the matter or transaction in question. 220.2 A professional accountant in public practice shall evaluate thesignificance of any threats and apply safeguards when necessary to eliminatethe threats or reduce them to an acceptable level. Before accepting orcontinuing a client relationship or specific engagement, the professionalaccountant in public practice shall evaluate Course Module the significance of any threatscreated by business interests or relationships with the client or a third party. 220.3 Depending upon the circumstances giving rise to the conflict, application of one of the following safeguards is generally necessary: (a) Notifying the client of the firm’s business interest or activities that may represent a conflict of interest and obtaining their consent to act in such circumstances; or (b) Notifying all known relevant parties that the professional accountant in public practice is acting for two or more parties in respect of a matter where their respective interests are in conflict and obtaining their consent to so act; or (c) Notifying the client that the professional accountant in public practice does not act exclusively for any one client in the provision of proposed services (for example, in a particular market sector or with respect to a specific service) and obtaining their consent to so act. 220.4 The professional accountant shall also determine whether to apply one or more of the following additional safeguards: (a) The use of separate engagement teams; (b) Procedures to prevent access to information (for example, strict physical separation of such teams, confidential and secure data filing); (c) Clear guidelines for members of the engagement team on issues of security and confidentiality; (d) The use of confidentiality agreements signed by employees and partners of the firm; and (e) Regular review of the application of safeguards by a senior individual not involved with relevant client engagements. 220.5 Where a conflict of interest creates a threat to one or more of the fundamental principles, including objectivity, confidentiality, or professional behavior, that cannot be eliminated or reduced to an acceptable level through the application of safeguards, the professional accountant in public practice shall not accept a specific engagement or shall resign from one or more conflicting engagements. Auditing and Assurance Principles Code of Ethics 220.6 19 Where a professional accountant in public practice has requested consent from a client to act for another party (which may or may not be an existing client) in respect of a matter where the respective interests are in conflict and that consent has been refused by the client, the professional accountant in public practice shall not continue to act for one of the parties in the matter giving rise to the conflict of interest. SECTION 230 - Second Opinions 230.1 Situations where a professional accountant in public practice is asked to provide a second opinion on the application of accounting, auditing, reporting or other standards or principles to specific circumstances or transactions by or on behalf of a company or an entity that is not an existing client may create threats to compliance with the fundamental principles. For example, there may be a threat to professional competence and due care in circumstances where the second opinion is not based on the same set of facts that were made available to the existing accountant or is based on inadequate evidence. The existence and significance of any threat will depend on the circumstances of the request and all the other available facts and assumptions relevant to the expression of a professional judgment. 230.2 When asked to provide such an opinion, a professional accountant in public practice shall evaluate the significance of any threats and apply safeguards when necessary to eliminate them or reduce them to an acceptable level. Examples of such safeguards include seeking client permission to contact the existing accountant, describing the limitations surrounding any opinion in Course Module communications with the client and providing the existing accountant with a copy of the opinion. 230.3 If the company or entity seeking the opinion will not permit communication with the existing accountant, a professional accountant in public practice shall determine whether, taking all the circumstances into account, it is appropriate to provide the opinion sought. SECTION 240 - Fees and Other Types of Remuneration 240.1 When entering into negotiations regarding professional services, a professional accountant in public practice may quote whatever fee is deemed appropriate. The fact that one professional accountant in public practice may quote a fee lower than another is not in itself unethical. Nevertheless, there may be threats to compliance with the fundamental principles arising from the level of fees quoted. For example, a self-interest threat to professional competence and due care is created if the fee quoted is so low that it may be difficult to perform the engagement in accordance with applicable technical and professional standards for that price. 240.2 The existence and significance of any threats created will depend on factors such as the level of fee quoted and the services to which it applies. The significance of any threat shall be evaluated and safeguards applied whennecessary to eliminate the threat or reduce it to an acceptable level. Examplesof such safeguards include: Making the client aware of the terms of the engagement and, in particular, the basis on which fees are charged and which services are covered by the quoted fee; or 240.3 Assigning appropriate time and qualified staff to the task. Contingent fees are widely used for certain types of non-assurance engagements. They may, however, create threats to compliance with the fundamental principles Auditing and Assurance Principles Code of Ethics 21 in certain circumstances. They may create a self-interest threat to objectivity. The existence and significance of such threats will depend on factors including: • The nature of the engagement. • The range of possible fee amounts. • The basis for determining the fee. • Whether the outcome or result of the transaction is to be reviewed by an independent third party. 240.4 The significance of any such threats shall be evaluated and safeguards applied when necessary to eliminate or reduce them to an acceptable level. Examples of such safeguards include: • An advance written agreement with the client as to the basis of remuneration; • Disclosure to intended users of the work performed by the professional accountant in public practice and the basis of remuneration; • Quality control policies and procedures; or • Review by an independent third party of the work performed by the professional accountant in public practice. 240.5 In certain circumstances, a professional accountant in public practice may receive a referral fee or commission relating to a client. For example, where the professional accountant in public practice does not provide the specific service required, a fee may be received for referring a continuing client to another professional accountant in public practice or other expert. A professional accountant in public practice may receive a commission from a third party (for example, a software vendor) in connection with the sale of goods or services to a client. Accepting such a referral fee or commission creates a self-interest threat to objectivity and professional competence and due care. 240.6 A professional accountant in public practice may also pay a referral fee to obtain a Course Module client, for example, where the client continues as a client of another professional accountant in public practice but requires specialist services not offered by the existing accountant. The payment of such a referral fee also creates a self-interest threat to objectivity and professional competence and due care. 240.7 The significance of the threat shall be evaluated and safeguards applied when necessary to eliminate the threat or reduce it to an acceptable level. Examples of such safeguards include: • Disclosing to the client any arrangements to pay a referral fee to another professional accountant for the work referred; • Disclosing to the client any arrangements to receive a referral fee for referring the client to another professional accountant in public practice; or • Obtaining advance agreement from the client for commission arrangements in connection with the sale by a third party of goods or services to the client. 240.8 A professional accountant in public practice may purchase all or part of another firm on the basis that payments will be made to individuals formerly owning the firm or to their heirs or estates. Such payments are not regarded as commissions or referral fees for the purpose of paragraphs 240.5−240.7 above. Auditing and Assurance Principles Code of Ethics 23 SECTION 250 - Marketing Professional Services 250.1 When a professional accountant in public practice solicits new work through advertising or other forms of marketing, there may be a threat to compliance with the fundamental principles. For example, a self-interest threat to compliance with the principle of professional behavior is created if services, achievements, or products are marketed in a way that is inconsistent with that principle. 250.2 A professional accountant in public practice shall not bring the profession into disrepute when marketing professional services. The professional accountant in public practice shall be honest and truthful, and not: (a) Make exaggerated claims for services offered, qualifications possessed, or experience gained; or (b) Make disparaging references or unsubstantiated comparisons to the work of another. If the professional accountant in public practice is in doubt about whether a proposed form of advertising or marketing is appropriate, the professional accountant in public practice shall consider consulting with the relevant professional body. SECTION 260 - Gifts and Hospitality 260.1 A professional accountant in public practice, or an immediate or close family member, may be offered gifts and hospitality from a client. Such an offer may create threats to compliance with the fundamental principles. For example, a self-interest or familiarity threat to objectivity may be created if a Course Module gift from a client is accepted; an intimidation threat to objectivity may result from the possibility of such offers being made public. 260.2 The existence and significance of any threat will depend on the nature, value, and intent of the offer. Where gifts or hospitality are offered that a reasonable and informed third party, weighing all the specific facts and circumstances, would consider trivial and inconsequential, a professional accountant in public practice may conclude that the offer is made in the normal course of business without the specific intent to influence decision making or to obtain information. In such cases, the professional accountant in public practice may generally conclude that any threat to compliance with the fundamental principles is at an acceptable level. 260.3 A professional accountant in public practice shall evaluate the significance of any threats and apply safeguards when necessary to eliminate the threats or reduce them to an acceptable level. When the threats cannot be eliminated or reduced to an acceptable level through the application of safeguards, a professional accountant in public practice shall not accept such an offer. SECTION 270 - Custody of Client Assets 270.1 A professional accountant in public practice shall not assume custody of client monies or other assets unless permitted to do so by law and, if so, in compliance with any additional legal duties imposed on a professional accountant in public practice holding such assets. 270.2 The holding of client assets creates threats to compliance with the fundamentalprinciples; for example, there is a self-interest threat to professional behaviorand may be a self-interest threat to objectivity arising from holding clientassets. A professional accountant in public practice entrusted with money (orother assets) belonging to others shall therefore: (a) Keep such assetsseparately from personal or firm assets; Auditing and Assurance Principles Code of Ethics 25 (b) Use such assets only for the purpose for which they are intended; (c) At all times be ready to account for those assets and any income,dividends, or gainsgenerated, to any persons entitled to suchaccounting; and (d) Comply with all relevant laws and regulations relevant to the holdingof and accounting for such assets. 270.3 As part of client and engagement acceptance procedures for services that may involve the holding of client assets, a professional accountant in public practice shall make appropriate inquiries about the source of such assets and consider legal and regulatory obligations. For example, if the assets were derived from illegal activities, such as money laundering, a threat to compliance with the fundamental principles would be created. In such situations, the professional accountant may consider seeking legal advice. SECTION 280 - Objectivity—All Services 280.1 A professional accountant in public practice shall determine when providing any professional service whether there are threats to compliance with the fundamental principle of objectivity resulting from having interests in, or relationships with, a client or its directors, officers or employees. For example, a familiarity threat to objectivity may be created from a family or close personal or business relationship. 280.2 A professional accountant in public practice who provides an assurance service shall be independent of the assurance client. Course Module Independence of mind and in appearance is necessary to enable the professional accountant in public practice to express a conclusion, and be seen to express a conclusion, without bias, conflict of interest, or undue influence of others. 280.3 The existence of threats to objectivity when providing any professional service will depend upon the particular circumstances of the engagement and the nature of the work that the professional accountant in public practice is performing. 280.4 A professional accountant in public practice shall evaluate the significance of any threats and apply safeguards when necessary to eliminate them or reducethem to an acceptable level. Examples of such safeguards include: • Withdrawing from the engagement team; • Supervisory procedures; • Terminating the financial or business relationship giving rise to the threat; • Discussing the issue with higher levels of management within the firm; or • Discussing the issue with those charged with governance of the client. If safeguards cannot eliminate or reduce the threat to an acceptable level, the professional accountant shall decline or terminate the relevant engagement. SECTION 290 - Independence Engagement Period 290.3 Independence from the audit client is required both during the engagementperiod and the period covered by the financial statements. The engagementperiod starts when the audit team begins to perform audit services. Theengagement period ends when the audit report is issued. When theengagement is of a recurring nature, it ends at the later of the notification byeither party that the professional relationship Auditing and Assurance Principles Code of Ethics 27 has terminated or the issuanceof the final audit report. 290.31 When an entity becomes an audit client during or after the period covered by the financial statements on which the firm will express an opinion, the firm shall determine whether any threats to independence are created by: (a) Financial or business relationships with the audit client during or after the period covered by the financial statements but before accepting the audit engagement; or (b) Previous services provided to the audit client. 290.32 If a non-assurance service was provided to the audit client during or after the period covered by the financial statements but before the audit team begins to perform audit services and the service would not be permitted during the period of the audit engagement, the firm shall evaluate any threat to independence created by the service. If a threat is not at an acceptable level, the audit engagement shall only be accepted if safeguards are applied to eliminate any threats or reduce them to an acceptable level. Examples of suchsafeguards include: • Not including personnel who provided the non-assurance service asmembers of the audit team; • Having a professional accountant review the audit and non-assurancework as appropriate; or • Engaging another firm to evaluate the results of the non-assuranceservice or having another firm re-perform the non-assurance serviceto the extent necessary to enable it to take responsibility for theservice. END OF MODULE Course Module References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. 3. Handbook of the Code of Ethics for Professional Accountants 2013 Edition. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 1 Module 003 Professional Practice, Standards and Quality Control System LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Specify the professional standards 2. Enumerate the minimum standards of Generally Accepted Auditing Standards (GAAS) 3. Discuss the Philippine Standards on Auditing (PSA), Philippine Standard on Auditing 220, Philippine Standard on Quality Control (PSQC) 4. Determine the objectives of auditor 5. Explain the Elements of a System of Quality Control Course Module LO 1 Professional Standards Professional standards serve as an established criterion of which professional accountants based their audit services to their clients. In the Philippine setting, the standards that are relevant in the conduct of the CPA profession are: LO 2 Generally Accepted Auditing Standards (GAAS) Philippine Standards on Auditing (PSA) Philippine Standard on Quality Control (PSQC) Generally Accepted Auditing Standards An independent auditor plans, conducts, and reports the results of an audit in accordance with generally accepted auditing standards. Auditing standards provide a measure of audit quality and the objectives to be achieved in an audit. Auditing procedures differ from auditing standards. Auditing procedures are acts that the auditor performs during the course of an audit to comply with auditing standards. GAAS outlines ten (10) minimum standards that auditors should follow. These are grouped into three auditing standards, namely: 1. General standards, 2. Fieldwork standards, and 3. Reporting standards General Standards 1. The auditor must have adequate technical training and proficiency toper form the audit. 2. The auditor must maintain independence in mental attitude in all matters relating to the audit. 3. The auditor must exercise due professional care in the performance of the audit and the preparation of the report. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 3 Fieldwork Standards 4. The auditor must adequately plan the work and must properly supervise any assistants. 5. The auditor must obtain a sufficient understanding of the entity and its environment, including its internal control, to assess the risk of material misstatement of the financial statements whether due to error or fraud, and to design the nature, timing, and extent of further audit procedures. 6. The auditor must obtain sufficient appropriate audit evidence by performing audit procedures to afford a reasonable basis for an opinion regarding the financial statements under audit Reporting Standards 7. The auditor must state in the auditor's report whether the financial statements are presented in accordance with generally accepted accounting principles. 8. The auditor must identify in the auditor's report those circumstances in which such principles have not been consistently observed in the current period in relation to the preceding period. 9. When the auditor determines that informative disclosures are not reasonably adequate, the auditor must so state in the auditor's report. 10. The auditor must either express an opinion regarding the financial statements, taken as a whole, or state that an opinion cannot be expressed, in the auditor's report. When the auditor cannot express an overall opinion, the auditor should state the reasons there for in the auditor's report. In all cases where an auditor's name is associated with financial statements, the auditor should clearly indicate the character of the auditor's work, if any, and the degree of responsibility the auditor is taking, in the auditor's report. Course Module LO 3 Philippine Standard on Auditing The Philippine Standard on Auditing (PSA) establishes the independent auditor’s overall responsibilities when conducting an audit of financial statements in accordance with PSAs. Specifically, It sets out the overall objectives of the independent auditor It explains the nature and scope of an audit designed to enable the independent auditor to meet those objectives. It explains the scope, authority and structure of the PSAs, and includes requirements establishing the general responsibilities of the independent auditor applicable in all audits, including the obligation to comply with the PSAs. An Audit of Financial Statements The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. This is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In the case of most general purpose frameworks, that opinion is on whether the financial statements are presented fairly, in all material respects, in accordance with the framework. An audit conducted in accordance with PSAs and relevant ethical requirements enables the auditor to form that opinion. The financial statements subject to audit are those of the entity, prepared and presented by management of the entity with oversight from those charged with governance. PSAs do not impose responsibilities on management or those charged with governance and do not override laws and regulations that govern their responsibilities. However, an audit in accordance with PSAs is conducted on the premise that management and, where appropriate, those charged with governance have responsibilities that are fundamental to the conduct of the audit. The audit of the financial statements does not relieve management or those charged with governance of those responsibilities. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 5 As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e., the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. However, reasonable assurance is not an absolute level of assurance, because there are inherent limitations of an audit which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. The concept of materiality is applied by the auditor both in planning and performing the audit, and in evaluating the effect of identified misstatements on the audit and of uncorrected misstatements, if any, on the financial statements.1 In general, misstatements, including omissions, are considered to be material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of the financial statements. Judgments about materiality are made in the light of surrounding circumstances, and are affected by the auditor’s perception of the financial information needs of users of the financial statements, and by the size or nature of a misstatement, or a combination of both. The auditor’s opinion deals with the financial statements as a whole and therefore the auditor is not responsible for the detection of misstatements that are not material to the financial statements as a whole. The PSAs contain objectives, requirements and application and other explanatory material that are designed to support the auditor in obtaining reasonable assurance. The PSAs require that the auditor exercise professional judgment and maintain professional skepticism throughout the planning and performance of the audit and, among other things: Course Module Identify and assess risks of material misstatement, whether due to fraud or error, based on an understanding of the entity and its environment, including the entity’s internal control. Obtain sufficient appropriate audit evidence about whether material misstatements exist, through designing and implementing appropriate responses to the assessed risks. Form an opinion on the financial statements based on conclusions drawn from the audit evidence obtained. The form of opinion expressed by the auditor will depend upon the applicable financial reporting framework and any applicable laws or regulations. The auditor may also have certain other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, in relation to matters arising from the audit. These may be established by the PSAs or by applicable laws or regulations Requirements for an Audit of Financial Statements Ethical Requirements Relating to an Audit of Financial Statements The auditor shall comply with relevant ethical requirements, including those pertaining to independence, relating to financial statement audit engagements. Professional Skepticism The auditor shall plan and perform an audit with professional skepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. Professional Judgment The auditor shall exercise professional judgment in planning and performing an audit of financial statements. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 7 Sufficient Appropriate Audit Evidence and Audit Risk To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion. Conduct of an Audit in Accordance with PSAs Complying with PSAs Relevant to the Audit The auditor shall comply with all PSAs relevant to the audit. APSA is relevant to the audit when the PSA is in effect and the circumstances addressed by the PSA exist. The auditor shall have an understanding of the entire text of a PSA, including its application and other explanatory material, to understand its objectives and to apply its requirements properly. The auditor shall not represent compliance with PSAs in the auditor’s report unless the auditor has complied with the requirements of this PSA and all other PSAs relevant to the audit. Objectives Stated in Individual PSAs To achieve the overall objectives of the auditor, the auditor shall use the objectives stated in relevant PSAs in planning and performing the audit, having regard to the interrelationships among the PSAs, to (a) Determine whether any audit procedures in addition to those required by the PSAs are necessary in pursuance of the objectives stated in the PSAs; (b) Evaluate whether sufficient appropriate audit evidence has been obtained. Course Module Complying with Relevant Requirements The auditor shall comply with each requirement of a PSA unless, in the circumstances of the audit: (a) The entire PSA is not relevant; or (b) The requirement is not relevant because it is conditional and the condition does not exist. In exceptional circumstances, the auditor may judge it necessary to depart from a relevant requirement in a PSA. In such circumstances, the auditor shall perform alternative audit procedures to achieve the aim of that requirement. The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement. Failure to Achieve an Objective If an objective in a relevant PSA cannot be achieved, the auditor shall evaluate whether this prevents the auditor from achieving the overall objectives of the auditor and thereby requires the auditor, in accordance with the PSAs, to modify the auditor’s opinion or withdraw from the engagement. Failure to achieve an objective represents a significant matter requiring documentation in accordance with PSA 230 (Redrafted) Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System LO 4 9 Objectives of the Auditor In conducting an audit of financial statements, the overall objectives of the auditor are: (a) To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and (b) To report on the financial statements, and communicate as required by the PSAs, in accordance with the auditor’s findings. In all cases when reasonable assurance cannot be obtained and a qualified opinion in the auditor’s report is insufficient in the circumstances for purposes of reporting to the intended users of the financial statements, the PSAs require that the auditor disclaim an opinion or withdraw from the engagement, where withdrawal is legally permitted. Course Module LO 5 Philippine Standard on Auditing 220 (QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS) PSA 220 deals with the specific responsibilities of the auditor regarding quality control procedures for an audit of financial statements. It also addresses, where applicable, the responsibilities of the engagement quality control reviewer. This PSA is to be read in conjunction with relevant ethical requirements. System of Quality Control and Role of Engagement Teams Quality control systems, policies and procedures are the responsibility of the audit firm. Under PSQC 1 (Redrafted), the firm has an obligation to establish and maintain a system of quality control to provide it with reasonable assurance that: a) The firm and its personnel comply with professional standards and regulatory and legal requirements; and b) The reports issued by the firm or engagement partners are appropriate in the circumstances. Within the context of the firm’s system of quality control, engagement teams have a responsibility to implement quality control procedures that are applicable to the audit engagement and provide the firm with relevant information to enable the functioning of that part of the firm’s system of quality control relating to independence. Engagement teams are entitled to rely on the firm’s system of quality control, unless information provided by the firm or other parties suggests otherwise. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System LO 6 11 Philippine Standard on Quality Control (PSQC) (QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND REVIEWS OF FINANCIAL STATEMENTS, AND OTHER ASSURANCE AND RELATED SERVICES ENGAGEMENTS) Philippine Standard on Quality Control (PSQC) deals with a firm’s responsibilities for its system of quality control for audits and reviews of financial statements, and other assurance and related services engagements. This PSQC is to be read in conjunction with relevant ethical requirements. The objective of the firm is to establish and maintain a system of quality control to provide it with reasonable assurance that: (a) The firm and its personnel comply with professional standards and applicable legal and regulatory requirements; and (b) Reports issued by the firm or engagement partners are appropriate in the circumstances. Course Module LO 7 Elements of a System of Quality Control The firm shall establish and maintain a system of quality control that includes policies and procedures that address each of the following elements: 1. Leadership Responsibilities for Quality on Audits 2. Relevant Ethical Requirements 3. Acceptance and Continuance of Client Relationships and Audit Engagements 4. Assignment of Engagement Teams 5. Engagement Performance 6. Monitoring 7. Documentation Leadership Responsibilities for Quality on Audits The engagement partner shall take responsibility for the overall quality on each audit engagement to which that partner is assigned. Relevant Ethical Requirements Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of noncompliance with relevant ethical requirements by members of the engagement team Throughout the audit engagement, the engagement partner shall remain alert, through observation and making inquiries as necessary, for evidence of noncompliance with relevant ethical requirements by members of the engagement team. If matters come to the engagement partner’s attention through the firm’s system of quality control or otherwise that indicate that members of the engagement team have not complied with relevant ethical requirements, the engagement partner, in consultation with others in the firm, shall determine the appropriate action. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 13 Independence The engagement partner shall form a conclusion on compliance with independence requirements that apply to the audit engagement. In doing so, the engagement partner shall: (a) Obtain relevant information from the firm and, where applicable, network firms, to identify and evaluate circumstances and relationships that create threats to independence; (b) Evaluate information on identified breaches, if any, of the firm’s independence policies and procedures to determine whether they create a threat to independence for the audit engagement; and (c) Take appropriate action to eliminate such threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the audit engagement, where withdrawal is permitted by law or regulation. The engagement partner shall promptly report to the firm any inability to resolve the matter for appropriate action. Acceptance and Continuance of Client Relationships and Audit Engagements The engagement partner shall be satisfied that appropriate procedures regarding the acceptance and continuance of client relationships and audit engagements have been followed, and shall determine that conclusions reached in this regard are appropriate. If the engagement partner obtains information that would have caused the firm to decline the audit engagement had that information been available earlier, the engagement partner shall communicate that Course Module information promptly to the firm, so that the firm and the engagement partner can take the necessary action Assignment of Engagement Teams The engagement partner shall be satisfied that the engagement team, and any auditor’s experts who are not part of the engagement team, collectively have the appropriate competence and capabilities to: (a) Perform the audit engagement in accordance with professional standards and regulatory and legal requirements; and (b) Enable an auditor’s report that is appropriate in the circumstances to be issued. Engagement Performance 1. Direction, Supervision and Performance The engagement partner shall take responsibility for: (a) The direction, supervision and performance of the audit engagement in compliance with professional standards and regulatory and legal requirements; and (b) The auditor’s report being appropriate in the circumstances. 2. Reviews The engagement partner shall take responsibility for reviews being performed in accordance with the firm’s review policies and procedures. On or before the date of the auditor’s report, the engagement partner shall, through a review of the audit documentation and discussion with the engagement team, be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued. Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 15 3. Consultation The engagement partner shall: (a) Take responsibility for the engagement team undertaking appropriate consultation on difficult or contentious matters; (b) Be satisfied that members of the engagement team have undertaken appropriate consultation during the course of the engagement, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm; (c) Be satisfied that the nature and scope of, and conclusions resulting from, such consultations are agreed with the party consulted; and (d) Determine that conclusions resulting from such consultations have been implemented. 4. Engagement Quality Control Review For audits of financial statements of listed entities, and those other audit engagements, if any, for which the firm has determined that an engagement quality control review is required, the engagement partner shall: (a) Determine that an engagement quality control reviewer has been appointed; (b) Discuss significant engagement, matters including arising those during identified the during audit the engagement quality control review, with the engagement quality control reviewer; and (c) Not date the auditor’s report until the completion of the engagement quality control review. Course Module The engagement quality control reviewer shall perform an objective evaluation of the significant judgments made by the engagement team, and the conclusions reached in formulating the auditor’s report. This evaluation shall involve: (a) Discussion of significant matters with the engagement partner; (b) Review of the financial statements and the proposed auditor’s report; (c) Review of selected audit documentation relating to the significant judgments the engagement team made and the conclusions it reached; and (d) Evaluation of the conclusions reached in formulating the auditor’s report and consideration of whether the proposed auditor’s report is appropriate. For audits of financial statements of listed entities, the engagement quality control reviewer, on performing an engagement quality control review, shall also consider the following: (a) The engagement team’s evaluation of the firm’s independence in relation to the audit engagement; (b) Whether appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters, and the conclusions arising from those consultations; and (c) Whether audit documentation selected for review reflects the work performed in relation to the significant judgments made and supports the conclusions reached. 5. Differences of Opinion If differences of opinion arise within the engagement team, with those consulted or, where applicable, between the engagement partner and the engagement quality control reviewer, the Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 17 engagement team shall follow the firm’s policies and procedures for dealing with and resolving differences of opinion. Monitoring An effective system of quality control includes a monitoring process designed to provide the firm with reasonable assurance that its policies and procedures relating to the system of quality control are relevant, adequate, and operating effectively. The engagement partner shall consider the results of the firm’s monitoring process as evidenced in the latest information circulated by the firm and, if applicable, other network firms and whether deficiencies noted in that information may affect the audit engagement. Documentation The auditor shall document: (a) Issues identified with respect to compliance with relevant ethical requirements and how they were resolved. (b) Conclusions on compliance with independence requirements that apply to the audit engagement, and any relevant discussions with the firm that support these conclusions. (c) Conclusions reached regarding the acceptance and continuance of client relationships and audit engagements. (d) The nature and scope of, and conclusions resulting from, consultations undertaken during the course of the audit engagement. The engagement quality control reviewer shall document, for the audit engagement reviewed, that: (a) The procedures required by the firm’s policies on engagement quality control review have been performed; Course Module (b) The engagement quality control review has been completed on or before the date of the auditor’s report; and (c) The reviewer is not aware of any unresolved matters that would cause the reviewer to believe that the significant judgments the engagement team made and the conclusions they reached were not appropriate. END OF MODULE Auditing and Assurance Principles Professional Practice, Standards and Quality and Control System 19 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. 3. Handbook of the Code of Ethics for Professional Accountants 2013 Edition. Online Supplementary Reading Materials 1. Generally Accepted Auditing Standards; https://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocume nts/AU-00150.pdf ; September 1, 2018 2. Philippine Standards on Auditing; http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-220Redrafted.pdf ; September 1, 2018 3. Philippine Standard on Quality Control 1; https://www.aasc.org.ph/downloads/codifiedstandards/publications/PDFs/ISQC-1.pdf ; September 3, 2018 Course Module Auditing and Assurance Principles Audit Process 1 Module 004 Audit Process LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Differentiate the audit process 2. Explain each phase of the audit process 3. Discuss the assurance engagement 4. Enumerate the types and elements of an assurance engagement 5. Familiarize with engagement letter Course Module LO 1 Audit Process The audit process begins with the set of financial statements that were prepared by the company’s management. The complete set of financial statements are: Statement of Financial Position Statement of Comprehensive Income Statement of Changes in Equity Statement of Cash Flows Notes to Financial Statements For audit purposes, these set of financial statements serve as assertions which are the representations of management that explains the economic actions and events that happen during the audit period. Through the conduct of audit such assertions or management representations will be validated. Auditing the financial statements usually involves the following processes: 1.Accepting an engagement Audit Planning Studying and Evaluating the Internal Controls Performing Substantive Testing Completing the Audit Issuing an Audit Report Auditing and Assurance Principles Audit Process LO 2 3 Phases of the Audit Process 1. Accepting an engagement Auditors should establish procedures that will guide them in deciding which prospective audit engagements to accept and which to decline. Before making any decision, auditors should evaluate potential clients according to: Client’s financial statement, their reputation in the business community and the information provided by their previous auditors. Pre-acceptance Procedures A pre-acceptance procedure of a prospective clientprimarily consists the following two phases: 1. Information gathering and, 2. Information evaluation. Information Gathering Procedures: i. Obtain and analyze financial statements of the prospective client and other relevant financial information. Also, as part of this analysis, obtain the names of the prospective client's key executives and principals. ii. Make inquiries of knowledgeable third parties within the business community as to the reputation of the prospective client's business and the integrity of the prospective client's management iii. If a predecessor auditor exists, request the prospective client to authorize the predecessor to Course Module respond to your inquiries and then make appropriate inquiries of the predecessor. Information Evaluation Procedures: i. Independence and Technical Competence. Early in the pre-acceptance evaluation process, the auditor should evaluate whether any independence problems will be encountered if the prospective engagement is accepted, and whether the auditor has the technical abilities to perform the work. If such problems cannot be resolved, the auditor should decline the engagement. ii. Assuming there is independence and has the required technical abilities, the pre- acceptance evaluation of a prospective audit engagement normally focuses on three factors: personal integrity of the prospective client's management presence of circumstances pointing towards unusual risks in the engagement or requiring special attention, other practice management considerations. Auditing and Assurance Principles Audit Process 5 2. Audit Planning Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. This phase will be further discussed in Week006-Module005 3. Studying and Evaluating the Internal Controls This phase deals with the external auditor’s responsibilities relating to the work of internal auditors when the external auditor has determined, in accordance with PSA 315,1 that the internal audit function is likely to be relevant to the audit. This phase will be further discussed in Week007-Module006 4. Performing Substantive Testing This phase deals with the auditor’s use of analytical procedures as substantive procedures, and as procedures near the end of the audit that assist the auditor when forming an overall conclusion on the financial statements. This phase will be further discussed in Week009-Module007 and Week010Module008 5. Completing the Audit This phase involves performing additional audit procedures before concluding the audit engagement. These procedures include: Review of subsequent events Assessing the going concern assumption Performing overall analytical review procedures Obtaining written representations from the client’s management. This phase will be further discussed in Week011-Module009 Course Module 6. Issuing an Audit Report This phase deals with the auditor’s responsibility to form an opinion on the financial statements. It also deals with the form and content of the auditor’s report issued as a result of an audit of financial statements. This phase will be further discussed in Week012-Module010 LO 3 Assurance Engagement “Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. The outcome of the evaluation or measurement of a subject matter is the information that results from applying the criteria to the subject matter. For example: The recognition, measurement, presentation and disclosure represented in the financial statements (outcome) result from applying a financial reporting framework for recognition, measurement, presentation and disclosure, such as Philippine Financial Reporting Standards, (criteria) to an entity’s financial position, financial performance and cash flows (subject matter). An assertion about the effectiveness of internal control (outcome) results from applying a framework for evaluating the effectiveness of internal control, such as COSO4 or CoCo5 (criteria) to internal control, a process (subject matter). “Subject Matter Information” is the outcome of the evaluation or measurement of a subject matter. It is the subject matter information about which the practitioner gathers sufficient appropriate evidence to provide a reasonable basis for expressing a conclusion in an assurance report. Auditing and Assurance Principles Audit Process LO 4 7 Types of Assurance Engagement 1. Reasonable Assurance Engagement 2. Limited Assurance Engagement Reasonable Assurance Engagement The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for a positive form of expression of the practitioner’s conclusion. Limited Assurance Engagement The objective of a limited assurance engagement is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance engagement, as the basis for a negative form of expression of the practitioner’s conclusion. It must be noted that not all engagements performed by practitioners are assurance engagements. Other frequently performed engagements that do not meet the above definition, hence, not covered on this course and module, include Engagements covered by Philippine Standards for Related Services, such as agreedupon procedures engagements and compilations of financial or other information. The preparation of tax returns where no conclusion conveying assurance is expressed. Consulting (or advisory) engagements, such as management and tax consulting. Course Module An assurance engagement may be part of a larger engagement, For example, Whena business acquisition consulting engagement includes a requirement to conveyassurance regarding historical or prospective financial information. In suchcircumstances, this framework, as discussed on this module and course is relevant only to the assurance portion of theengagement. The following engagements, which may meet the definition as discussed, need not be performed in accordance with this Framework: (a) Engagements to testify in legal proceedings regarding accounting, auditing, taxation or other matters; and (b) Engagements that include professional opinions, views or wording from which a user may derive some assurance, if all of the following apply: (i) Those opinions, views or wording are merely incidental to the overall engagement; (ii) (Any written report issued is expressly restricted for use by only the intended users specified in the report; (iii) Under a written understanding with the specified intended users, the engagement is not intended to be an assurance engagement; and (iv) The engagement is not represented as an assurance engagement in the professional accountant’s report. Engagement Acceptance A practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge of the engagement circumstances indicates that: (a) Relevant ethical requirements, such as independence and professional competence will be satisfied, and (b) The engagement exhibits all of the following characteristics: (i) The subject matter is appropriate; (ii) The criteria to be used are suitable and are available to the intended users; (iii) The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion; Auditing and Assurance Principles Audit Process (iv) 9 The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited assurance engagement, is to be contained in a written report; and (v) The practitioner is satisfied that there is a rational purpose for the engagement. Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance engagement, or from a reasonable assurance engagement to a limited assurance engagement without reasonable justification. A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not disregard evidence that was obtained prior to the change. LO 5 Elements of an Assurance Engagement The following elements of an assurance engagement are discussed in this section: 1. A three-party relationship involving a practitioner, a responsible party, and intended users; 2. An appropriate subject matter; 3. Suitable criteria; 4. Sufficient appropriate evidence; and 5. A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement. Course Module A three-party relationship involving a practitioner, a responsible party, and intended users; Assurance engagements involve three separate parties: a practitioner, aresponsible party and intended users. The responsible party and the intended users may be from different entities or thesameentity. For example, In a two-tier board structure, thesupervisory board may seek assurance about information provided by themanagement board of that entity. The relationship between the responsible partyand the intended users needs to be viewed within the context of a specificengagement and may differ from more traditionally defined lines ofresponsibility. An entity’s senior management (an intended user)may engage a practitioner to perform an assurance engagement on a particularaspect of the entity’s activities that is the immediate responsibility of a lower levelof management (the responsible party), but for which senior management isultimately responsible. Practitioner A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialized skills and knowledge beyond those ordinarily possessed by an individual practitioner. A practitioner does not accept an engagement if preliminary knowledge of the engagement circumstances indicates that ethical requirements regarding professional competence will not be satisfied. Auditing and Assurance Principles Audit Process 11 In some cases, this requirement can be satisfied by the practitioner using the work of persons from other professional disciplines, referred to as experts. In such cases, the practitioner is satisfied that those persons carrying out the engagement collectively possess the requisite skills and knowledge, and that the practitioner has an adequate level of involvement in the engagement and understanding of the work for which any expert is used. Responsible Party The responsible party is the person (or persons) who: (a) In a direct reporting engagement, is responsible for the subject matter; or (b) In an assertion-based engagement, is responsible for the subject matter information (the assertion), and may be responsible for the subject matter. An example of when the responsible party is responsible for both the subject matter information and the subject matter, is when an entity engages a practitioner to perform an assurance engagement regarding a report it has prepared about its own sustainability practices. An example of when the responsible party is responsible for the subject matter information but not the subject matter, is when a government organization engages a practitioner to perform an assurance engagement regarding a report about a private company’s sustainability practices that the organization has prepared and is to distribute to intended users. The responsible party may or may not be the party who engages the practitioner (the engaging party). Course Module The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended users. In a direct reporting engagement, the practitioner may not be able to obtain such a representation when the engaging party is different from the responsible party. Intended Users The intended users are the person, persons or class of persons for whom thepractitioner prepares the assurance report. The responsible party can be one of theintended users, but not the only one. An appropriate subject matter; The subject matter, and subject matter information, of an assurance engagement can take many forms, such as: Financial performance or conditions For example, historical or prospective financial position, financial performance and cash flows for which the subject matter information may be the recognition, measurement, presentation and disclosure represented in financial statements. Non-financial performance or conditions For example, performance of an entity for which the subject matter information may be key indicators of efficiency and effectiveness. Physical characteristics For example, capacity of a facility for which the subject matter information may be a specifications document. Auditing and Assurance Principles Audit Process 13 Systems and processes For example, an entity’s internal control or IT system for which the subject matter information may be an assertion about effectiveness. Behavior For example, corporate governance, compliance with regulation,human resource practices for which the subject matter information maybe a statement of compliance or a statement of effectiveness. Subject matters have different characteristics, including the degree to which information about them is qualitative versus quantitative, objective versus subjective, historical versus prospective, and relates to a point in time or covers a period. Such characteristics affect the: (a) Precision with which the subject matter can be evaluated or measured against criteria; and (b) The persuasiveness of available evidence. The assurance report notes characteristics of particular relevance to the intended users. An appropriate subject matter is: (a) Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and (b) Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate. Suitable criteria; Course Module Criteria are the benchmarks used to evaluate or measure the subject matter including, where relevant, benchmarks for presentation and disclosure. Criteria can be formal, for example, in the preparation of financial statements, the criteria may be Philippine Financial Reporting Standards; when reporting on internal control, the criteria may be an established internal control framework or individual control objectives specifically designed for the engagement; and when reporting on compliance, the criteria may be the applicable law, regulation or contract. Examples of less formal criteria are an internally developed code of conduct or an agreed level of performance (such as the number of times a particular committee is expected to meet in a year). Suitable criteria are required for reasonably consistent evaluation or measurement of a subject matter within the context of professional judgment. Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Suitable criteria are context-sensitive, that is, relevant to the engagement circumstances. Even for the same subject matter there can be different criteria. o For example, one responsible party might select the number of customer complaints resolved to the acknowledged satisfaction of the customer for the subject matter of customer satisfaction; another responsible party might select the number of repeat purchases in the three months following the initial purchase. Auditing and Assurance Principles Audit Process 15 Suitable criteria exhibit the following characteristics: (a) Relevance: Relevant criteria contribute to conclusions that assist decision making by the intended users. (b) Completeness: Criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure. (c) Reliability Reliable criteria allow reasonably consistent evaluation or measurement of the subject matter including, where relevant, presentation and disclosure, when used in similar circumstances by similarly qualified practitioners. (d) Neutrality Neutral criteria contribute to conclusions that are free from bias. (e) Understandability Understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations. The evaluation or measurement of a subject matter on the basis of the practitioner’s own expectations, judgments and individual experience would not constitute suitable criteria. Sufficient appropriate evidence The practitioner plans and performs an assurance engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material misstatement. The practitioner considers materiality, assurance engagement risk, and the quantity and quality of available evidence when planning and performing the engagement, in particular when determining the nature, timing and extent of evidence-gathering procedures. Course Module Professional Skepticism The practitioner plans and performs an assurance engagement with an attitude of professional skepticism recognizing that circumstances may exist that cause the subject matter information to be materially misstated. An attitude of professional skepticism means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. For example, an attitude of professional skepticism is necessary throughout the engagement process for the practitioner to reduce the risk of overlooking suspicious circumstances, of over generalizing when drawing conclusions from observations, and of using faulty assumptions in determining the nature, timing and extent of evidence gathering procedures and evaluating the results thereof. Sufficiency and Appropriateness of Evidence Sufficiency is the measure of the quantity of evidence. Appropriateness is the measure of the quality of evidence; that is, its relevance and its reliability. The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated (the greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality, the less may be required). Accordingly, the sufficiency and appropriateness of evidence are interrelated. However, merely obtaining more evidence may not compensate for its poor quality. Auditing and Assurance Principles Audit Process 17 The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. Generalizations about the reliability of various kinds of evidence can be made; however, such generalizations are subject to important exceptions. Even when evidence is obtained from sources external to the entity, circumstances may exist that could affect the reliability of the information obtained. For example, evidence obtained from an independent external source may not be reliable if the source is not knowledgeable. While recognizing that exceptions may exist, the following generalizations about the reliability of evidence may be useful: Evidence is more reliable when it is obtained from independent sources outside the entity. Evidence that is generated internally is more reliable when the related controls are effective. Evidence obtained directly by the practitioner for example, observation of the application of a control is more reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control). Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media for example, a contemporaneously written record of a meeting is more reliable than a subsequent representation of what was discussed. Course Module oral Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles. Materiality Materiality is relevant when the practitioner determines the nature, timing and extent of evidence-gathering procedures, and when assessing whether the subject matter information is free of misstatement. When considering materiality, the practitioner understands and assesses what factors might influence the decisions of the intended users. For example, when the identified criteria allow for variations in the presentation of the subject matter information, the practitioner considers how the adopted presentation might influence the decisions of the intended users. Materiality is considered in the context of quantitative and qualitative factors, such as relative magnitude, the nature and extent of the effect of these factors on the evaluation or measurement of the subject matter, and the interests of the intended users. The assessment of materiality and the relative importance of quantitative and qualitative factors in a particular engagement are matters for the practitioner’s judgment. Assurance Engagement Risk Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. In a reasonable assurance engagement, the practitioner reduces assurance engagement risk to an acceptably low level in the circumstances of the engagement to obtain reasonable assurance as the Auditing and Assurance Principles Audit Process 19 basis for a positive form of expression of the practitioner’s conclusion. The level of assurance engagement risk is higher in a limited assurance engagement than in a reasonable assurance engagement because of the different nature, timing or extent of evidence gathering procedures. However, in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering procedures is at least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative form of expression. To be meaningful, the level of assurance obtained by the practitioner is likely to enhance the intended users’ confidence about the subject matter information to a degree that is clearly more than inconsequential. In general, assurance engagement risk can be represented by the following components, although not all of these components will necessarily be present or significant for all assurance engagements: (a) The risk that the subject matter information is materially misstated, which in turn consists of: (i) Inherent risk - the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls; and (ii) Control risk - the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some control risk will always exist because of the inherent limitations of the design and operation of internal control (b) Detection risk Course Module - the risk that the practitioner will not detect a material misstatement that exists. The degree to which the practitioner considers each of these components is affected by the engagement circumstances, in particular by the nature of the subject matter and whether a reasonable assurance or a limited assurance engagement is being performed. Nature, Timing and Extent of Evidence-Gathering Procedures The exact nature, timing and extent of evidence-gathering procedures will vary from one engagement to the next. In theory, infinite variations in evidence gathering procedures are possible. In practice, however, these are difficult to communicate clearly and unambiguously. The practitioner attempts to communicate them clearly and unambiguously and uses the form appropriate to a reasonable assurance engagement or a limited assurance engagement. “Reasonable assurance” is a concept relating to accumulating evidence necessary for the practitioner to conclude in relation to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required in a reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part of an iterative, systematic engagement process involving: (a) Obtaining an understanding of the subject matter and other engagement circumstances which, depending on the subject matter, includes obtaining an understanding of internal control; (b) Based on that understanding, assessing the risks that the subject matter information may be materially misstated; Auditing and Assurance Principles Audit Process 21 (c) Responding to assessed risks, including developing overall responses, and determining the nature, timing and extent of further procedures; (d) Performing further procedures clearly linked to the identified risks, using a combination of inspection, observation, confirmation, recalculation, reperformance, analytical procedures and inquiry. Such further procedures involve substantive procedures including, where applicable, obtaining corroborating information from sources independent of the responsible party, and depending on the nature of the subject matter, tests of the operating effectiveness of controls; and (e) Evaluating the sufficiency and appropriateness of evidence. “Reasonable assurance” is less than absolute assurance. Reducing assurance engagement risk to zero is very rarely attainable or cost beneficial as a result of factors such as the following: The use of selective testing. The inherent limitations of internal control. The fact that much of the evidence available to the practitioner is persuasive rather than conclusive. The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence. In some cases, the characteristics of the subject matter when evaluated ormeasured against the identified criteria. Quantity and Quality of Available Evidence The quantity or quality of available evidence is affected by: Course Module (a) The characteristics of the subject matter and subject matter information. For example, less objective evidence might be expected when information about the subject matter is future oriented rather than historical (b) Circumstances of the engagement other than the characteristics of the subject matter, when evidence that could reasonably be expected to exist is not available because of, for example, the timing of the practitioner’s appointment, an entity’s document retention policy, or a restriction imposed by the responsible party. Ordinarily, available evidence will be persuasive rather than conclusive. A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement. The practitioner provides a written report containing a conclusion that conveys the assurance obtained about the subject matter information. 1. In an assertion-based engagement, the practitioner’s conclusion can be worded either: (a) In terms of the responsible party’s assertion For example: “In our opinion the responsible party’s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated”; Auditing and Assurance Principles Audit Process 23 (b) Directly in terms of the subject matter and the criteria For example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria”. In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of the subject matter and the criteria. 2. In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, For example: “In our opinion internal control is effective, in all material respects, based on XYZ criteria.” This form of expression conveys “reasonable assurance.” Having performed evidence-gathering procedures of a nature, timing and extent that were reasonable given the characteristics of the subject matter and other relevant engagement circumstances described in the assurance report, the practitioner has obtained sufficient appropriate evidence to reduce assurance engagement risk to an acceptably low level. 3. In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, For example, “Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is Course Module not effective, in all material respects, based on XYZ criteria.” This form of expression conveys a level of “limited assurance” that is proportional to the level of the practitioner’s evidencegathering procedures given the characteristics of thesubject matter and other engagement circumstances described in the assurance report. Auditing and Assurance Principles Audit Process LO 6 SAMPLE ENGAGEMENT LETTER (excerpted from www.alasoplascpas.com/Download/Proposal-Compilation-Services-TEMPLATE.docx Proposal for Compilation Engagement For the year ended _______________(reporting date) Presented to NAME OF THE COMPANY Course Module 25 Date THE BOARD OF DIRECTORS NAME OF THE COMPANY Address SUBJECT: LETTER OF ENGAGEMENT FOR COMPILATION SERVICE TO NAME OF THE COMPANY Gentlemen: We are pleased to submit our proposal to render compilation service to NAME OF THE COMPANY (the Company) for the year ended _______________. We discuss below highlights of our practice philosophies that guide us in delivering value-for-money and world class quality service. PRACTICE PHILOSOPHIES In order to deliver the value-for-money and world class quality service that you deserve, we observe the following practice philosophies: Business-oriented approach Alas, Oplas& Co., CPAs, herein referred to as “the Firm”, uses business-oriented approach with an emphasis on early planning and understanding your business. This enables us to identify key areas and tailor our response to the unique aspects, size, and nature of your business and to offer value-added constructive comments and recommendations. Professional competence We always seek for continuous improvement of our skills and capabilities through investing heavily in training and technology. Our personnel are well trained by international and local trainers and we are active in participating with international conferences and forum that increase our knowledge. Independence and integrity Auditing and Assurance Principles Audit Process 27 We are committed to giving what our clients rightly demand, yet still recognizes that our personnel is uniquely placed to give constructive advices to the client regarding its business. ABOUT OUR FIRM For 30 years of global standard professional service in the field of audit and assurance, we certainly take great pride in letting our clients know who we are and the industry capabilities we can deliver. We are member Firm of BKR International a leading global association of independent accounting and business advisory Firms representing the expertise of more than 160 member Firms with over 500 offices in over 80 countries around the world. The succeeding pages will contain the scope of our services and our standard terms and conditions. We appreciate the opportunity you gave us to submit this audit proposal to your company. We will be pleased to clarify any questions that you may have regarding this proposal. Sincerely, MARYCRIS S. OPLAS Managing Partner CONTENTS OF THE PROPOSAL Course Module Objectives and Scope of the Compilation 5 Our Responsibilities 5 Management’s Responsibilities 6 Reporting and Deliverables 7 Planning and Performance of the Compilation 8 Quality Control 8 Engagement Fees and Terms of Payment 8 Standard Terms and Conditions of Business 9 Closing 10 Conforme 10 This proposal has been submitted to NAME OF THE COMPANYfor the purpose of describing ALAS, OPLAS & CO., CPAs’ (“the Firm”) qualifications and capabilities to provide the outlined services. In doing so, the Firm has disclosed certain proprietary and other sensitive information, which if disclosed to other parties, might harm the Firm competitively. In consideration of receiving the disclosures, NAME OF THE COMPANY agrees to treat this proposal as a confidential material and not to be disclosed to any third party without obtaining the Firm’s consent. This proposal remains the property of the Firm and we reserve the right to request the return of all materials included in this proposal. OBJECTIVES AND SCOPE OF THE COMPILATION ENGAGEMENT You have requested that we perform the following services: Auditing and Assurance Principles Audit Process 29 On the basis of information provide, we will compile, in accordance with the Philippine Standard on Related Services (PSRS) 4410, Engagements to Compile Financial Information, the statement of financial position of NAME OF THE COMPANY as of ______________(reporting date) and related statement of comprehensive income, changes in equity and cash flows for the year then ended in accordance with the ___________________ (applicable reporting framework). We will not carry out or review engagement procedures in relation to such financial statements. Consequently, no assurance on the financial statements will be expressed. Our compilation service will include routine consultation on tax and accounting matters. However, it will not include tax compliance review and tax advisory service that usually entails extensive work such as research, data gathering and consultation. Also, our compilation service will not include a review of the supplementary information required under Bureau of Internal Revenue (BIR) Revenue Regulations (RR) Nos. 15-2010 and 19-2011, including income tax computation. OUR RESPONSIBILITIES We will conduct our compilation engagement in accordance with PSRS 4410, Engagements to Compile Financial Information. This standard requires that we comply with ethical requirements and plan and perform the compilation engagement to use our accounting expertise, as opposed to auditing expertise, to collect, classify and summarize financial information. Compilation engagement ordinarily entails reducing data to a manageable and understandable form without a requirement to test the assertions underlying that information. The procedures to be employed are not designed and do not enable us to express any assurance on the financial information. In carrying out this engagement, we will perform the following procedures: a. Obtain general knowledge of the business and operations of the Company and be familiar with the accounting principles and practices of the industry in which the Company operates and with the form and content of the financial information that is appropriate in the circumstances. b. Obtain trial balance and related supporting schedules and/or general ledger. c. Prepare and review lead schedules. d. Prepare and review the unaudited financial statements which comprise of the statement of financial position, comprehensive income, change in equity, cash flows and notes to financial statements. e. Prepare and review income tax computation (OPTIONAL) f. Prepare and review disclosures relating to BIR Revenue Regulation Nos. 15-2010 and 19-2011 (OPTIONAL) In a compilation engagement, we are NOT ordinarily required to perform the following procedures: a. Make any inquiries of management to assess the reliability and completeness of the information provided; b. Assess internal controls; c. Verify any matters; or d. Verify any explanations. Course Module However, if we become aware that information supplied by the management is incorrect, incomplete, or otherwise unsatisfactory, we will consider performing the above procedures and request management to provide additional information. If management refuses to provide additional information, we will withdraw from the engagement, as provided in PSRS 4410. Compiled financial statements will be checked and consider whether it appears to be appropriate in form and free from obvious material misstatements, such as: a. Mistakes in the application of __________________ (applicable financial reporting framework). b. Non-disclosure of the requirements of _____________ (applicable financial reporting framework). c. Non-disclosure of any other significant matters of which we become aware. We will disclose the above matters in the compiled financial information, though their effects will not be quantified. Because of the inherent limitations of the compilation engagement, there is an unavoidable risk that some material misstatements may not be detected, even though the engagement is properly planned and performed in accordance with PSRS. MANAGEMENT’S RESPONSIBILITIES Our compilation services will be conducted on the basis that management and those charged with governance acknowledge and understand that they have responsibility: 1. For the preparation and fair presentation of the financial __________________(applicable financial reporting framework); statements in 2. For such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud and error; and 3. To provide us with: a. Access to all information of which management is aware of that is relevant to the financial statements such as records, documentation and other matters; accordance with preparation of the b. Additional information that we may request from management for the purpose of the compilation; c. Unrestricted access to persons within the entity from whom we determine it necessary to obtain information; d. Trial balance, general ledger/schedule and any accompanying information on a timely manner to allow us to complete the compilation; and e. Written representation letter that management has fulfilled its responsibilities for the preparation and presentation of financial statements and that all transactions have been recorded and are reflected in the financial statements. 4. For the preparation and fair presentation of the: a. Supplementary information as required by Revenue Regulation No. 15-2010, and b. Supplementary information required by Revenue Regulation No. 2-2014 (New Income Tax Forms) issued by the Bureau of Internal Revenue. Management is likewise responsible for making available to us, upon request, all original records and related information, and personnel to whom we may direct our inquiries. Auditing and Assurance Principles Audit Process 31 5. For the preparation and fair presentation of the supplementary information required under Securities Regulation Code (SRC) Rule 68 as revised in October 2011. In accordance with SRC Rule 68, management of all corporations covered by this Rule is required to acknowledge their responsibility over their financial statements. For this purpose, the financial statements to be filed with the Securities and Exchange Commission shall be accompanied by a Statement of Management’s Responsibility for Financial Statements signed by the Chairman of the Board, the Chief Executive Officer, and the Chief Financial Officer. In addition, the management is also mandated to comply with the submission of a Statement of Management’s Responsibility for Annual Income Tax Return to accompany the financial statements, pursuant to Revenue Regulation No. 3-2010. REPORTING AND DELIVERABLES Our deliverables will consist of the following: A. Unaudited financial statements for the year then ended which comprise of the following: 1. Statement of Financial Position; 2. Statement of Comprehensive Income; 3. Statement of Changes in Equity; 4. Statement of Cash Flows; and 5. Notes to Financial Statements B. Report on Compilation Engagement stating therein the following: 1. A statement that the engagement was performed in accordance with PSRS 4410; 2. Identification of the financial information noting that it is based on information provided by management; 3. A statement that the management is responsible for the financial information compiled by us; 4. A statement that neither an audit nor a review has been carried out and that accordingly no assurance is expressed on the financial information; and 5. A paragraph, when considered necessary, drawing attention to the disclosure of material departures from ______________ (applicable financial reporting framework). C. Certificate on the Compilation Services for Preparation of FS and Notes to FS as required by the Board of Accountancy D. Lead schedule of line items presented in the compiled financial information LIMITATIONS We understand that the intended use and distribution of the information we have compiled is for the purpose of complying with the requirements of Resolution No. 03-2016 issued by the Board of Accountancy and that should this change in a material respect, that you will inform us. Course Module PLANNING AND PERFORMANCE OF THE AUDIT We will plan our compilation engagement as expeditiously as possible to minimize disruptions of your work. At the start of our work, we will present to you in a kick-off meeting our approach and timetable, we will also introduce to you the members of our Client Service Team. We look forward to the full cooperation of your staff to do the preparatory work that will be discussed in our arrangement letter. We also trust that they will make available to us whatever records, documentation and other information that are requested in connection with our audit. QUALITY CONTROL The conduct of our compilation engagement in accordance with PSRS 4410 means that information acquired by us in the course of our audit is subject to strict confidentiality requirements. Information will not be disclosed by us to other parties except as required or allowed for by law or professional standards, or with your express consent. Our files may, however, be subject to review as part of the quality control review program by: a) our network firm which monitors the quality of audits undertaken by member firms, and b) regulatory bodies such as SEC and Board of Accountancy. ENGAGEMENT FEES AND TERMS OF PAYMENT Our professional fee for the compilation engagement for financial statements ended December 31, 2015 is ___________________ (PHP_____________), exclusive of applicable Value Added Tax (VAT) and out-of-pocket expenses (OPEs). OPEs are expenses necessarily incurred in the performance of our service, such as office supplies, transportation, meals, printing, postage, facsimile transmission, reproduction of financial statements, communication, allocation of office charges in support of our services and other incidental charges. Other extended services/works that will be incurred by the Firm to complete the submission of the deliverables shall likewise be billed in addition to the professional fee indicated herein. We further propose to bill you as follows: 50% upon the start of field work; and 50% upon submission of our deliverables. Auditing and Assurance Principles Audit Process 33 STANDARD TERMS AND CONDITIONS OF BUSINESS 1. CONFIDENTIALITY We confirm that where you give us confidential information, we shall at all times keep it confidential, except as required by law or as provided for in regulatory, ethical or other professional pronouncements applicable to our engagement. However, in the event that we are required by law or other regulatory, ethical or other professional pronouncements, to disclose confidential information to a third party, the Firm shall first notify the Companyprior to making such disclosure to the extent that the Firm is legally able to do so. You agree that it will be sufficient compliance with our duty of confidence for us to take such steps as we in good faith think fit to preserve confidential information both during and after termination of this engagement. The Firm also reserves the right to act during this engagement for other clients whose interests are, or may be, adverse to yours, subject to the preceding paragraph. 2. ELECTRONIC COMMUNICATION During the engagement we may, from time to time, communicate electronically with each other. Although electronic transmission of information is fast and convenient, it cannot be guaranteed to be virus-free or errorfree. Transmitted information could be intercepted, corrupted, lost, destroyed, be delayed, or incomplete or otherwise, be adversely affected by technical factors or considered unsafe to use. Therefore, we recognize that systems and procedures cannot be a guarantee that transmissions will be unaffected by such hazards. In this regard, we accept the risks of and authorize the use of electronic communications between us. We propose that the Firm and the Company mutually agree to use commercially reasonable procedures to check for the most commonly known viruses before sending information electronically. Moreover, both shall be responsible for protecting its own systems and interests, in relation to electronic communications. 3. PAYMENT AND FEES Our invoices are due for settlement fourteen (14) days from the date of the invoice. We reserve the right to charge interest on overdue debts at a rate of 2% per month. The Firm also reserves the right to withdraw our staff from their involvement on the relevant assignment, in the event that the Company fail to perform the preparatory work in accordance with the terms of this engagement proposal or if payment was not properly made. 4. CONTINUATION OF SERVICE/TERMINATION CLAUSE This compilation engagement starts when the client service team begins to perform audit services and ends when the deliverables are submitted. Should the Company intend to rehire the services of the Firm for succeeding periods, such continuation of service will be subjected to a reacceptance evaluation and the result will be communicated to the Company. Should either party to this engagement encounter extraordinary difficulties while in service and that the Firm or the Company will no longer be viable to continue such service, either party may invoke a termination of the service through a written notice. The written notice should be received by the other party at least thirty (30) days before the date of termination 5. INDEMNIFICATION Course Module NAME OF THE COMPANY hereby indemnifies ALAS, OPLAS & CO., CPAs and its partners, principals and employees and holds them harmless from all claims, liabilities, losses and costs arising in circumstances where there have been known misrepresentations by a member of the Company’s management, even if such member’s act was in the interest of the Company.This indemnification will survive termination of this letter. 6. INCREASE IN FEES If, for any reason, there is an increase in the amount of work and any variations from or additional work not related to the terms of this engagement proposal, the engagement team will sit down with the Company and discuss the necessary adjustments of the professional fees. Adjustments will only take effect upon the agreement of both parties. We hope the above terms correctly express our understanding. Please indicate your agreement by signing and returning a copy for our file. Sincerely yours, ALAS, OPLAS & CO., CPAs By: MARYCRIS S. OPLAS Managing Partner ============================================================================= APPROVED AND ACCEPTED BY: NAME OF THE COMPANY By: ______________________________________ Printed Name over Signature / Designation END OF MODULE __________________________ Date Auditing and Assurance Principles Audit Process 35 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standards on Auditing; http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-200-Revisedand-Redrafted.pdf; September 1, 2018 2. Should the client be accepted?(Auditing); http://archives.cpajournal.com/old/13856825.htm; September 1, 2018 3. Philippine Framework for Assurance Engagements; https://www.aasc.org.ph/downloads/PSA/publications/PDFs/PhilippineFramework-for-Assurance-Engagements.pdf; September 1, 2018 Course Module Auditing and Assurance Principles Audit Planning Module 005 Audit Planning LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Enumerate the key activities in audit planning 2. Discuss the audit planning activities 3. Familiarize with an audit plan Course Module 1 LO 1 Key Activities in Planning an Audit Involvement of Key Engagement Team Members The engagement partner and other key members of the engagement team shall be involved in planning the audit, including planning and participating in the discussion among engagement team members. Preliminary Engagement Activities The auditor shall undertake the following activities at the beginning of the current audit engagement: (a) Performing procedures required by PSA 220, “Quality Control for Audits of Historical Financial Information” regarding the continuance of the client relationship and the specific audit engagement; (b) Evaluating compliance with ethical requirements, including independence, as required by PSA 220; and (c) Establishing an understanding of the terms of the engagement, as required by PSA 210, “Terms of Audit Engagements.” Planning Activities The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan. In establishing the overall audit strategy, the auditor shall: (a) Identify the characteristics of the engagement that define its scope; (b) Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; (c) Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts; (d) Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and (e) Ascertain the nature, timing and extent of resources necessary to perform the engagement. Auditing and Assurance Principles Audit Planning 3 The auditor shall develop an audit plan that shall include a description of: (a) The nature, timing and extent of planned risk assessment procedures, as determined under PSA 315, “Identifying and Assessing the Risks of Material Misstatement Through Understanding the Entity and Its Environment.” (b) The nature, timing and extent of planned further audit procedures at the assertion level, as determined under PSA 330, “The Auditor’s Responses to Assessed Risks.” (c) Other planned audit procedures that are required to be carried out so that the engagement complies with PSAs. The auditor shall update and change the overall audit strategy and the audit plan as necessary during the course of the audit. The auditor shall plan the nature, timing and extent of direction and supervision of engagement team members and the review of their work. Documentation The auditor shall document: (a) The overall audit strategy; (b) The audit plan; and (c) Any significant changes made during the audit engagement to the overall audit strategy or the audit plan, and the reasons for such changes. Additional Considerations in Initial Audit Engagements The auditor shall undertake the following activities prior to starting an initial audit: (a) Performing procedures required by PSA 220 (Quality Control) regarding the acceptance of the client relationship and the specific audit engagement; and Course Module (b) Communicating with the predecessor auditor, where there has been a change of auditors, in compliance with relevant ethical requirements. LO 2 Audit Planning Activities 1. Obtain an understanding of the client and its environment 2. Establish materiality and assessing the risk 3. Identify related parties 4. Perform preliminary analytical procedures 5. Determine the need for experts 6. Develop an overall audit strategy and detailed audit plan 7. Prepare preliminary audit plan Obtain an understanding of the client and its environment The Entity and Its Environment The auditor shall obtain an understanding of the following: (a) Relevant industry, regulatory, and other external factors including the applicable financial reporting framework. (b) The nature of the entity, including: (i) Its operations; (ii) Its ownership and governance structures; (iii) The types of investments that the entity is making and plans to make; and (iv) The way that the entity is structured and how it is financed, to enable the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. (c) The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial Auditing and Assurance Principles Audit Planning 5 reporting framework and accounting policies used in the relevant industry. (d) The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement. (e) The measurement and review of the entity’s financial performance. Relevant industry, regulatory, and other external factors including the applicable financial reporting framework. Industry Factors Relevant industry factors include industry conditions such as the: competitive environment, supplier customer relationships, and technological developments. Examples of matters the auditor may consider include: o The market and competition, including demand, capacity, and price competition. o Cyclical or seasonal activity. o Product technology relating to the entity’s products. o Energy supply and cost. Course Module The industry in which the entity operates may give rise to specific risks of material misstatement arising from the nature of the business or the degree of regulation. For example, long-term contracts may involve significant estimates of revenues and expenses that give rise to risks of material misstatement. In such cases, it is important that the engagement team include members with sufficient relevant knowledge and experience, as required by PSA 220, “Quality Control for Audits of Historical Financial Information.” Regulatory Factors Relevant regulatory factors include the regulatory environment. The regulatory environment encompasses, among other matters, the applicable financial reporting framework and the legal and political environment. Examples of matters the auditor may consider include: Accounting principles and industry specific practices. Regulatory framework for a regulated industry. Auditing and Assurance Principles Audit Planning 7 Legislation and significantly regulation affect the that entity’s operations, including direct supervisory activities. Taxation (corporate and other). Government policies currently affecting the conduct of the entity’s business, such as monetary, including foreign exchange controls, fiscal, financial incentives (for example, government aid programs), and tariffs or trade restrictions policies. Environmental requirements affecting the industry and the entity’s business. Other External Factors Examples of other external factors affecting the entity that the auditor may consider include the: general economic conditions, interest rates, availability of financing, inflation, currency revaluation. Course Module The nature of the entity, Business operations – such as: o Nature of revenue sources, products or services, and markets, including involvement in electronic commerce such as Internet sales and marketing activities. o Conduct of operations (for example, stages and methods of production, or activities exposed to environmental risks). o Alliances, joint ventures, and outsourcing activities. o Geographic dispersion and industry segmentation. o Location of production facilities, warehouses, and offices, and location and quantities of inventories. o Key customers and important suppliers of goods and services, employment arrangements (including the existence of union contracts, pension and other post-employment benefits, stock option or incentive bonus arrangements, and government regulation related to employment matters). o Research and development activities and expenditures. o Transactions with related parties. Investments and investment activities – such as: o Planned or recently executed acquisitions or divestitures. o Investments and dispositions of securities and loans. o Capital investment activities. o Investments in non-consolidated entities, including partnerships, joint ventures and special-purpose entities. Financing and financing activities – such as: o Major subsidiaries and associated entities, including consolidated and nonconsolidated structures. o Debt structure and related terms, including off-balance-sheet financing arrangements and leasing arrangements. Auditing and Assurance Principles Audit Planning 9 o Beneficial owners (local, foreign, business reputation and experience) and related parties. o Use of derivative financial instruments. Financial reporting – such as: o Accounting principles and industry specific practices, including industryspecific significant categories for example, loans and investments for banks, or research and development for pharmaceuticals. o Revenue recognition practices. o Accounting for fair values. o Foreign currency assets, liabilities and transactions. o Accounting for unusual or complex transactions including those in controversial or emerging areas (for example, accounting for stock-based compensation). An understanding of the nature of an entity enables the auditor to understand such matters as: o Whether the entity has a complex structure, for example with subsidiaries or other components in multiple locations. Complex structures often introduce issues that may give rise to risks of material misstatement. Such issues may include whether goodwill, joint ventures, investments, or special-purpose entities are accounted for appropriately. o The ownership, and relations between owners and other people or entities. This understanding assists in determining whether Course Module related party transactions have been identified and accounted for appropriately. PSA 550, “Related Parties,” establishes requirements and provides guidance on the auditor’s considerations relevant to related parties. The entity’s selection and application of accounting policies, including the reasons for changes thereto. The auditor shall evaluate whether the entity’s accounting policies are appropriate for its business and consistent with the applicable financial reporting framework and accounting policies used in the relevant industry. The Entity’s Selection and Application of Accounting Policies An understanding of the entity’s selection and application of accounting policies may encompass such matters as: The methods the entity uses to account for significant and unusual transactions. The effect of significant accounting policies in controversial or emerging areas for which there is a lack of authoritative guidance or consensus. Changes in the entity’s accounting policies. Financial reporting standards and laws and regulations that are new to the entity and when and how the entity will adopt such requirements. Auditing and Assurance Principles Audit Planning 11 The entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement. The entity conducts its business in the context of industry, regulatory and other internal and external factors. To respond to these factors, the entity’s management or those charged with governance define objectives, which are the overall plans for the entity. Strategies are the approaches by which management intends to achieve its objectives. The entity’s objectives and strategies may change over time. Business risk is broader than the risk of material misstatement of the financial statements, though it includes the latter. Business risk may arise from change or complexity. A failure to recognize the need for change may also give rise to business risk. Business risk may arise, for example, from: The development of new products or services that may fail; A market which, even if successfully developed, is inadequate to support a product or service; or Flaws in a product or service that may result in liabilities and reputational risk. An understanding of the business risks facing the entity increases the likelihood of identifying risks of material misstatement, since most business risks will eventually have financial consequences and, therefore, an effect on the financial statements. However, the auditor does not have a responsibility to identify or assess all business risks because not all business risks give rise to risks of material misstatement. Course Module Examples of matters that the auditor may consider when obtaining an understanding of the entity’s objectives, strategies and related business risks that may result in a risk of material misstatement of the financial statements include: Industry developments - a potential related business risk might be, for example, that the entity does not have the personnel or expertise to deal with the changes in the industry. New products and services - a potential related business risk might be, for example, that there is increased product liability). Expansion of the business - a potential related business risk might be, for example, that the demand has not been accurately estimated). New accounting requirements - a potential related business risk might be, for example, incomplete or improper implementation, or increased costs. Regulatory requirements - a potential related business risk might be, for example, that there is increased legal exposure. Current and prospective financing requirements - a potential related business risk might be, for example, Auditing and Assurance Principles Audit Planning 13 the loss of financing due to the entity’s inability to meet requirements). Use of IT - a potential related business risk might be, for example, that systems and processes are incompatible). The effects of implementing a strategy, particularly any effects that will lead to new accounting requirements - a potential related business risk might be, for example, incomplete or improper implementation. A business risk may have an immediate consequence for the risk of material misstatement for classes of transactions, account balances, and disclosures at the assertion level or the financial statement level. For example, the business risk arising from a contracting customer base may increase the risk of material misstatement associated with the valuation of receivables. However, the same risk, particularly in combination with a contracting economy, may also have a longer-term consequence, which the auditor considers when assessing the appropriateness of the going concern assumption. Whether a business risk may result in a risk of material misstatement is, therefore, considered in light of the entity’s circumstances. Course Module (f) The measurement and review of the entity’s financial performance. Management and others will measure and review those things they regard as important. Performance measures, whether external or internal, create pressures on the entity. These pressures, in turn, may motivate management to take action to improve the business performance or to misstate the financial statements. Accordingly, an understanding of the entity’s performance measures assists the auditor in considering whether pressures to achieve performance targets may result in management actions that increase the risks of material misstatement, including those due to fraud. Examples of internally-generated information used by management for measuring and reviewing financial performance, and which the auditor may consider, include: Key performance indicators (financial and non-financial) and key ratios, trends and operating statistics. Period-on-period financial performance analyses. Budgets, forecasts, variance analyses, segment information and divisional, departmental or other level performance reports. Employee performance measures and incentive compensation policies. Comparisons of an entity’s performance with that of competitors. Auditing and Assurance Principles Audit Planning 15 Establish materiality and assessing the risk Risk Assessment Procedures and Related Activities The auditor shall perform risk assessment procedures to provide a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels. Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion. The risk assessment procedures shall include the following: (a) Inquiries of management, and of others within the entity who in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error. (b) Analytical procedures. (c) Observation and inspection. The auditor shall consider whether information obtained from the auditor’s client acceptance or continuance process is relevant to identifying risks of material misstatement. Where the engagement partner has performed other engagements for the entity, the engagement partner shall consider whether information obtained is relevant to identifying risks of material misstatement. When the auditor intends to use information obtained from the auditor’s previous experience with the entity and from audit procedures performed in previous audits, the auditor shall determine whether changes have occurred since the previous audit that may affect its relevance to the current audit. Course Module The engagement partner and other key engagement team members shall discuss the susceptibility of the entity’s financial statements to material misstatement, and the application of the applicable financial reporting framework to the entity’s facts and circumstances. The engagement partner shall determine which mattersare to be communicated to engagement team members not involved in the discussion. Identifying and Assessing the Risks of Material Misstatement The auditor shall identify and assess the risks of material misstatement at: (a) The financial statement level; and (b) The assertion level for classes of transactions, account balances, and disclosures, to provide a basis for designing and performing further audit procedures. For this purpose, the auditor shall: (a) Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that relate to the risks, and by considering the classes of transactions, account balances, and disclosures in the financial statements; (b) Assess the identified risks, and evaluate whether they relate more pervasively to the financial statements as a whole and potentially affect many assertions; (c) Relate the identified risks to what can go wrong at the assertion level, taking account of relevant controls that the auditor intends to test; and (d) Consider the likelihood of misstatement, including the possibility of multiple misstatements, and whether the potential misstatement is of a magnitude that could result in a material misstatement. Auditing and Assurance Principles Audit Planning 17 Assessment of Risks of Material Misstatement at the Financial Statement Level Risks of material misstatement at the financial statement level refer to risks that relate pervasively to the financial statements as a whole and potentially affect many assertions. Risks of this nature are not necessarily risks identifiable with specific assertions at the class of transactions, account balance, or disclosure level. Rather, they represent circumstances that may increase the risks of material misstatement at the assertion level, for example, through management override of internal control. Financial statement level risks may be especially relevant to the auditor’s consideration of the risks of material misstatement arising from fraud. Risks at the financial statement level may derive in particular from a weak control environment (although these risks may also relate to other factors, such as declining economic conditions). For example, weaknesses such as management’s lack of competence may have a more pervasive effect on the financial statements and may require an overall response by the auditor. The auditor’s understanding of internal control may raise doubts about the auditability of an entity’s financial statements. For example: Course Module Concerns about the integrity of the entity’s management may be so serious as to cause the auditor to conclude that the risk of management misrepresentation in the financial statements is such that an audit cannot be conducted. Concerns about the condition and reliability of an entity’s records may cause the auditor to conclude that it is unlikely that sufficient appropriate audit evidence will be available to support an unqualified opinion on the financial statements. Assessment of Risks of Material Misstatement at the Assertion Level Risks of material misstatement at the assertion level for classes of transactions, account balances, and disclosures need to be considered because such consideration directly assists in determining the nature, timing, and extent of further audit procedures at the assertion level necessary to obtain sufficient appropriate audit evidence. In identifying and assessing risks of material misstatement at the assertion level, the auditor may conclude that the identified risks relate more pervasively to the financial statements as a whole and potentially affect many assertions. The Use of Assertions In representing that the financial statements are in accordance with the applicable financial reporting framework, management implicitly or explicitly makes assertions regarding the recognition, measurement, presentation and disclosure of the various elements of financial statements and related disclosures. Auditing and Assurance Principles Audit Planning 19 Assertions used by the auditor to consider the different types of potential misstatements that may occur fall into the following three categories and may take the following forms: (a) Assertions about classes of transactions and events for the period under audit (b) Assertions about account balances at the period end: (c) Assertions about presentation and disclosure: Assertions about classes of transactions and events for the period under audit (i) Occurrence — transactions and events that have been recorded have occurred and pertain to the entity. (ii) Completeness — all transactions and events that should have been recorded have been recorded. (iii) Accuracy — amounts and other data relating to recorded transactions and events have been recorded appropriately. (iv) Cutoff — transactions and events have been recorded in the correct accounting period. (v) Classification — transactions and events have recorded in the proper accounts. Assertions about account balances at the period end Course Module been (i) Existence — assets, liabilities, and equity interests exist. (ii) Rights and obligations — the entity holds or controls the rights to assets, and liabilities are the obligations of the entity. (iii) Completeness — all assets, liabilities and equity interests that should have been recorded have been recorded. (iv) Valuation and allocation — assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. Assertions about presentation and disclosure (i) Occurrence and rights and obligations — disclosed events, transactions, and other matters have occurred and pertain to the entity. (ii) Completeness — all disclosures that should have been included in the financial statements have been included. (iii) Classification and understandability — financial information is appropriately presented and described, and disclosures are clearly expressed. (iv) Accuracy and valuation — financial disclosed amounts. and fairly other and information at are appropriate Auditing and Assurance Principles Audit Planning 21 Risks that Require Special Audit Consideration As part of the risk assessment, the auditor shall determine whether any of the risks identified are, in the auditor’s judgment, a significant risk. In exercising this judgment, the auditor shall exclude the effects of identified controls related to the risk. (a) Whether the risk is a risk of fraud; (b) Whether the risk is related to recent significant economic, accounting or other developments and, therefore, requires specific attention; (c) The complexity of transactions; (d) Whether the risk involves significant transactions with related parties; (e) The degree of subjectivity in the measurement of financial information related to the risk, especially those measurements involving a wide range of measurement uncertainty; and (f) Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual. When the auditor has determined that a significant risk exists, the auditor shall obtain an understanding of the entity’s controls, including control activities, relevant to that risk. Course Module Audit Risk - the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated (a) The risk that the subject matter information is materially misstated, which in turn consists of: (i) Inherent risk - the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls; and (ii) Control risk - the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls. When control risk is relevant to the subject matter, some control risk will always exist because of the inherent limitations of the design and operation of internal control (b) Detection risk - the risk that the practitioner will not detect a material misstatement that exists. Identify related parties Many related party transactions are in the normal course of business. In such circumstances, they may carry no higher risk of material misstatement of the financial statements than similar transactions with unrelated parties. However, the nature of related party relationships and transactions may, in some circumstances, give rise to higher risks of material misstatement of the financial statements than transactions with unrelated parties. For example: Related parties may operate through an extensive and complex range of relationships and structures, with a Auditing and Assurance Principles Audit Planning 23 corresponding increase in the complexity of related party transactions. Information systems may be ineffective at identifying or summarizing transactions and outstanding balances between an entity and its related parties. Related party transactions may not be conducted under normal market terms and conditions; for example, some related party transactions may be conducted with no exchange of consideration. The auditor shall inquire of management regarding: (a) The identity of the entity’s related parties, including changes from the prior period; (b) The nature of the relationships between the entity and these related parties; and (c) Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions. The auditor shall inquire of management and others within the entity, and perform other risk assessment procedures considered appropriate, to obtain an understanding of the controls, if any, that management has established to: (a) Identify, account for, and disclose related party relationships and transactions in accordance with the applicable financial reporting framework; (b) Authorize and approve significant transactions and arrangements with related parties; and (c) Authorize and approve significant transactions and arrangements outside the normal course of business. Perform preliminary analytical procedures Course Module Analytical procedures are evaluations of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. Determine the need for experts If expertise in a field other than accounting or auditing is necessary to obtain sufficient appropriate audit evidence, the auditor shall determine whether to use the work of an auditor’s expert. Expertise in a field other than accounting or auditing may include expertise in relation to such matters as: The valuation of complex financial instruments, land and buildings, plant and machinery, jewelry, works of art, antiques, intangible assets, assets acquired and liabilities assumed in business combinations and assets that may have been impaired. The actuarial calculation of liabilities associated with insurance contracts or employee benefit plans. The estimation of oil and gas reserves. The valuation of environmental liabilities, and site clean-up costs. The interpretation of contracts, laws and regulations. The analysis of complex or unusual tax compliance issues. Determining the Need for an Auditor’s Expert An auditor’s expert may be needed to assist the auditor in one or more of the following: Obtaining an understanding of the entity and its environment, including its internal control. Identifying and assessing the risks of material misstatement. Determining and implementing overall responses to assessed risks at the financial statement level. Auditing and Assurance Principles Audit Planning 25 Designing and performing further audit procedures to respond to assessed risks at the assertion level, comprising tests of controls or substantive procedures. Evaluating the sufficiency and appropriateness of audit evidence obtained in forming an opinion on the financial statements. Nature, Timing and Extent of Audit Procedures The nature, timing and extent of the auditor’s procedures will vary depending on the circumstances. In determining the nature, timing and extent of those procedures, the auditor shall consider matters including: (a) The nature of the matter to which that expert’s work relates; (b) The risks of material misstatement in the matter to which that expert’s work relates; (c) The significance of that expert’s work in the context of the audit; (d) The auditor’s knowledge of and experience with previous work performed by that expert; and (e) Whether that expert is subject to the auditor’s firm’s quality control policies and procedures. Evaluating the Adequacy of the Auditor’s Expert’s Work The auditor shall evaluate the adequacy of the auditor’s expert’s work for the auditor’s purposes, including: (a) The relevance and reasonableness of that expert’s findings or conclusions, and their consistency with other audit evidence; (b) If that expert’s work involves use of significant assumptions and methods, the relevance and reasonableness of those assumptions and methods in the circumstances; and Course Module (c) If that expert’s work involves the use of source data that is significant to that expert’s work, the relevance, completeness, and accuracy of that source data. If the auditor determines that the work of the auditor’s expert is not adequate for the auditor’s purposes, the auditor shall: (a) Agree with that expert on the nature and extent of further work to be performed by that expert; or (b) Perform further audit procedures appropriate to the circumstances. Develop an overall audit strategy and detailed audit plan The process of establishing the overall audit strategy assists the auditor to determine, subject to the completion of the auditor’s risk assessment procedures, such matters as: The resources to deploy for specific audit areas, such as the use of appropriately experienced team members for high risk areas or the involvement of experts on complex matters. The amount of resources to allocate to specific audit areas, such as the number of team members assigned to observe the inventory count at material locations, the extent of review of other auditors’ work in the case of group audits, or the audit budget in hours to allocate to high risk areas; When these resources are to be deployed, such as whether at an interim audit stage or at key cut-off dates; and How such resources are managed, directed and supervised, such as when team briefing and debriefing meetings are expected to be held, how engagement partner and manager reviews are expected to take place (for example, on-site or off-site), and whether to complete engagement quality control reviews. Once the overall audit strategy has been established, an audit plan can be developed to address the various matters identified in the overall audit strategy, Auditing and Assurance Principles Audit Planning 27 taking into account the need to achieve the audit objectives through the efficient use of the auditor’s resources. The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential processes, but are closely inter-related since changes in one may result in consequential changes to the other. Prepare preliminary audit plan The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and extent of audit procedures to be performed by engagement team members. Planning for these audit procedures takes place over the course of the audit as the audit plan for the engagement develops. For example, o planning of the auditor's risk assessment procedures occurs early in the audit process. o planning the nature, timing and extent of specific further audit procedures depends on the outcome of those risk assessment procedures. In addition, the auditor may begin the execution of further audit procedures for some classes of transactions, account balances and disclosures before planning all remaining further audit procedures. LO 2 Sample Audit Plan (excerpted from https://www.highland.gov.uk/.../item_4_-_annual_audit_plan_201617_external_audit...) Please refer to: Course Module Week006-Module_Sample Audit Plan Week006-Module_Sample Audit Plan with Audit Strategy END OF MODULE Auditing and Assurance Principles Audit Planning 29 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standards on Auditing 300 (Redrafted);http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-300Redrafted.pdf; September 1, 2018 2. Philippine Standard on Auditing 315 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-315Redrafted.pdf; September 1, 2018 3. Philippine Standard on Auditing 550 (Revised and Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/psa-550-revisedredrafted.php; September 1, 2018 4. Philippine Standard on Auditing 620 (Revised and Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/psa-620-revisedredrafted.php; September 1, 2018 Course Module Auditing and Assurance Principles Evaluation of Internal Control 1 Module 006 Evaluation of Internal Control LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Discuss the overview of evaluation of internal control 2. Explain the internal control evaluation process Course Module LO 1 Overview of Evaluation of Internal Control The auditor shall obtain an understanding of internal control relevant to the audit. Although most controls relevant to the audit are likely to relate to financial reporting, not all controls that relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional judgment whether a control, individually or in combination with others, is relevant to the audit. Nature and Extent of the Understanding of Relevant Controls When obtaining an understanding of controls that are relevant to the audit, the auditor shall evaluate the design of those controls and determine whether they have been implemented, by performing procedures in addition to inquiry of the entity’s personnel. An understanding of internal control assists the auditor in identifying types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing, and extent of further audit procedures. The following application material on internal control is presented in four sections, as follows: General Nature and Characteristics of Internal Control. Controls Relevant to the Audit. Nature and Extent of the Understanding of Relevant Controls. Components of Internal Control. Auditing and Assurance Principles Evaluation of Internal Control LO 2 3 Internal Control Evaluation Process General Nature and Characteristics of Internal Control Purpose of Internal Control Internal control is designed, implemented and maintained to address identified business risks that threaten the achievement of any of the entity’s objectives that concern: The reliability of the entity’s financial reporting; The effectiveness and efficiency of its operations; and Its compliance with applicable laws and regulations. The way in which internal control is designed, implemented and maintained varies with an entity’s size and complexity. Limitations of Internal Control Internal control, no matter how effective, can provide an entity with only reasonable assurance about achieving the entity’s financial reporting objectives. The likelihood of their achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human error. For example, there may be an error in the design of, or in the change to, a control. Equally, the operation of a control may not be effective, such as where information produced for the purposes of internal control (for example, an exception report) is not effectively used because the individual responsible for reviewing the information does not understand its purpose or fails to take appropriate action. Course Module Additionally, controls can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales contracts, which may result in improper revenue recognition. Also, edit checks in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled. Further, in designing and implementing controls, management may make judgments on the nature and extent of the controls it chooses to implement, and the nature and extent of the risks it chooses to assume. Division of Internal Control into Components The division of internal control into the following five components, for purposes of the PSAs, provides a useful framework for auditors to consider how different aspects of an entity’s internal control may affect the audit: (a) The control environment; (b) The entity’s risk assessment process; (c) The information system, including the related business processes, relevant to financial reporting, and communication; (d) Control activities; and (e) Monitoring of controls. The division does not necessarily reflect how an entity designs, implements and maintains internal control, or how it may classify any particular component. Auditors may use different terminology or frameworks to describe the various aspects of internal control, and their effect on the audit than those used in this PSA, provided all the components described in this PSA are addressed. Auditing and Assurance Principles Evaluation of Internal Control 5 Characteristics of Manual and Automated Elements of Internal Control Relevant to the Auditor’s Risk Assessment An entity’s system of internal control contains manual elements and often contains automated elements. The characteristics of manual or automated elements are relevant to the auditor’s risk assessment and further audit procedures based thereon. The use of manual or automated elements in internal control also affects the manner in which transactions are initiated, recorded, processed, and reported: Controls in a manual system may include such procedures as approvals and reviews of transactions, and reconciliations and follow-up of reconciling items. Alternatively, an entity may use automated procedures to initiate, record, process, and report transactions, in which case records in electronic format replace paper documents. Controls in IT systems consist of a combination of automated controls (for example, controls embedded in computer programs) and manual controls. Further, manual controls may be independent of IT, may use information produced by IT, or may be limited to monitoring the effective functioning of IT and of automated controls, and to handling exceptions. When IT is used to initiate, record, process or report transactions, or other financial data for inclusion in financial statements, the systems and programs may include controls related to the corresponding assertions for material accounts or may be critical to the effective functioning of manual controls that depend on IT. An entity’s mix of manual and automated elements in internal control varies with the nature and complexity of the entity’s use of IT. Automated Elements Course Module Generally, IT benefits an entity’s internal control by enabling an entity to: Consistently apply predefined business rules and perform complex calculations in processing large volumes of transactions or data; Enhance the timeliness, availability, and accuracy of information; Facilitate the additional analysis of information; Enhance the ability to monitor the performance of the entity’s activities and its policies and procedures; Reduce the risk that controls will be circumvented; and Enhance the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems. IT also poses specific risks to an entity’s internal control, including, for example: Reliance on systems or programs that are inaccurately processing data, processing inaccurate data, or both. Unauthorized access to data that may result in destruction of data or improper changes to data, including the recording of unauthorized or nonexistent transactions, or inaccurate recording of transactions. Particular risks may arise where multiple users access a common database. The possibility of IT personnel gaining access privileges beyond those necessary to perform their assigned duties thereby breaking down segregation of duties. Unauthorized changes to data in master files. Unauthorized changes to systems or programs. Failure to make necessary changes to systems or programs. Inappropriate manual intervention. Potential loss of data or inability to access data as required. Manual Elements Auditing and Assurance Principles Evaluation of Internal Control 7 Manual elements in internal control may be more suitable where judgment and discretion are required such as for the following circumstances: Large, unusual or non-recurring transactions. Circumstances where errors are difficult to define, anticipate or predict. In changing circumstances that require a control response outside the scope of an existing automated control. In monitoring the effectiveness of automated controls. Manual elements in internal control may be less reliable than automated elements because they can be more easily bypassed, ignored, or overridden and they are also more prone to simple errors and mistakes. Consistency of application of a manual control element cannot therefore be assumed. Manual control elements may be less suitable for the following circumstances: High volume or recurring transactions, or in situations where errors that can be anticipated or predicted can be prevented, or detected and corrected, by control parameters that are automated. Control activities where the specific ways to perform the control can be adequately designed and automated. The extent and nature of the risks to internal control vary depending on the nature and characteristics of the entity’s information system. The entity responds to the risks arising from the use of IT or from use of manual elements in internal control by establishing effective controls in light of the characteristics of the entity’s information system. Controls Relevant to the Audit There is a direct relationship between an entity’s objectives and the controls it implements to provide reasonable assurance about their achievement. The entity’s Course Module objectives, and therefore controls, relate to financial reporting, operations and compliance; however, not all of these objectives and controls are relevant to the auditor’s risk assessment. Factors relevant to the auditor’s judgment about whether a control, individually or in combination with others, is relevant to the audit may include such matters as the following: Materiality. The significance of the related risk. The size of the entity. The nature of the entity’s business, including its organization and ownership characteristics. The diversity and complexity of the entity’s operations. Applicable legal and regulatory requirements. The circumstances and the applicable component of internal control. The nature and complexity of the systems that are part of the entity’s internal control, including the use of service organizations. Whether, and how, a specific control, individually or in combination withothers, prevents, or detects and corrects, material misstatement. Controls over the completeness and accuracy of information produced by the entity may be relevant to the audit if the auditor intends to make use of the information in designing and performing further procedures. Controls relating to operations and compliance objectives may also be relevant to an audit if they relate to data the auditor evaluates or uses in applying audit procedures. Internal control over safeguarding of assets against unauthorized acquisition, use, or disposition may include controls relating to both financial reporting and operations objectives. The auditor’s consideration of such controls is generally limited to those relevant to the reliability of financial reporting. Auditing and Assurance Principles Evaluation of Internal Control 9 An entity generally has controls relating to objectives that are not relevant to an audit and therefore need not be considered. For example, an entity may rely on a sophisticated system of automated controls to provide efficient and effective operations (such as an airline’s system of automated controls to maintain flight schedules), but these controls ordinarily would not be relevant to the audit. Further, although internal control applies to the entire entity or to any of its operating units or business processes, an understanding of internal control relating to each of the entity’s operating units and business processes may not be relevant to the audit. Nature and Extent of the Understanding of Relevant Controls Evaluating the design of a control involves considering whether the control, individually or in combination with other controls, is capable of effectively preventing, or detecting and correcting, material misstatements. Implementation of a control means that the control exists and that the entity is using it. There is little point in assessing the implementation of a control that is not effective, and so the design of a control is considered first. An improperly designed control may represent a material weakness in the entity’s internal control. Risk assessment procedures to obtain audit evidence about the design and implementation of relevant controls may include: Inquiring of entity personnel. Observing the application of specific controls. Inspecting documents and reports. Course Module Tracing transactions through the information system relevant to financial reporting. Components of Internal Control I. Control Environment Entity’s Risk Assessment Process The Information System, Including the Related Business Processes, Relevant to Financial Reporting, and Communication Control Activities Monitoring of Controls Control Environment The auditor shall obtain an understanding of the control environment. As part of obtaining this understanding, the auditor shall evaluate whether: (a) Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior; and (b) The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal control, and whether those other components are not undermined by control environment weaknesses. The control environment includes: the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. The control environment sets the tone of an organization, influencing the control consciousness of its people. Elements of the control environment that may be relevant when obtaining an understanding of the control environment include the following: Auditing and Assurance Principles Evaluation of Internal Control 11 (a) Communication and enforcement of integrity and ethical values - These are essential elements that influence the effectiveness of the design, administration and monitoring of controls. (b) Commitment to competence - Matters such as management’s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge. (c) Participation by those charged with governance - Attributes of those charged with governance such as: Their independence from management. Their experience and stature. The extent of their involvement and the information they receive, and the scrutiny of activities. The appropriateness of their actions, including the degree to which difficult questions are raised and pursued with management, and their interaction with internal and external auditors. (d) Management’s philosophy and operating style - Characteristics such as management’s: Approach to taking and managing business risks. Attitudes and actions toward financial reporting. Attitudes toward information processing and accounting functions and personnel. (e) Organizational structure - The framework within which an entity’s activities for achieving its objectives are planned, executed, controlled, and reviewed. (f) Assignment of authority and responsibility - Matters such as how authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. Course Module (g) Human resource policies and practices - Policies and practices that relate to, for example, recruitment, orientation, training, evaluation, counseling, promotion, compensation, and remedial actions. Audit Evidence for Elements of the Control Environment Relevant audit evidence may be obtained through a combination of inquiries and other risk assessment procedures such as corroborating inquiries through observation or inspection of documents. For example, through inquiries of management and employees, the auditor may obtain an understanding of how management communicates to employees its views on business practices and ethical behavior. The auditor may then determine whether relevant controls have been implemented by considering, for example, whether management has a written code of conduct and whether it acts in a manner that supports the code. Auditing and Assurance Principles Evaluation of Internal Control 13 Effect of the Control Environment on the Assessment of the Risks of Material Misstatement 1. Some elements of an entity’s control environment have a pervasive effect on assessing the risks of material misstatement. For example, an entity’s control consciousness is influenced significantly by those charged with governance, because one of their roles is to counterbalance pressures on management in relation to financial reporting that may arise from market demands or remuneration schemes. The effectiveness of the design of the control environment in relation to participation by those charged with governance is therefore influenced by such matters as: o Their independence from management and their ability to evaluate the actions of management. o Whether they understand the entity’s business transactions. o The extent to which they evaluate whether the financial statements are prepared in accordance with the applicable financial reporting framework. 2. An active and independent board of directors may influence the philosophy and operating style of senior management. However, other elements may be more limited in their effect. For example, although human resource policies and practices directed toward hiring competent financial, accounting, and IT personnel may reduce the risk of errors in processing Course Module financial information, they may not mitigate a strong bias by top management to overstate earnings. 3. The existence of a satisfactory control environment can be a positive factor when the auditor assesses the risks of material misstatement. However, although it may help reduce the risk of fraud, a satisfactory control environment is not an absolute deterrent to fraud. Conversely, weaknesses in the control environment may undermine the effectiveness of controls, in particular in relation to fraud. For example, management’s failure to commit sufficient resources to address IT security risks may adversely affect internal control by allowing improper changes to be made to computer programs or to data, or unauthorized transactions to be processed. As explained in PSA 330, the control environment also influences the nature, timing, and extent of the auditor’s further procedures. 4. The control environment in itself does not prevent, or detect and correct, a material misstatement. It may, however, influence the auditor’s evaluation of the effectiveness of other controls for example, the monitoring of controls and the operation of specific control activities and thereby, the auditor’s assessment of the risks of material misstatement. Auditing and Assurance Principles Evaluation of Internal Control II. 15 Entity’s Risk Assessment Process The entity’s risk assessment process forms the basis for how management determines the risks to be managed. If that process is appropriate to the circumstances, including the nature, size and complexity of the entity, it assiststhe auditor in identifying risks of material misstatement. Whether the entity’s risk assessment process is appropriate to the circumstances is a matter of judgment. 1. The auditor shall obtain an understanding of whether the entity has a process for: (a) Identifying business risks relevant to financial reporting objectives; (b) Estimating the significance of the risks; (c) Assessing the likelihood of their occurrence; and (d) Deciding about actions to address those risks. 2. If the entity has established such a process, the auditor shall obtain an understanding of it, and the results thereof. Where the auditor identifies risks of material misstatement that management failed to identify, the auditor shall evaluate whether there was an underlying risk of a kind that the auditor expects would have been identified by the entity’s risk assessment process. If there is such a risk, the auditor shall obtain an understanding of why that process failed to identify it,and evaluate whether the process is appropriate to its circumstances or if there is a material weakness in the entity’s risk assessment process. 3. If the entity has not established such a process or has an ad hoc process, the auditor shall discuss with management whether business risks relevant to Course Module financial reporting objectives have been identified and how they have been addressed. The auditor shall evaluate whether the absence of a documented risk assessment process is appropriate in the circumstances, or represents a material weakness in the entity’s internal control. The information system, including the related business processes, relevant to financial reporting, and communication 4. The auditor shall obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including the following areas: (a) The classes of transactions in the entity’s operations that are significant to the financial statements; (b) The procedures, within both information technology (IT) and manual systems, by which those transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements; (c) The related accounting records, supporting information and specific accounts in the financial statements that are used to initiate, record, process and report transactions; this includes the correction of incorrect information and how information is transferred to the general ledger. The records may be in either manual or electronic form; (d) How the information system captures events and conditions, other than transactions, that are significant to the financial statements; (e) The financial reporting process used to prepare the entity’s financial statements, including significant accounting estimates and disclosures; and (f) Controls surrounding journal entries, including non-standard journal entries used to record non-recurring, unusual transactions or adjustments. Auditing and Assurance Principles Evaluation of Internal Control 17 5. The auditor shall obtain an understanding of how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting, including: (a) Communications between management and those charged with governance; and (b) External communications, such as those with regulatory authorities. III. The Information System, Including the Related Business Processes, Relevant to Financial Reporting, and Communication Related Business Processes An entity’s business processes are the activities designed to: Develop, purchase, produce, sell and distribute an entity’s products and services; Ensure compliance with laws and regulations; and Record information, including accounting and financial reporting information. Business processes result in the transactions that are recorded, processed and reported by the information system. Obtaining an understanding of the entity’s business processes, which include how transactions are originated, assists the auditor obtain an understanding of the entity’s information system relevant to financial reporting in a manner that is appropriate to the entity’s circumstances. Course Module Financial Reporting The information system relevant to financial reporting objectives, which includes the accounting system, consists of the procedures and records designed and established to: Initiate, record, process, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity; Resolve incorrect processing of transactions, for example, automated suspense files and procedures followed to clear suspense items out on a timely basis; Process and account for system overrides or bypasses to controls; Transfer information from transaction processing systems to the general ledger; Captureinformation relevant to financial reporting for events and conditions other than transactions, such as the depreciation and amortization of assets and changes in the recoverability of accounts receivables; and Ensure information required to be disclosed by the applicable financial reporting framework is accumulated, recorded, processed, summarized and appropriately reported in the financial statements. Communication Communication by the entity of the financial reporting roles and responsibilities and of significant matters relating to financial reporting involves providing anunderstanding of individual roles and responsibilities pertaining to internal control over financial reporting. It includes such matters as the extent to which personnel understand how their activities in the financial reporting information system relate to the work of others and the means of reporting exceptions to an appropriate higher level within the entity. Auditing and Assurance Principles Evaluation of Internal Control 19 Communication may take such forms as policy manuals and financial reporting manuals. Open communication channels help ensure that exceptions are reported and acted on. IV. Control Activities Control activities are the policies and procedures that help ensure that management directives are carried out. Control activities, whether within IT or manual systems, have various objectives and are applied at various organizational and functional levels. Examples of specific control activities include those relating to the following: Authorization. Performance reviews. Information processing. Physical controls. Segregation of duties. Control activities relevant to the audit Control activities that are relevant to the audit are: Those that are required to be treated as such, being control activities that relate to significant risks and those that relate to risks for which substantive procedures alone do not provide sufficient appropriate audit evidence; or Those that are considered to be relevant in the judgment of the auditor. The auditor shall obtain an understanding of control activities relevant to the audit, being those the auditor judges it necessary to understand in Course Module order to assess the risks of material misstatement at the assertion level and design further audit procedures responsive to assessed risks. An audit does not require an understanding of all the control activities related to each significant class of transactions, account balance, and disclosure in the financial statements or to every assertion relevant to them. In understanding the entity’s control activities, the auditor shall obtain an understanding of how the entity has responded to risks arising from IT. V. Monitoring of Controls Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves assessing the effectiveness of controls on a timely basis and taking necessary corrective actions. Management accomplishes monitoring of controls through ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular management and supervisory activities. The auditor shall obtain an understanding of the major activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates corrective actions to its controls. The auditor shall obtain an understanding of the sources of the information used in the entity’s monitoring activities, and the basis upon which management considers the information to be sufficiently reliable for the purpose. Auditing and Assurance Principles Evaluation of Internal Control 21 Material Weakness in Internal Control The auditor shall evaluate whether, on the basis of the audit work performed, the auditor has identified a material weakness in the design, implementation or maintenance of internal control. The auditor shall communicate material weaknesses in internal control identified during the audit on a timely basis to management at an appropriate level of responsibility, and, as required by PSA 260 (Revised), “Communication with Those Charged with Governance,” with those charged with governance (unless all of those charged with governance are involved in managing the entity). END OF MODULE Course Module References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standard on Auditing 315 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-315Redrafted.pdf; September 1, 2018 Auditing and Assurance Principles Substantive Testing 1 Module 007 Substantive Testing LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Define audit evidence 2. Determine the sources of audit evidence 3. Determine the audit procedures for obtaining audit evidence 4. Identify the information to be used as audit evidence 5. Define what are analytical procedures 6. Explain the nature of analytical procedures 7. Determine substantive analytical procedures 8. Identify analytical procedures that assist when forming an overall conclusion 9. Investigate results of analytical procedures 10. Determine the requirements of audit documentation Course Module LO 1 Audit Evidence The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. Audit evidence is necessary to support the auditor’s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. It may, however, also include information obtained from other sources such as previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit) or a firm’s quality control procedures for client acceptance and continuance. In addition to other sources inside and outside the entity, the entity’s accounting records are an important source of audit evidence. Also, information that may be used as audit evidence may have been prepared using the work of a management’s expert. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. In addition, in some cases the absence of information for example, management’s refusal to provide a requested representation is used by the auditor, and therefore, also constitutes audit evidence. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. Auditing and Assurance Principles Substantive Testing 3 As explained in PSA 200 (Revised and Redrafted), reasonable assurance is obtained when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e., the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated) to an acceptably low level. The sufficiency and appropriateness of audit evidence are interrelated. Sufficiency is the measure of the quantity of audit evidence. The quantity of audit evidence needed is affected by the: i. auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and ii. quality of such audit evidence (the higher the quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. Appropriateness is the measure of the quality of audit evidence; that is, i. its relevance and ii. its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. PSA 330 (Redrafted) requires the auditor to conclude whether sufficient appropriate audit evidence has been obtained. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. PSA 200 (Revised and Redrafted) contains discussion of such matters as the nature of audit procedures, the timeliness of financial reporting, and the balance between benefit and cost, Course Module which are relevant factors when the auditor exercises professional judgment regarding whether sufficient appropriate audit evidence has been obtained. LO 2 Sources of Audit Evidence Some audit evidence is obtained by performing audit procedures to test the accounting records, for example, through analysis and review, reperforming procedures followed in the financial reporting process, and reconciling related types and applications of the same information. Through the performance of such audit procedures, the auditor may determine that the accounting records are internally consistent and agree to the financial statements. More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. For example, corroborating information obtained from a source independent of the entity may increase the assurance the auditor obtains from audit evidence that is generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation. Information from sources independent of the entity that the auditor may use as audit evidence may include confirmations from third parties, analysts’ reports, and comparable data about competitors (benchmarking data). Auditing and Assurance Principles Substantive Testing LO 3 5 Audit Procedures for Obtaining Audit Evidence As required by, and explained further in, PSA 315 (Redrafted) and PSA 330 (Redrafted), audit evidence to draw reasonable conclusions on which to base the auditor’s opinion is obtained by performing: (a) Risk assessment procedures; and (b) Further audit procedures, which comprise: (i) Tests of controls, when required by the PSAs or when the auditor has chosen to do so; and (ii) Substantive procedures, including tests of details and substantive analytical procedures. The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. For example, source documents, such as purchase orders and invoices, may exist only in electronic form when an entity uses electronic commerce, or may be discarded after scanning when an entity uses image processing systems to facilitate storage and reference. Certain electronic information may not be retrievable after a specified period of time, for example, if files are changed and if backup files do not exist. Accordingly, the auditor may find it necessary as a result of an entity’s data retention policies to request retention of some information for the auditor’s review or to perform audit procedures at a time when the information is available. Audit procedures to obtain audit evidence can include Course Module inspection, observation, confirmation, recalculation, reperformance and analytical procedures, inquiry. Although inquiry may provide important audit evidence, and may even produce evidence of a misstatement, inquiry alone ordinarily does not provide sufficient audit evidence of the absence of a material misstatement at the assertion level, nor of the operating effectiveness of controls. The above mentioned audit procedures to obtain audit evidencemay be used as risk assessment procedures, tests of controls or substantive procedures, depending on the context in which they are applied by the auditor. i. Inspection Inspection involves examining records or documents, whether internal or external, in paper form, electronic form, or other media, or a physical examination of an asset. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their production. An example of inspection used as a test of controls is inspection of records for evidence of authorization. Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not Auditing and Assurance Principles Substantive Testing 7 necessarily provide audit evidence about ownership or value. inspecting an executed contract may provide audit evidence relevant to the entity’s application of accounting policies, such as revenue recognition. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets. Inspection of individual inventory items may accompany the observation of inventory counting. ii. Observation Observation consists of looking at a process or procedure being performed by others, for example, the auditor’s observation of inventory counting by the entity’s personnel, or of the performance of control activities. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place, and by the fact that the act of being observed may affect how the process or procedure is performed. Course Module iii. Confirmation An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. External confirmation procedures frequently are relevant when addressing assertions associated with certain account balances and their elements. However, external confirmations need not be restricted to account balances only. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties; the confirmation request may be designed to ask if any modifications have been made to the agreement and, if so, what the relevant details are. External confirmation procedures also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of a “side agreement” that may influence revenue recognition. iv. Recalculation Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation may be performed manually or electronically. v. Reperformance Reperformance involves the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control. vi. Analytical Procedures Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Auditing and Assurance Principles Substantive Testing 9 Analytical procedures also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. vii. Inquiry Inquiry consists of seeking information of knowledgeable persons, both financial and nonfinancial, within the entity or outside the entity. Inquiry is used extensively throughout the audit in addition to other audit procedures. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that differs significantly from other information that the auditor has obtained, for example, information regarding the possibility of management override of controls. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures. Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management’s intent may be limited. In these cases, understanding management’s past history of carrying out its stated intentions, management’s stated reasons for choosing a particular course of action, and Course Module management’s ability to pursue a specific course of action may provide relevant information to corroborate the evidence obtained through inquiry. In respect of some matters, the auditor may consider it necessary to obtain written representations from management and, where appropriate, those charged with governance to confirm responses to oral inquiries. LO 4 Information to Be Used as Audit Evidence 1. When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence. Relevance Relevance deals with the logical connection with, or bearing upon, the purpose of the audit procedure and, where appropriate, the assertion under consideration. The relevance of information to be used as audit evidence may be affected by the direction of testing. For example, if the purpose of an audit procedure is to test for overstatement in the existence or valuation of accounts payable, testing the recorded accounts payable may be a relevant audit procedure. if the purpose of an audit procedure is to testfor understatement in the existence or valuation of accounts payable, testing the recorded accounts payable would not be relevant, but testing such information as subsequent disbursements, unpaid invoices, suppliers’ statements, and unmatched receiving reports may be relevant. Auditing and Assurance Principles Substantive Testing 11 A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not others. For example, inspection of documents related to the collection of receivables after the period end may provide audit evidence regarding existence and valuation, but not necessarily cutoff. Similarly, obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding anotherassertion, for example, the valuation of that inventory. On the other hand, audit evidence from different sources or of a different nature may often be relevant to the same assertion. Reliability The reliability of information to be used as audit evidence, and therefore of the audit evidence itself, is influenced by its source and its nature, and the circumstances under which it is obtained, including the controls over its preparation and maintenance where relevant. Therefore, generalizations about the reliability of various kinds of audit evidence are subject to important exceptions. Even when information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability. For example, Course Module information obtained from an independent external source may not be reliable if the source is not knowledgeable, or a management’s expert may lack objectivity. While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful: The reliability of audit evidence is increased when it is obtained from independent sources outside the entity. The reliability of audit evidence that is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective. Audit evidence obtained directly by the auditor (for example, observation of the application of a control) is more reliable than audit evidence obtained indirectly or by inference (for example, inquiry about the application of a control). Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally (for example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed). Audit evidence provided by original documents is more reliable than audit evidence provided by photocopies or facsimiles, or documents that have been filmed, digitized or otherwise transformed into electronic form, the reliability of which may depend on the controls over their preparation and maintenance. 2. When information to be used as audit evidence has been prepared using the work of a management’s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert’s work for the auditor’s purposes,: (a) Evaluate the competence, capabilities and objectivity of that expert; (b) Obtain an understanding of the work of that expert; and (c) Evaluate the appropriateness of that expert’s work as audit evidence for the relevant assertion. 3. When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor’s purposes, including as necessary in the circumstances: Auditing and Assurance Principles Substantive Testing 13 (a) Obtaining audit evidence about the accuracy and completeness of the information; and (b) Evaluating whether the information is sufficiently precise and detailed for the auditor’s purposes. LO 5 Analytical Procedures This is the evaluation of financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation as is necessary of identified fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount. LO 6 Nature of Analytical Procedures Analytical procedures include the consideration of comparisons of the entity’s financial information with, for example: Comparable information for prior periods. Anticipated results of the entity, such as budgets or forecasts, or expectations of the auditor, such as an estimation of depreciation. Similar industry information, such as a comparison of the entity’s ratio of sales to accounts receivable with industry averages or with other entities of comparable size in the same industry. Analytical procedures also include consideration of relationships, for example: Among elements of financial information that would be expected to conform to a predictable pattern based on the entity’s experience, such as gross margin percentages. Between financial information and relevant non-financial information, such as payroll costs to number of employees. Course Module Various methods may be used to perform analytical procedures. These methods range from performing simple comparisons to performing complex analyses using advanced statistical techniques. Analytical procedures may be applied to consolidated financial statements, components and individual elements of information. Auditing and Assurance Principles Substantive Testing LO 7 15 Substantive Analytical Procedures The auditor’s substantive procedures at the assertion level may be: tests of details, substantive analytical procedures, or a combination of both. The decision about which audit procedures to perform, including whether to use substantive analytical procedures, is based on the auditor’s judgment about the expected effectiveness and efficiency of the available audit procedures to reduce audit risk at the assertion level to an acceptably low level. The auditor may inquire of management as to the availability and reliability of information needed to apply substantive analytical procedures, and the results of any such analytical procedures performed by the entity. It may be effective to use analytical data prepared by management, provided the auditor is satisfied that such data is properly prepared. When designing and performing substantive analytical procedures, either alone or in combination with tests of details, as substantive procedures in accordance with PSA 330 (Redrafted), the auditor shall: (a) Determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions; (b) Evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation; Course Module (c) Develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and (d) Determine the amount of any difference of recorded amounts from expected values that is acceptable without further investigation. Auditing and Assurance Principles Substantive Testing LO 8 17 Analytical Procedures that Assist When Forming an Overall Conclusion The auditor shall design and perform analytical procedures near the end of the audit that assist the auditor when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity. The conclusions drawn from the results of analytical procedures designed and performed are intended to corroborate conclusions formed during the audit of individual components or elements of the financial statements. This assists the auditor to draw reasonable conclusions on which to base the auditor’s opinion. The results of such analytical procedures may identify a previously unrecognized risk of material misstatement. In such circumstances, PSA 315 (Redrafted) requires the auditor to revise the auditor’s assessment of the risks of material misstatement and modify the further planned audit procedures accordingly Course Module LO 9 Investigating Results of Analytical Procedures If analytical procedures performed in accordance with this PSA identify fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount, the auditor shall investigate such differences by: (a) Inquiring of management and obtaining appropriate audit evidence relevant to management’s responses; and (b) Performing other audit procedures as necessary in the circumstances. Audit evidence relevant to management’s responses may be obtained by evaluating those responses taking into account the auditor’s understanding of the entity and its environment, and with other audit evidence obtained during the course of the audit. The need to perform other audit procedures may arise when, for example, management is unable to provide an explanation, or the explanation, together with the audit evidence obtained relevant to management’s response, is not considered adequate. Auditing and Assurance Principles Substantive Testing LO 10 19 Audit Documentation The auditor shall prepare audit documentation on a timely basis. Preparing sufficient and appropriate audit documentation on a timely basis helps to enhance the quality of the audit and facilitates the effective review and evaluation of the audit evidence obtained and conclusions reached before the auditor’s report is finalized. Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at the time such work is performed. Documentation of the Audit Procedures Performed and Audit Evidence Obtained Form, Content and Extent of Audit Documentation The auditor shall prepare audit documentation that is sufficient to enable an experienced auditor, having no previous connection with the audit, to understand: (a) The nature, timing, and extent of the audit procedures performed to comply with the PSAs and applicable legal and regulatory requirements; (b) The results of the audit procedures performed, and the audit evidence obtained; and (c) Significant matters arising during the audit, the conclusions reached thereon, and significant professional judgments made in reaching those conclusions. In documenting the nature, timing and extent of audit procedures performed, the auditor shall record: (a) The identifying characteristics of the specific items or matters tested; (b) Who performed the audit work and the date such work was completed; and (c) Who reviewed the audit work performed and the date and extent of such review. Course Module The auditor shall document discussions of significant matters with management, those charged with governance, and others, including the nature of the significant matters discussed and when and with whom the discussions took place. If the auditor identified information that is inconsistent with the auditor’s final conclusion regarding a significant matter, the auditor shall document how the auditor addressed the inconsistency. END OF MODULE Auditing and Assurance Principles Substantive Testing 21 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standard on Auditing 500 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-500Redrafted.pdf; September 1, 2018 2. Philippine Standard on Auditing 520 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-520Redrafted.pdf; September 1, 2018 3. Philippine Standard on Auditing 230 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-230Redrafted.pdf; September 1, 2018 Course Module Auditing and Assurance Principles Audit Sampling 1 Module 008 Audit Sampling LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Select items for testing to obtain audit evidence 2. Determine how to obtain audit evidence through selecting all items and specific items. 3. Determine how to obtain audit evidence through audit sampling Course Module LO 1 Selecting Items for Testing to Obtain Audit Evidence When designing tests of controls and tests of details, the auditor shall determine means of selecting items for testing that are effective in meeting the purpose of the audit procedure. An effective test provides appropriate audit evidence to an extent that, taken with other audit evidence obtained or to be obtained, will be sufficient for the auditor’s purposes. In selecting items for testing, the auditor is required to determine the relevance and reliability of information to be used as audit evidence; the other aspect of effectiveness (sufficiency) is an important consideration in selecting items to test. The means available to the auditor for selecting items for testing are: (a) Selecting all items (100% examination); (b) Selecting specific items; and (c) Audit sampling. The application of any one or combination of these means may be appropriate depending on the particular circumstances, for example, the risks of material misstatement related to the assertion being tested, and the practicality and efficiency of the different means. Auditing and Assurance Principles Audit Sampling LO 2 3 Selecting All Items The auditor may decide that it will be most appropriate to examine the entire population of items that make up a class of transactions or account balance (or a stratum within that population). 100% examination is unlikely in the case of tests of controls; however, it is more common for tests of details. 100% examination may be appropriate when, for example: The population constitutes a small number of large value items; There is a significant risk and other means do not provide sufficient appropriate audit evidence; or The repetitive nature of a calculation or other process performed automatically by an information system makes a 100% examination cost effective. Course Module LO 3 Selecting Specific Items The auditor may decide to select specific items from a population. In making this decision, factors that may be relevant include: the auditor’s understanding of the entity, the assessed risks of material misstatement, and the characteristics of the population being tested. The judgmental selection of specific items is subject to non-sampling risk. Specific items selected may include: High value or key items. The auditor may decide to select specific items within a population because they are of high value, or exhibit some other characteristic, for example, items that are suspicious, unusual, particularly risk-prone or that have a history of error. All items over a certain amount. The auditor may decide to examine items whose recorded values exceed a certain amount so as to verify a large proportion of the total amount of a class of transactions or account balance. Items to obtain information. The auditor may examine items to obtain information about matters such as the nature of the entity or the nature of transactions. While selective examination of specific items from a class of transactions or account balance will often be an efficient means of obtaining audit evidence, it does not constitute audit sampling. The results of audit procedures applied to items selected in this way cannot be projected to the entire population; accordingly, selective examination of specific items does not provide audit evidence concerning the remainder of the population. Auditing and Assurance Principles Audit Sampling LO 4 5 Audit Sampling Audit sampling is designed to enable conclusions to be drawn about an entire population on the basis of testing a sample drawn from it. Non-Sampling Risk Examples of non-sampling risk include use of: inappropriate audit procedures, or misinterpretation of audit evidence and failure to recognize a misstatement or deviation. Sampling Unit The sampling units might be physical items for example, checks listed on deposit slips, credit entries on bank statements, sales invoices debtors’ balances monetary units. Tolerable Misstatement When designing a sample, the auditor determines tolerable misstatement in order to address the risk that the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated and provide a margin for possible undetected misstatements. Tolerable misstatement is the application of performance materiality, as defined in PSA 320 (Revised and Redrafted), to a particular sampling procedure. Course Module Tolerable misstatement may be the same amount or an amount lower than performance materiality. Sample Design, Size and Selection of Items for Testing When designing an audit sample, the auditor shall consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn. The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level. The auditor shall select items for the sample in such a way that each sampling unit in the population has a chance of selection. Sample Design Audit sampling enables the auditor to obtain and evaluate audit evidence about some characteristic of the items selected in order to form or assist in forming a conclusion concerning the population from which the sample is drawn. Audit sampling can be applied using either non-statistical or statistical sampling approaches. When designing an audit sample, the auditor’s consideration includes: the specific purpose to be achieved and the combination of audit procedures that is likely to best achieve that purpose. Consideration of the nature of the audit evidence sought and possible deviation or misstatement conditions or other characteristics relating Auditing and Assurance Principles Audit Sampling 7 to that audit evidence will assist the auditor in defining what constitutes a deviation or misstatement and what population to use for sampling. When performing audit sampling, the auditor performs audit procedures to obtain evidence that the population from which the audit sample is drawn is complete. The auditor’s consideration of the purpose of the audit procedure, includes: a clear understanding of what constitutes a deviation or misstatement so that all, and only, those conditions that are relevant to the purpose of the audit procedure are included in the evaluation of deviations or projection of misstatements. For example, in a test of details relating to the existence of accounts receivable, such as confirmation, payments made by the customer before the confirmation date but received shortly after that date by the client, are not considered a misstatement. misposting between customer accounts does not affect the total accounts receivable balance. Therefore, it may not be appropriate to consider this a misstatement in evaluating the sample results of this particular audit procedure, even though it may have an important effect on other areas of the audit, Course Module such as the assessment of the risk of fraud or the adequacy of the allowance for doubtful accounts. In considering the characteristics of a population, for tests of controls, the auditor makes an assessment of the expected rate of deviation based on the auditor’s understanding of the relevant controls or on the examination of a small number of items from the population. This assessment is made in order to design an audit sample and to determine sample size. For example, if the expected rate of deviation is unacceptably high, the auditor will normally decide not to perform tests of controls. for tests of details, the auditor makes an assessment of the expected misstatement in the population. If the expected misstatement is high, 100% examination or use of a large sample size may be appropriate when performing tests of details. In considering the characteristics of the population from which the sample will be drawn, the auditor may determine that stratification or value-weighted selection is appropriate. Stratification 1. Audit efficiency may be improved if the auditor stratifies a population by dividing it into discrete sub-populations characteristic. which have an identifying Auditing and Assurance Principles Audit Sampling 9 The objective of stratification is to reduce the variability of items within each stratum and therefore allow sample size to be reduced without increasing sampling risk. 2. When performing tests of details, the population is often stratified by monetary value. This allows greater audit effort to be directed to the larger value items, as these items may contain the greatest potential misstatement in terms of overstatement. Similarly, a population may be stratified according to a particular characteristic that indicates a higher risk of misstatement, for example, when testing the allowance for doubtful accounts in the valuation of accounts receivable, balances may be stratified by age. 3. The results of audit procedures applied to a sample of items within a stratum can only be projected to the items that make up that stratum. To draw a conclusion on the entire population, the auditor will need to consider the risk of material misstatement in relation to whatever other strata make up the entire population. For example, 20% of the items in a population may make up 90% of the value of an account balance. The auditor may decide to examine a sample of these items. The auditor evaluates the results of this sample and reaches a conclusion on the 90% of value separately from the remaining 10% (on which a Course Module further sample or other means of gathering audit evidence will be used, or which may be considered immaterial). 4. If a class of transactions or account balance has been divided into strata, the misstatement is projected for each stratum separately. Projected misstatements for each stratum are then combined when considering the possible effect of misstatements on the total class of transactions or account balance. Value-Weighted Selection When performing tests of details it may be efficient to identify the sampling unit as the individual monetary units that make up the population. Having selected specific monetary units from within the population, for example, the accounts receivable balance, the auditor may then examine the particular items, for example, individual balances, that contain those monetary units. One benefit of this approach to defining the sampling unit is that audit effort is directed to the larger value items because they have a greater chance of selection, and can result in smaller sample sizes. The decision whether to use a statistical or non-statistical sampling approach is a matter for the auditor’s judgment; however, sample size is Auditing and Assurance Principles Audit Sampling 11 not a valid criterion to distinguish between statistical and nonstatistical approaches. Sample Size The level of sampling risk that the auditor is willing to accept affects the sample size required. The lower the risk the auditor is willing to accept, the greater the sample size will need to be. The sample size can be determined by the application of a statisticallybased formula or through the exercise of professional judgment. Selection of Items for Testing With statistical sampling, sample items are selected in a way that each sampling unit has a known probability of being selected. With non-statistical sampling, judgment is used to select sample items. Because the purpose of sampling is to provide a reasonable basis for the auditor to draw conclusions about the population from which the sample is selected, it is important that the auditor selects a representative sample, so that bias is avoided, by choosing sample items which have characteristics typical of the population. The principal methods of selecting samples are the use of: random selection, systematic selection and Course Module haphazard selection. Random Selection - this is applied through random number generators, - for example, random number tables Systematic Selection - in which the number of sampling units in the population is divided by the sample size to give a sampling interval, - for example 50, and having determined a starting point within the first 50, each 50th sampling unit thereafter is selected. Although the starting point may be determined haphazardly, the sample is more likely to be truly random if it is determined by use of a computerized random number generator or random number tables. When using systematic selection, the auditor would need to determine that sampling units within the population are not structured in such a way that the sampling interval corresponds with a particular pattern in the population. Haphazard Selection - in which the auditor selects the sample without following a structured technique. Although no structured technique is used, the auditor would nonetheless avoid any conscious bias or predictability (for example, avoiding difficult to locate items, or always choosing or avoiding the first or last entries on a page) and thus attempt to ensure that all items in the population have a chance of selection. Auditing and Assurance Principles Audit Sampling 13 Haphazard selection is not appropriate when using statistical sampling. Performing Audit Procedures The auditor shall perform audit procedures, appropriate to the purpose, on each item selected. If the audit procedure is not applicable to the selected item, the auditor shall perform the procedure on a replacement item. If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a selected item, the auditor shall treat that item as a deviation from the prescribed control, in the case of tests of controls, or a misstatement, in the case of tests of details. Nature and Cause of Deviations and Misstatements The auditor shall investigate the nature and cause of any deviations or misstatements identified, and evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit. In the extremely rare circumstances when the auditor considers a misstatement or deviation discovered in a sample to be an anomaly, the auditor shall obtain a high degree of certainty that such misstatement or deviation is not representative of the population. The auditor shall obtain this degree of certainty by performing additional audit procedures to obtain sufficient appropriate audit evidence that the misstatement or deviation does not affect the remainder of the population. Course Module Projecting Misstatements For tests of details, the auditor shall project misstatements found in the sample to the population. Evaluating Results of Audit Sampling The auditor shall evaluate: (a) The results of the sample; and (b) Whether the use of audit sampling has provided a reasonable basis for conclusions about the population that has been tested. END OF MODULE Auditing and Assurance Principles Audit Sampling References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standard on Auditing 530 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-530Redrafted.pdf; September 1, 2018 Course Module 15 Auditing and Assurance Principles Completing the Audit 1 Module 009 Completing the Audit LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Discuss and enumerate the subsequent events 2. Determine the Management Representation LO 1 Subsequent Events These are events occurring between the date of the financial statements and the date of the auditor’s report, and facts that become known to the auditor after the date of the auditor’s report. Date of the financial statements - The date of the end of the latest period covered by the financial statements. Date of the auditor’s report - The date the auditor dates the report on the financial statements The auditor’s report cannot be dated earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the opinion on the financial statements. Sufficient appropriate audit evidence includes evidence that all the statements that comprise the financial statements have been prepared and that those with the recognized authority have asserted that they have taken responsibility for those financial statements. Course Module Consequently, the date of the auditor’s report cannot be earlier than the date of approval of the financial statements. A time period may elapse due to administrative issues between the date of the auditor’s report and the date the auditor’s report is provided to the entity. Financial statements may be affected by certain events that occur after the date of the financial statements. Many financial reporting frameworks specifically refer to such events. Such reporting frameworks ordinarily identify two types of events: (a) Those that provide evidence of conditions that existed at the date of the financial statements; and (b) Those that provide evidence of conditions that arose after the date of the financial statements. When the audited financial statements are included in other documents subsequent to the issuance of the financial statements, the auditor may have additional responsibilities relating to subsequent events that the auditor may need to consider, such as legal or regulatory requirements involving the offering of securities to the public in jurisdictions in which the securities are being offered. For example, the auditor may be required to perform additional audit procedures to the date of the final offering document. These procedures may include those performed up to a date at or near the effective date of the final offering document, and reading the offering document to assess whether the other information in the offering document is consistent with the financial information with which the auditor is associated. Auditing and Assurance Principles Completing the Audit 3 Events Occurring Between the Date of the Financial Statements and the Date of the Auditor’s Report The auditor shall perform audit procedures designed to obtain sufficient appropriate audit evidence that all events occurring between the date of the financial statements and the date of the auditor’s report that require adjustment of, or disclosure in, the financial statements have been identified. The auditor is not, however, expected to perform additional audit procedures on matters to which previously applied audit procedures have provided satisfactory conclusions. The auditor shall perform the procedures so that they cover the period from the date of the financial statements to the date of the auditor’s report, or as near as practicable thereto. The auditor shall take into account the auditor’s risk assessment in determining the nature and extent of such audit procedures, which shall include the following: (a) Obtaining an understanding of any procedures management has established to ensure that subsequent events are identified. (b) Inquiring of management and, where appropriate, those charged with governance as to whether any subsequent events have occurred which might affect the financial statements. (c) Reading minutes, if any, of the meetings, of the entity’s owners, management and those charged with governance, that have been held after the date of the financial statements and inquiring about matters discussed at any such meetings for which minutes are not yet available. (d) Reading the entity’s latest subsequent interim financial statements, if any. Course Module When, as a result of the procedures performed as required above, the auditor identifies events that require adjustment of, or disclosure in, the financial statements, the auditor shall determine whether each such event is appropriately reflected in those financial statements. Facts Which Become Known to the Auditor After the Date of the Auditor’s Report but Before the Date the Financial Statements are Issued Date the financial statements are issued - The date that the auditor’s report and audited financial statements are made available to third parties. The date the financial statements are issued generally depends on the regulatory environment of the entity. In some circumstances, the date the financial statements are issued may be the date that they are filed with a regulatory authority. Since audited financial statements cannot be issued without an auditor’s report, the date that the audited financial statements are issued must not only be at or later than the date of the auditor’s report, but must also be at or later than the date the auditor’s report is provided to the entity. The auditor has no obligation to perform any audit procedures regarding the financial statements after the date of the auditor’s report. However, when, after the date of the auditor’s report but before the date the financial statements are issued, a fact becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may have caused the auditor to amend the auditor’s report, the auditor shall: Auditing and Assurance Principles Completing the Audit 5 (a) Discuss the matter with management and, where appropriate, those charged with governance. (b) Determine whether the financial statements need amendment and, if so, (c) Inquire how management intends to address the matter in the financial statements. If management amends the financial statements, the auditor shall: (a) Carry out the audit procedures necessary in the circumstances on the amendment. (b) Unless the circumstances in paragraph 12 of PSA 560* apply: (i) Extend the audit procedures to the date of the new auditor’s report(paragraph 11(b)(i) of PSA 560; and (ii) Provide a new auditor’s report on the amended financial statements. The new auditor’s report shall not be dated earlier than the date of approval of the amended financial statements. Date of approval of the financial statements - The date on which all the statements that comprise the financial statements have been prepared and those with the recognized authority have asserted that they have taken responsibility for those financial statements. In some jurisdictions, law or regulation identifies the individuals or bodies for example, management or those charged with governance Course Module that are responsible for concluding that all the statements comprising the financial statements have been prepared, and specifies the necessary approval process. In other jurisdictions, the approval process is not prescribed in law or regulation and the entity follows its own procedures in preparing and finalizing its financial statements in view of its management and governance structures. In some jurisdictions, final approval of the financial statements by shareholders is required. In these jurisdictions, final approval by shareholders is not necessary for the auditor to conclude that sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements has been obtained. The date of approval of the financial statements for purposes of the PSAs is the earlier date on which those with the recognized authority have asserted that all the statements comprising the financial statements have been prepared and that those with the recognized authority have taken responsibility for those financial statements. *Paragraph 12 of PSA 560 When law, regulation or the financial reporting framework does not prohibit management from restricting the amendment of the financial statements to the effects of the subsequent event or events causing that amendment and those responsible for approving the financial statements are not prohibited from restricting their approval to that amendment, the auditor is permitted to restrict the audit procedures on subsequent events required in paragraph 11(b)(i)of PSA 560 to that amendment. In such cases, the auditor shall either: Auditing and Assurance Principles Completing the Audit 7 (a) Amend the auditor’s report to include an additional date restricted to that amendment that thereby indicates that the auditor’s procedures on subsequent events are restricted solely to the amendment of the financial statements described in the relevant note to the financial statements; or (b) Provide a new or amended auditor’s report that includes a statement in an Emphasis of Matter paragraph or Other Matter(s) paragraph (to be discussed on Module 012) that conveys that the auditor’s procedures on subsequent events are restricted solely to the amendment of the financial statements as described in the relevant note to the financial statements. Facts Which Become Known to the Auditor After the Financial Statements have been Issued After the financial statements have been issued, the auditor has no obligation to perform any audit procedures regarding such financial statements. However, when, after the financial statements have been issued, a fact becomes known to the auditor that, had it been known to the auditor at the date of the auditor’s report, may have caused the auditor to amend the auditor’s report, the auditor shall: (a) Discuss the matter with management and, where appropriate, those charged with governance. (b) Determine whether the financial statements need amendment and, if so, (c) Inquire how management intends to address the matter in the financial statements. If management amends the financial statements, the auditor shall: (a) Carry out the audit procedures necessary in the circumstances on the amendment. Course Module (b) Review the steps taken by management to ensure that anyone in receipt of the previously issued financial statements together with the auditor’s report thereon is informed of the situation. (c) Unless the circumstances in paragraph 12 apply: (i) Extend the audit procedures to the date of the new auditor’s report, and date the new auditor’s report no earlier than the date of approval of the amended financial statements; and (ii) Provide a new auditor’s report on the amended financial statements. (d) When the circumstances in paragraph 12 apply, amend the auditor’s report, or provide a new auditor’s report as required by paragraph 12. LO 2 Management Representation Written representation - A written statement by management provided to the auditor to confirm certain matters or to support other audit evidence. Written representations in this context do not include financial statements, the assertions therein, or supporting books and records. Written representations are necessary information that the auditor requires in connection with the audit of the entity’s financial statements. Accordingly, similar to responses to inquiries, written representations are audit evidence. Although written representations provide necessary audit evidence, they do not provide sufficient appropriate audit evidence on their own about any of the matters with which they deal. The auditor shall request written representations from management with appropriate responsibilities for the financial statements and knowledge of the matters concerned. Auditing and Assurance Principles Completing the Audit 9 Furthermore, the fact that management has provided reliable written representations does not affect the nature or extent of other audit evidence that the auditor obtains about the fulfillment of management’s responsibilities, or about specific assertions. Written Representations about Management’s Responsibilities Preparation and Presentation of the Financial Statements The auditor shall request management to provide a written representation that it has fulfilled its responsibility for the preparation and presentation of the financial statements as set out in the terms of the audit engagement and, in particular, whether the financial statements are prepared and presented in accordance with the applicable financial reporting framework. Information Provided to the Auditor The auditor shall request management to provide a written representation that it has provided the auditor with all relevant information agreed in the terms of the audit engagement, and that all transactions have been recorded and are reflected in the financial statements. Description of Management’s Responsibilities in the Written Representations Management’s responsibilities shall be described in the written representations in the manner in which these responsibilities are described in the terms of the audit engagement. Other Written Representations Course Module Other PSAs require the auditor to request written representations. If, in addition to such required representations, the auditor determines that it is necessary to obtain one or more written representations to support other audit evidence relevant to the financial statements or one or more specific assertions in the financial statements, the auditor shall request such other written representations. For example, in the case of subsequent events, The auditor shall request management and, where appropriate, those charged with governance, to provide a written representation that all events occurring subsequent to the date of the financial statements and for which the applicable financial reporting framework requires adjustment or disclosure have been adjusted or disclosed. Date of and Period(s) Covered by Written Representations The date of the written representations shall be as near as practicable to, but not after, the date of the auditor’s report on the financial statements. The written representations shall be for all financial statements and period(s) referred to in the auditor’s report. Form of Written Representations The written representations shall be in the form of a representation letter addressed to the auditor. If law or regulation requires management to make written public statements about its responsibilities, and the auditor determines that such statements provide some or all of the representations, the relevant matters covered by such statements need not be included in the representation letter. Doubt as to the Reliability of Written Representations and Requested Written Representations Not Provided Doubt as to the Reliability of Written Representations Auditing and Assurance Principles Completing the Audit 11 If the auditor has concerns about the competence, integrity, ethical values or diligence of management, or about its commitment to or enforcement of these, the auditor shall determine the effect that such concerns may have on the reliability of representations (oral or written) and audit evidence in general. In particular, if written representations are inconsistent with other audit evidence, the auditor shall perform audit procedures to attempt to resolve the matter. If the matter remains unresolved, the auditor shall reconsider the assessment of the competence, integrity, ethical values or diligence of management, or of its commitment to or enforcement of these, and shall determine the effect that this may have on the reliability of representations (oral or written) and audit evidence in general. If the auditor concludes that the written representations are not reliable, the auditor shall take appropriate actions, including determining the possible effect on the opinion in the auditor’s report. Requested Written Representations Not Provided If management does not provide one or more of the requested written representations, the auditor shall: (a) Discuss the matter with management; (b) Reevaluate the integrity of management and evaluate the effect that this may have on the reliability of representations (oral or written) and audit evidence in general; and Course Module (c) Take appropriate actions, including determining the possible effect on the opinion in the auditor’s report. Written Representations about Management’s Responsibilities The auditor shall disclaim an opinion (to be discussed on Module 012) on the financial statements if: (a) The auditor concludes that there is sufficient doubt about the integrity of management such that the written representations are not reliable; or (b) Management does representations END OF MODULE not provide the required written Auditing and Assurance Principles Completing the Audit 13 References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standard on Auditing 560 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-560Redrafted.pdf; September 1, 2018 2. Philippine Standard on Auditing 580 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-580Redrafted.pdf; September 1, 2018 Video Supplementary Materials 1. https://www.youtube.com/watch?v=pK9XYtNNEHw 2. https://www.youtube.com/watch?v=E5yI_skOvew 3. https://www.youtube.com/watch?v=i1nZ3k0E4JQ 4. https://www.youtube.com/watch?v=3IM8tagD2FU Course Module Auditing and Assurance Principles Auditor’s Report 1 Module 010 Auditor’s Report LEARNING OBJECTIVES (LO) After completing this module, the student is expected to: 1. Form an opinion on the financial statements 2. Discuss the forms of opinion 3. Enumerate the contents of auditor’s report 4. Discuss the supplementary information presented with the financial statements Course Module LO 1 Forming an Opinion on the Financial Statements The auditor shall form an opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. In order to form that opinion, the auditor shall conclude as to whether the auditor has obtained reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. That conclusion shall take into account: (a) The auditor’s conclusion, in accordance with PSA 330 (Redrafted), whether sufficient appropriate audit evidence has been obtained; (b) The auditor’s conclusion, in accordance with PSA 450 (Revised and Redrafted), whether uncorrected misstatements are material, individually or in aggregate;10 and (c) The evaluations required by paragraphs 12-15. *Paragraphs 12-15 Paragraph 12. The auditor shall evaluate whether the financial statements are prepared, in all material respects, in accordance with the requirements of the applicable financial reporting framework. This evaluation shall include consideration of the qualitative aspects of the entity’s accounting practices, including indicators of possible bias in management’s judgments. Paragraph 13. In particular, the auditor shall evaluate whether, in view of the requirements of the applicable financial reporting framework: (a) The financial statements adequately disclose the significant accounting policies selected and applied; (b) The accounting policies selected and applied are consistent with the applicable financial reporting framework and are appropriate; Auditing and Assurance Principles Auditor’s Report (c) 3 The accounting estimates made by management are reasonable; (d) The information presented in the financial statements is relevant, reliable, comparable and understandable; (e) The financial statements provide adequate disclosures to enable the intended users to understand the effect of material transactions and events on the information conveyed in the financial statements; and (f) The terminology used in the financial statements, including the title of each financial statement, is appropriate. Paragraph 14. When the financial statements are prepared in accordance with a fair presentation framework, the evaluation required by paragraphs 12-13 shall also include whether the financial statements achieve fair presentation. The auditor’sevaluation as to whether the financial statements achieve fair presentation shall include consideration of: (a) The overall presentation, structure and content of the financial statements; and (b) Whether the financial statements, including the related notes, represent the underlying transactions and events in a manner that achieves fair presentation. Paragraph 15. The auditor shall evaluate whether the financial statements adequately refer to or describe the applicable financial reporting framework. Course Module * General purpose financial statements - Financial statements prepared in accordance with a general purpose framework * General purpose framework - A financial reporting framework designed to meet the common financial information needs of a wide range of users. - The financial reporting framework may be a fair presentation framework or a compliance framework. The term “fair presentation framework” is used to refer to a financial reporting framework that requires compliance with the requirements of the framework. (i) Acknowledges explicitly or implicitly that, to achieve fair presentation of the financial statements, it may be necessary for management to provide disclosures beyond those specifically required by the framework; or (ii) Acknowledges explicitly that it may be necessary for management to depart from a requirement of the framework to achieve fair presentation of the financial statements. Such departures are expected to be necessary only in extremely rare circumstances. The term “compliance framework” is used to refer to a financial reporting framework that requires compliance with the requirements of the framework, but does not contain the acknowledgements as mentioned in fair presentation framework Auditing and Assurance Principles Auditor’s Report LO 2 5 Forms of Opinion Types of Audit Opinions: 1. Unmodified Opinion 2. Modified Opinion a. qualified opinion b. adverse opinion c. disclaimer of opinion Unmodified Opinion - The auditor concludes that the financial statements of a given entity are presented fairly, in all material respects, in accordance with generally accepted accounting principles. The auditor shall express an unmodified opinion when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. If the auditor: (a) concludes that, based on the audit evidence obtained, the financial statements as a whole are not free from material misstatement; or (b) is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement, the auditor shall modify the opinion in the auditor’s report Modified Opinion Course Module a. Qualified Opinion - The auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are material but not pervasive to the financial statements, or the auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, but concludes that the possible effects on the financial statements of undetected misstatements, if any, could be material but not pervasive. b. Adverse Opinion - After having obtained enough good audit evidence, the auditor concludes that misstatements, individually or when grouped with other misstatements, are both material and pervasive to the financial statements c. Disclaimer of Opinion - The auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, and concludes that the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive. Auditing and Assurance Principles Auditor’s Report LO 3 7 Auditor’s Report The auditor’s report shall be in writing. Auditor’s Report for Audits Conducted in Accordance with Philippine Standards on Auditing The following are the components of auditor’s report: 1. Title 2. Addressee 3. Introductory Paragraph 4. Management’s Responsibility for the Financial Statements 5. Auditor’s Responsibility 6. Auditor’s Opinion 7. Other Reporting Responsibilities 8. Signature of the Auditor 9. Date of the Auditor’s Report 10. Auditor’s Address Title The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor. Addressee The auditor’s report shall be addressed as required by the circumstances of the engagement. Course Module Introductory Paragraph The introductory paragraph in the auditor’s report shall: (a) Identify the entity whose financial statements have been audited; (b) State that the financial statements have been audited; (c) Identify the title of each statement that comprises the financial statements; (d) Refer to the summary of significant accounting policies and other explanatory information; and (e) Specify the date or period covered by each financial statement comprising the financial statements. Management’s Responsibility for the Financial Statements This section of the auditor’s report describes the responsibilities of those in the organization that are responsible for the preparation of the financial statements. The auditor’s report need not refer specifically to “management,” but shall use the term that is appropriate in the context of the legal framework in the particular jurisdiction. In some jurisdictions, the appropriate reference may be to those charged with governance. The auditor’s report shall include a section with the heading “Management’s [or other appropriate term] Responsibility for the Financial Statements.” Auditing and Assurance Principles Auditor’s Report 9 The auditor’s report shall describe management’s responsibility for the preparation of the financial statements in the manner in which that responsibility is described in the terms of the audit engagement. The description shall include an explanation that management is responsible for the preparation of the financial statements in accordance with the applicable financial reporting framework; this responsibility includes the design, implementation and maintenance of internal control relevant to the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Where the financial statements are prepared in accordance with a fair presentation framework, the explanation of management’s responsibility for the financial statements in the auditor’s report shall refer to “the preparation and fair presentation of these financial statements.” Course Module Auditor’s Responsibility The auditor’s report shall include a section with the heading “Auditor’s Responsibility.” The auditor’s report shall state that the responsibility of the auditor is to express an opinion on the financial statements based on the audit. The auditor’s report shall state that the audit was conducted in accordance with PSAs. The auditor’s report shall also explain that those standards require that the auditor comply with ethical requirements and that the auditor plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. The auditor’s report shall describe an audit by stating that: (a) An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements; (b) The procedures selected depend on the auditor’s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity’s preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal control. In circumstances when the auditor also has a responsibility to express an opinion on the effectiveness of internal control in conjunction with the audit of the financial statements, the Auditing and Assurance Principles Auditor’s Report 11 auditor shall omit the phrase that the auditor’s consideration of internal control is not for the purpose of expressing an opinion on the effectiveness of internal control; and (c) An audit also includes evaluating the appropriateness of the accounting policies used and the reasonableness of accounting estimates made by management, as well as the overall presentation of the financial statements. Where the financial statements are prepared in accordance with a fair presentation framework, the description of the audit in the auditor’s report shall refer to “the entity’s preparation and fair presentation of the financial statements.” The auditor’s report shall state whether the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s opinion. Auditor’s Opinion The auditor’s report shall include a section with the heading “Opinion.” When expressing an unmodified opinion on financial statements prepared in accordance with a fair presentation framework, the auditor’s opinion shall, unless otherwise required by law or regulation, use following phrase: The financial statements present fairly, in all material respects, … in accordance with [the applicable financial reporting framework]. When expressing an unmodified opinion on financial statements prepared in accordance with a compliance framework, the auditor’s opinion shall be Course Module that the financial statements are prepared, in all material respects, in accordance with [the applicable financial reporting framework]. If the reference to the applicable financial reporting framework in the auditor’s opinion is not to PFRS issued by the FRSC or IFRS issued by the IASB or IPSAS issued by the IPSASB, the auditor’s opinion shall identify the jurisdiction of origin of the framework. Other Reporting Responsibilities If the auditor addresses other reporting responsibilities in the auditor’s report on the financial statements that are in addition to the auditor’s responsibility under the PSAs to report on the financial statements, these other reporting responsibilities shall be addressed in a separate section in the auditor’s report that shall be sub-titled “Report on Other Legal and Regulatory Requirements,” or otherwise as appropriate to the content of the section. If the auditor’s report contains a separate section on other reporting responsibilities, the headings, statements and explanations shall be under the sub-title “Report on the Financial Statements.” The “Report on Other Legal and Regulatory Requirements” shall follow the “Report on the Financial Statements.” Auditing and Assurance Principles Auditor’s Report 13 Signature of the Auditor The auditor’s report shall be signed. Date of the Auditor’s Report The auditor’s report shall be dated no earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements, including evidence that: (a) All the statements that comprise the financial statements, including the related notes, have been prepared; and (b) Those with the recognized authority have asserted that they have taken responsibility for those financial statements. Auditor’s Address The auditor’s report shall name the location in the jurisdiction where the auditor practices. Course Module LO 4 Supplementary Information Presented with the Financial Statements If supplementary information that is not required by the applicable financial reporting framework is presented with the audited financial statements, the auditor shall evaluate whether such supplementary information is clearly differentiated from the audited financial statements. If such supplementary information is not clearly differentiated from the audited financial statements, the auditor shall ask management to change how the unaudited supplementary information is presented. If management refuses to do so, the auditor shall explain in the auditor’s report that such supplementary information has not been audited. Supplementary information that is not required by the applicable financial reporting framework but is nevertheless an integral part of the financial statements because it cannot be clearly differentiated from the audited financial statements due to its nature and how it is presented shall be covered by the auditor’s opinion. Sample Audit Report Please refer to Week012-Module_Sample Unqualified Auditors Report on Financial Statement END OF MODULE Auditing and Assurance Principles Auditor’s Report References and Supplementary Materials Books and Journals 1. Ireneo J., Ireneo S., and James, George (2017). Auditing and Assurance Principle (2017 ed). Manila City: La Limariza Printing Corp. 2. Hermosilla, R., Salosagcol, J., and Tiu, Michael (2017). Auditing Theory: A Guide in Understanding PSA (2017 ed). Manila City: GIC Enterprises & Co., Inc. Online Supplementary Reading Materials 1. Philippine Standard on Auditing 700 (Redrafted); http://www.aasc.org.ph/downloads/PSA/publications/PDFs/PSA-700Redrafted.pdf; September 1, 2018 Course Module 15
