1 Table of Contents Introduction ................................................................................................................ 8 A. Basis for Manual Preparation .......................................................................................................... 8 B. Project requirements and INTOSAI prerequisites ............................................................................ 9 C. COA Audit Framework ................................................................................................................... 10 Overview of the Financial Audit Manual .................................................................... 11 A. Objectives of Financial Audit.......................................................................................................... 11 B. The Financial Statements Audit Process ........................................................................................ 11 C. Applying the INTOSAI Financial Audit Guidelines (ISSAI 1000-2999)............................................. 12 Section 1 ................................................................................................................... 13 Preliminary Engagement Activities ............................................................................ 13 I. Ensuring Engagement Team’s Independence and Compliance with the Ethical Standards .......... 13 II. Defining the Terms of Audit Engagement ...................................................................................... 15 A. Establishing the Terms of Audit Engagement ............................................................................. 15 B. Communicating the Terms of Engagement ................................................................................ 16 Appendix 1-1. Auditor’s Declaration of Independence and Compliance with Other Ethical Standards ....................................................................................................................................... 17 Appendix 1-2. Engagement Letter with attached Management Representation Letter Format ........... 18 Section 2 ................................................................................................................... 24 Planning Phase .......................................................................................................... 24 I. Preparing the Overall Audit Strategy ............................................................................................. 24 II. Conducting Preliminary Risk Assessment ...................................................................................... 25 A. Defining Risks .............................................................................................................................. 25 B. Understanding the Audit Entity .................................................................................................. 26 C. Summarizing the Results of Preliminary Identification of Risks.................................................. 36 III. Conducting Final Risk Assessment ................................................................................................. 38 A. Determining the Materiality Thresholds ..................................................................................... 38 B. Assessing Risks and Determining Risk Responses ....................................................................... 43 IV. Preparing the Audit Engagement Plan ........................................................................................... 47 A. Updating the Overall Audit Strategy ........................................................................................... 47 B. Preparing the Audit Program ...................................................................................................... 47 C. Preparing the Engagement Planning Memorandum .................................................................. 48 Appendix 2-1. Overall Audit Strategy ...................................................................................................... 49 2 Appendix 2-2. Understanding the Agency Template .............................................................................. 52 Appendix 2-2A. Financial Accountability LogFrame ................................................................................ 54 Appendix 2-3. Agency-Level Controls Checklist ...................................................................................... 55 Appendix 2-3A. Control Activities -Cash Receipts checklist .................................................................... 70 Appendix 2-4. General Accounting Plan.................................................................................................. 72 Appendix 2-5. Variance Analysis of Financial Statements ...................................................................... 73 Appendix 2-6. Summary Report on the Preliminary Identification of Risks ........................................... 74 Appendix 2-7. Template on Determining Materiality Level .................................................................... 75 Appendix 2-8. Results of Risk Assessment at the Assertion Level .......................................................... 77 Appendix 2-8A. Illustration on Results of Risk Assessment at the Assertion Level ................................ 78 Appendix 2-9. Audit Program .................................................................................................................. 79 Appendix 2-10. Engagement Planning Memorandum ............................................................................ 80 Section 3 ................................................................................................................... 81 Audit Execution Phase ............................................................................................... 81 I. Execute Audit Tests ........................................................................................................................ 81 A. Determining the Nature, Timing and Extent of Audit Procedures .............................................. 81 B. Performing Audit Procedures...................................................................................................... 82 C. Gathering Audit Documentation and Evidence .......................................................................... 93 D. Addressing Risk Areas that Need Specific Considerations .......................................................... 98 E. Summarizing Proposed Audit Adjustments and Evaluating Effects in the Audit Opinion ........ 103 II. III. Summarize Audit Observations and Recommendations and Communicate with Those Charged with Governance ........................................................................................................... 104 A. Areas for Consideration in Summarizing Audit Observations ................................................... 104 B. Elements of Audit Observation ................................................................................................. 106 C. Performing Review of Overall Audit Work ................................................................................ 107 D. Tracking Status of Prior Years’ Recommendations ................................................................... 108 Conduct Exit Conference.............................................................................................................. 109 Appendix 3-1. Summary of Audit Observations and Recommendations ............................................. 110 Appendix 3-2. Affirmation of Audit Team’s Independence and Compliance with Ethical Standards ..................................................................................................................................... 111 Appendix 3-3. Recommendations Tracking Sheet ................................................................................ 112 Section 4 ................................................................................................................. 113 Reporting Phase ...................................................................................................... 113 I. Write the Independent Auditor’s Report..................................................................................... 114 3 A. Forming an Audit Opinion ......................................................................................................... 114 B. Forms of Independent Auditor’s Report ................................................................................... 121 II. Specific Elements of the Independent Auditor’s Report ............................................................. 126 A. Title............................................................................................................................................ 127 B. Addressee.................................................................................................................................. 127 C. Report on the Audit of Financial Statements............................................................................ 127 D. Report on Other Legal and Regulatory Requirements .............................................................. 136 E. Name of the Engagement Partner ............................................................................................ 138 F. Signature of the Auditor............................................................................................................ 138 G. Auditor’s Address ...................................................................................................................... 138 H. Date of the Independent Auditor’s Report ............................................................................... 138 III. Comparative Information............................................................................................................. 138 A. Corresponding Figures and Comparative Financial Statements ............................................... 138 A.1. Corresponding Figures .............................................................................................................. 139 A.2. Comparative Financial Statements ........................................................................................... 140 IV. Special Considerations - Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks ....................................................................................................... 140 V. Types of Audit Report .................................................................................................................. 140 Appendix 4-1A. Illustration of Cases for Modified Opinion .................................................................. 142 Section 5 ................................................................................................................. 145 Quality Control Review ........................................................................................... 145 I. Quality Control versus Quality Assurance.................................................................................... 145 II. Responsibility for Quality Control System and Quality Control Procedures................................ 145 III. Quality Control Review Process in COA ....................................................................................... 146 IV. Quality Control Documents.......................................................................................................... 146 V. Quality Control Review Documents ............................................................................................. 147 Appendix 5-1. Completion Compliance Checklist ................................................................................. 149 Appendix 5-2. Auditee Feedback Sheet ................................................................................................ 155 Appendix 5-3. Director’s Evaluation Form ............................................................................................ 158 Appendix 5-4. Financial Management Performance Rating ................................................................. 159 Works Cited ............................................................................................................ 161 Technical Working Group and Resource Persons ..................................................... 162 4 List of Exhibits Exhibit 1. General principles of public sector auditing in the audit of financial statements ........................ 8 Exhibit 2. COA Audit Framework................................................................................................................. 10 Exhibit 3. Audit Activities by Phase ............................................................................................................. 11 Exhibit 4. Diagramming Tool ..................................................................................................................... 107 Exhibit 5. Decision Tree in Preparing the Auditor's Report ...................................................................... 115 Exhibit 6. Summary of Reporting Phase activities .................................................................................... 121 Exhibit 7. Quality Control Documents ....................................................................................................... 148 List of Tables Table 1. The link between general auditing principles and financial audit specific requirements............... 9 Table 2. ISSAIs related to written representations ..................................................................................... 15 Table 3. Sources of financial information ................................................................................................... 27 Table 4. Principles of Internal Control ........................................................................................................ 29 Table 5. Examples of conditions and events that may indicate risks of material misstatements .............. 37 Table 6. Assertions in considering misstatements ...................................................................................... 37 Table 7. Examples of Risks .......................................................................................................................... 43 Table 8. Risk Decision Table ........................................................................................................................ 46 Table 9. List of Current Audit File and Permanent Audit File...................................................................... 95 Table 10. Summary of Modifications of the Independent Auditor’s Report ............................................ 125 Table 11. Levels of Quality Control Review............................................................................................... 146 List of Illustrations Illustration 1. Working Paper on Preliminary data analysis ........................................................................ 27 Illustration 2. Walkthrough Analysis for Source Agency – Fund Transfer Account .................................... 33 Illustration 3. Sample Financial Information ............................................................................................... 42 Illustration 4. Sample Materiality Computation Table................................................................................ 42 Illustration 5. Working Paper – Test of Control .......................................................................................... 85 Illustration 6. Sample Trend Analysis .......................................................................................................... 90 Illustration 7. Proposed Summary WP in Substantive Test ........................................................................ 93 Illustration 8. Sample Top Schedule and Audit Conclusion ........................................................................ 96 Illustration 9. Summary of Proposed Audit Adjustments ......................................................................... 103 Illustration 10. Sample - Elements of an Audit Observation ..................................................................... 106 Illustration 11. Sample - Audit Recommendation ..................................................................................... 107 Illustration 12. Summary of Uncorrected Misstatements ........................................................................ 119 5 List of Acronyms Acronym AAPSI AAR ADA ADADJ ADB AICF ALCC AM AOM AP APMT ASEAN ATL ATM CAAR CAATs CAF CD CGS COA COE CR CRDC DV EPM EQCR FOU FRF FS GAM GAP GBE GL IAR ICPPP IDI INTOSAI IR ICSPPS Definition Agency Action Plan and Status of Implementation Annual Audit Report Advice to Debit Account Advice to Debit Account Disbursements Journal Asian Development Bank Agency's Internal Control Framework Agency-Level Controls Checklist Audit Memorandum Audit Observation Memorandum Audit Program Action Plan Monitoring Tool Association of Southeast Asian Nations Audit Team Leader Audit Team Member Consolidated Annual Audit Report Computer assisted audit techniques Current Audit File Cluster Director Corporate Government Sector Commission on Audit COA Order of Execution Control Risk Consolidated Report of Daily Collections Disbursement Voucher Engagement Planning Memorandum Engagement Quality Control Reviewer Field Operating Units Financial Reporting Framework Financial Statements Government Accounting Manual General Accounting Plan Government Business Enterprise General Ledger Independent Auditor’s Report Internal Control Policy, Procedures and Practices INTOSAI Development Initiative International Organization of Supreme Audit Institutions Inherent Risk Internal Control Standards for Philippine Public Sector 6 Acronym ISQC ISSAI JEV KAM LGU ML MOA MRL MT NC ND NFD NGO NS OAS OR PAF PDA PFRS PPE PPSAS R-CDTA RANTA RBFAM RD RMM RRAAL RSA RTS SA SAI SAOR SCBAA SCF SFPer SFPos SRPIR UTA WP Definition International Standard on Quality Control International Standards of Supreme Audit Institutions Journal Entry Voucher Key Audit Matters Local Government Unit Management Letter Memorandum of Agreement Management Representation Letter Materiality Template Notice of Charge Notice of Disallowance Notice of Finality of Decision Non-government organization Notice of Suspension Overall Audit Strategy Official Receipt Permanent Audit File Preliminary data analysis Philippine Financial Reporting Standards Property, Plant and Equipment Philippine Public Sector Accounting Standards Regional Capacity Development Technical Assistance Registry of Notice of Transfer Allocation Risk-Based Financial Audit Manual Regional Director Risk of Material Misstatement Results of Risk Assessment at the Assertion Level Regional Supervising Auditor Recommendation Tracking Sheet Supervising Auditor Supreme Audit Institution Summary of Audit Observations and Recommendations Statement of Comparison of Budget and Actual Amounts Statement of Cash Flows Statement of Financial Performance Statement of Financial Position Summary Report on Preliminary Identification of Risks Understanding the Agency Working Paper 7 Introduction A. Basis for Manual Preparation 1. The Commission on Audit entered into an agreement with the Asian Development Bank for the Regional Capacity Development Technical Assistance (R-CDTA) entitled Enhancing the Roles of Supreme Audit Institutions in Selected Association of Southeast Asian Nations (ASEAN). The project was funded by the Japan Fund for Poverty Reduction. The agreement was signed on February 27, 2015, and the Project was jump started in early 2016. 2. The Project aims to increase compliance with international standards on public sector financial audits of the participating SAIs by at least 20%. This objective agrees with a similar strategy of the IDI for the SAIs to adopt the INTOSAI audit guidelines so that they can meet the expectations of their stakeholders through quality audits and ultimately strengthen the accountability of government. The cause and effect relationship of the INTOSAI principles vis-à-vis public sector accountability is demonstrated as follows: Exhibit 1. General principles of public sector auditing in the audit of financial statements Principles of financial audit •ISSAI 100 lists 8 general principles for public sector auditing General principles of public sector auditing •ISSAI 200 explains those principles in the context of financial auditing and those are elaborated further on ISSAIs at level 4 •The Level 4 Financial Audit ISSAIs can be used as authoritative standards in the audit practice or used as an example for best practice of financial audits in the public sector Value added through the financial audits •According to ISSAI 20, SAIs contribute to the strengthening of public sector accountability Financial audit practice 3. In effect, the COA-ADB Financial Audit Manual will put into practice the IDI plan : “to promote implementation of the INTOSAI audit principles by translating these into audit procedures in the SAIs audit manuals and followed in the actual financial audit practice of the SAI.The results for financial audits, communicated through audit reports to the stakeholders; increase confidence of the stakeholders towards public sector financial statements and enable better control over the use of taxpayers’ money. Ultimately each financial audit will directly contribute to the SAIs role to strengthen accountability, integrity, and transparency of governments and public sector entities.” 8 B. Project requirements and INTOSAI prerequisites 4. A briefer on the INTOSAI fundamental prerequisites, fundamental principles and the ISSAI financial audit guidelines is necessary to better explain their being considered as benchmarks of this Financial Audit Manual. 5. The ISSAI Framework is structured in four levels: Level 1: Founding Principles; Level 2: Prerequisites for the Functioning of SAIs; Level 3: Fundamental Auditing Principles; and, Level 4: Auditing Guidelines. 6. The eight Fundamental Auditing Principles of Level 3, which are listed below, are the key elements of public sector auditing regardless of the mandate of the SAI or the type of audits to be conducted. These Principles and the Level 4 Auditing Guidelines (which are based on the detailed guidelines of the Principles) are guides in preparing the Financial Audit Manual. The link is illustrated in this IDI table showing the Principles, ISSAI guidelines and COA’s existing policies and practices as well as the application of the principles in this Manual. Table 1. The link between general auditing principles and financial audit specific requirements General Auditing Principle Ethics and independence Professional judgment, due care and skepticism Quality control Audit team management and skills Principle explanation in ISSAI 100 Auditors should comply with relevant ethical requirements and be independent. Auditors should maintain an appropriate professional behavior by applying professional skepticism, professional judgment and due care throughout the audit. Auditors should perform the audit in accordance with professional standards on quality control. Auditors should possess or have access to the necessary skills. Audit risk Auditors should manage the risks of providing an inappropriate report in the circumstances of the audit. Materiality Auditors should consider materiality throughout the audit process. Documentation Auditors should prepare audit documentation in sufficient detail to provide a clear understanding of work performed, evidence obtained 9 COA’s existing policy and application of the principles in this Manual COA has adopted the Revised Code of Conduct and Ethical Standards for COA Officials and Employees under Resolution No. 2018-010 dated February 1, 2018. This is emphasized under Section 1 (Preliminary Engagement Activities) of this Manual and throughout the entire audit process. The audit tools to assist and guide Auditors in ensuring the quality of audit are prescribed in the Manual. The Auditors’ compliance with the Manual will be assessed using the Quality Control Documents prescribed under Section 5 of this Manual. The training of Auditors is a continuous activity. They will be trained on the use of audit tools prescribed in the Manual and subsequent issuances to keep them updated on international standards. The adoption of the Manual will address this concern. The determination of materiality threshold is discussed under Section 2 Part III.A. of this Manual. The auditor shall be guided by the step by step procedures provided in Section 3 Part I.C. of this Manual. General Auditing Principle COA’s existing policy and application of the principles in this Manual Principle explanation in ISSAI 100 and conclusions reached. Communication Auditors should establish effective communication throughout the audit process. The auditors maintain open communication with the auditees which is also defined in the Audit Terms of Engagement proposed in the Manual. 7. The Plan of action towards full compliance with the ISSAI is based on the IDI recommended approach, subject to the SAI’s own development selection requirements. C. COA Audit Framework 8. Presented below as Exhibit 3 is a graphical presentation of the COA Audit Framework common to all audit streams – Financial Audit, Compliance Audit and Performance Audit. The orange box displays the Strategic Audit Planning and Risk Identification comprising the Preliminary Engagement, Planning, Execution and Reporting. The blue box displays the four stages of the audit giving important consideration on quality control encompassing all four stages. Exhibit 2. COA Audit Framework Strategic Planning and Risk Identification Preliminary Engagement Quality Control 10 Overview of the Financial Audit Manual A. Objectives of Financial Audit 1. The objectives of a financial audit in the public sector are often broader than expressing an opinion whether the financial statements have been prepared, in all material respects, in accordance with the applicable financial reporting framework (i.e. the scope of the ISSAIs). The audit mandate, or obligations for public sector entities, arising from legislation, regulation, ministerial directives, government policy requirements, or resolutions of the legislature may result in additional objectives. These additional objectives, which may be of equal importance to the opinion on the financial statements, may include audit and reporting responsibilities, for example, relating to reporting whether public sector auditors found any instances of non-compliance with authorities including budgets and accountability frameworks, and/or reporting on the effectiveness of internal control. However, even when there are no such additional objectives, there may be general public expectations in regard to public sector auditors’ reporting of non-compliance with authorities or reporting on effectiveness of internal control. Such additional responsibilities would be reported in a separate section of the auditor’s report. B. The Financial Statements Audit Process 2. The financial audit guidelines are explained with the aid of illustrations and suggested templates for use as the case may be. 3. Guidelines are divided in five main sections excluding this Overview section: Section 1: Preliminary Engagement Activities; Section 2: Planning Phase; Section 3: Audit Execution Phase; Section 4: Reporting Phase; and, Section 5: Quality Control Review. 4. Exhibit 2 presented below identifies the more important aspects discussed in each of the sections and the applicable ISSAI. QUALITY CONTROL Exhibit 3. Audit Activities by Phase Preliminary Engagement Ensure engagement team’s independence and compliance with ethical standards (ISSAIs 1200; 1220) Define the terms of engagement (ISSAIs 1210; 1260) Planning Execution Execute audit tests (ISSAIs 1260; 1230; 1500; 1501; 1520; 1530; 1540; 1560; 1600; 1450) Summarize audit observations and recommendations (ISSAI 1230) Conduct exit conference (ISSAI 1230) Reporting Evaluate misstatement (ISSAI 1450) Affirm written representations (ISSAI 1580) Form an audit opinion (ISSAI 1700 series (Revised); 1800; 1805) Quality Control Review Establish responsibility for quality control system and quality control procedures (ISSAI 1220) Quality Control Review Process (ISSAI 1220) Document Quality Control Review Process (ISSAI 1220) Prepare overall audit strategy (ISSAI 1300) Understand the audit entity (ISSAI 1240; 1250; 1265; 1300; 1315;1550; 1610) Summarize results of preliminary identification of risks (ISSAI 1315; 1610) Determine materiality thresholds (ISSAI 1320) Assess risks and determine risk responses (ISSAIs 1315; 1330) Prepare audit engagement plan (ISSAI 1300) 11 C. Applying the INTOSAI Financial Audit Guidelines (ISSAI 1000-2999) 5. The ISSAI 1700 (Revised) notes that depending on the standards applied, the public sector auditors may refer to relevant auditing standards in one of the following ways: a) in accordance with national standards, which are based on [or consistent with] the Fundamental Auditing Principles (ISSAIs 100-999) of the International Standards of Supreme Audit Institutions (refer to ISSAI 200.12); b) in accordance with international standards (ISSAIs 1000-2999) (refer to ISSAI 200.13a); c) in accordance with ISAs (refer to ISSAI 200.13b) COA has adopted the INTOSAI Financial Audit Guidelines under COA Resolution Nos. 2013-007, 2014-011, and 2016-007. 12 Section 1 Preliminary Engagement Activities 1. Under Presidential Decree 1445 (PD 1445) or the Government Auditing Code of the Philippines, the COA operates under the audit residency approach where government auditors and COA-assigned administrative staff have the legal right to hold office in COA resident audit offices based in the audited agencies. 2. Residency audits are justified by the multifarious audit and non-audit functions performed on a year-round basis by the COA Auditors. Aside from audits (financial, compliance, initial fraud reviews, post audit of transactions, cash examinations of cash accountable officers), they perform non-audit related functions required by law including the custody of vouchers and witnessing of asset disposals; among others. Given the power of the Commission under PD 1445 to institute measures designed to preserve and ensure the independence of its representatives, COA is moving its auditors by phase from the premises of the Auditees to the Satellite Audit Offices, subject to availability of facilities. 3. With the mandate of COA under the Constitution and the PD 1445, there are certain ISSAI requirements which can be done away with: a. a review of the auditee’s professional and ethical practices as the results cannot be used as basis for deciding whether to accept or not to accept and/or to continue with the engagement under ISSAI 1220. COA is mandated under the Constitution and the PD 1445 to conduct audit of all government agencies and instrumentalities. Unethical practices constitute “corrupt acts” under Republic Act 3019, the Anti-Graft and Corrupt Practices Act, and must be considered by the COA Auditor; and, b. the need for management conformity with the terms of engagement under ISSAI 1210. COA audits are mandated by law and the auditee has no discretion to refuse audit. The engagement terms, which are contained in a formal letter issued to the Agency (discussed in this Section), must be explained during the entrance conference for easy understanding and compliance by the agency. 4. Preliminary engagement activities will involve: I. II. I. Ensuring Engagement Team’s Independence and Compliance with Ethical Standards; and, Defining the Terms of Audit Engagement. Ensuring Engagement Team’s Independence and Compliance with the Ethical Standards 5. The purpose of an FS audit is to enhance the degree of confidence of intended users in FS. This is achieved by the expression of an opinion by the Auditor on whether the FS are prepared, in all material respects, in accordance with an applicable FRF. In the case of most general purpose frameworks, the opinion is on whether the FS are presented fairly, in all material respects in accordance with the framework. An audit conducted in accordance with the standards and relevant ethical requirements enables the auditor to form that opinion, which is required under ISSAI 1200. 13 6. The audit team is also required under ISSAI 1220 to implement quality control procedures at the engagement level to have a reasonable assurance that: a. The audit complies with professional standards and applicable legal and regulatory requirements; and, b. The auditor’s report issued is appropriate in the circumstances. 7. To ensure COA stakeholders that the audits conducted are in accordance with international standards, the SA/RSA, ATL and Audit Team Members shall execute their respective Auditor’s Declaration of Independence and Compliance with Other Ethical Standards, to be confirmed by the CD/RD (Appendix 1-1). This is also in line with the adoption of the Revised Code of Conduct and Ethical Standards for COA Officials and Employees under COA Resolution No. 2018-010 dated February 1, 2018. This Declaration shall be executed by the concerned auditor upon assumption to new assignment and before the start of audit for the year. The Declaration shall be executed by the auditors for each audited agency. 8. Throughout the audit engagement, the CD/RD shall ensure that: a. There are no threats to the independence of the audit engagement and that members of the engagement team comply with relevant ethical standards. In instances that might compromise the auditor’s ability to form an audit opinion without being affected by other influences, a written notification must be made to update the Auditor’s Declaration of Independence and Compliance with Other Ethical Standards. Threats to independence may take the form of: i. ii. iii. Conflict of interest; Individual values system; or, Familiarity with key management officials. b. The engagement team collectively possesses appropriate competence and capabilities to: (i) perform the audit engagement in accordance with professional standards and applicable legal and regulatory requirements; and (ii) issue an auditor’s report that is appropriate in the circumstances. c. Due professional care is exercised. Due professional care requires the auditor to exercise professional skepticism, an attitude that includes a questioning mind and a critical assessment of audit evidence and to use the knowledge, skill, and ability called for by the profession of public accounting to diligently: i. ii. iii. iv. Gather and objectively evaluate evidence; Gauge the experience and qualification level of an audit staff in relation to the audit area/s where he/she is assigned. More experienced staff or those with special skills and expertise are assigned to assertions and accounts with high risk. Technical audit staff such as civil engineers should be requested when the audit requires an evaluation of infrastructure projects; Exercise closer supervision over critical areas especially where fraud was uncovered; and, Identify areas where additional elements of unpredictability should be incorporated in the audit procedures that need to be performed. 14 II. Defining the Terms of Audit Engagement 9. The two sub-steps in undertaking this particular activity are: Establishing the terms of Audit Engagement; and, Communicating the Terms of Audit Engagement with those charged with governance A. Establishing the Terms of Audit Engagement 10. The terms of the audit engagement required under ISSAI 1210 shall be established before the commencement of the audit of a certain financial period. The audit engagement letter (Appendix 12) or other suitable form of written engagement shall include: (a) the objective and scope of the audit of the financial statements; (b) the responsibilities of the auditor; (c) the responsibilities of management; (d) identification of the applicable financial reporting framework which is PPSAS or PFRS, for the preparation of the financial statements; (e) reference to the expected form and content of any reports to be issued by the auditor; and, (f) a statement that there may be circumstances in which a report may differ from its expected form and content. 11. This letter shall also specify the required disclosures for inclusion in the Notes to FS, particularly, Related Parties, Claims and Litigations and Segment Accounting, if these exist; the performance review to be done on the financial accounting and reporting practices of the auditee; the deadline for the submission of a final Management written representation and the requests for copies of specific reports and appointments for interview. 12. Written representation is a written statement provided by management, and where appropriate, those charged with governance to confirm certain matters or support other audit evidence. It also contains management’s representation that: a. It has fulfilled its responsibilities for the preparation and fair presentation of FS in accordance with applicable FRF; b. It has provided the auditors with all relevant information and access as required in the Engagement Letter. The management’s responsibility as discussed in the Engagement Letter shall be included in the written representation; c. All transactions have been recorded and are reflected in the FS; and, d. Other concerns such as propriety of selection and application of accounting policies, compliance with applicable frameworks in terms of recognition, measurement and presentation of accounts and disclosures, and specific assertions in the FS. 13. Written representations are particularly required under the following ISSAIs: Table 2. ISSAIs related to written representations ISSAI 1240 1250 1450 1501 1540 Subject The Auditor’s Responsibilities Relating to Fraud in an Audit of Financial Statements (par. 39) Consideration of Laws and Regulations in an Audit of Financial Statements (par. 16) Evaluation of Misstatements Identified during the Audit (par. 14) Audit Evidence – Specific Considerations for Selected Items (paragraph 12) Auditing Accounting Estimates, including Fair Value Accounting Estimates and Related Disclosures (par. 22) 15 ISSAI 1550 1560 1570 1580 1710 Subject Related Parties (par. 26) Subsequent Events (par. 9) Going Concern (par. 16e) Written Representations Comparative Information (par. 9) 14. The Management Representation Letter should be issued as near as practicable to, but not after, the date of the auditor’s report on the FS. The written representations shall be for all FS and period(s) referred to in the auditor’s report (ISSAI 1580, par. 14). The MRL format, for management’s reference, is attached to the Engagement Letter. 15. If the auditor did not receive the requested written representation or doubts the competence, integrity, ethical value or diligence of management, or its commitment to, or enforcement thereof, in particular, if written representations are inconsistent with other audit evidence, and the matter remained unresolved despite additional audit procedures performed, the auditor shall determine the effect that such concerns or non-submission thereof, may have on the reliability of oral or written representations and audit evidence in general. 16. For foreign assisted projects, the engagement letter will consider the requirements of the foreign lending/grantor institution. B. Communicating the Terms of Engagement 17. The engagement letter shall be issued to management or to those charged with governance. This is being issued to formally inform the auditee of the audit requirements, including the responsibilities of the auditor and the auditee, and as a matter of professional courtesy and engagement direction. After the engagement letter is formally acknowledged as received, the Audit Team shall arrange for an entrance conference taking into consideration the availability of management, to discuss the conditions cited in the terms of engagement. There is no need to seek conformity by the auditees with the terms of engagement because COA is constitutionally and legally mandated to audit all government agencies. However, the auditee’s cooperation and assistance should be sought specifically on their responsibilities under the terms of engagement, such as submission of required documents or schedules, and availability in meetings or interviews on dates agreed upon during the entrance conference or meeting. 16 Appendix 1-1. Auditor’s Declaration of Independence and Compliance with Other Ethical Standards REPUBLIC OF THE PHILIPPINES COMMISSION ON AUDIT Commonwealth Avenue, Quezon City, Philippines AUDITOR’S DECLARATION OF INDEPENDENCE AND COMPLIANCE WITH OTHER ETHICAL STANDARDS As (state designation; e.g. team member, team leader, supervising auditor/regional supervising auditor), I acknowledge my assignment which requires me to be part of the audit team to conduct a financial audit of the ____(Name of Agency)____ for the financial year ended _______. I declare that to the best of my knowledge, I know of nothing that might impair my independence and impartiality on the Audit that will contravene the independence requirements and other ethical standards of any applicable code of professional conduct in relation to the audit. Responsibility to Update This Declaration I understand that I am also responsible to make timely written notification in the event any other circumstance arises during the course of this audit that might impair or appear to impair my independence with respect to this audit. __ (Signature over printed name) __ Designation (SA/RSA/ATL/ATM) Date: Cluster/Regional Director’s Certification: I have assigned the above staff to work on the stated audit and I am not aware of anything that might impair his/her independence and impartiality and the competence of the Audit Team. __ (Signature over printed name)__ Cluster/Regional Director Date: 17 Appendix 1-2. Engagement Letter with attached Management Representation Letter Format REPUBLIC OF THE PHILIPPINES COMMISSION ON AUDIT Commonwealth Avenue, Quezon City, Philippines Date AGENCY HEAD Agency XYZ Quezon City Attention: Chief Accountant Dear ______________; Pursuant to the Philippine Constitution of 1987, Article IX-D, Section 2, the Commission on Audit (COA) shall examine, audit, and settle all accounts pertaining to the revenue and receipts of, and expenditures or uses of funds and property, owned or held in trust by, or pertaining to, the Government, or any of its subdivisions, agencies, or instrumentalities. In this connection, the COA Audit Team will audit your Agency’s financial reports and financial reporting processes for the year ended xxx. A. Audit objectives 1. The objectives of this audit are as follows: 1.1 Express an opinion on whether your financial statements are fairly presented, in all material respects, in accordance with Philippine Public Sector Accounting Standards (PPSAS)/Philippine Financial Reporting Standards (PFRS). 1.2 Communicate whether the internal control, particularly those affecting accounting and financial reporting systems, are operating effectively to provide reasonable assurance that misstatements, losses, or non-compliance would be reported in a timely basis. 1.3 Communicate the results of tests of compliance with selected provisions of laws and regulations, including budgets and accountability issues, and details of audit suspensions, charges and disallowances identified during the audit. B. Auditor’s responsibilities 2. We will conduct our audits in accordance with International Standards of Supreme Audit Institutions (ISSAIs) issued by the International Organization of Supreme Audit Institutions (INTOSAI) to which the Commission is a member. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement and comply with applicable laws and regulations. 3. We will perform procedures to obtain audit evidence about amounts and disclosures in the financial statements. The procedures selected depend on the auditor’s judgment, including assessment of the risks of material misstatement of the financial statements; whether due to fraud or error. In making those risk assessments, we will limit internal control testing to those controls over financial reporting and 18 compliance issues which we consider critical based on our experienced professional judgment. However, we will not test compliance with all laws and regulations applicable to the Agency. We caution that noncompliance may occur and not be detected by these tests and that such testing may not be sufficient for other purposes. 4. Our procedures will include internal control review; examination of documents/records/reports; analysis, confirmation and inspection of selected accounts, transactions and projects, as necessary. 5. We will communicate in writing any significant deficiencies and material weaknesses that come to our attention as a result of the audit. In addition, we will communicate suggestions to improve agency operations and address control deficiencies identified during our audit. C. Agency Financial Management Performance 6. As part of the audit, we will assess agency financial management performance. D. Audit Limitations 7. Although the audit is designed to provide reasonable assurance of detecting errors and irregularities that are material to the financial statements, it is not designed and cannot be relied upon to disclose all fraud, defalcations, or other irregularities. However, we will inform you of any material errors, and all irregularities or illegal acts, unless they are clearly inconsequential, that come to our attention. E. Agency’s responsibilities 8. Management is responsible for: 8.1 The preparation and fair presentation of the following financial statements in accordance with PPSAS/PFRS and submission of the same on deadlines set by the Commission on Audit: Statement of Financial Position Statement of Financial Performance / Statement of Comprehensive Income / Statement of Profit or Loss Statement of Cash Flows Statement of Changes in Net Assets/Equity / Statement of Changes in Equity Statement of Comparison of Budgets and Actual Amounts Notes to Financial Statements 8.2 Making all financial records and reports, and related information available to us and for adjusting the financial statements to correct material misstatements, and other information as required under ISSAI 1720. 8.3 Issuing the Management Representation Letter (MRL) as near as practicable to, but not after, the date of the auditor’s report on the financial statements as there are events occurring up to the date of the auditor’s report that may require adjustment to or disclosure in the financial statements. The MRL should be signed by the Chief Accountant/Head of Finance Group and the Head of the Agency. (Format attached for your reference) 8.4 Submitting status of any pending claims and litigation involving the Agency, breakdown of related party transactions and subsequent events which have to be adjusted and/or disclosed in the Notes to Financial Statements. 9. Management is encouraged to confer with the Auditor as to the required formats of the financial 19 statements to facilitate compliance with the presentation requirements of the PPSAS/PFRS. F. Assistance from Management 10. We will request assistance for the following, among others: 10.1 10.2 10.3 10.4 Assignment of focal person/s to facilitate meetings and requests relative to the audit Preparing schedules or analyses and providing needed documents Conferring with your officials and staff to facilitate understanding of the agency operation Access to the work of internal auditors to facilitate review of internal control and risk assessment related to audit of financial information 10.5 Workspace for the duration of the audit as required 10.6 Facilitating requirements of the audit team/s assigned to conduct field inspections and observations. G. Use and reproduction of COA audit reports 11. The working papers for this engagement are the property of the Commission on Audit and constitute confidential information. However, certain documents may be made available upon request subject to pertinent COA issuances. The Annual Audit Report, once released, will be published in the COA website, for information of the public. H. Audit Timelines 12. Subject to availability of requirements contained in this Letter, we expect to complete our audit and transmit the required audited financial statements and report to management on or before (indicate the prescribed period). I. Auditee’s Feedback on Audit Team’s Performance 13. After completion of the audit, the COA Central Office will send a Feedback Sheet to assess the team’s performance as a way of improving the quality of our audits and our service to our audit clients. Please send the filled in sheet duly signed by your Designated Official to the Office of the [Cluster/Region], [Sector], Commission on Audit, Quezon City. We look forward to your full cooperation during the audit. Sincerely, __Signature over Printed Name__ Cluster/Regional Director Date Received by the Agency: By: Name and Signature:____________________ Stamp date and signed received 20 Letterhead of the Audited Agency Date (near but never after the date of the Auditor’s Report) Management Representation Letter Cluster/Regional Director Commission on Audit Commonwealth Avenue Quezon City Subject: Name of Agency/Corporation/LGU/Project Being Audited This representation letter is provided in connection with your audit of the financial statements of the Agency/Corporation/LGU/Project for the year ended December 31, 20xx for the purpose of expressing opinions as to whether the financial statements are presented fairly, in all material respects, in accordance with Philippine Public Sector Accounting Standards (PPSAS)/Philippine Financial Reporting Standards (PFRS) and as to other terms required, if any. Statement of Management's Responsibility for the Financial Statements We affirm that the financial statements for the __(name of Agency/Corporation/LGU/Project)__ are management's responsibility; that these were prepared in accordance with the PPSAS/PFRS, that all relevant information was provided the Commission on Audit Team, that access to relevant information and records were made available and that all transactions were recorded and reflected in the financial statements; and that all instances of non-compliance of which we are aware of are disclosed to the COA audit team. Specific Affirmations pertaining to the Financial Statements Provided to the Commission on Audit We affirm that to the best of our knowledge and belief, having made such inquiries as we considered necessary for the purpose of appropriately informing ourselves: A. Financial Statements We have fulfilled our responsibilities, as set out in the terms of the audit engagement dated (indicate date), for the preparation of the financial statements in accordance with the PPSAS/PFRS: 1. 2. 3. 4. 5. 6. 7. 8. In particular, the financial statements are free from material misstatements including omissions and errors, and are fairly presented. Significant assumptions used in making accounting estimates, including those measured at fair value, are reasonable. Related party relationships and transactions, if any, have been appropriately accounted for and disclosed in accordance with the requirements of the PPSAS/PFRS. All events subsequent to the date of the financial statements and for which PPSAS/PFRS require adjustment or disclosure have been adjusted or disclosed. All matters related to claims, litigations, assessments and dispute have been disclosed to COA by our Legal Office and external legal counsel. The effects of uncorrected misstatements are immaterial, both individually and in the aggregate, to the financial statements as a whole. A list of the uncorrected misstatements is attached to the representation letter. The selection and application of accounting policies are appropriate. The following have been recognized, measured, presented or disclosed in accordance with the PPSAS/PFRS: 21 a. b. c. d. Plans or intentions that may affect the carrying value or classification of assets and liabilities; Liabilities, both actual and contingent; Title to, or control over, assets, the liens or encumbrances on assets, and assets pledged as collateral; and Aspects of laws, regulations and contractual agreements that may affect the financial statements, including non-compliance. In preparing the financial statements, management is also responsible for assessing the Agency/Corporation/LGU/Project’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless management either intends to liquidate the Agency/Corporation/LGU/Project or to cease operations, or has no realistic alternative but to do so. B. Internal Control 1. 2. 3. C. We have assessed the effectiveness of the [Agency/Corporation/LGU/Project's] internal control in achieving the following objectives: a. Reliability of financial reporting; b. Compliance with applicable laws and regulations; c. Safeguarding of assets; and d. Achievement of agency objectives. We have disclosed to you all significant deficiencies in the design or operation of internal control that could adversely affect the entity's ability to meet the internal control objectives and identified those we believe to be material weaknesses. There have been no changes to internal control subsequent to (date of latest audited financial statements), or other factors that might significantly affect it. (If there were changes, describe them, including any corrective actions taken with regard to any significant deficiencies or material weaknesses.) Compliance 1. 2. 3. 4. 5. The activities and financial transactions are in compliance with the relevant government rules and regulations. We have provided you with interpretation of compliance requirements that may have varying interpretations. All contracts, agreements and other correspondence have been made available. We have disclosed all contracts and agreements with service organizations, including any communications with those organizations related to instances of non-compliance. The Agency/Corporation/LGU/Project has been operated effectively, throughout the period covered by the audit. D. Information Required 1. We have provided you with: a. Access to all information deemed relevant to the preparation of the financial statements such as records, documentation and other matters; b. Additional information requested for the purpose of the audit; and c. Unrestricted access to persons within the entity determined necessary to obtain audit evidence. 2. All transactions have been recorded in the accounting records and are reflected in the financial statements. 22 3. We have disclosed to you the specific results of our assessment of the risk indicating that the financial statements may be materially misstated as a result of fraud. 4. We have disclosed to you all information in relation to fraud or suspected fraud that we are aware of and that affects the entity and involves: management; employees who have significant roles in internal control; or others where the fraud could have a material effect on the financial statements. 5. We have disclosed to you all known instances of non-compliance or suspected non-compliance with laws and regulations whose effects should be considered when preparing financial statements. 6. We have disclosed to you the identity of related parties and all the related party relationships and transactions of which we are aware. Signed: _____Signature over Printed Name____ Chief Accountant /Head of Finance Group _____Signature over Printed Name_____ Head of Agency/Authorized Representative Date Date 23 Section 2 Planning Phase 1. Under ISSAI 1300, planning is not a discrete phase of an audit but rather a continual and iterative process that often begins shortly after the completion of the previous audit and continues until the completion of the current audit. 2. Planning activities involve the following steps: I. II. Preparing the Overall Audit Strategy Conducting Preliminary Risk Assessment A. Defining risks B. Understanding the Audit Entity a. Updating information base for financial audit and conducting preliminary risk assessment b. Assessing other matters for consideration 1. Understanding Fraud Risks 2. Understanding risks from non-compliance with laws, rules and regulations c. Assessing related parties C. Summarizing the results of preliminary identification of risks III. Conducting Final Risk Assessment A. Determining the materiality threshold B. Assessing risks and determining risk responses a. Performing Risk assessment b. Determining Risk responses IV. Preparing the Audit Engagement Plan A. Updating the Overall Audit Strategy B. Preparing the Audit Program C. Preparing the Engagement Planning Memorandum I. Preparing the Overall Audit Strategy 3. Establishing the audit strategy involves setting the scope, timing and direction of the audit towards the development of an Audit Engagement Plan. When developing the overall strategy, ISSAI 1300 identifies these concerns: a. Identify the characteristics of the engagement that define its scope; b. Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; c. Consider the factors that, in the auditor’s professional judgment, are significant in directing the engagement team’s efforts; d. Consider the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant; and, e. Ascertain the nature, timing and extent of resources necessary to perform the engagement. 24 4. The overall audit strategy is prepared by the ATL, reviewed by the SA/RSA and approved by the CD/RD. The auditor may need to modify the overall audit strategy as the circumstances arise because of unforeseen events, changes in conditions, or audit evidence obtained from the results of audit procedures which require significant changes in strategy. These changes, while allowable, must be approved by the CD/RD upon the recommendation of the SA/RSA. Frequent changes should be avoided as these indicate poor planning. The overall audit strategy template is attached as Appendix 2-1 of this Section. II. Conducting Preliminary Risk Assessment A. Defining Risks 5. Based on paragraph 1.6.1 of RBFAM, risk is the probability of an act or event occurring that would have an adverse effect in the achievement of an agency’s objectives. Thus, the threat that an event, action or inaction will adversely affect the agency’s ability to successfully achieve its mandate and objectives and execute its strategies is defined as the agency risk. 6. On the other hand, the risk that the auditor may express an inappropriate opinion on the FS is known as audit risk. Although audit risks and agency risks are dissimilar in nature, it is often the case that identification of significant agency risks lead to the detection of audit risks. 7. The three components of audit risks are: a. Inherent risk is the susceptibility of an assertion, about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls. (IRRBAM, par. 2.6.1 (b)) b. Control risk is the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements will not be prevented, or detected and corrected, on a timely manner by the entity’s internal control. (IRRBAM, par. 2.6.1 (c)) c. Detection risk is the risk that the auditor’s procedures will not detect a misstatement that exists in an assertion that could be material, individually or when aggregated with misstatements. (RBFAM, par. 1.6.1) 8. The factors that may affect inherent risk assessment are: a. Judgment – a high degree of judgment is involved in business transactions. i. Degree of subjectivity ii. Competence and experience of agency personnel b. Estimates – significant estimates are included in transactions, which make it more likely that an estimation error will be made. i. Susceptibility to material misstatement ii. Variations from expected amounts iii. Transactions not subjected to routine processing 25 c. Complexity – the transactions in which a business engages are highly complex, and so are more likely to be completed or recorded incorrectly. i. Size and composition ii. Effects of external factors iii. Completion of unusual/complex transactions at or near period-end 9. The preliminary assessment of control risk is based on the following: a. Evaluation of the design of controls done in Understanding the Process activity; b. Information obtained from prior periods’ engagements, if available; and c. Information obtained from the results of walkthrough procedures in Understanding the Process activity. 10. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement (inherent risk plus control risk) at the assertion level. For example, the greater the risk of material misstatement the auditor believes exists, the less the detection risk that can be accepted and, accordingly, the more persuasive the audit evidence required by the auditor. (ISSAI 1200, par. A44) 11. Detection risk relates to the nature, timing and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a function of the effectiveness of a procedure and of its application by the auditor. Matters such as: (a) adequate planning; (b) proper assignment of personnel to the engagement team; (c) the application of professional skepticism; and (d) supervision and review of the audit work performed, would help enhance the effectiveness of an audit procedure and of its application, and reduce the possibility that an auditor might select an inappropriate audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results. (ISSAI 1200, par. A45) B. Understanding the Audit Entity 12. The resident auditors assigned in their respective agencies perform, among others, financial and compliance audits. Thus, auditors have practically broad knowledge of agency operations which should be summarized in the UTA Template attached as Appendix 2-2. 13. The UTA template may include the following: a. b. c. d. e. A general overview of the entity’s organization and operations; The agency’s main activities and critical processes; Projects/Programs/Activities; Results of previous audit; Auditor’s notes on any component that may be significant to the conduct of financial audit. 14. To enhance Auditor’s understanding of the audit entity, the following steps shall be undertaken: a. Updating information base for financial audit and conducting preliminary risk assessment; b. Assessing other matters for consideration; and, c. Assessing Related Parties transactions 26 a. Updating Information Base for Financial Audit and Conducting Preliminary Risk Assessment 15. Given the extent and quality of information available to COA Auditors, the sources of financial information to be used as basis for the preliminary risks assessment review are categorized as: Table 3. Sources of financial information Category 1. COA informatio n base 2. Auditees and other offices 3. Generated based on audit analysis performed Sources Financial, compliance and performance audit reports; cash examination reports; fraud audit reports; project audit reports; Bank Statements and Bank Reconciliation Statements; Property and personnel accountability audits Notice of Suspensions, Notice of Charges and Notice of Disallowances, Notice of Finality of Decisions, COA Order of Execution; Evaluation/investigation reports/emerging issues from newspaper accounts; Financial Reports such as Reports of Checks Issued and Report of Collections and Deposit Disbursement Vouchers Recommendation Tracking Sheet UTA Template and Financial Accountability LogFrame Charter or mandate; Organizational Chart/Functional Chart; Manual of operations; Internal audit reports; Minutes of meetings and conferences with the agency; Official directives, new laws and regulations affecting the agency; Appropriations/annual budget and other financial and project reports General Accounting Plan; Financial Statement Analysis; Agency-level Controls Checklist Information to be obtained Possible causes of misstatements due to errors, fraud; Financial statements accounts which may be misstated; Inherent risks for specific accounts particularly cash, PPE, expenditures; Possible controls which need to be tested; Possible risk areas Adequacy of internal control over financial reporting; Risks posed affecting specific financial statements accounts; Agency’s primary functions; Limits of authority Operations flow in relation to internal control Adequacy of internal control; Risks posed affecting financial statements accounts; Risks on assertions related to presentation and disclosure 16. Analysis of information under categories 1 and 2 may assist the audit team in identifying accounts with possible material misstatements. The results of analysis based on categories 1 and 2 information is presented in Illustration 1. Illustration 1. Working Paper on Preliminary data analysis Sample Source Document Issues Amount Involved (in PhP) Real Account Affected Income/Expense Account Affected Assertions Affected Category 1 1. Bank Reconciliation Statements Unrecorded reconciling items, i.e. interest income 500,000.00 2. Notices of disallowance Two NDs considered final and executory were issued NFD/ COE. The disallowance was not yet recorded in the books. 5,000,000.00 27 Cash Receivable; Retained Earnings/ Accumula Interest Income Completeness Accuracy, Completeness Sample Source Document Issues Amount Involved (in PhP) Real Account Affected Income/Expense Account Affected Assertions Affected ted Surplus/ (Deficit) 3. Performance Ten livelihood projects undertaken Audit Report by partner NGOs in 2016 are nonexistent. Funds released to the NGOs cannot be accounted for. 4,500,000.00 Due from NGOs; Cash Accuracy/ Existence Five vehicles cannot be presented and remained unaccounted 1,758,000.00 PPE 4. Cash Examination Report Shortage of ₱10,000,000.00, not yet restituted 10,000,000.00 Cash; Receivable Existence Accuracy Valuation 5. Prior Year’s audit adjustments/ Financial Audit Reports Property and equipment officially turned over to LGUs were still reported under Construction in Progress account 59,000,000.00 Construction in Progress PPE Accuracy Existence Valuation 6. Recommendation Tracking Sheet Misstated accounts remained unadjusted 500,000.00 Inventory Supplies Expense 200,000.00 PPE Depreciation Expense Depreciation expense Accuracy Occurrence Existence Valuation Accuracy Valuation Category 2 1. Internal Audit Reports 2. Project Reports Supply ledger cards were not regularly updated, and preparation and submission of reports on the issuance of supplies to the Accounting Office is delayed by three to six months. Undetermined Inventory Supplies expense Accuracy Valuation The procurement plan of the agency was not reflective of the actual requirements. This resulted in overstocking of slow moving supplies, of which significant amounts were already expired and/or damaged. 500,000.00 Inventory Loss/ spoilage Accuracy Valuation 10 projects were already completed but not yet turned-over to implementing agency 20,000,000.00 CIP PPE Accuracy Valuation 2,000,000.00 CIP PPE Accuracy Valuation Two projects were terminated 28 17. The activities and information that can be gathered under Category 3 are discussed below. a.1 Updating the Understanding of the Agency’s Internal Control System (AICS) a. Internal Control is an integral process that is effected by an agency’s management and personnel, and is designed to address risks and provide reasonable assurance that in pursuit of the agency’s mission, the general objectives are being achieved. b. Internal Control should provide reasonable assurance regarding the achievement of agency’s objectives in the following categories: Effectiveness and efficiency of operations; Reliability of financial reporting; Compliance with applicable laws and regulations; and, Safeguarding of assets. c. The preliminary assessment of the Internal Control System of the agency is based on the five components of the internal control: Control Environment – sets the tone of an organization, influencing the control consciousness of its staff. It is the foundation for all other components of internal control, providing discipline and structure. Risk Assessment – process of identifying and analyzing relevant risks to the achievement of the agency’s objectives and determining the appropriate response. Control Activities – The policies and procedures established to address risks and to achieve the agency’s objectives. The procedures that an organization puts in place to treat risk. Information & Communication – effective processes and systems that identify, capture and report operational, financial and compliance-related information in a form and timeframe that enable people to carry out their responsibilities. Monitoring – the process that assesses the quality of the internal control system’s performance over time. d. The principles of internal control are presented in Table 4. Table 4. Principles of Internal Control Components Control Environment Risk Assessment Principles 1) Management and staff demonstrate personal and professional integrity and ethical values; 2) Management sets the “tone at the top” (i.e. management’s philosophy and operating style); 3) Management establishes an appropriate government organizational structure; 4) Management and staff exhibit commitment to competence; and, 5) Management establishes human resource policies and practices. 6) Management identifies and defines appropriate objectives and risk tolerance in specific and measurable terms; 7) Management identifies, evaluates and assesses agency’s risks; and, 8) Management determines appropriate response to the identified, evaluated, and 29 Components Control Activities Information & Communication Monitoring Principles assessed agency’s risks. 9) Management designs control activities which are appropriate, function consistently according to plan throughout the period, cost effective, comprehensive, reasonable and directly relate to the control objectives and to address risks; 10) Management develops control activities which include a range of diverse policies and procedures; and, 11) Management develops an effective information technology control activities. 12) Management develops and maintains reliable and relevant financial and nonfinancial information; 13) Management communicates information throughout the agency; and, 14) Management communicates information with external parties. 15) Management establishes and operates activities to monitor the internal control system and evaluates the results; and, 16) Monitoring activities ensure that audit findings and recommendations are adequately and promptly resolved. e. An effective internal control system requires that: Each of the five components of internal control are present and functioning. The five components are operating together in an integrated manner. f. For the evaluation of Internal Control Structure, the ALCC template attached as Appendix 2-3 will be used. (Culled from the Internal Control Standards for Philippine Public Sector 2017 (ICSPPS) under COA Resolution No. 2018-007 dated February 1, 2018.) g. Upon the completion of the ALCC template, the generated answers shall be evaluated and the results of the evaluation shall be summarized. The summary of the evaluation shall form part of the preliminary assessment of the Internal Control System. The auditor should be able to identify which areas of internal control activities must be tested as a result of the preliminary evaluation. To guide the auditor in evaluating the critical internal control processes to be tested, the procedures can be designed in the form of a checklist questionnaire. An example of a checklist questionnaire for cash receipts is attached as Appendix 2-3A. h. Test of Internal Control Design (Effectiveness and Operating Effectiveness) In selecting controls to test, key controls must be considered. Important or key controls address the risk of a material misstatement. Testing internal control design determines whether the control is designed in a way that would prevent or detect an error or fraud. In testing internal control design, the auditor should only test those controls that are important to the auditor’s conclusion about whether the controls of the Agency/Unit/Corporation/Project sufficiently address the assessed risk of misstatement to each relevant assertion. There might be more than one control that addresses the assessed risk of misstatement to a particular relevant assertion; conversely, one control might address the assessed risk of misstatement to more than one relevant assertion. It is neither necessary to test all controls 30 related to a relevant assertion nor necessary to test redundant controls, unless redundancy is itself a control objective. The auditor should test the design effectiveness of controls by determining whether the Agency/Unit/Corporation/Project controls satisfy the Agency/Unit/Corporation/Project’s control objectives and can effectively prevent or detect errors or fraud that could result in material misstatements in the financial statements. An example of a control being designed well is a journal entry recording and approval where one person prepares and another one reviews and approves, irrespective of whether they are actually following such rule. The auditor should test the operating effectiveness of a control by determining whether the control is operating as designed and whether the person performing the control possesses the necessary authority and competence to perform the control effectively. In the previous example of journal entry recording and approval, although there are two different individuals preparing, and reviewing and approving the journal entry, the design may not be operating effectively, if the one preparing and/or the one reviewing and approving, or both, do not have the necessary authority and competence to do their respective responsibilities. The Control Design may be tested in the following manner: i. Inquiring – ask appropriate people; ii. Observing – watch them do the operation or do the particular steps; and, iii. Inspecting relevant documents – get a copy of the report, look through the pages or items and the comments that the reviewer made. i. Two types of controls There are two types of controls, preventive controls and detective controls. i. Preventive Controls are designed to discourage errors or irregularities from occurring. Examples of preventive controls are: o Segregation of Duties – Duties are segregated among different people to reduce the risk of error or inappropriate action; o Approvals, Authorizations, and Verifications– Management authorizes employees to perform certain activities and to execute certain transactions within limited parameters; and, o Security of Assets (Preventive and Detective) – Access to equipment, inventories, securities, cash and other assets is restricted; assets are periodically counted and compared to amounts shown on control records. ii. Detective Controls are designed to find errors or irregularities after they have occurred. Examples of detective controls are: 31 o o o o Review of Performance – Management compares information about current performance to budgets, forecasts, prior periods, or other benchmarks to measure the extent to which goals and objectives are being achieved and to identify unexpected results or unusual conditions that require follow-up; Reconciliations – An employee relates different sets of data to one another, identifies and investigates differences, and takes corrective action, when necessary; Physical Inventories – Annual or Semi-annual; Audits – Internal or External j. External Auditor, in this case COA Auditors, can also use the works of Internal Auditors, when they have determined that the internal audit function is likely to be relevant to the audit. The guidance on the use of the works of Internal Auditors and in assessing their objectivity is provided under ISSAI 1610. k. The internal auditor may be presumed to be objective if the following criteria are met and the internal auditor’s function is established by legislation or regulation: The internal auditor is accountable to top management and to those charged with governance; The internal auditor reports the audit results both to top management and those charged with governance; The internal audit unit is located organizationally outside the staff and management function of the unit under audit; The internal auditor is sufficiently removed from political pressure to conduct audits and report observations, opinions, and conclusions objectively without fear of political reprisal; The top management permits internal auditors to audit operations for which they have previously been responsible for to avoid any perceived conflict of interest; and, The internal auditor has access to those charged with governance.1 l. Irrespective of the degree of autonomy and objectivity of the internal audit function, such function is not independent of the entity as required of the external auditor when expressing an opinion on financial statements. The external auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by the external auditor’s use of the work of the internal auditors. a.2 Testing Compliance with the General Accounting Plan (GAP) The GAP shows the overall accounting system of the agency/unit including the standard source documents, the flow of transactions and recording in the books of accounts, and their conversion into financial information/data presented in the financial reports. The general flow of transaction as well as the possible source documents, books of accounts and monitoring reports generally required by affected accounts using the GAM for national government agencies as guide, is illustrated in Appendix 2-4. 1 (Nzechukwu, 2016, p. 546) 32 The actual flow of transactions of a particular subsystem as well as the existence of the documents and books of accounts can be established through a walkthrough analysis using sample transactions pertaining to the subsystem being analyzed. The Auditors are advised to prepare the GAP indicating only the specific source documents and reports by account applicable to their respective agencies which should be used in the walkthrough analysis. To illustrate, the fund transfer process is tested based on the standard documents flow identified in the GAM using, five journal vouchers for fund transfers of various types. The results show the need for the Chief Accountant to clarify why certain activities and forms were not used. There is also a need to establish the officials authorized to approve the fund transfers, among others. The walkthrough analysis of the fund transfers process is shown below: Illustration 2. Walkthrough Analysis for Source Agency – Fund Transfer Account Type of document/ report Source Document Specific document examined MOA, DV, ADA Summarizing None report Basis of JEV Recording Books of Original Entry CkDJ, ADADJ Subsidiary Ledger Book of Final Entry By nature/IA Monitoring Reports Aging Schedules, Unliquidated Fund Transfers GL JEV 012016-01-24 JEV 012016-03-67 DV and letter requests dtd. Jan. 23, 2016 DV and MOA dtd. Mar. 12, 2016 none none Walkthrough analysis performed JEV 01JEV 01JEV 012016-082016-102016-06-250 359 450 DV dtd. DV and DV and Sept. 9, letter from MOA 2016 Senator Aug. 3, Tralala 2016 dtd. Aug. 25, 2016 none none none JEV, approved by Chief accountant CkDJ dtd. Jan. 21-23, 2016 JEV, approved by Fin. Officer CkDJ dtd. Mar. 31, 2016 JEV, approved by Chief accountant CkDJ dtd. Sept. 9, 2016 Due from NGOs GL dtd. Jan. 31, 2016 none none none GL dtd. Mar. 31, 2016 none GL dtd. Sept. 30, 2016 none Remarks Three transactions were not covered by MOA, two were not reflected in the SL, while two others were misposted. Aging schedule was not also prepared. There is a need to inquire JEV, JEV, why transactions approved approved were authorized and by Dept. by Chief approved despite Head Accountant insufficient CkDJ dtd. CkDJ dtd. documentation and Aug. 25, Aug. 31, approved by different 2016 2016 approving officers. There is also a need to assess compliance Other Due from with existing rules receivables LGU and regulations GL dtd. GL dtd. governing fund Aug. 31, Aug. 31, transfer. 2016 2016 none none a.3 Financial Statements Analysis There are two types of financial analysis that can be applied by the Auditor. a. One is variance analysis where the Auditor can compare the latest set of FS and the corresponding period of the preceding year's FS balances. The results of the analysis will provide an initial indication about whether a risk of material misstatement exists. An example of variance analysis is presented in Appendix 2-5. 33 b. Another form of FS analysis is a tie-in analysis. The Auditor compares the figures of the accounts or group of accounts or contra accounts in the FS and reported in the Notes to FS. A tie-in analysis will show whether the figures presented and disclosed are reliable and properly presented. i. Figures of accounts in the SFPos are compared against those reported in other statements and in the Notes to FS. For instance, the Cash balance of the SFPos should agree with the ending balance figure of the SCF and Notes to FS. Differences indicate mathematical errors or omissions. ii. The amount reflected in the budget and actual amounts columns in the SCBAA should match the figures reflected in the various registries maintained and financial accountability reports prepared by the Budget Division/Unit. iii. The Auditors should have a good knowledge of the chart of accounts, account description, contra-accounts, accounts that shall no longer be appearing in the year end SFPos such as Cash-MDS, Regular, and accounts that are for exclusive use of a particular agency or groups of agencies to be able to perform extensive tie-in-analysis of accounts within a specific financial statements, and between and among financial statements. b. Assessing Other Matters for Consideration b.1. Understanding Fraud Risks 18. Misstatements in the FS can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatements of the FS is intentional or unintentional. 19. Although fraud is a broad legal concept, the auditor is concerned with fraud that causes a material misstatement in the FS. Two types of intentional misstatements are relevant to the auditor; misstatements resulting from fraudulent financial reporting and misstatements resulting from misappropriation of assets. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred. 20. The Auditor, though, should obtain evidence on management processes of addressing fraud risks from identification to responding and to monitoring compliance with management processes by those charged with governance. 21. The following are examples of circumstances that may indicate the possibility that the FS may contain a material misstatement resulting from fraud. a. Discrepancies in the accounting records, including: i. Transactions that are not recorded in a complete or timely manner or are improperly recorded as to amount, accounting period, classification or entity policy; ii. Unsupported or unauthorized balances or transactions; iii. Last-minute adjustments that significantly affect financial results; 34 iv. Evidence of employees’ access to systems and records inconsistent with that necessary to perform their authorized duties; and, v. Tips or complaints to the auditor about alleged fraud. b. Conflicting or missing evidence, including: i. Missing documents; ii. Documents that appear to have been altered; iii. Unavailability of documents other than photocopied or electronically transmitted documents when documents in original form are expected to exist; iv. Significant unexplained items or reconciliations; v. Unusual balance sheet changes, or changes in trends or important FS ratios or relationships – for example, receivables growing faster than revenues; vi. Inconsistent, vague, or implausible responses from management or employees arising from inquiries or analytical procedures; vii. Unusual discrepancies between the entity’s records and confirmation replies; viii. Large number of credit entries and other adjustments made to accounts receivable records. ix. Unexplained or inadequately explained differences between the accounts receivable subledger and the control account, or between the customer statements and the accounts receivable sub-ledger; and, x. Missing or non-existent cancelled checks in circumstances where cancelled checks are ordinarily returned to the entity with the bank statement. 22. The Auditor should be guided with the requirements under ISSAI 1240 in relation to fraud in the audit of financial statements. b.2. Understanding Risks from Non-compliance with Laws, Rules and Regulations 23. Non-compliance by the entity with laws and regulations may result in a material misstatement of the FS. Detection of non-compliance, regardless of materiality, may affect other aspects of the audit including, for example, the auditor’s consideration of the integrity of management or employees. 24. Transactions which are non-compliant with existing laws and regulations are considered illegal and irregular and, thus, disallowed in audit as required under existing COA regulations. Notices of Disallowance issued to entities for non-compliance with laws, rules and regulations are not yet taken up in the books until a Notice of Finality of Decision has been issued in accordance with Rules and Regulations on Settlement of Accounts. There is a financial error or misstatement in the event that the management failed to record disallowances which are final and executory. 25. The Auditor should be guided with the requirements under ISSAI 1250 in their consideration of compliance with laws and regulations. Furthermore, where there are specific statutory reporting requirements, it may be necessary for the audit plan to include appropriate tests for compliance with these provisions of the laws and regulations. 26. As discussed in ISSAI 1250, non-compliance shall be reported in the Auditor’s Report on the Financial Statements in the following manner: 35 a. If the auditor concludes that the non-compliance has a material effect on the FS, and has not been adequately reflected in the FS, the auditor shall, in accordance with ISSAI 1705, express a qualified opinion or an adverse opinion on the FS. b. If the auditor is precluded by management or those charged with governance from obtaining sufficient appropriate audit evidence to evaluate whether non-compliance that may be material to the FS has or is likely to have occurred, the auditor shall express a qualified opinion or disclaim an opinion on the FS on the basis of a limitation on the scope of the audit in accordance with ISSAI 1705. c. If the auditor is unable to determine whether non-compliance has occurred because of limitations imposed by the circumstances rather than by management or those charged with governance, the auditor shall evaluate the effect on the auditor’s opinion in accordance with ISSAI 1705. c. Assessing Related Parties 27. Related Parties pertain to (i) persons or other entities that have control or significant influence, directly or indirectly through one or more intermediaries, over the reporting entity, (ii) entities over which the reporting entity has control or significant influence, directly or indirectly through one or more intermediaries, and (iii) other entities under common control with the reporting entity through having common controlling ownership and common key management. 28. Entities that are under common control by a state, (that is, a national, regional or local government) are not considered as related unless they engage in significant transactions or share resources to a significant extent with one another. (par. 10, ISSAI 1550) 29. The objectives of assessing related parties is to obtain an understanding of related party relationships and transactions sufficient to be able: a. To recognize fraud risk factors, if any, arising from related party relationships and transactions that are relevant to the identification and assessment of the risks of material misstatement due to fraud; and, b. To conclude, based on the audit evidence obtained, whether the FS, insofar as they are affected by those relationships and transactions: i. Achieve fair presentation (for fair presentation frameworks); or ii. Are not misleading (for compliance frameworks) C. Summarizing the Results of Preliminary Identification of Risks 30. In summarizing the information gathered, focus is on conditions which will facilitate identification of risk of misstatements due to errors or fraud on the FS as a whole or to specific accounts at the assertion level during the risk assessment process. 31. Appendix 2 of ISSAI 1315 lists conditions and events that may indicate risks of material misstatements. As emphasized below, these are only examples and should not be considered as a complete listing. Information gathered at this point may relate to some of these conditions/events: 36 Table 5. Examples of conditions and events that may indicate risks of material misstatements Conditions and Events that May Indicate Risks of Material Misstatement Listed below are examples of conditions that may indicate the existence of risks of material misstatement in the financial statements. The examples provided cover a broad range of conditions and events; however, not all conditions and events are relevant to every audit engagement and the list of examples is not necessarily complete. Constraints on the availability of capital and credit Changes in the supply chain Expanding into new locations Changes in the entity such as large acquisitions or reorganizations or other unusual events Existence of complex alliances and joint ventures Use of off balance sheet finance, special-purpose entities, and other complex financing arrangements such as buildoperate-transfer, etc. Significant transactions with related parties Lack of personnel with appropriate accounting and financial reporting skills Changes in key personnel including departure of key executives Deficiencies in internal control, especially those not addressed by management Incentives for management and employees to engage in fraudulent financial reporting Changes in the IT environment Installation of significant new IT systems related to financial reporting Congressional, investigative bodies or COA inquiries into the entity’s operations or financial results by regulatory or government bodies Past misstatements, history of errors or a significant amount of adjustments at period end Significant amount of non-routine or non-systematic transactions including intercompany transactions and large revenue transactions at period end Transactions that are recorded based on management’s intent, for example, debt refinancing, assets to be sold and classification of marketable securities Application of new accounting pronouncements Accounting measurements that involve complex processes Omission, or obscuring, of significant information in disclosures Pending litigation and contingent liabilities, for example, claims and lawsuits 32. For ease in analysis, the potential misstatements may be grouped into three categories considering the following assertions: Table 6. Assertions in considering misstatements Category Transaction level assertions Assertion Occurrence Completeness Accuracy Cutoff Classification Account balance assertions Existence Rights and obligations Completeness Condition All recorded transactions and events actually took place. All transactions and events that should be recorded have been recorded. Full amounts of all transactions and events were recorded without error. All transactions and events were recorded within the correct reporting period. All transactions have been recorded in the correct accounts in the general ledger. All account balances exists for assets, liabilities, and equity. The entity holds or controls the rights to assets, and liabilities are the obligations of the entity. All reported asset, liability, and equity balances have been fully reported. 37 Category Assertion Accuracy, valuation and allocation Classification Presentation and Other disclosures Presentation Understandability Accuracy Completeness Rights and obligations Occurrence Condition Assets, liabilities, and equity interests have been included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments have been appropriately recorded. Assets, liabilities and equity interests have been recorded in the proper accounts. For account balances, assets, liabilities and equity interests are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework. For transactions and events, they are appropriately aggregated or disaggregated and clearly described, and related disclosures are relevant and understandable in the context of the requirements of the applicable financial reporting framework. The information included in the financial statements has been appropriately presented and is clearly understandable. All information disclosed is in the correct amounts, and which reflect their proper values. All transactions that should be disclosed have been disclosed Disclosed rights and obligations actually relate to the reporting entity. Disclosed transactions have indeed occurred. 33. The preliminary assessment should also include account/s covered by Specific Audit Instructions issued by the concerned Supervising Auditor. The results of the preliminary assessment will be summarized to include the FS accounts affected; possible risk identified from the information gathered and the type of risk in terms of assertion. Additional information required to firm up the assessments should also be indicated so that the necessary documents or appointments for interviews with officials concerned are obtained. A sample Summary Report on the Preliminary Identification of Risks and other matters is attached as Appendix 2-6. 34. The SRPIR becomes the initial basis for conducting further risk assessment and updating the overall audit strategy. Materiality considerations will be discussed as part of the conduct of final risk assessment. III. Conducting Final Risk Assessment A. Determining the Materiality Thresholds 35. Materiality threshold pertains to the amount of materiality set as benchmark to evaluate the significance of misstatements or omissions noted during audit. 36. ISSAI 1320 explains that misstatements and omissions are considered to be material if they, individually or in aggregate, could reasonably be expected to influence the economic decisions of users of the FS. The users are considered as a group of users of FS rather than as individual users. 38 37. The concept of materiality is applied both in planning and performing the audit, and also in evaluating the effect of identified misstatement in the FS. It is also based on the concept that items of little importance do not require to be audited since these will not affect the judgment or action of a reasonable FS user. While materiality is primarily based on the auditor’s professional judgment, such judgment should consider both qualitative and quantitative aspects to reduce the risk of audit decisions which are either overly liberal or conservative. 38. Items of little importance are considered trivial. Clearly trivial as mentioned in ISSAI 1450, par. A2 does not mean “not material.” Misstatements that are clearly trivial will be of wholly different (smaller) order of magnitude, or of a wholly different nature than those that would be determined to be material, and will be misstatements that are clearly inconsequential, whether taken individually or in the aggregate and whether judged by any criteria of size, nature or circumstances. 39. ISSAI 1320 describes qualitative considerations specific to determining materiality levels in the public sector: When determining whether a particular class of transactions, account balance, disclosure, or other assertion which is part of the financial reporting framework, is material by virtue of its nature, public sector auditors take into account qualitative aspects such as: a) The context in which the matter appears; for example, if the matter is also subject to compliance with authorities, legislation or regulations, or if law or regulation prohibits overspending of public funds, regardless of the amounts involved; b) The needs of the various stakeholders and how they use the financial statements; c) The nature of the transactions that are considered sensitive to users of the financial statements; d) Public expectations and public interest, including emphasis placed on the particular matter by relevant committees in the legislature, such as a public accounts committee, including the necessity of certain disclosures; e) The need for legislative oversight and regulation in a particular area; and f) The need for openness and transparency; for example, if there are particular disclosure requirements for frauds or other losses. 40. Quantitative materiality thresholds or the maximum errors are established at three levels: a. Overall materiality (for the FS as a whole) is an amount set to establish whether or not the financial statements can be regarded as materially misstated. Misstated, individually or in aggregate, above this threshold is considered significant enough to influence the decision of users and thus, considered the FS materially misstated. This can be changed during the audit depending on the information received by the Auditor. This is used to determine the level of performance materiality and specific materiality. b. Performance materiality is the amount set at less than the overall materiality to lower the risk of not being able to detect uncorrected and undetected misstatements which in the aggregate, may be considered material for the overall financial statements. Some known advantages of setting performance materiality include: i. ii. Providing some assurance that the undetected and uncorrected misstatements will not accumulate to reach an amount that would cause the FS to be materially misstated; Serving as a guide to the Auditor to require adjustment in the FS, aggregate errors reaching this amount; 39 iii. iv. Assessing the risks of material misstatement and determining the nature, testing and extent of further audit procedures; and Serving as the assertion testing level/threshold to identify high value items or as sampling interval when selecting items for testing or calculating sample size. The audit has to cover all items or transactions or accounts above the value set as performance materiality. c. Specific materiality refers to the amount or amounts set at less than overall materiality for particular classes of transactions, account balance or disclosures which may reasonably be expected to influence the economic decisions of users taken on the basis of FS. Specific Materiality could relate to sensitive areas such as particular note disclosures (that is, management remuneration or entity key-specific data), compliance with legislation or certain terms in a contract, or transactions upon which remunerations are based. It could also relate to the nature of a potential misstatement such as an illegal act, non-compliance with loan covenants and statutory/regulatory reporting requirements. Some of the disclosures that would normally be subject to a Specific Materiality level are: i. ii. iii. iv. Related party transactions and balances; Significant management estimates or valuations; Non-compliance with legislation or terms in a contract; Significant events and important changes in operations (e.g., expansion or discontinued operations, new services); v. Significant accounting policies or changes in accounting policies; and, vi. Sensitive income and expense accounts such as management fees and research and development costs. 41. The Audit Team Leader shall determine the materiality thresholds particular to the audited entity, subject to the review of the Supervising Auditor and to the approval of the Cluster/Regional Director concerned. 42. In an audit of the financial statements of stand-alone agencies (not a component/regional/head office), the Audit Team Leader shall determine and use the overall materiality, performance materiality, specific materiality (if applicable), and testing threshold throughout the audit. 43. In an audit of a consolidated/combined FS of groups with components or agencies with regional offices: i. The Audit Team Leaders in the head/component/regional office preparing ML/ SAOR (whichever may be applicable) shall determine and compute the overall materiality, performance materiality, specific materiality and testing threshold using their respective FS. In case of separate FS for each type of fund (e.g., General Fund, Special Education Fund, Trust Fund), the auditor shall compute materiality thresholds using the specific FS for each fund. ii. The Supervising Auditor (head of audit group) preparing the CAAR and issuing the IAR shall determine the overall materiality, performance materiality, specific materiality and testing threshold (if applicable) based on the consolidated/combined financial information of the whole group/agency. The computed overall materiality will be used in determining whether the 40 consolidated/combined FS is misstated or not, and in determining the type of audit opinion to be issued on the consolidated/combined FS. 44. Calculating materiality is established through these steps: a. selecting an appropriate benchmark; b. identifying appropriate financial data for the selected benchmark; and, c. calculating materiality based on established percentages. Step 1. Selecting an Appropriate Benchmark 45. Among the factors that may affect the identification of an appropriate benchmark include the elements of the FS (for example, assets, liabilities, equity, revenue, expenses). 46. ISSAI 1320 (A9) notes that in an audit of public sector entity, the total cost or net cost (expenses less revenues or expenditures less receipts) may be appropriate benchmarks for program activities. Where a public sector has custody of public assets, these may be the appropriate benchmark. There are no hard and fast rules for determining whether an agency is to be considered as asset or expenditure driven. However, the following may facilitate in identifying where the agency is driven: a. The agency mandate and even the targeted outputs will determine the appropriate benchmark. For instance, if outputs are identified in terms of physical assets such as number of buildings, kilometers of roads among others, then it must be asset driven. If outputs are in terms of number of workshops, number of trainings, number of services rendered, then it must be expenditure driven. b. If the agency’s targets are both in terms of physical assets and expenditures, the auditor may consider the mandate or major activity of the agency, whether assets acquisition or expenditures. 47. The ATL shall determine the benchmark to be used, either total expenditures or total assets or total revenues, subject to the review of the SA/RSA and approval of the CD/RD. This benchmark shall be consistent yearly unless the agency’s mandate is changed. Step 2. Identifying Appropriate Financial Data for the Selected Benchmark 48. The benchmark figures shall be based on the unaudited FS for the current year-end unless the same is not available. In such case, the audited FS figures for the past year-end is used to be adjusted upon availability of the current year-end unadjusted FS. 49. If the base is asset, the total assets of the latest year-end SFPos available is used. 50. If the base is expenditure or revenue, the reported total expenditure or revenues of the latest yearend SFPer is used. Step 3. Calculating Materiality Based on Established Percentages 41 51. The levels of materiality thresholds are set and applied in the following manner, unless a different materiality benchmark/computation is required thru the issuance of a materiality circular or guidelines: a. b. c. The overall materiality shall be set at 1 percent of the total selected benchmark. The performance materiality shall be set at 50 percent of the overall materiality. Testing threshold for high value items shall be set at 25 percent of performance materiality. The specific materiality shall be set at 0.20 percent for the chosen class of transactions, account balances or disclosures. 52. The percentage set for overall materiality can be increased up to 2 percent upon the recommendation of the SA/RSA and approval by the CD/RD. The decision to change the rate shall be based on assessment that the entity has a strong internal control and has implemented audit recommendations to address misstatements and ensure reliability of FS. 53. The performance materiality and specific materiality can be decreased upon the recommendation of the SA/RSA and approval by the CD/RD. 54. To illustrate how these levels are computed, the following financial information based on the latest FS are used as sample: Illustration 3. Sample Financial Information (Name of Agency) Year ended December 31, 20xx (In billion ₱) 1.380 0.520 0.860 0.001 1.350 Account Asset Liabilities Equity Revenue Expenses 55. The materiality level set using the financial information is calculated as: Illustration 4. Sample Materiality Computation Table Materiality Computation Template Agency Objective Users of financial statements Asset or expenditure driven Financial data used Overall materiality Performance materiality Specific materiality Testing Threshold for HVI (Name of Agency/Unit/Corporation/Project) Improved urban environment through capacity building and construction of structure Agency; Legislative Bodies; Oversight Bodies; COA; Public Expenditure driven Statement of Income for 20xx 1% of ₱1.350 billion = ₱13.500 million 50% of ₱13.500 million = ₱6.750 million 0.20% of ₱810.000 million = ₱1.620 million (Repairs and Maintenance Expenses) 25% of ₱6.750 million = ₱1.687 million Note: Repairs and Maintenance Expenses – ₱810.000 million 42 56. The template for determining materiality level is attached as Appendix 2-7. The same Appendix should be used in case of changes in the original calculation where the actual results using the final financial statements are substantially different from the preliminary FS used as a basis for original calculation. B. Assessing Risks and Determining Risk Responses 57. The steps are broken into: (a) performing risk assessment; and (b) determining risk responses. a. Performing Risk Assessment 58. As discussed in the preliminary risk assessment, the SRPIR becomes the initial basis for further risk assessment. The Auditor shall conduct final risk assessment on each of the relevant assertions in the SRPIR. 59. Risk assessment involves the identification of sources of risk and assessment as to whether information obtained could result in a material misstatement in the financial statements. Risk of material misstatement at the assertion level (risk that the financial statements are materially misstated prior to audit) consists of inherent risks and control risks which were discussed earlier. (ISSAI 1003) 60. The following are examples of risks that the entity may encounter: Table 7. Examples of Risks Inherent risks Inexperienced or not properly trained accounting staff Officers not aware of their responsibilities Non-preparation of monitoring reports Non-existent bank accounts Undocumented or not sufficiently documented transactions and/or unliquidated fund transfers Control Risks Non-preparation of bank reconciliation Use of funds for purposes other than the intended purposes or for personal purposes Unreconciled accounts Failure to recognize properties transferred to other agencies or work-in progress already completed Delay in recording transactions such as liquidation reports, issuances of supplies and failure to recognize book reconciling items 61. The Auditors should, however, not limit their evaluation on the risks identified during Preliminary Assessment as there could be intervening events or circumstances that may need equal attention. This include material items in the FS even if initially, they have no risk as these should eventually be included in the audit plan. 62. The ISSAI Implementation Handbook – Financial Audit relative to ISSAI 1315 enumerates the steps involved in a risk assessment as: a. b. c. d. e. f. Inherent risk identification; Inherent risk assessment; Identification of significant risk; Understanding internal control; Evaluating internal control design and implementation of internal controls; and, Final risk assessment. 43 Step 1. Inherent Risk Identification 63. There are two major classifications of inherent risk: agency risk and fraud risk. Agency risk results from significant conditions, events, circumstances, actions that could adversely affect the entity’s ability to achieve its objectives and exercise its strategies. Fraud risk is related to events or conditions that indicate an incentive or pressure to commit fraud. 64. For identifying risks, the auditor considers: factors like the nature of the operation, accounting policies, agency objectives and strategies and financial implications, review of financial performance, relevant controls to mitigate risks at the agency and transactional levels, and laws and rules applicable for the audited entity. Step 2. Inherent Risk Assessment 65. The Auditor needs to assess the identified risks and determine their importance for the audit of the financial statements before considering any internal control that might mitigate such risks. Risk assessment involves consideration of two attributes about inherent risks: (i) the likelihood of a misstatement occurring as a result of the risk with the probability rated as high, moderate or low.; (ii) the magnitude (monetary impact) if the risk would occur. 66. The auditor should gather information from the concerned management officials about their risk assessment process and as to how risks are identified and managed. The SRPIR (Appendix 2-6) may be updated as the need arises or when additional information is obtained. 67. Significant risks or pervasive risks affecting the FS as a whole are segregated. These risks will be considered in all the financial statements accounts. In the case of inherent risks on FS accounts, these are sorted by FS account and summarized to reflect the final conditions and assertions identified. Step 3. Identification of Significant Risks 68. A significant risk is where the assessed risk of material misstatement is so high that in the auditor’s judgment, it will require special audit consideration as in these cases: a. b. c. d. e. large non-routine transactions; matters requiring judgment or management intervention such as changes in accounting impairment policies; error or fraud is high; non-compliance with laws and regulations; or, unreliable internal control. 69. For significant risks, the auditor should: evaluate internal control over these risks, such as control activities and indirect (pervasive) internal controls; design an audit response to obtain audit evidence with high reliability including tests of controls and substantive procedures. Substantive analytical procedures alone are not sufficient and are not considered as an appropriate response. 70. Significant risks will include unqualified accounting staff; lack of values formations training, accounting and procurement training of concerned staff; fraudulent project transactions; non-routine large 44 transactions; and non-compliance with laws and regulations. These risks are considered in all of the accounts affected, usually all FS accounts. Step 4. Understanding Internal Control 71. Since not all control activities are relevant to the audit, an understanding of the controls related to the risk of misstatement is necessary to ensure that the relevant control is identified. This is initially undertaken during the preliminary risk identification (Appendices 2-2 to 2-6 for initial assessment). Only controls related to the risk of material misstatement should be identified. 72. Based on the understanding of control activities and the determination as to whether they are likely to achieve the control objectives, the auditor reassesses control risk to decide whether to test controls. Step 5. Evaluation of Internal Control Design and Implementation of Internal Controls 73. This means that significant risks are identified as to whether they are pervasive or specific; controls are identified to mitigate them; and controls are tested, observed or inspected to ensure that these are implemented and functioning. 74. Significant risks are considered pervasive if these are not confined to specific elements, accounts or items of the financial statements. If so confined, the affected account represents or could represent a substantial proportion of the financial statements. The level of control risks is assessed as to high, moderate or low based on the results of tests. (Appendices 2-2 to 2-6 for initial assessment) 75. The operating effectiveness of internal control design can be tested in the following manner, among others: a. b. c. d. e. f. Identifying appropriate controls to be tested. Deciding on the appropriate testing technique. Determining the appropriate documents to be tested. Determining the level of test (period to be covered, representative sample, extent). Examining evidence/documents to determine whether controls have been properly implemented. Summarizing and documenting the results of evaluation. Step 6. Final Risk Assessment 76. The final step in the risk assessment phase of the audit is to review the results of the risk assessment procedures performed, and assess the risks of material misstatements at the FS level and the assertion level for classes of transactions and disclosures guided by the Risk Decision Table. b. Determining Risk Responses 77. Responses to the results of the risk assessment are based on the decision model setting the nature of audit procedure/s and extent of audit to be performed given the results of a risk assessment and 45 depending on the level of risk of material misstatement established for specific audit objectives, accounts and assertions. 78. To summarize, the risk responses to be adopted may be: a. When both inherent and control risks are low, the overall RMM is also low. Hence, further testing of controls is performed to firm up the audit conclusion reached together with a low level of substantive tests. b. When the inherent risk is low but the control risk is moderate, a low overall RMM is established. Hence, the extent of tests of controls is moderate with a low level of substantive tests. c. When inherent risk is low but control risk is high, the RMM is moderate. As such, there is no need to perform tests of controls as these cannot be relied on anyway. Since inherent risk is low, a moderate level of substantive tests is required. d. When inherent risk is moderate and control risk is low, the RMM is low. More tests of controls are performed to firm up the audit conclusion, with a low level of substantive tests. e. When both inherent and control risks are moderate, the RMM is also moderate. Hence, the levels of tests of controls and substantive tests to be performed are also moderate. f. When inherent risk is moderate and control risk is high, the RMM is high. Hence no reliance is placed on controls meaning, no tests of controls are necessary. A high level of substantive tests is however needed. g. When inherent risk is high and control risk is low, the RMM is moderate. Hence a high reliance is placed on tests of controls and a moderate level of substantive tests is required. h. When inherent risk is high and control risk is moderate, RMM is high. No reliance is placed on control hence no need to test controls but a high level of substantive tests is required. i. When both inherent and control risks are high, RMM is high. No reliance is placed on control hence no need to test controls but a high level of substantive tests is required. 79. These risk responses are summarized in the Risk Decision Table presented in Table 8. Table 8. Risk Decision Table IR Low Moderate High CR Low Moderate High Low Moderate High Low Moderate High RMM (IR + CR) Low Low Moderate Low Moderate High Moderate High High Preliminary Audit Strategy High reliance on controls and a low level of substantive tests. Moderate reliance on controls and a low level of substantive tests. No reliance on controls and a moderate level of substantive tests. High reliance on controls and a low level of substantive tests. Moderate reliance on controls and a moderate level of substantive tests. No reliance on controls and a high level of substantive tests. High reliance on controls and a moderate level of substantive tests. No reliance on controls and a high level of substantive tests. No reliance on controls and a high level of substantive tests. 80. Following the risk decision table, tests of controls are performed when control risks are low to moderate. No tests of controls are needed when control risk is high because there is no point testing controls which are absent or cannot be relied upon. 81. The result of the test of controls will determine the nature, extent and timing (net) of the substantive tests that will be performed. Substantive tests are procedures performed by the auditor to detect material misstatement or fraud related to transactions or account balances. 46 82. The resulting test of assessed risks will form the foundation for the next audit phase which is to determine how to respond to the assessed risks through the design of audit procedures. The results of risk assessment at the assertion level is illustrated in Appendix 2-8. A duly filled out sample of Appendix 2-8 is attached as Appendix 2-8A for guidance. IV. Preparing the Audit Engagement Plan 83. The fundamental elements in preparing the audit engagement plan are: (a) updating the overall audit strategy; (b) preparing the audit program; and (c) preparing the engagement planning memorandum. A. Updating the Overall Audit Strategy 84. The overall audit strategy prepared during the preliminary risk assessment need to be updated to consider the results of final risk assessments. 85. ISSAI 1450 requires the auditor to revise the overall audit strategy if: (a) the nature of identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that, when aggregated with misstatements accumulated during the audit, could be material; or (b) the aggregate misstatements accumulated during the audit, approaches the materiality level determined in accordance with ISSAI 1320. 86. The overall audit strategy for COA purposes should consider the key activities from the Risk Assessment Process to the Reporting Phase. Moreover, there are audit activities or requirements which no longer form part of the risk assessment process but must be included in the Strategy. These pertain to, among others: a. Special considerations: Related Parties; Litigation and Claims; Segment Reporting and Subsequent Events with procedures discussed in Section 3, Execution Phase; b. Other accounts determined falling within the performance materiality level not covered in the risk assessment; c. In the case of nationwide audits, the Strategy should consider synchronization of timelines for group planning, execution and reporting; setting materiality thresholds in a uniform manner; scheduling of audit inspections; confirmations from external parties, among others. B. Preparing the Audit Program 87. An audit program contains the audit procedures to be performed for a specific audit objective for the financial account and the risks identified by assertion. Audit Program for each audit areas included in the overall audit strategy should be prepared. 88. The audit program saves time and labor; increases efficiency; controls the work performed; maintains uniformity and continuity; identifies responsibilities; helps to maintain continuity; and, facilitates presentation of evidence. 89. The auditor may use standard audit programs relevant to the risks identified or to the audit areas. An audit program template is provided as Appendix 2-9. 47 C. Preparing the Engagement Planning Memorandum 90. The final activity of the Planning Phase is preparing the EPM. As a planning tool, EPM sets out the objectives of the audit and spells out how the auditor aims to achieve these objectives. As a supervision and monitoring tool, it tracks the progress of the audit and promotes high quality and professional audit work. 91. This Memorandum contains the following: Part 1 – Audit Coverage, Objective and Methodology a. Audit Scope/coverage- should be clearly described; b. Audit objectives -should be clearly defined; and, c. Audit methodology- should be clearly established supported with audit programs. Part 2 - Significant contents of the Overall Audit Strategy A brief narration of the major activities to be performed supported by the final overall audit strategy updated brought about by new conditions, unforeseen events, or audit evidence obtained from the results of audit procedures which includes the following, among others: a. Materiality thresholds; b. The number of staff to conduct the audit; c. The major timelines: entrance conference, exit conference, securing management representation letter, audit report issuance; d. Coordination activities relative to a nationwide audit; e. Inspections to be conducted; and, f. External confirmations to be performed. Part 3 – Summary of major accounts and assertions for audit considerations a. Accounts and Assertions with high risks of material misstatements and significant risks identified in the final risk assessment template. (Appendix 2-8) b. Other Material Accounts (OMA) refer to financial statement accounts above or equal to the performance materiality but were not considered as significant based on the results of the Final Risk Assessment. c. Special Considerations: Related Parties, Litigation and Claims, Segment Reporting and Subsequent Events Part 4 – Audit Program (Appendix 2-9) 92. The EPM serves as the “blueprint” of the financial audit after the Planning Phase and contains the detailed audit procedures to be performed in response to the results of the risk assessment and the procedures for audit areas which no longer had to pass through a risk process but are required to be performed. It must be prepared by the Audit Team Leader, reviewed by the SA/RSA and approved by the CD/RD. Template of EPM (Appendix 2-10) and other related appendices are attached to elaborate on certain facts as considered necessary. 48 Appendix 2-1. Overall Audit Strategy (SECTOR) (CLUSTER) - Agency XYZ OVERALL AUDIT STRATEGY Audit Team/Address ________________________________________________________________________________________ Prepared by ___________________________________________________________ Reviewed by __________________________________________________________ Approved by __________________________________________________________ Date Prepared _____________________ Date Reviewed _____________________ Date Approved ____________________ A. Introduction A.1. Background State the COA Office Order on the creation and composition of the audit team. B. Audit Scope and Period Covered Financial audit of CY 2017 Financial Statements C. Significant Milestones Phase Activities A. PLANNING 1 Conduct initial risk assessment based on available data and additional documents requested from management: a. Initial analysis of available documents/reports b. Initial variance and tie in analysis (latest available TB of the Current Year) c. Initial indication of Misstatements d. Updated UTA Template e. Updated General Accounting Plan f. Updated Agency-level Control Checklist g. Validation of implementation of prior year's audit recommendations 2 Establish materiality threshold. WP Ref. Expected Output Summary Report on the Preliminary Identification of Risks Materiality Template 49 Person Responsible M J J Target Date to Accomplish 2017 2018 A S O N D J F M A Remarks Phase Activities 3 Update risk assessment based on the additional information, data and reports. (Including testing of control for significant inherent risk and establishing the overall audit risk). Prepare summary of risk assessment by account and by assertion. 4 Identify other audit activities not covered in the risk assessment (Segment reporting, litigation and claims, related parties, subsequent event, accounting estimates and analysis of accounts, etc.) 5 Updating overall audit strategy (OAS) 6 Prepare Audit Engagement Planning Memorandum including audit program by account/by assertion/ by special considerations (ISSAI 1800) 7 Approve Audit Engagement Planning Memorandum. 8 Issue Specific Audit Instructions to the audit team for the execution of the audit plan. B. EXECUTION 1 2 3 4 5 6 7 Conduct the audit based on the approved Audit Engagement Planning Memorandum and the attached Audit Program Issue AOM, ND, NS, NC, Audit Memorandum, as the need arises Perform final financial statements variance and tie-in analysis. Review financial statements and corresponding Notes to FS to ensure compliance to presentation and disclosure requirements by ISSAIs. Prepare summary of proposed audit adjustments and evaluate effects in the audit opinion Prepare Summary of Audit Observations and Recommendations Follow-up of the Agency Action Plan WP Ref. Expected Output Results of Risk Assessment at the Assertion Level Summary of other audit activities Updated OAS Approved Engagement Planning Memorandum supported with Audit Program by account/assertions/special considerations Specific Audit Instructions Working Papers by account AOM, NS, ND, NC, AM WP on Financial Analysis Summary of notes for review Summary of proposed audit adjustments Summary of Audit Observations and Recommendations Agency Action Plan 50 Person Responsible M J J Target Date to Accomplish 2017 2018 A S O N D J F M A Remarks Phase Activities 8 Prepare the recommendation tracking sheet indicating the control number and deadline for implementation 9 Conduct exit conference C. REPORTING 1 2 3 4 5 6 7 Secure Management Representation Letter which is dated near the date of the audit report Draft the annual audit report including section on the results of internal control review Submit draft report to the supervisor for review Submit draft report to the Director for review Finalize AAR and sign the IAR Transmit the audit report to the management Wrap-up, organization and archiving of working papers D. Quality Control Review 1 Accomplish compliance completion checklist supported by audit working papers 2 Send the Auditee Feedback Sheet to Agency for accomplishment 3 Accomplish the Director’s Evaluation Form 4 Rate Management Performance WP Ref. Expected Output Recommendation Tracking Sheet Minutes of exit conference Management Representation Letter Draft AAR Draft Report Final AAR and signed IAR Duly received Transmittal Letter Duly indexed Working Papers Compliance completion checklist Auditee Feedback Sheet Director’s Evaluation Form Financial Management Performance Rating Note: Highlight the date the activities are to be implemented. 51 Person Responsible M J J Target Date to Accomplish 2017 2018 A S O N D J F M A Remarks Appendix 2-2. Understanding the Agency Template UNDERSTANDING THE AGENCY A. MANDATE Relevant law, rule or regulation defining the purpose of the agency. B. OPERATIONS The Agency’s main activities and critical processes. C. STRUCTURE Describe the Agency’s organizational structure and its relation to other key government agencies. (Attach the Agency’s organizational structure, as necessary) D. KEY STAKEHOLDERS List stakeholders, or unified stakeholder groups, whose expectations or actions (or inactions) can significantly influence management or affect the agency objectives E. KEY ENVIRONMENTAL FACTORS Briefly describe the environment of the agency and how the operations of the Agency are affected/influenced by environmental factors.(e.g., Political Environment, Social Environment, Legal and Regulatory Environment, Technological Environment) F. PROGRAMS/ PROJECTS/ ACTIVITIES Briefly describe the Agency’s major/significant programs/projects/activities for the year including the expected outputs and budget allocation and initial evaluation on whether the expected outputs are in line with the objectives and strategies of the agency and the budget allocation is appropriate using the Financial Accountability LogFrame attached as Appendix 2-2A. G. ACCOUNTING POLICIES Brief description of key accounting policies applied, including financial reporting standards/financial reporting framework (e.g. PPSAS, PFRS) H. RESULTS OF PREVIOUS AUDIT Significant audit findings included in the financial, compliance, and performance audit reports that have financial implications 1) Audit opinion/s rendered on the agency for the last three years and the reason for qualifications, if any 2) Financial management rating of the auditor on the auditee 52 I. RECENT DEVELOPMENT/NEWS RECENT DEVELOPMENT/NEWS IMPACT ON THE AGENCY Source (e.g. Inquirer/date) Court/COA/CSC Decisions Subject to Congressional inquiry Subject to Ombudsman case UTA Summary Auditor’s notes on any component that may be significant to the conduct of Financial Audit. 53 Appendix 2-2A. Financial Accountability LogFrame Particulars Accountable Operational Units Program 1 Planning, Monitoring and Knowledge Management Division Monitoring and Evaluation Reports prepared through research studies Outputs expected No. of M&E Reports 324 (efficiency targets) No. of M&E Reports 6300 disseminated 1 No. of M&E system maintained 3 No. of evaluative study conducted 1 No. of website updated 20000 No. of website visits 30244 No. of knowledge products disseminated (publications and 3 No. of database system developed/updated Budget by object Consultancy services - 8,350,000 of expenditures Traveling expenses - 5,469,000 Donations - 3,712,000 Other MOOE - 5,518,000 Printing and Publication - 1,369,000 Budget allocated PS MOOE Total 2 Policy Development and Coordination Division AFC Consultations for policy development No. of policy agenda No. of consultations/workshops facilitated No. of consultations supported No. of policy briefs/reviews No. of local issues resolved No. of plans/profiles Volunteer management, capacity development and social mobilization 17 No. of projects showcased 2 833 No. of stakeholder 12 collaborations supported 1716 No. of partnership 6 agreements facilitated 12 147 14 Traveling Expenses – Local - 4,661,000 Consultancy Services - 8,000,000 Representation Expenses - 7,071,000 Donations - 13,281,000 Traveling Expenses – Foreign - 1,694,000 Other MOOE - 5,518,000 6,005,000.00 8,115,000.00 24,418,000.00 40,225,000.00 30,423,000.00 48,340,000.00 54 3 Partnership Development Division Traveling Expenses – Local - 8,617,000 Training Expenses - 3,946,000 Awards/Rewards Expenses - 1,560,000 Other Professional Services - 10,083,000 Representation Expenses - 5,904,000 Other MOOE - 1,443,000 8,083,000.00 31,553,000.00 39,636,000.00 Appendix 2-3. Agency-Level Controls Checklist AGENCY-LEVEL CONTROLS CHECKLIST Agency/Project Audit Period : : Name January 1 to December 31, 20xx Internal Control Component Yes No NA Remarks I. Control Environment 1. Management demonstrates personal and professional integrity and ethical values. 1.1 Management should establish and communicate the integrity and ethical values of the agency. a) Management’s actions influence others to behave and respond in ways that are deemed valuable and appropriate to their agency’s outcomes. b) Management promotes the primacy of public interest in the performance of duties. c) Management develops, regularly reviews, and updates manual that addresses expectations regarding agency’s practices and ethical behaviors; disciplinary policies and procedures; and methods of reporting fraud, other misconduct, etc. d) Management’s commitment to integrity and ethical behavior is communicated effectively throughout the agency, both in words and deeds. This may be achieved through oral communications in meetings, via one-on-one discussions, and by example in day-today activities. e) Management and staff are familiar with the importance of high ethics and controls. f) Existing and new employees are provided with the code of ethics/conduct. g) There are appropriate policies regarding agency’s practices, conflicts of interest, and code of conduct that are established and communicated. h) The agency conducts value development programs for its officials and employees in order to strengthen their commitment to the public. i) The following subjects, among others, are included in the agency’s programs and other parallel efforts on value development: Ethical and moral values; Rights, duties, and responsibilities of public servants; and Socio-economic conditions prevailing in the country. 1.2 Management and staff should exhibit a supportive attitude toward internal control at all times throughout the agency. a) The head of agency or the governing body shows concern for integrity and ethical values. b) The agency adopts innovative programs and continually conducts experimentation/research on measures to motivate officials and employees in raising the level of observance of public ethical standards. c) There is a mechanism in place to regularly educate and communicate to management and employees the importance of internal controls, and to raise their level of understanding of controls. 55 Internal Control Component Yes No NA Remarks 1.3 Every officer and employee in the agency should maintain and demonstrate personal and professional integrity and ethical values, and has to comply with the applicable code of conduct at all times. a) Management acts to remove or reduce incentives, opportunities, or temptations that may prompt personnel to engage in dishonest, illegal, or unethical acts. b) Coverage of ethical dilemmas, ethical failures, and ethical successes are included in the agency’s newsletter, bulletin, or other printed forms. c) All employees are aware that all forms of fraudulent acts against the agency will result in administrative and criminal investigations. d) The agency conducts continuing refresher courses, seminars, and/or workshops to promote high standards of ethics in the public service. e) There is a committee or officer designated to conduct investigation over disciplinary matters. f) The agency promulgates rules and regulations governing expeditious, fair, and equitable judgment of employees’ complaints or grievances in accordance with the policies enunciated by the Civil Service Commission (CSC). g) The head of agency or the governing body ensures that the policy on fiscal responsibility is faithfully adhered to in all the financial affairs, transactions, and operations of the agency. 2. Management sets the “tone at the top.” 2.1 The “tone at the top” should reflect management’s commitment, involvement, and support toward internal controls in the agency. a) Management creates an internal audit service as part of the internal control system. b) Management provides sufficient resources to carry out internal controls. c) Management leads by example with respect to good governance, risk management, and internal controls. d) Management sets a good example through its own actions and its conduct, reflecting what is proper rather what is acceptable or convenient. e) Values of the agency and creation of roles and responsibilities with respect to good governance, risk management, and internal controls are communicated from the top as key values of the agency. f) Management commits to provide appropriate attention to internal controls, including the effects of information systems processing. g) The head of agency or the governing body gives adequate consideration to understanding management’s processes for monitoring risks affecting the agency. h) The head of agency or the governing body represents an informed, vigilant, and effective overseer of the financial reporting process and the agency’s internal control, including information systems processing and related computer controls. i) The agency implements the government-wide Quality Management Program. j) Management shows a positive and supportive attitude toward the functions of accounting, information management systems, personnel operations, monitoring, and internal and external audits and evaluations. 2.2 The code of conduct, counselling, and performance appraisals should support the internal control objectives and, in 56 Internal Control Component Yes No NA Remarks particular, the objective of “ethical operations.” a) The head of agency ensures that officials and employees attend value development programs and participate in parallel value development efforts. b) The head of agency or the governing body ensures adherence to the principle that public office is a public trust. c) A code of conduct/ethics can support and enable the desired types of employee behavior and point out the consequences of violating the principles of the code. d) Management continually reinforces its principles in word and deed, with training programs, model behavior, and by taking appropriate actions in response to violations. e) The agency establishes performance evaluation system. 2.3 Agency’s policies, procedures, and practices should promote orderly, ethical, economical, efficient, and effective conduct of operations. a) There are control features interwoven into, and making an integral part of each system in the agency that management can use to regulate and guide its operations. b) The agency adopts and implements control policies and measures on the following: delegation of authority and supervision; segregation of functions for processing, reviewing, recording, custody, and approval; access to resources and records; completeness and integrity of transaction documents and reports; verification of transactions; and, reconciliation of records and data. c) The agency takes appropriate measures to promote transparency and accountability in the management of public finances. d) The design and implementation of an agency’s quality management system are influenced by the following: organizational environment; changes in that environment and the risks associated with that environment; varying needs; particular objectives; services it provide; processes it employ; and size and organizational structure. e) Management’s development of accounting estimates tends to be conservative and is consistent with objective and fair reporting. f) Manuals of procedures are in use. g) The agency has written policies on, but not limited to, the following: delegation or assumption of duties when an employee is absent; annual vacations for all staff; obtaining background or reference for new staff; training programs for employees; and, rotation of employees. h) The agency requires designated official/s to regularly monitor or review compliance with the requirements of loan contracts, trust 57 2.4 2.5 3. 3.1 3.2 Internal Control Component Yes No NA Remarks agreements, and similar contracts. i) The agency complies with the policies, standards, and guidelines promulgated by the CSC to promote economical, efficient, and effective personnel administration in the government. Personnel should be reminded periodically of their obligations under an operative code of conduct issued by the management. a) All employees are provided with updated code of ethics/conducts, at least yearly, and receive periodic training on the application of the code. b) All personnel are aware that the agency’s control environment is within the framework of public service accountability, where government, its partners, and agents assume fiduciary responsibilities toward the public they serve. Overall performance appraisals should be based on an assessment of many critical factors, including the employees’ role in effecting internal control. a) Management sets realistic (i.e., not unduly aggressive) financial targets and expectations for operating personnel. b) The agency’s operating units are able to achieve the expected results and contribute to the achievement of its sectoral or societal goals. c) The agency establishes its Performance Evaluation System (PES) or other applicable tools based on an objectively measured output and the performance of personnel and units, such as the Performance Management System-Office Performance Evaluation System developed by the CSC. d) The head of agency or the governing body has evaluated on a continuing basis the quantitative and qualitative measures of its performance as reflected in the units of work measurement and other indicators of agency performance, including the standard and actual costs per unit of work. Management establishes an appropriate government organizational structure. The organizational structure should clearly define key areas of authority and responsibility, and establish appropriate lines of reporting. a) The organizational structure is appropriately centralized or decentralized given the nature of its operations, and management has clearly articulated the considerations and factors taken into account in balancing the degree of centralization versus decentralization. b) Key areas of authority and responsibility are defined and communicated throughout the agency. c) Reporting relationships have been established and have effectively provided officers or personnel concerned with the information they need to carry out their responsibilities and perform their jobs. d) Management periodically evaluates the organizational structure and makes changes, as necessary, in response to changing conditions. e) Job descriptions and performance evaluations contain specific references to internal control-related duties, responsibilities, and accountability. Management should develop and communicate policies to employees to ensure that they understand or are aware of the following: 3.2.1 their duties and responsibilities; 3.2.2 how their individual actions interrelate and contribute to the agency’s objectives; 58 Internal Control Component Yes No NA Remarks 3.2.3 the authority they are delegated; and 3.2.4 how and for what they will be held accountable. a) Authority and responsibility are clearly defined throughout the agency and are clearly communicated to all employees. b) There are written job descriptions, reference manuals, or other forms of communication to inform personnel of their duties. c) Job descriptions clearly indicate the degree of authority and accountability delegated to each position and the responsibilities assigned. d) There are adequate policies and procedures for authorization and approval of transactions at the appropriate level. e) The head of agency or the governing body: promulgates administrative issuances necessary for the efficient administration of the offices under them and for the proper execution of the laws relative thereto; exercises disciplinary powers over officers and employees under them in accordance with law; appoints all officers and employees of the agency (except those whose appointments are vested in the President or in some other appointing authority); and delegates authority to officers and employees in accordance with EO No. 292 or the law creating the agency. f) The authority and responsibility for the agency’s operations, as may be necessary to implement the plans and programs, are adequately delegated by the head of agency or the governing body to the bureau and regional directors, or their equivalent. the delegation is in writing; it has indicated to which officer or class of officers or employees the delegation is made; and it has vested sufficient authority to enable the delegatee to discharge his assigned responsibility. g) Assignment of responsibilities is clear, including responsibilities for information system processing and program development. h) There is an appropriate structure for assigning ownership of data, including who is authorized to initiate and/or change transactions. Ownership is assigned for each application and database within the IT infrastructure. i) There is an appropriate segregation of incompatible activities (i.e., separation of accounting for, and access to assets). 3.3 Management should develop and maintain documentation of its internal control system to facilitate the establishment and communication of the who, what, where, and why of internal control execution. a) Job descriptions and performance evaluations contain specific references to internal control-related duties, responsibilities, and accountability. b) Levels of authority and responsibility are documented by way of written policy and, more generally, through the agency’s organizational chart. c) Employee job descriptions clearly document the authority level of each employee. 4. Management exhibits commitment to competence. 59 Internal Control Component Yes No NA Remarks 4.1 Management should establish policies and procedures in hiring staff with the necessary skills and knowledge. a) Existing policies and procedures have resulted in recruiting and developing competent and trustworthy people, necessary to support an effective internal control structure. b) The agency establishes, administers, and maintains qualification standards. c) The establishment, administration, and maintenance of qualification standards are with the assistance and approval of the CSC. d) The degree of qualifications of an officer or employee is determined based on the qualification standards of a particular position. e) The qualification standards express the minimum requirements for a position in terms of education, training and experience, civil service eligibility, physical fitness, and other qualities required for successful performance. 4.2 Management should establish policies and procedures that current staff receives adequate ongoing training, mentoring, and supervision. a) Personnel have sufficient competence and training necessary for their assigned level of responsibility or the nature and complexity of the agency’s mandate. 4.3 Management should establish policies and procedures in determining the level of knowledge and skill needed to help ensure orderly, ethical, economical, efficient and effective performance, as well as a good understanding of individual responsibilities with respect to internal control. a) Job performance is periodically evaluated and reviewed with each employee. 4.4 Management should have defined succession and contingency plans for key roles in the agency so it can continue to achieve its objectives, whether there are sudden personnel changes or just the need for training personnel for the long-term replacement of critical positions. a) Management develops a manual that addresses continuity plan for succession and contingencies. b) Management establishes criteria for employee retention and considers the effect to operations if a large number of employees are expected to leave or retire in a given period. c) Management develops contingency plans to ensure that candidates for succession are trained for assuming the target role so that internal controls will not lapse. 5. Management establishes human resource policies and practices. 5.1 Management should establish human resource policies and practices, incorporating the methods by which people are hired, trained, evaluated, compensated, and promoted. a) Policies and procedures are clear and these are issued, updated, and revised on a timely basis. They are effectively communicated to personnel at decentralized and/or foreign locations. b) The mission, goals, and objectives of the agency are clearly communicated to all personnel. c) Background checks are conducted on candidates for employment. 5.2 Hiring and staffing decisions should exemplify assurance that individuals recruited have the integrity, proper education, and experience required to carry out their jobs; and that the necessary formal, on-the-job, and ethics trainings are provided. a) There are trainings/orientations for new employees, or current employees when starting a new position, to discuss the nature and scope of their duties and responsibilities. Such trainings/ orientations include a discussion of specific internal controls they are responsible for. b) Management demonstrates commitment to provide personnel with 60 5.3 6. 6.1 6.2 6.3 Internal Control Component Yes No NA Remarks sufficient accounting and financial training, to keep pace with the growth and/or complexity of the agency. c) Employees receive guidance, review, and on-the-job training from supervisors to help ensure proper workflow and processing of transactions and events, reduce misunderstandings, and discourage wrongful acts. Management should enforce transparency in recruitment, performance appraisal, and promotion processes. a) Openness of the selection processes should be secured, by publishing both the recruitment rules and vacant positions, to help realize ethical human resource management. b) There are screening procedures for job applicants. c) Management formulates and enforces a system of measuring and evaluating periodically and objectively the performance of the agency, and submits the same annually to the required authority. d) Management provides appropriate bases for compensation, promotion, and fair incentives to help ensure integrity and adherence to ethical values. II. RISK ASSESSMENT Management identifies and defines objectives and risk tolerance in specific and measurable terms. Management defines objectives in specific and measurable terms. a) Agency objectives are established, communicated, and monitored. b) The key elements of the agency’s strategic plan are communicated throughout the agency. c) All employees have a basic understanding of the agency’s overall strategy, strategic plan, and objectives. Management considers internal expectations and external requirements when defining objectives. a) In establishing the internal context, the agency considers an understanding of the following: capabilities of the agency in terms of resources and knowledge; information flows and decision-making processes; internal stakeholders; objectives and the strategies that are in place to achieve them; perceptions, values, and culture; policies and processes; standards and reference models adopted by the agency; and structures. Management considers the risk tolerances in the context of the agency’s applicable laws, regulations, standards. a) Management considers how much risk it is willing to accept when setting strategic direction and strives to maintain risk within those levels. b) Management has a risk assessment framework in place. c) The agency’s risk assessment is fully integrated into the other components of risk management process, which includes the following: communication and consultation; establishing the context; risk assessment (comprising risk identification, risk analysis, and risk evaluation); 61 and Internal Control Component Yes No NA Remarks risk treatment; and monitoring and review. 7. Management identifies, evaluates, and assesses agency’s risks. 7.1 Management identifies all risks that may occur (internal or external factors) at both the agency and activity levels. a) Management identifies the causes and sources of the risk (hazard in the context of physical harm), events, situations, or circumstances which can have a material impact upon objectives and the nature of that impact. b) Management identifies the likelihood of the risks happening and the impact or consequence when these happen. c) Management reviews the risk assessment and considers actions to mitigate the significant risks identified. d) Management considers the presence (or absence) and the effectiveness of any existing controls in determining the risk’s consequences and probabilities. e) In establishing the external context, Management considers familiarization with the environment in which the agency and the system operates, including the following: cultural, political, legal, regulatory, financial, economic, and competitive environment factors whether international, national, regional, or local; key drivers and trends having impact on the objectives of the agency; and perceptions and values of external stakeholders. f) Internal audit service (or another group within the agency) performs periodic (at least annual) risk assessment. 7.2 Management adopts appropriate tools for the analysis and assessment of risks. a) Management develops an adequate mechanism for identifying operations risks, including those resulting from the following: entering new programs or lines of operation; offering new products and services; privacy and data protection compliance requirements; and other changes in the agency, economic, and regulatory environment. b) Management performs periodic review to anticipate and identify routine events or activities that may affect the agency’s ability to achieve its objectives and address them. 7.3 Management considers the potential risks related to fraud and corruption. a) Management designs an overall risk response and specific actions for responding to fraud risks. b) Management includes fraud risk management programs as part of the agency’s governance structure. c) Management assesses fraud risk exposure periodically to identify specific potential schemes and events that the agency needs to mitigate. d) Management establishes prevention mechanisms and techniques to avoid potential key fraud risk events and, where feasible, to mitigate possible impacts on the agency. e) Management establishes detection techniques to uncover fraud events when preventive measures fail or unmitigated risks are realized. f) Management establishes a reporting process to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is 62 8. 8.1 8.2 9. 9.1 9.2 9.3 Internal Control Component Yes No NA Remarks addressed appropriately and timely. g) There are processes to ensure that accounting department is aware of significant transactions with related parties, so it can determine if such transactions are appropriately accounted for and disclosed. Management determines appropriate response to the identified, evaluated, and assessed agency’s risks. Management designs appropriate response to the relevant agency’s risks. a) The head of agency or governing body oversees and monitors the risk assessment process and takes action to address the significant risks identified. Management identifies, analyzes, and responds to significant changes that could impact the internal control system. a) The accounting department has a process for identifying and addressing changes in PPSAS/PFRS, as well as for approving changes in accounting principles and policies. b) There are groups or individuals who are responsible for anticipating or identifying changes with possible significant effects on the agency. c) There are processes in place to inform appropriate levels of management about changes with possible significant effects on the agency. d) Management reports to the head of agency or the governing body on changes that may have a significant effect on the agency. e) There are processes to ensure that the accounting department is aware of changes in the operating environment, so it can review the changes and determine what, if any, effect the change may have on the agency’s accounting practices. f) There are channels of communication between the accounting department and/or individual(s) in charge of monitoring regulatory rules, so the accounting department is aware of regulatory changes that could affect the agency’s accounting practices. g) The head of agency or the governing body reviews and approves significant changes in the agency’s accounting practices. h) Management works with the agency’s independent auditors or other third party experts to determine if it is addressing complex changes in PPSAS/ PFRS appropriately. i) Budgets/forecasts are updated during the year to reflect changing conditions. III. CONTROL ACTIVITIES Management designs control activities which are appropriate, consistently functioning according to plan throughout the period, cost-effective, comprehensive, reasonable, and directly related to the control objectives. Controls are in the right place and commensurate to the risk involved. a) Management establishes policies and procedures to address risks and to achieve the agency’s objectives. b) Management identifies all relevant objectives and associated risks for each significant activity, in conjunction with conducting the risk assessment and analysis function. c) Management identifies the actions and control activities needed to address the risks and directs their implementation. Controls are complete, practicable, and directly addressing the identified control objectives. a) Management establishes control activities pertaining to top-level management review, human resources management, information systems management, physical asset management, and performance measurement. Controls are complied with by all employees involved and not bypassed in the absence of key personnel. 63 Internal Control Component Yes No NA Remarks Management establishes policies to ensure that duties are logically divided or segregated (whether manually or through appropriate set up of information technology [IT] applications) among different people to reduce the risk of fraud or inappropriate actions. b) The organizational charts and written job descriptions adequately define the lines of authority, duties, and accountability of all personnel. c) The IT organizational chart clearly reflects areas of responsibility and lines of reporting and communication. 9.4 The cost of implementing the control does not exceed the benefits derived. a) Management sets clear objectives in terms of budget and other financial and operating goals. These objectives are clearly written and communicated throughout the agency, and are actively monitored. 10. Management develops control activities which include a range of diverse policies and procedures. 10.1 Management develops and undertakes diverse range of policies and procedures needed to address risks in achieving agency’s objectives. a) Management develops policies, and procedures including the following: top level reviews and performance; authorization and approval procedures; segregation of duties; control over access to resources and records; verifications; reconciliations; reviews of operations, processes and activities; management of human capital; establishments of controls for physical assets and vulnerable assets; and documentations. 10.2 Management designs control activities at the appropriate level of agency’s organizational structure. a) There is an appropriate segregation of incompatible activities (e.g., separation of accounting functions from access to assets; IT operation functions separate from systems and programming; and database administration function separate from applications and systems programming). b) Management designs its control activities at the agency level, transaction level, or both, depending on the level of precision needed to ensure achievement of objectives and address risks in the operations. c) Management designs a variety of transaction control activities for operational processes which include verifications, reconciliations, authorizations and approvals, physical control activities, and supervisory control activities. 11. Management develops effective information technology control activities. 11.1 Management designs an effective information system and use of information technology. a) Management designs appropriate general and application controls to ensure proper operations of agency’s information systems. 11.2 Management designs appropriate type of control activities to help ensure complete and accurate information processing. a) Management creates a plan and establishes a structure that clearly describes the agency’s security management program and policies, and the procedures that support it, including procedures a) 64 Internal Control Component Yes No NA Remarks for the secured storage and disposal of sensitive information. b) Management designs controls that limit or detect access to computer resources (data, programs, equipment, and facilities) to safeguard against loss, unauthorized modification, and disclosure. c) Management designs controls that prevent unauthorized programs or modifications to existing programs. d) Management designs controls that limit and monitor access to the powerful programs and sensitive files that control the computer hardware and secure applications supported by the system. e) Management establishes policies, procedures, and organizational structure to prevent one individual from controlling all key aspects of computer-related operations, and thereby conducting unauthorized actions or gaining unauthorized access to assets or records. f) Management designs a service continuity plan to ensure that when unexpected events occur, critical operations continue without interruption; are promptly resumed; and critical and sensitive data are protected. g) Management designs application controls that ensure data to be considered are authorized, converted to an automated form, and entered into the application in an accurate, complete, and timely manner. h) Management designs application controls that ensure data are properly processed by the computer, and files are updated correctly. i) Management designs controls that ensure files and reports generated by the application reflect transactions or events that actually occurred; reflect accurately the results of processing; and the reports are controlled and distributed to the authorized users. IV. INFORMATION AND COMMUNICATION 12. Management develops and maintains reliable and relevant financial and non-financial information. 12.1 An array of pertinent, reliable, and relevant information should be identified. a) Management obtains and identifies internally generated information, critical to achieving the agency’s objectives, including information relative to critical success factors. b) Management obtains and communicates to all, any relevant external information that may affect the achievement of its missions, goals, and objectives. c) Agency is able to prepare accurate and timely financial reports, including interim reports. 12.2 Information should be captured and communicated in a form/content and timeframe that enable people to carry out their internal control roles and other responsibilities. a) Relevant information are identified, captured, and communicated in a form/content and timeframe that enable personnel to carry out internal controls and other responsibilities. b) Management’s objectives in terms of budget and other financial and operating goals are defined and measurable. c) Management uses communication methods which may include policy and procedure manuals, management directives, memoranda, bulletin board notices, internet and intranet web pages, videotaped messages, e-mails, and speeches. d) Management obtains information that is summarized and presented appropriately, and provides pertinent information while permitting a closer inspection of details as needed. 65 Internal Control Component Yes No NA Remarks Management develops a mechanism that ensures information will be available on a timely basis to allow effective monitoring of events, activities, and transactions and to allow prompt reaction. f) Actual results are measured against agency’s specific objectives. 12.3 Transactions and events must be promptly recorded, properly classified, and fully and clearly documented. a) There is a clearly identifiable audit trail within the agency. b) There is a sufficient level of coordination between the accounting and information system processing functions/ departments. 12.4 Information systems deal not only with quantitative and qualitative forms of internally generated data, but also with information about external events, activities, and conditions necessary for informed decision-making and reporting. a) The agency’s financial management ensures and monitors user involvement in the development of programs, including the design of internal control checks and balances. b) The agency’s officers and employees concerned receive both operational and financial information to help them determine whether they are meeting the strategic and annual performance plans, and the agency’s goals for accountability of resources. 13. Management communicates information throughout the agency. 13.1 Information can be communicated in a verbal, written, and/or electronic form. a) There is a process to quickly disseminate critical information throughout the agency, when necessary. 13.2 Communication occurs in all directions – flowing down, across, and up the agency – throughout all components and the entire structure. a) The lines of authority and responsibility (including lines of reporting) within the agency are clearly defined and communicated. b) Policies and procedures are established for, and communicated to personnel at decentralized locations (including foreign operations). c) Communication flows down, across, and up the agency, throughout all components and the entire structure. d) Employees believe they have adequate information to complete their job responsibilities. e) Employees’ specific duties are clearly communicated to them, and they understand the relevant aspects of internal control, how their roles fit into it, and how their work relate to the work of others. f) Employees are informed that when the unexpected occurs in performing their duties, attention must be given not only to the event but also to the underlying cause, so that potential internal control weaknesses can be identified and corrected before these can do further harm to the agency. g) Acceptable behavior versus unacceptable behavior and the consequences of improper conduct are clearly communicated to all employees. h) Personnel have a means of communicating information upstream within the agency through someone other than a direct supervisor, and there is a genuine willingness to listen on the part of management. i) Mechanisms exist to allow the easy flow of information down, across, and up the agency; and easy communications exist between/among functional activities such as between procurement activities and production activities. e) 14. Management communicates information with external parties. 66 Internal Control Component Yes No NA Remarks 14.1 Management provides adequate means of communicating with, and obtaining information from external parties. a) The agency provides a citizen’s charter showing procedures or flow of documents. b) The chart is posted in conspicuous places in the department, office, or agency for the information and guidance of all concerned. c) All information are classified, summarized, and disseminated on a regular basis. d) The agency establishes mechanisms to gather feedback and suggestions on the efficiency, effectiveness, and economy of frontline services. 14.2 Management establishes separate reporting line, where it is necessary. a) Confidential and sensitive information are restricted to those individuals who need them. b) Personnel understand that there will be no reprisals for reporting adverse information, improper conduct, or circumvention of internal control activities. c) There is a process for employees to communicate improprieties. The process is well communicated throughout the agency. d) The process allows for anonymity of individuals who report possible improprieties. e) There are processes for reporting improprieties and actions taken to address them to senior management, the head of agency, or the governing body. 14.3 Agency’s method of communication considers the audience to be reached, the nature and availability of the information, the cost, and the legal or regulatory requirements. a) Ownership is assigned to a member of management to help ensure that agency responds appropriately, timely, and accurately to communications with customers, vendors, regulators, and other external parties. b) The agency institutes mechanisms by which clients may adequately express their complaints, comments, or suggestions such as in hotline numbers, short message service, or information and communication technology. c) The agency communicates frequently with its constituents or the public it serves and stakeholders to ensure continual understanding of their requirements, needs, and expectations. d) The head of agency or the governing body establishes measures and standards that will ensure transparency of, and openness in public transactions; e.g., biddings, purchases, other internal transactions, including contracts, status of projects, and other matters involving public interest. e) The head of agency or the governing body establishes information system that will inform the public of the following: policies, rules, and procedures; work programs, projects and performance targets; performance reports; and all other documents classified as public information. f) The Citizens’ Charter is posted at its office’s main entrance or at the most conspicuous place, and in the agency’s Seal of Transparency. g) The Citizens’ Charter includes the following information: Vision and mission of the government office or agency; Identification of the frontline services offered and the 67 Internal Control Component Yes No NA Remarks clientele; The step-by-step procedure to obtain a particular service; The officer or employee responsible for each step; The maximum time to conclude the process; Document/s to be presented by the client with a clear indication of the relevance of said document/s; The amount of fees, if necessary; The procedure for filing complaints in relation to requests and applications, including the names and contact details of the officials/ channels to approach for redress; Allowable period for extension due to unusual circumstances (i.e., unforeseen events beyond the control of government office or agency concerned); and Feedback mechanisms, contact numbers to call, and/or persons to approach for recommendations, inquiries, suggestions, as well as complaints. h) There is a process for tracking communications with customers, vendors, regulators, and other external parties. V. MONITORING ACTIVITIES 15. Management establishes and operates activities to monitor the internal control system, and evaluates the results. 15.1 Management establishes a baseline to monitor the internal control system. a) The agency provides routine feedback and monitoring of performance and control objectives strategies. b) The agency has plans for periodic evaluations of control activities in critical operational and support systems. c) Procedures are in place to monitor if controls are overridden and to determine if the override was appropriate. d) Management reviews control processes to ensure that the controls are being applied as expected. e) Issues, information, and feedback concerning internal control raised at trainings, seminars, planning sessions, and other meetings are considered and used by management to address problems or strengthen the internal control structure. 15.2 Management considers ongoing monitoring activities, separate evaluations, or a combination of both, in the conduct of assessment. 15.2.1 Ongoing activities a) The agency establishes an internal audit service. b) The internal audit function is independent (in terms of authority and reporting relationships) of the activities it audits. c) The internal audit unit regularly assesses the effectiveness of the internal controls. d) The monitoring of internal control occurs in the course of the normal, recurring operations of the agency. e) The scope of activities of internal audit service is appropriate, given the nature, size, and structure of the agency. f) The scope of planned activities of internal audit service is reviewed in advance by the head of agency or the governing body. g) The methodology used may include self-assessments using checklists, questionnaires, or other similar devices/tools. 15.2.2 Separate evaluations a) There has been a recent quality assurance review of the internal audit function by an external party such as, but not limited to, the 68 Internal Control Component Yes No NA Remarks Commission on Audit auditors. b) The external party conducting the assessment gains sufficient understanding of the agency’s missions, goals, objectives, and its operations and activities. c) The external party gains an understanding of how the agency’s internal control is supposed to work and how it actually works. d) The external party analyzes the results of the evaluation/ assessment against established criteria. 16. Management takes appropriate actions on the findings and recommendations of audit and other reviews. 16.1 Deficiencies noted during ongoing monitoring or through separate evaluations are communicated to those positioned to take necessary action. a) Management is responsive to the findings and recommendations of audits and other reviews aimed at strengthening internal control b) Executives with the proper authority evaluate the findings and recommendations, and decide upon the appropriate actions to take to correct or improve control. c) Policies/procedures are in place to assure that corrective action is taken, on a timely basis, when control exceptions occur. 16.2 The findings and recommendations of audits and other reviews are adequately and promptly resolved. a) All reported potential improprieties are reviewed, investigated, and resolved on a timely manner. b) Management is kept informed through periodic reports on the status of audit and reviews resolution so that it can ensure the quality and timeliness of individual resolution decisions. Note: Please provide documents for all “Yes” answers. ALCC SUMMARY EVALUATION OBSERVATIONS AOM REF. NO./WP RECOMMENDATIONS Prepared by: Date Reviewed by: Date 69 Appendix 2-3A. Control Activities -Cash Receipts checklist INTERNAL CONTROL QUESTIONNAIRE (ICQ) YES NO 1) Does the organization structure provide a clear-cut separation of cashiering function from accounting function? 2) Are the employees of the cashier’s office denied access to accounting records? Is the collecting officer closely supervised by a responsible officer of the agency? 3) Are all accountable officers given instructions regarding their duties and responsibilities? 4) Do accountable officers keep a file of COA and other circulars pertaining to their work? 5) Are the collecting officer and other employees handling cash provided with safe? 6) If so, is the duplicate combination of the safe filed with an authorized official? 7) Is the combination of the safe changed whenever there is a change of custodian? 8) Is the cashier office amply protected against intrusion by unauthorized persons? 9) Are all employees handling cash adequately bonded? 10) Are surprise cash counts frequently made by department examiners? 11) Are official receipts booklets used? If so, a) Are these pre-numbered? b) Are the booklets issued in numerical sequence? c) Is the form of payment indicated in the receipts? d) Is the numerical sequence of issued officials receipts and booklets checked by the accounting department? e) Is a register of forms maintained? If so, is it kept up-todate? f) Are unused booklets physically safeguarded? 12) Are official receipts issued for every receipt of payment? 13) Is it the practice of collecting officer not to accept postdated checks payment of charges or fees? 14) Are collections deposited intact and as frequently as required by regulations? 15) Is the person making deposit escorted by armed guards and provided with transportation facilities? 16) Are items of deposit subsequently dishonored by the Bank/Treasury promptly adjusted in the collecting officers’ records? ACCOUNTING UNIT 17) Are both the totals and details of bank authenticated duplicate deposit slip matched by the accounting department against the corresponding official receipts? 18) Are totals of bank-authenticated deposit slips compared with the debit to respective bank accounts in the book of original entry? 19) Are all cash funds and cash receipts compared with the debit to respective bank accounts in the book of original entry? 70 REMARKS INTERNAL CONTROL QUESTIONNAIRE (ICQ) 20) Are collection and deposits recorded daily in the cash book? YES NO REMARKS 21) Is the cash book balance compared daily with the cash on hand? 22) Are collection reports submitted regularly to the accounting division? 23) Is reconciliation made monthly of the collecting officer’s book balance and the accounting subsidiary ledger balance? Name of Process/System Results of Walkthrough ICQ Ref. No. Description of the Gap Source of the Gap (Weakness - absence of control; Breakdown - no evidence that the control was applied) Effect Prepared by: Date Reviewed by: Date 71 Appendix 2-4. General Accounting Plan FS Revenues Source Document -OR, Stubs, Tickets, Credit Memo, Deposit Slips, Deed of Donation, Directly deposited, CRDCfrom bank, List of Deposited Collections, Deposit Slips Summarizing report -Report of collections and deposits (RCD) -Consolidated Report of Daily Collections (CRDC-from bank) Basis of Recording Books of Original Entry Subsidiary Ledger Book of Final Entry Monitoring Reports Subsidy from National Government NCA, NTA, CDC, NCAA, RANCA/ RANTA Cash Advances Expenses Receivables Fund Transfer Investments Inventory Authority, DV, liquidation documents/ Report of disbursemen t DV Billing Statement MOA, DV, ADA/ liquidation documents Investment Documents such as bonds, security certificates etc. DV, DR, IAR, RSMI RANCA/ RANTA RCI, RDAI Report of cash disbursements, RCI, Report of ADA Issued (RADAI) None RCI, RADAI None JEV JEV JEV JEV JEV JEV CRJ GJ CDJ, CkDJ By nature of collections/revenue/r eceipts By MDS account CkDJ/ General Journal By Accountable Officer General Journal/ CRJ By debtors General Ledger (GL) GL GL GL GL FAR No. 5, BS, BRS RANCA, RANTA, BS, BRS Report on Unliquidated Cash Advances/ Aging schedule FAR-1, 1a, 2, 2a, 3, 4, BS, BRS Aging Schedules By nature/recipient s Prepayments PPE Intangible Assets Liabilities Equity DV, DR, IAR, IIRUP, Report on Lost/Stolen equipment, Police Report/ Authority to dispose DV, DR, IAR/Repo rt of lost/ damaged/ destroyed property/ Approved authority DV, DR, Reports and IAR, Billing documents Statements, MOA, Contracts RSMI Contacts, MOA, Agency Procurement Request (APR), DV, Report on utilization of expired portion RCI, RADAI RCI, RADAI RCI, RADAI CkDJ Applicable reports such as RCD, RCI, RADAI, etc. JEV JEV JEV JEV JEV JEV JEV SA-CkDJ, ADADJ, IA-CRJ, GJ For SA: By nature/IA For IA: By nature/SA GL CkDJ, ADADJ CkDJ, ADADJ, GJ CkDJ, ADADJ, GJ CkDJ, ADADJ, GJ CkDJ, GJ ADADJ, GJ By nature/term s/investee/i nvestor GL By nature/sup plies/accou nt GL By nature/credit or/debtor By specific account (e.g. Buildings) GL CkDJ, ADADJ, GJ By specific account GL GL GL Aging Schedules, Unliquidated Fund Transfers, RBUD-for IA Fund Managers Report, schedules RPCI, Lapsing Inventory of schedules semi(LS) expendables Schedules Aging, LDDAP Schedules by nature of adjustment Note: Not all documents are applicable to all agencies. 72 GL LS, RPCPPE, IIRUP By specific By nature of account/cre adjustment ditor Appendix 2-5. Variance Analysis of Financial Statements (For illustration purposes, using selected accounts only) FS Account Cash Collecting Officers 20xy 20xx Variance Amount % 20,000,000.00 15,000,000.00 5,000,000.00 33.30 Cash in Bank 171,500,000.00 198,550,000.00 (27,050,000.00) 13.60 PPE 720,000,000.00 600,000,000.00 120,000,000.00 20.00 Due from NGAs 400,000,000.00 380,000,000.00 20,000,000.00 5.30 Due from LGUs 90,000,000.00 85,010,000.00 4,990,000.00 5.87 Due from officers and employees 20,000,000.00 19,800,000.00 200,000.00 1.00 Office Supplies Inventory 5,000,000.00 4,000,000.00 1,000,000,00 25.00 Construction in Progress 659,870,000.00 709,000,000.00 (49,130,000.00) 6.93 Vehicles/Motor Vehicles 16,877,900.00 17,671,800.00 (793,900.00) 4.50 Loans ReceivableLocal Government Units 79,506,420.00 75,453,010.00 4,053,410.00 5.37 280,000,000.00 100,000,000.00 180,000,000.00 180.00 Subsidy Income from National Government 1,977,775,640.00 1,889,415,640.00 88,360,000.00 4.68 Travel expenses 98,566,489.00 85,422,489.00 13,144,000.00 15.39 759,875,555.00 744,230,555.00 15,645,000.00 2.10 6,500,000.00 7,000,000.00 500,000.00 7.14 Due from NGOs/POs Salaries and Wages Consultancy Services 73 Possible risks Possible unadjusted reconciling items Possible unrecorded issuances of supplies Additional fund transfers with unrecorded liquidations Appendix 2-6. Summary Report on the Preliminary Identification of Risks Information Source WP ref Conditions noted Amount involved Possible risks 1. Audit reports a. Performance audit report b. Cash examinations reports c. Evaluation/ Investigation Reports on Emerging Issues/ Fraud Audit Reports d. Property Audit e. Personnel Audit f. NSs/NDs/NCs g. Unadjusted prior audit reflected in PY Financial Audit Reports h. BRS 2. 3. 4. 5. Internal Audit Office Reports Recommendation Tracking Sheet Agency-level Controls Checklist Financial Statement Analysis (Initial Analysis) a. Variance Analysis b. Tie-in Analysis 6. General Accounting Plan 7. Results of Fraud Risk Analysis 8. Results of evaluation of risks from non-compliance with laws, rules and regulations 9. Results of assessment of related party transactions Note: The Team should be guided by Tables 3 to 5, Illustrations 1 and 2 and Appendices 2-2 to 2-6 and relevant discussion in the Manual. 74 Account affected Assertion affected Appendix 2-7. Template on Determining Materiality Level Agency/Unit/Corporation/Project: Name Period Covered: CY 20xx ending December 31, 20xx Objective: To set overall materiality for the purpose of planning the engagement Users of Financial Statements Users Public in General Legislative Oversight Bodies Focus/Concerns Use of funds for the purpose intended; benefits delivered from the project; compliance with rules and regulations Qualitative Considerations Public expectations and interest Compliance with laws and regulations Needs of legislative, executive and oversight bodies Need for transparency Financial Information (in million pesos) Planning Date Assets Liabilities Equity Revenues Expenses Previous Materiality Latest Financial Data (In billion ₱) 1.380 0.520 0.860 0.001 1.350 0.011 Quantitative Materiality Type of Entity Expenditure driven Possible Benchmark Assets Liabilities Equity Revenue Expenses Percentage (%) Prescribed Applied Determined Materiality Level (In million ₱) 1 1 13.500 Considering the existing condition and professional judgment, the overall materiality for planning is set at ₱13.500 million. There is no felt need to increase the percentage prescribed by the Commission considering that some of the prior years’ adjustments were not effected and a number of prior years’ recommendations remained unimplemented. 75 Given the Overall Materiality Level of₱13.500 million, the performance materiality and specific materiality are set as follows: Base Materiality (In million ₱) Types Percentage Determined Materiality Level (In million ₱) Prescribed Adopted 13.500 50 50 6.750 6.750 25 25 1.687 For Repairs and Maintenance Expenses of 810.000 0.20 0.20 1.620 Performance Materiality (Auditors should consider the results of risk assessment, misstatements identified in prior years, and relevant qualitative factor in deciding to use percentage lower than the prescribed levels) Testing Threshold (Auditors to determine high value items to be included in the audit) Specific Materiality (Identify the classes of transactions, account balance determined to be subjected to specific materiality considering the results of risk analysis.) Name Position ATL SA/RSA CD/RD Prepared by Reviewed by Approved by 76 Date Appendix 2-8. Results of Risk Assessment at the Assertion Level STEP 1 Trial Balance, 12/31/20xx STEP 2 Inherent Risks STEP 3 STEP 4 STEP 6 Risk Response Overall Control Risk of Reliance Control Control Type of to Material on functioning Level of Level of Mitigate Design Level of Substantive Test Mis? Needed Overall Inherent adequate? Control statement controls SubsImpact Inherent Risk tantive Based Risk (CR) (RMM = WP WP Analytical Test of Risk (IR) Test (Y/N) on (L/M/H) IR+CR) Ref Ref Review Details Test? Inherent Risk of Material Misstatement Final Conditions Acct Unaudited WP relative to Assertions LikeTitle Balance ref inherent risk Affected lihood (in PHP) susceptibility STEP 5 Control Risks Prepared by: _______________________________ _______________________ Date Reviewed by: _______________________________ _______________________ Date 77 Appendix 2-8A. Illustration on Results of Risk Assessment at the Assertion Level STEP 1 Trial Balance, 12/31/20xx STEP 4 STEP 5 Control Risks Control Design Level of Asseradequate? LikeliOverall Control to Mitigate tions Impact hood Inherent Inherent Risk WP Affected Y/N Risk (IR) Ref 124.500 Variance analysis Classifi- High High High GL and SL 1 Yes revealed no cation reconciled. changes during the year, but Accuracy Completed CIP status report on reported quarterly completed construction in Building and Other progress showed Structures SL and two completed CIP SL reconciled building and quarterly other structures amounting to Prompt recording P22,602,412.00. of Certificate of 100% Completion and Certificate of Acceptance Final Account Unaudited Title Balance (in Million P) Buildings and Other Structures Inherent Risks STEP 2 STEP 3 Inherent Risk of Material Misstatement Conditions relative to inherent risk susceptibility Performance Materiality: P18,000,000.00 W/P 1: Based on the results of assessment using Appendix 2-3 of FAM - Results of evaluation of critical processes (e.g. Accounting Process on CIP) Control functioning? WP Ref 2 Based on Test GL and SL reconciled With quarterly CIP report Building and Other Structures SL and CIP SL not reconciled Building and Other Structures SL and CIP SL not reconciled With Unrecorded Certificate of 100% Completion and Certificate of Acceptance Level of Control Risk (CR) (L/M/H) High STEP 6 Overall Risk of Material Misstatement (RMM=IR+ CR) High Risk Response Reliance Type of Substantive on Level of Test Needed conSubstantrols tive Test Test of Analytical Details Review No High No Yes Reliance W/P 2: Summary/Auditor’s Note - GL and SL reconciled - With quarterly reports, but Building and Other Structures SL and CIP SL not reconciled - Unrecorded Certificate of 100% Completion and Certificate of Acceptance 78 Appendix 2-9. Audit Program Account Risk Statement Assertions/Criteria Audit Objective : : : : Audit Procedures WP Ref. Staff Responsible Prepared by: (ATL) Date: Reviewed by: (SA/RSA) Date: 79 Mandays Appendix 2-10. Engagement Planning Memorandum Engagement Planning Memorandum For _________________________________ Audit coverage ________________________ Date Prepared by: Reviewed by: Approved by: Part 1 – Audit Coverage, Objective and Methodology Part 2 – Significant contents of the Overall Audit Strategy Part 3 – Summary of major accounts and assertions for audit considerations Part 4 – Audit Program 80 Section 3 Audit Execution Phase 1. During this Phase, the audit activities contained in the approved EPM and the Audit Programs are pursued to ensure that audit procedures are performed as planned and on time. The steps to be taken follow: I. Execute Audit Tests A. Determining the nature, timing and extent of audit procedures B. Performing audit procedures C. Gathering audit documentation and evidence D. Addressing risk areas that need specific considerations E. Summarizing proposed audit adjustments and evaluating effects in the audit opinion II. Summarize Audit Observation and Recommendation and Communicate with Those Charged with Governance A. Areas for consideration in summarizing audit observations B. Elements of audit observation C. Performing review of overall audit work D. Tracking status of prior years’ recommendation III. Conduct Exit Conference I. Execute Audit Tests A. Determining the Nature, Timing and Extent of Audit Procedures 2. The nature, timing and extent of the audit procedures should be based on and be responsive to the assessed risks of material misstatement at the assertion level. 3. The nature of an audit procedure refers to the purpose of the audit which is either test of controls or substantive procedure, and the type of audit procedures to be performed. The types of audit procedures are classified as inspection, observation, inquiry, confirmation, reperformance, recalculation, and analytical procedures. By type, the first four procedures usually pertain to tests of controls and the last three to substantive procedures. Substantive procedures can either be analytical procedures or test of details. 4. Timing of an audit procedure refers to when the audit procedure is performed, or the period or date to which the audit evidence applies. a. The auditor may perform audit procedures at an interim date or at period end. b. The higher the risk of material misstatement, the more likely it is that the auditor may decide it is more effective to perform substantive procedures nearer to, or at, the period end rather than at an earlier date, or to perform audit procedures unannounced or at unpredictable times. 81 c. This is particularly relevant when considering the response to the risks of fraud. It may be better to perform audit procedures before the period end so the auditor can identify significant matters at an early stage of the audit, and consequently resolve them with the assistance of management or by developing an effective audit approach to address such matters. d. Certain audit procedures can be performed only at or after period end, for example: i. Reconciling the FS with the accounting records; ii. Examining adjustments made during the course of preparing the FS; and iii. Performing procedures to respond to a risk that, at period end, the entity may have entered into improper contracts or transactions that may not have been finalized. 5. Extent of an audit procedure refers to the quantity of audit procedures to be performed, sample size of population to be tested, or the number of observations of a control activity. a. The extent of necessary audit procedures is determined after considering the materiality threshold, the assessed risk, and the degree of assurance the auditor plans to obtain. b. In general, the extent of audit procedures increases as the risk of material misstatement increases. To cite an example, in response to the assessed risk of material misstatement due to fraud, increasing sample sizes or performing substantive analytical procedures at a more detailed level may be appropriate. c. However, increasing the extent of an audit procedure is effective only if the audit procedure itself is relevant to the specific risk. d. The use of CAATs may enable more extensive testing of electronic transactions and account files, which may be useful when the auditor decides to modify the extent of testing, say, in responding to the risks of material misstatement due to fraud. Such techniques can be used to select sample transactions from key electronic files, to sort transactions with specific characteristics, or to test an entire population instead of a sample. B. Performing Audit Procedures 6. The following steps should be undertaken: a. b. c. d. Determining the extent of tests to be performed; Selecting the sample items; Performing the planned procedures in the selected items; and, Evaluating the sample results and establishing conclusion. Step 1. Determining the Extent of Tests to be Performed 82 7. In determining the extent of tests to be performed, the auditor may apply non-sampling or sampling technique. In case of sampling technique, either statistical or non-statistical sampling may be adopted. a. Non-sampling is applied when all the items in an audit population are to be audited. To illustrate: i. Audit objective: to determine the causes for material changes in financial statement account balances as of end of the year under audit compared with the past year balances. ii. Items covered: all financial statement accounts. b. Audit sampling, as defined by ISSAI 1530, is the application of audit procedures to less than 100 percent of items within a population of audit relevance providing a reasonable basis on which to draw conclusions about the entire population. When designing an audit sample, the auditor’s consideration includes the specific purpose to be achieved and the combination of audit procedures that is likely to best achieve that purpose. Consideration of the nature of the audit evidence sought and possible deviation or misstatement conditions or other characteristics relating to the audit evidence will assist the auditor in defining what constitutes a deviation or misstatement and what population to use for sampling. Sampling as an approach may either statistical sampling or non-statistical sampling. i. Statistical sampling is an approach with two characteristics: random selection of the sample items and the use of probability theory to evaluate sample results including measurement of sampling risks (par. 5(g) of ISSAI1530). Statistical based formulas/tables are used to determine sample size considering population, confidence level, precision; and expected rate of error considered acceptable. Statistical sampling is used in the following instances: c. to determine the sample size especially in auditees with very large volume of homogenous transactions; and when the sampling results are likely to be included in the audit report to support an adjustment or qualification. Statistical sampling following the procedures described in Appendix 1 of ISSAI 1530 provides that: Audit efficiency may be improved if the auditor stratifies a population by dividing it into discrete sub-populations which have an identifying characteristic. The objective of stratification is to reduce the variability of items within each stratum and therefore allow sample size to be reduced without increasing sampling risk. When performing tests of details, the population is often stratified by monetary value. This allows greater audit effort to be directed to the larger value items, as these items may contain the greatest potential misstatement in terms of overstatement. Similarly, a population may be stratified according to a particular characteristic that indicates a higher risk of misstatement, for example, when testing the allowance for doubtful accounts in the valuation of accounts receivable, balances may be stratified by age. 83 The results of audit procedures applied to a sample of items within a stratum can only be projected to the items that make up that stratum. To draw a conclusion on the entire population, the auditor will need to consider the risk of material misstatement in relation to whatever other strata make up the entire population. For example, 20 percent of the items in a population may make up 90 percent of the value of an account balance. The auditor may decide to examine a sample of these items. The auditor evaluates the results of this sample and reaches a conclusion on the 90 percent of value separately from the remaining 10 percent (on which a further sample or other means of gathering audit evidence will be used, or which may be considered immaterial). If a class of transactions or account balance has been divided into strata, the misstatement is projected for each stratum separately. Projected misstatements for each stratum are then combined when considering the possible effect of misstatements on the total class of transactions or account balance. ii. Non-statistical sampling is an approach where samples are not drawn randomly but rather judgmentally and where probability is not applied. Samples are selected based on the auditor’s informed assessment of how many samples will be required to yield a reasonably reliable result. Samples may be carried out: (a) systematically (every nth item say beginning with the number 3); (b) unsystematically (pulling files from a cabinet without any selection criteria); or (c) according to the auditor’s judgment (picking large or unusual items from a computer report). Non-statistical sampling is used when any of these conditions exist: the line item/account is not material; the risk of material misstatement is low; the analytical procedures are effective; and, when the sample size needed is small so that the use of statistical sampling becomes very costly. Step 2. Selecting the Sample Items 8. ISSAI 1530 recommends the following in selecting the sample items: a. b. c. d. When designing an audit sample, the auditor shall consider the purpose of the audit procedure and the characteristics of the population from which the sample will be drawn. The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low level. The auditor shall select items for the sample in such a way that each sampling unit in the population has a chance of selection. When designing a sample, the auditor uses the tolerable misstatement arrived at when computing for the materiality thresholds discussed in the previous Section. 9. Examples of factors influencing sample size for tests of details are appended in the tables presented in Appendix 2 of ISSAI 1530. 84 10. The Auditor should be conscious of the sampling risks. The risk that the Auditor’s conclusion based on a sample may be different from the conclusion if the entire population were subjected to the same audit procedure. Step 3. Performing the Planned Procedures on the Selected Items 11. For performing audit procedures on selected items, ISSAI 1530 provides that: a. b. c. The auditor shall perform audit procedures, appropriate to the purpose, on each item selected. If the audit procedure is not applicable to the selected item, the auditor shall perform the procedure on a replacement item. If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures, to a selected item, the auditor shall treat that item as a deviation from the prescribed control, in the case of tests of controls, or a misstatement, in the case of tests of details. Step 3.1. Performing Test of Controls 12. A sample of test of control working paper is presented in Illustration 5. The illustration shows the tests of internal controls on accounts payable for the audit of Agency XXX’s 20xx FS. A sample size of 78 accounts payable voucher packets has been selected for the test of internal controls on the accounts payable system. The sample size is designed to provide high level of assurance (or confidence) that a control is operating effectively so long as one or fewer control deviations is observed for each control activity tested (see WP 1). The first 74 voucher packets have already been tested by other staff members and no errors have been found. Illustration 5. Working Paper – Test of Control 1 2 3 4 AGENCY XXX Controls Testing Evaluation Summary: Accounts Payable December 31, 20xx Test Results and Evaluation* Number of Maximum Description of Control Accept/ Assertion Deviations Number of Activities Reject Observed Deviations Procurement documents Occurrence 1 1 Accept include all attachments appropriate for the transaction. The purchase requisition is Authorization 2 1 Reject signed by the head of the requisitioning office. The purchase order is signed Authorization 0 1 Accept by the property officer. Quantities on supplier's Accuracy 3 1 Reject invoice agree with related inspection & acceptance report and purchase order, and invoice is mathematically correct. 85 WP 1 Describe Any Necessary Revisions to the Audit Plan Increase samples for substantive testing Increase samples for substantive testing 5 AGENCY XXX Controls Testing Evaluation Summary: Accounts Payable December 31, 20xx Test Results and Evaluation* WP 1 Number of Maximum Describe Any Description of Control Accept/ Assertion Deviations Number of Necessary Revisions Activities Reject Observed Deviations to the Audit Plan All documents in voucher Occurrence 0 1 Accept package have been stamped "paid". Note: * Controls Testing for the accounts payable process typically involve more control activities. AGENCY XXX Controls Testing Deviation Report: Accounts Payable December 31, 20xx Sample Testing Documentation WP 2 P.O. Number 1 2 164210 185423 190214 195840 74 additional items Total Number of Exceptions Control Activity 3 4 5 Effective Effective Effective Effective Effective 1 2 0 3 0 Legend: - Effective - Deviation 13. The auditor shall evaluate the results of the sample and consider that an unexpectedly high sample deviation rate may lead to an increase in the assessed risk of material misstatement, unless further audit evidence substantiating the initial assessment is obtained. Step 3.2. Performing Substantive Procedures 14. Under the Audit Execution Phase, audit procedures listed in the Audit Program attached to the EPM shall be pursued/conducted. To reduce audit risk to acceptable level, the auditor should conduct substantive procedures in order to detect material misstatements in the assertion level. These comprise of tests of details and analytical procedures. Step 3.2.1. Test of Details 15. The auditor shall evaluate the results of sampling using the test of details. An unexpectedly high misstatement amount in a sample may cause the auditor to believe that a class of transaction or account is materially misstated, in the absence of further evidence that no material misstatement exists. 86 16. Tests of details are categorized into two types: (a) test of transactions; and (b) test of details of account balances and disclosures. Step 3.2.1 (a) Test of Transactions 17. This requires substantive test of transactions to test errors or fraud in individual transactions and is used to verify the monetary value of transactions and to obtain reasonable assurance that the accounting records are accurate, reliable, complete, properly classified and presented, actually took place, and recorded within the correct reporting period. 18. The auditor’s approach in substantive tests of transactions is to inspect underlying documents, to trace the flow of transactions through the system and to recompute for mathematical accuracy. The direction of the trace determines the objective to be satisfied. For example, tracing from a source document to the accounting record provides evidence of completeness of the accounting records, that is, it detects errors of understatement. 19. Tracing from the accounting record to the source document (commonly called vouching) provides evidence of occurrence, that is, it detects errors of overstatement. Usually some tests are made in both directions. 20. The extent of testing in a particular direction depends on the auditor’s judgment of the likelihood of error. When an error is detected, the auditor needs to consider the cause of the error and determine whether any change is called for in the planned nature and extent of testing. (Please refer to Table 6 – Assertions in Considering Misstatements regarding transaction level assertions.) Step 3.2.1 (b) Test of Details of Account Balances and Disclosures 21. This requires substantive testing of the ending balance of a general ledger to provide reasonable assurance of the completeness, existence, rights and obligations, accuracy, valuation and allocation, classification and presentation of accounts. 22. To complete the test of details, the following steps should be performed: a. Determining the sample size To select the items for testing, the auditor must consider what represents the population for testing in the circumstances. It can be the entire population of an account balance, class of transactions or disclosures; or specific items composed of high value or unusual items, or selecting sample from the whole population. b. Selecting the sample items c. Performing the planned procedures in the selected items d. Evaluating the sample results and establishing conclusion 23. External confirmation is one of the procedures adopted in substantive tests. This procedure is used to address assertions associated with account balances and their elements and to confirm terms of 87 agreements, contracts, or transactions between an agency and other parties. In preparing confirmation requests, the following factors should be considered, among others (ISSAI 1505): a. The specific risks and assertion/s being addressed b. Layout and presentation of confirmation requests - The auditor may request the respondent only to indicate whether he or she agrees with the information stated on the request. In other positive forms, referred to as blank forms, the amount (or other information) is not stated on the confirmation request, and instead, the recipient is requested to fill in the balance or furnish other information. c. Prior experience on the sending of confirmations in previous audits: response rates, knowledge of misstatements identified during prior years' audits, and any knowledge of inaccurate information on returned confirmations. For example, if the auditor has experienced poor response rates to properly designed confirmation requests in prior audits, the auditor may instead consider obtaining audit evidence from other sources. d. Method of communications—by mail, email or personal service e. Management’s authorization or encouragement to the confirming parties to respond to the auditor f. The ability of the intended confirming party to confirm or provide the requested information. When designing confirmation requests, the auditor should consider the types of information respondents will be readily able to confirm, since the nature of the information being confirmed may directly affect the competence of the evidence obtained as well as the response rate. For example, certain respondents' accounting systems may facilitate the confirmation of single transactions rather than of entire account balances. In addition, respondents may not be able to confirm the balances of their installment loans, but they may be able to confirm whether their payments are up-to-date, the amount of the payment, and the key terms of their loans. 24. In case no replies were received, the Auditor shall apply alternative procedures to the nonresponses to obtain the evidence necessary to reduce audit risk to an acceptably low level. a. For accounts receivable, this may include examination of subsequent cash receipts (including matching such receipts with the actual items being paid), shipping documents, or other client documentation to provide evidence for the existence assertion. b. For accounts payable, this may include examination of subsequent cash disbursements, correspondence from third parties, or other records to provide evidence for the completeness assertion. 25. The auditor should evaluate the combined audit evidence provided by the confirmations and the alternative procedures to determine whether sufficient audit evidence has been obtained about all the applicable financial statement assertions. In performing that evaluation, the auditor should consider (a) the reliability of the confirmations and alternative procedures; (b) the nature of any exceptions, including the implications, both quantitative and qualitative, of those exceptions; (c) the audit evidence provided by other procedures; and (d) whether additional audit evidence is needed. 88 If the combined audit evidence provided by the confirmations, alternative procedures, and other procedures is not sufficient, the auditor should request additional confirmations or extend other tests, such as tests of details or analytical procedures. 26. Situations where external confirmation procedures may provide relevant audit evidence in responding to assessed risks of material misstatement include: a. b. c. d. e. f. g. Bank balances and other information relevant to banking relationships; Accounts receivable balances and terms; Inventories held by third parties at bonded warehouses for processing or on consignment; Property title deeds held by financiers for safe custody or as security; Investments purchased from stockbrokers but not delivered at the reporting date; Amounts due to lenders, including relevant terms of repayment and restrictive covenants; and, Accounts payable balances and terms. 27. There are some assertions for which external confirmations provide less relevant audit evidence, such as relating to the recoverability of accounts receivable balances, than they do for their existence. 28. The auditor may determine that external confirmation procedures performed for one purpose provide an opportunity to obtain audit evidence about other matters. For instance, confirmation requests for bank balances often include requests for information relevant to other financial statement assertions. Such considerations may influence the auditor’s decision about whether to perform external confirmation procedures. 29. Factors that may assist the auditor in determining whether external confirmation procedures are to be performed as substantive audit procedures include: a. The confirming party’s knowledge of the subject matter; b. The ability or willingness of the intended confirming party to respond: i. ii. iii. iv. May consider responding too costly or time consuming; May have concerns about the potential legal liability resulting from responding; May account for transactions in different currencies; or, May operate in an environment where responding to confirmation requests is not a significant aspect of day-to-day operations. In such situations, confirming parties may not respond, may respond in a casual manner or may attempt to restrict the reliance placed on the response. c. The objectivity of the intended confirming party such that if the confirming party is a related party of the entity, responses to confirmation requests may be less reliable. Step 3.2.2. Analytical Procedures 30. Analytical procedures is defined in the ISSAI 1520 as the means of evaluating financial information through analysis of plausible relationships among both financial and non-financial data. Analytical procedures also encompass such investigation necessary to identify fluctuations or relationships 89 that are inconsistent with other relevant information or that differ from expected values by a significant amount. 31. These are used to obtain evidential matter about particular assertions related to account balances or classes of transactions. In some cases, analytical procedures can be more effective or efficient than tests of details for achieving particular substantive testing objectives. 32. Following are examples of sources of information for the conduct of analytical procedures: a. Financial information for comparable prior period(s) giving consideration to known changes; b. Anticipated results—for example, budgets, or forecasts including extrapolations from interim or annual data; c. Relationships among elements of financial information within the period; d. Information regarding the industry in which the client operates—for example, gross margin information; and, e. Relationships of financial information with relevant non-financial information. 33. The most common types of analytical procedures conducted are trend analysis, ratio analysis, and reasonableness testing. a. Trend analysis is the analysis of changes in an account over time. To illustrate: Illustration 6. Sample Trend Analysis Maintenance and other operating expenses (in thousand pesos) 2017 Traveling 2016 2015 Vertical Analysis 2017 2016 2015 Horizontal Analysis (Rate of increase) 2017 2016 800 560 150 2% 1% 0% 433% 273% Training 3,000 1,870 200 8% 4% 0% 1400% 835% Office supplies 1,000 200 100 3% 0% 0% 900% 100% Rental expenses Light water and telephone Consultancy services Repairs and maintenance 5,000 5,000 10,000 14% 10% 21% -50% -50% 500 250 25 1% 0% 0% 1900% 900% 5,000 17,000 17,000 14% 33% 35% -71% 0% 600 550 500 2% 1% 1% 20% 10% 300 870 100 1% 2% 0% 200% 770% Representation 20,000 25,000 20,000 55% 49% 42% 0% 25% Total 36,200 51,300 48,075 100% 100% 100% Printing Remarks Examine cause of increase Examine cause of increase Test of details Examine cause of decrease Test of details b. Ratio analysis is the comparison across time or to a benchmark of relationships between financial statements accounts and a non-financial data. Examples are contribution margin, current ratio, days sales in inventory, accounts receivable turnover, debt ratio, debt to equity ratio, inventory turn-over ratio, payable turn-over ratio, among others. 90 c. Reasonableness testing is the audit technique used to assess the reasonableness of accounting transactions or events recorded in the FS by using two or more different sources of data or information to predict accounting transactions or event. This means testing the validity of financial information provided through analysis of accounts or changes in accounts between accounting period involving development of a model to form an expectation based on financial data, non-financial data or both. Examples are: i) matching the estimated payroll costs based on the number of employees multiplied by fixed pay rates with the actual payroll costs incurred; ii) comparing the balances of loans payable with the related interest expenses for the period; iii) comparing the total rental contracts with the recorded rental income; and, iv) comparing the total reported application for passports and the like with the recorded income. 34. When designing and performing substantive analytical procedures, either independently or in combination with tests of details, the auditor shall: a. determine the suitability of particular substantive analytical procedures for given assertions, taking account of the assessed risks of material misstatement and tests of details, if any, for these assertions; b. evaluate the reliability of data from which the auditor’s expectation of recorded amounts or ratios is developed, taking account of source, comparability, and nature and relevance of information available, and controls over preparation; c. develop an expectation of recorded amounts or ratios and evaluate whether the expectation is sufficiently precise to identify a misstatement that, individually or when aggregated with other misstatements, may cause the financial statements to be materially misstated; and, d. determine the amount of any difference of recorded amounts from expected values that is acceptable. 35. Substantive analytical procedures are conducted when the auditor considers the use of these procedures as more effective and efficient than tests of details in reducing the risk of material misstatements at the assertion level to an acceptably low level. 36. If analytical procedures performed identify fluctuations or relationships that are inconsistent with other relevant information or that differ from expected values by a significant amount, the auditor shall investigate such differences by: (a) inquiring from management and obtaining appropriate audit evidence relevant to management’s responses; and (b) performing other audit procedures as necessary in the circumstances. Step 4. Evaluating the Sample Results and Establishing Conclusion 37. As provided in ISSAI 1530, the auditor shall evaluate whether the use of the audit sampling has provided a reasonable basis for conclusions about the population that has been tested. If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions about the population that has been tested, the auditor may: a. Request management to investigate misstatements that have been identified and the potential for further misstatements and to make any necessary adjustments; or, 91 b. Tailor the nature, timing and extent of those further audit procedures to best achieve the required assurance. For example, the auditor might extend the sample size, test an alternative control or modify related substantive procedures. 38. Relationship of the results of substantive analytical procedures with the conclusion of the audit The auditor shall design and perform analytical procedures near the end of the audit as guide when forming an overall conclusion as to whether the financial statements are consistent with the auditor’s understanding of the entity. a. The conclusion drawn from the results of analytical procedures designed and performed are intended to corroborate conclusions formed during the audit of individual components or elements of financial statements. This assists the auditor to draw reasonable conclusions on which to base the auditor’s opinion. (ISSAI 1520, par. A17) If evaluation of the result of substantive analytical procedures discloses significant variances that may lead to material misstatements, the auditor’s reasonable conclusion may be affected which necessitates rendering a modified opinion. b. The results of such analytical procedures may identify a previously unrecognized risk of material misstatement. In such circumstances, ISSAI 1315 (Revised) requires the auditor to revise the auditor’s assessment of risks of material misstatement and modify the further planned audit procedures accordingly. (ISSAI 1520, par. A18) 39. Relationship of test of controls with substantive tests a. Tests of controls and substantive tests of details of transactions and balances are both tests involving transactions; in many instances transactions selected for examination are tested for compliance with controls as well as determining whether monetary errors have occurred, giving rise to the concept of dual-purpose testing. b. Tests of controls and substantive tests of transactions are both usually performed for major classes of transactions that are repetitive and large in volume. Tests of controls detect departures from prescribed controls but do not directly measure monetary error in accounting records. Substantive tests must be performed to determine whether monetary errors have occurred based on the result of tests of controls, determines the extent of substantive tests considered necessary. In a true dual-purpose test, different procedures are performed to satisfy different objectives, but they are performed using the same documents at approximately the same time. c. Substantive tests of transactions and substantive tests of balances - If the account balance is affected by many relatively small transactions, the auditor designs substantive tests of balances directed to selected items (e.g. individual customers, inventory items) which aggregate to create the ending balance. This commonly occurs for the accounts receivable and inventory balances. To illustrate: If the auditor verifies the PhP250,000.00 ending balance of a receivable due from a debtor through confirmation procedures, this is a substantive test of balances. If the auditor 92 verifies the peso value of the individual transactions comprising the PhP250,000.00 (such as by verifying sales invoices and remittance advices associated with cash receipts transactions), this is a substantive test of transactions. d. Substantive tests of balances of statement of financial position accounts are generally preferred because there are fewer items in the ending balance than there are transactions that affect the balance, and there is generally more persuasive evidence available to support the ending balance. e. Note also that the substantive tests of balances of statement of financial position accounts indirectly test the statement of financial performance account balances (sales and expenditure). For example, the testing of accounts receivable will verify the sales that gave rise to this asset. 40. In the extremely rare circumstances when the auditor considers a misstatement or deviation discovered in a sample to be an anomaly, the auditor shall obtain a high degree of certainty that such misstatement or deviation is not representative of the population. The auditor shall obtain this degree of certainty by performing additional audit procedures to obtain sufficient appropriate audit evidence that the misstatement or deviation does not affect the remainder of the population. 41. The proposed working paper to summarize the results of substantive testing is presented in Illustration 7. Illustration 7. Proposed Summary WP in Substantive Test Substantive Test Extent of Testing Extensive Less Extensive ST Working Program Reference: Summary of Test Results Findings Recommendation ST W/P Ref. AOM Ref. Conclusion: C. Gathering Audit Documentation and Evidence C.1. Audit Documentation 42. The audit documentation serves as sufficient and appropriate record of the auditor’s basis for a conclusion about the achievement of the overall objectives of the auditor. It also functions as 93 evidence that the audit was planned and performed in accordance with ISSAIs and applicable legal and regulatory requirements. 43. Paragraph 3 of ISSAI 1230 also states that: ”Audit documentation serves a number of additional purposes, including the following: a) Assisting the engagement team to plan and perform the audit. b) Assisting members of the engagement team responsible for supervision to direct and supervise the audit work, and to discharge their review responsibilities in accordance with ISSAI 1220. c) Enabling the engagement team to be accountable for its work. d) Retaining a record of matters of continuing significance to future audits. e) Enabling the conduct of quality control reviews and inspections in accordance with ISQC 1 or national requirements that are at least as demanding. f) Enabling the conduct of external inspections in accordance with applicable legal, regulatory or other requirements.” 44. The WPs may be in the form of paper, tapes, films, and other reliable storage and shall be maintained in two copies (one for the office file and one for the ATL, as back-up copy). The audit team’s custodian of the WPs shall be responsible for the updating/upgrading of the audit files and providing a back-up copy for the ATL. 45. In the case of electronic files, the file naming standards of COA shall be adopted, if any, otherwise, the Audit Team shall devise its own. Backup copies of all electronic WPs shall be maintained by the Audit Team and stored separately from the original copies. Fraud investigation WPs shall not be saved in the network common drive. C.1.1. Organization of Working Papers 46. Working papers should be properly titled, referenced and cross-referenced to supporting evidence and signed by the preparer and the reviewer. To prove that the audit responded to the assessed risks of material misstatements, audit procedures actually performed are summarized on the main audit working papers of each FS account. Deviations to the planned audit procedures in terms of the nature, extent and timing of audit procedures must be fully explained with the SA/RSA acknowledging acceptability of the changes done upon signing the working papers as reviewer. 47. The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report. (ISSAI 1230, par. 14). An audit file may be one or more folders or other storage media, in physical or electronic form, containing the records that comprise the audit documentation for a specific engagement. 48. An audit file may be classified into two types: current audit file and permanent audit file. Current Audit File (CAF) contains working papers relating to a single audit engagement.2 Permanent Audit File (PAF) is a set of records that serves as an ongoing reference for successive audit. The 2 (Current Audit File, 2018) 94 information in the PAF, which should be regularly updated, is intended to be accessed repeatedly to assist the audit team in the conduct of their tasks.3 49. Listed below are the contents of CAF and PAF, among others, which shall be shall be systematically organized/arranged to facilitate supervisory review, exhibiting a consistent structure thru the use of a logical or easy-to-follow index code, agreed upon by the Auditor and his/her Supervisor during the planning phase of each audit, to promote efficient cross-referencing system, convenience and ease in locating these WPs when circumstances demand for its use. The Auditor shall avail of the use of databases, word processing search facilities and other software packages, when necessary, to assist in information storage and retrieval. Table 9. List of Current Audit File and Permanent Audit File Current Audit File Preliminary Activities Execution Phase 1. Engagement Letter 1. Summary of Proposed Audit 2. Auditor’s Declaration of Adjustments Independence and Compliance 2. Working Papers (WPs) by with Ethical Standards account with top schedule and 3. Management Representation sub schedule supported with Letter audit evidence 3. Current Year’s AOM, NS, ND, NC, AM, WP on Financial Analysis (Trend Analysis, Ratio Analysis, Reasonableness Testing) 4. Bank Statements and Bank Reconciliation Statements 5. Reports of Checks Issued and Disbursement Vouchers 6. Minutes of exit conference Planning Phase Reporting Phase 1. Engagement Planning 1. Final AAR and signed Memorandum IAR/Management Letter 2. Audit Program 2. Summary of Uncorrected 3. Summary of other audit Misstatements activities Overall Audit Strategy 3. Summary of Audit Observations 4. Specific Audit Instructions and Recommendations 5. Results of Risk Assessment at 4. Management Comments the Assertion Level 6. Materiality Template Quality Control Review Documents 7. Summary Report on the 5. Duly signed Financial Preliminary Identification of Management Performance Risks Rating 8. UTA Template and Financial 6. Completion Compliance Accountability LogFrame Checklist 9. Agency-level Controls Checklist 7. Auditee Feedback Survey Template 8. Director’s Evaluation Form 10. General Accounting Plan/ 3 (Bragg, 2018) 95 Permanent Audit File Charter or mandate; Manual of operations; Internal audit reports; Minutes of meetings and conferences of agency officials; 5. Organizational Chart/ Functional Chart; 6. Official directives, new laws and regulations affecting the agency; 7. Appropriations/annual budget and other financial and project reports; 8. Property and personnel accountability audits; 9. Notices of Suspensions, Charges and Disallowances, Notices of Finality of Decisions (NFD), COA Order of Execution (COE); Financial, compliance and performance audit reports; cash examination reports; fraud audit reports; project audit reports; 10. Evaluation/investigation reports/emerging issues from newspaper accounts 11. Financial Reports 1. 2. 3. 4. Current Audit File Walkthrough Analysis 11. Prior Years’ AOM, NS, ND, NC, AM, WP on Financial Analysis (Trend Analysis, Ratio Analysis, Reasonableness Testing) 12. Agency Action Plan and Status of Implementation 13. Action Plan Monitoring Tool 14. Recommendation Tracking Sheet 15. Variance Analysis of FS 16. Tie-in Analysis 17. WP on Preliminary Data Analysis 18. Test of Internal Control Design Permanent Audit File 50. The ATL is primarily responsible for the timely assembly of the final audit file within 60 days from receipt of transmittal of the audit report (AAR/ML) by the audited agency, in accordance with Section A21 of ISSAI 230. As a general rule, the WPs shall be kept under lock and key. C.1.2. Characteristics of Working Paper 51. Working papers should be complete and accurate, and must support observations, testing, conclusions, and recommendations. It should also show the nature and scope of the work performed. Working papers should also be clear and understandable without supplementary oral explanations. 52. The structure of the working paper should be in a logical format that clearly shows the purpose/objective of the test (risk being tested), a description of the test, extent of testing performed, results, conclusion arrived at i.e. any control weaknesses identified, and potential process improvements, and positive change opportunities. Where working papers are hand written they should be neat and legible. If working papers are not clear they may lose their worth as documented evidence. 53. Each top schedule of the accounts presents the Audit Conclusion: whether the audit objective was met or not and the reason thereof; whether the Main Account audited (e.g. Cash, Receivables, Inventory, etc.) is considered as fairly stated and presented, as shown below. Illustration 8. Sample Top Schedule and Audit Conclusion ABC Agency Top Schedule – Cash & Cash Equivalents December 31, 20x2 Account Cash in Bank Cash Amount Audit Adjustments DR CR WP ref Per Books 20x2 (CY) 20x1 (PY) A-1 10,000 0 500 9,500 20,000 A-2 1,000 0 0 1,000 2,000 96 Per Audit Collecting Officer Short-term Investment A-3 2,000 500 0 2,500 3,500 Audit conclusion on the audit of cash: Based on the audit procedures performed for the Cash and Cash Equivalents, total adjustment of Pxxx representing unrecorded bank charges was taken up in the books to effect the adjusted cash in bank balance per books. We conclude that this account is fairly stated and presented in the financial statements. Prepared by: Reviewed by: Audit Team Member Audit Team Leader Date of audit completion Date of review 54. All WPs shall be dated, signed by the preparer and reviewer, and clearly referenced using the standard tickmarks developed by the audit teams. 55. The WPs shall be cross-referenced to the appropriate source, complete with no unanswered questions or other evidence of unfinished work. Cross-referencing of documents shall also be made to provide a link between pages of the WPs which are interrelated and allow the reader/reviewer of the WPs easy access to the data. 56. All pages in the WPs shall be indexed except in the case of a set of document with several pages, wherein only the cover page shall be given an index number. The indexing of the files shall be aligned with the order of presentation in the Table of Contents. The index code shall be indicated at the right top portion of the WP or on the lower center of the page of the WP and when numbering a given area, consecutive numbers shall be used (i.e., 2-1, 2-2, 3-1, 3-2, etc.). WPs shall be indexed according to the Audit Working Paper Checklist agreed by the ATL and the SA or the concerned Cluster/office. C.2. Audit Evidence 57. The SA/RSA and ATL ensure that all evidence is documented properly in audit working papers. Audit evidence refers to information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. It includes both information contained in the accounting records underlying the financial statements and information obtained from other sources. (ISSAI 1500) 58. The auditor can obtain evidence in many different ways, such as: a. Inspection or observation evidenced by photographs, inspection reports; formal analysis performed by expert/s, and even the object or a portion of the object itself such as substandard materials. b. Evaluation of records, reports and documents including disbursement vouchers to prove certain facts noted in the course of the audit. For instance, proof of a cash shortage in a cash examination report; one proof of noncompliance with specific terms would be the contract itself; proof of payments made are the official receipts, and proofs that payments made are valid are the delivery reports, sales invoices and purchase orders. c. Interviews/inquiries evidenced by signed interview sheets or a recording of a conversation with the interviewees; confirmation replies received from banks, debtors and creditors; emailed 97 replies to queries made from a client or another department. To strengthen evidence through interviews; other forms of evidence are obtained, say an inspection performed to prove interviewees’ contention that certain assets are missing. d. Study, comparison, and evaluation of relationships among financial and non-financial data at a point in time and the trend in those relationships over a period. e. Questionnaires with a list of questions on a particular area or function may be developed to obtain information relating to the audit objective. The questionnaire should be short and answerable by “yes” or “no” only, to facilitate collation and analysis. For this to be considered as audit evidence, the Auditor should request for copy of related documents, records or reports or results of questionnaire used to conduct alternative procedures. f. Flowcharts showing the flow of activities through a process. They help to visualize the process and therefore facilitate an analysis of the operation and assist in identifying inefficiencies, overlaps and duplications/missing procedures and control weaknesses. Flowcharts are valuable when documenting a complicated flow of documents or process such as cash receipts, cash disbursements, and procurement, among others. Completed flowcharts should be discussed with the interviewee to ensure correctness. g. Walkthroughs to document the audited entity’s processes. This activity involves following one or two transactions or activities step-by-step through the process from beginning to end. A walkthrough test helps to confirm the accuracy of the auditor’s documentation of the process and ensure that it is understood. Walkthroughs are more effective in understanding the audited entity’s processes than a general review of manuals and operating procedures, as they provide a faster and more effective identification of weaknesses and potential problem areas. h. Re-computation or verifying the mathematical accuracy of figures. The value of this procedure as evidence is limited as the reliability of the evidence obtained depends on the validity of the source documents. i. Reperformance or Auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control, either manually or through the use of CAATs. For example, reperforming the aging of accounts receivable or comparing the price on an invoice to that reflected in an approved purchase order. 59. Audit evidences can be obtained either in the form of: a. b. c. d. Physical - through inspection or observation Documentary - records, reports and documents Testimonial - from third parties Analytical - study, comparison, and evaluation of relationships among financial and nonfinancial data D. Addressing Risk Areas that Need Specific Considerations 60. Audit evidence obtained for these areas/issues and requirements should consider the following: 98 a. Inventory in the public sector is often held for use rather than for resale. As such, property audits go beyond the usual observations of physical inventories conducted during year-end and cover year round activities. Violations to property related regulations especially those included in the State Audit Code, are reported as part of the auditor’s observations and recommendations. b. Litigation and claims i. These conditions need to be disclosed in the Notes to FS. In addition, audit procedures may have to be performed to identify litigation and claims which may give rise to the need to recognize a contingent asset or liability in the FS. ii. Contingent liability refers to a possible obligation that arises from past events, and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the entity; or a present obligation that arises from past events, but is not recognized because: (i) it is not probable that an outflow of resources embodying economic benefits or service potential will be required to settle the obligation; or (ii) the amount of the obligation cannot be measured with sufficient reliability. iii. Contingent asset refers to a possible asset that arises from past events whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the entity. iv. Audit procedures for these areas may include: Obtain from management and/or from its internal Legal Counsel a description and evaluation of litigation, claims, and assessments that existed at the date of the balance sheet being reported on, and during the period from the balance sheet date to the date the information is furnished, including an identification of those matters referred to legal counsel. The ISSAI recognizes that public sector auditors such as COA auditors have the right to communicate directly with the agency’s external legal counsel without need for management permission. Examine documents in the client's possession concerning litigation, claims, and assessments, including correspondence and invoices from lawyers. Review of legal expense account if this exists and if management denies having any litigation and claim related issues. Evaluate the likelihood of an unfavorable outcome and its estimate of the amount or range of potential loss. Assess if the potential loss will affect the reliability of the FS and require disclosure in the Notes to FS. 99 c. Segment information - presentation and disclosure of specific segment information discussed in the ISSAI are not applicable in the Philippines except for certain public sector entities. However, there may be information similar to segment information requiring disclosure. i. This is in the case of foreign assisted projects funded by the World Bank; European Union; USAID; United Nations Development Programme and the ADB where stand-alone audit reports are submitted to the funding organizations. This can be presented in the following manner: Note 10. Audit of Loans and Grants from the Asian Development Bank A separate special purpose financial audit was performed on government and ADB funds for Project 12345 “Project on Climate Change” included in this 20xx financial statements for the Agency. The COA rendered an unmodified audit opinion on the fairness in presentation of the financial statements and on the Project’s compliance with ADB requirements particularly on SOE and imprest account procedures prescribed in the Loans Disbursements Handbook; and on the use of the funds for the purposes intended. ii. The materiality of misstatements on the overall FS in separate audits will have to be evaluated. d. Related party transactions – persons or other entities that have control or significant influence, directly or indirectly through one or more intermediaries, over the reporting entity; entities over which the reporting entity has control or significant influence, directly or indirectly through one or more intermediaries; or, other entities under common control with the reporting entity through having common controlling ownership, owners who are close family members, and common key management. The auditor is required to examine the documents (minutes of meetings, bank and legal confirmations, such other documents provided) supporting the transaction/s; establish whether these transactions are properly accounted for and identify possible misstatements or errors due to fraud by the very nature of the transactions. In addition, material transactions should be confirmed with related parties identified and appropriate background research should be conducted as necessary. i. The Notes to FS should disclose related party transactions, business rationale and effects of the transactions on the FS. Key terms, conditions, or other important elements of the transactions necessary for understanding them should also be disclosed. ii. Examples of transactions which may qualify as related party transactions in the Philippines are: fund transfers to the agency for projects which are not related to the mandate or objective of the agency; fund transfers to the agency and subsequent transfers of the same amounts to nongovernment agencies; material cash advances, fund transfers or loans released by the agency to persons or non-government agencies or parties; guarantees and guarantor relationships; 100 agreements for the provision of services to certain parties under terms and conditions outside the agency’s normal course of business; complex equity transactions such as corporate restructurings or acquisitions; transactions with offshore entities in jurisdictions with weak corporate laws; leasing of premises or the rendering of management services by the agency to another party if no consideration is exchanged; sales transactions with unusually large discounts or returns; transactions with circular arrangements such as sales with commitment to repurchase; and, transactions under contracts whose terms are changed before expiry. iii. Auditors should be guided by the requirements of ISSAI 1240 in case of intentional nondisclosure by management of related party transactions. The auditor may also consider the need to re-evaluate the reliability of management’s responses to audit inquiries and the management’s representations to the auditor. e. Accounting estimates are an approximation of monetary amount in the absence of a precise means of measurement. i. In the public sector these pertain to: Programs: social insurance; governmental employee pension; health care; veterans’ benefits, environmental liabilities; tax revenue and receivables and certain property and equipment such as specialized military equipment and heritage assets. Activities with high estimation uncertainty: outcome of litigation; derivative financial instruments not publicly traded; fair value accounting estimates for which a highly specialized entity developed model is used such as employees benefit pension fund which requires the estimation of an actuary. Situations where accounting estimates may be required: inventory obsolescence; warranty obligations; depreciation method or asset useful life; share-based payments; property or equipment held for disposal; goodwill or intangible assets; non-monetary exchange of plant facilities. ii. The nature and reliability of information to support the accounting estimates may affect the risks of material misstatement of accounting estimates including the susceptibility to unintentional or intentional management bias. iii. For accounting estimates that give rise to significant risks, the auditor obtains appropriate evidence of management’s decision to recognize or not to recognize accounting estimates in the financial statements. The auditor then evaluates reasonableness of such estimates and adequacy of disclosures. iv. The disclosures should include the assumptions used, the method of estimation, including any applicable model, the basis for selection of the method of estimation, the effect of any 101 changes to the method of estimation from prior period and the sources and implications of estimation uncertainty. f. Subsequent Events pertain to events which occur after the date of the FS but which: i) provide evidence of conditions that existed at the date of the FS and ii) those that provide evidence of conditions that arose after the date of the FS. i. Accruing expenses paid during the ensuing year but pertaining to transactions which should have been recognized during the year under audit, under accrual accounting is an example of adjustments made resulting from a subsequent events analysis. ii. The auditor should inquire from management whether any subsequent events that might affect the financial statements have occurred. Specific inquiries about the following matters should be made about these transactions reported after the date of the FS: New commitments, borrowings, or guarantees entered into Sales, acquisitions or assets Increases in capital or issuances of debt instruments such as issuance of new shares or debentures or an agreement to merge or liquidate has been made or planned Assets appropriated by government or destroyed by fire or flood Developments regarding contingencies such as claims or litigations Unusual accounting adjustments made or contemplated Events have occurred or are likely to occur that will bring into question the appropriateness of accounting policies used in the FS, such as going concern issues Events that have occurred relevant to the measurement of estimates or provisions made in the FS Events that have occurred that are relevant to the recoverability of assets iii. The terms of audit engagement should include the obligation of management to inform the auditor of facts that may affect the FS of which management may become aware during the period from the date the FS are approved for issuance to the date of the auditor’s report. During this period, the auditor is responsible for matters that may occur regardless of the lack of disclosure by management. The lack of disclosure by management may be addressed by performing applicable audit procedures to obtain sufficient appropriate audit evidence that all subsequent events have been identified. Such subsequent matters, if material, may affect the audit opinion to be rendered. iv. For example, way before the end of the reporting period, a debtor of the agency/unit/ corporation/project with a substantial account already displays inability to pay its obligation. Management did not adjust the corresponding allowance for impairment on the account of such debtor despite the circumstances. Two months after the approval of the issuance of the year-end financial statements and before the issuance of the auditor’s report, the debtorclient declared bankruptcy. This is an adjusting subsequent event. The auditor, having knowledge of the situation, recommended for an adjustment for the increase of allowance for impairment on the account of the bankrupt client. However, Management refused to make the adjustment. In such a case, the auditor’s opinion is modified on the matter depending on the materiality of the account’s amount. 102 v. The auditor is not responsible for subsequent matters that occur after the date of the auditor’s report which management purposely did not divulge to him/her. g. Audits of Group Financial Statements (including work of Component Auditors) ISSAI 1600 provides the guidance for Group FS. In COA, Group FS refer to consolidated FS prepared by the head office of a department/agency. i. The auditors assigned at the head office (group auditor) and field operating offices (component auditor) conduct the audit of the FS of their respective auditees and prepare an ML or SAOR, whichever is applicable. ii. The component auditor transmits the ML/SAOR to the respective auditees, a copy thereof furnished to the CD through the RD. iii. The group auditor prepares the CAAR based on the ML/SAOR issued by the component auditors, and the result of reviews of the Group Financial Statements. iv. The group auditor is responsible for the issuance of group audit opinion taking into consideration the materiality threshold established for the Group FS. When the opinion is modified because of inability to obtain sufficient appropriate audit evidence in relation to the financial information of one or more components, the reasons for that inability shall be discussed in the Basis for Modification paragraph in the IAR on the group FS. The group auditor may refer the matter to the component auditor as deemed necessary for an adequate explanation of the circumstances. v. After review of the CAAR, the report is then transmitted to the department/agency. vi. For consistency of audit focus and area, the group auditor issues Specific Audit Instructions for compliance by the component auditors down to the provincial/division level. The component auditors are, however, not constrained to look into areas considered of significant risks at their level. E. Summarizing Proposed Audit Adjustments and Evaluating Effects in the Audit Opinion 61. Whenever necessary, proposed audit adjustments of the Audit Team are forwarded to the Chief Accountant for action. Once the audit is completed, the Audit Team Leader prepares a list of all audit adjustments indicating the actions taken by the Chief Accountant as illustrated below. Illustration 9. Summary of Proposed Audit Adjustments In Thousand Pesos No. Accounts and Description WP ref Asset Current 1 Other Expenses Cash in bank To record bank charges NonCurrent Liability Current (60.00) NonCurrent Current Period Revenue/ Expense 60.00 Prior Period Revenue/ Expense Adjusted by Management ? Y N 103 In Thousand Pesos No. Accounts and Description WP ref Asset Current 2 3 4 Impairment Loss – Loans &Receivables Allowance for Impairment – Loans & Receivables To set up Allowance for Impairment Operating expenses Accrued expenses To accrue expenses PPE Accumulated Surplus / Prior Period Adjustments To capitalize major repairs of buildings which were previously charged to expenses NonCurrent Liability Current NonCurrent Current Period Revenue/ Expense 2,000.00 Prior Period Revenue/ Expense (2,000.00) Adjusted by Management ? Y N 23,000.00 23,000.00 50,000.00 (50,000.00) 62. The auditor shall analyze and evaluate whether the unrecorded audit adjustment will affect the audit opinion to be issued considering the final and/or revised overall and specific materiality thresholds established, the size, nature and particular circumstance of misstatement, both in relation to the particular classes of transaction, account balance, or disclosure, and to the FS as a whole. II. Summarize Audit Observations and Recommendations and Communicate with Those Charged with Governance A. Areas for Consideration in Summarizing Audit Observations 63. Upon completion of the Execution Phase but before the conduct of an Exit conference, an audit summary should be prepared to summarize the work done and conclusions reached (Appendix 3-1). All uncorrected misstatements accumulated during the audit shall be included in the summary. 64. Misstatement pertains to a difference between the reported amount, classification, presentation, or disclosure of a financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be in accordance with the applicable financial reporting framework. 65. A misstatement may not be an isolated occurrence. Evidence that other misstatements may exist include, for example, where the auditor identifies that a misstatement arose from a breakdown in internal control or from inappropriate assumptions or valuation methods that have been widely applied by the entity. (Guidance on the determination of projected misstatements and evaluation of the results is set out in ISSAI 1530.9 Consideration of Identified Misstatements as the Audit Progresses) 104 66. The determination of whether a misstatement(s) in a qualitative disclosure is material, in the context of the applicable financial reporting framework and the specific circumstances of the entity, is a matter that involves the exercise of professional judgment. Examples where such misstatements may be material include: a. Inaccurate or incomplete descriptions of information about the objectives, policies and processes for managing capital for entities with insurance and banking activities. b. The omission of information about the events or circumstances that have led to an impairment loss (e.g., a significant long-term decline in the demand for a metal or commodity) in an entity with mining operations. c. The incorrect description of an accounting policy relating to a significant item in the statement of financial position, the statement of financial performance, the statement of changes in net assets/equity, statement of comparison of budget and actual amounts, or the statement of cash flows. 67. The circumstances related to some misstatements may cause the auditor to evaluate them as material, individually or when considered together with other misstatements accumulated during the audit, even if they are lower than materiality for the FS as a whole. Circumstances that may affect the evaluation include the extent to which the misstatement: a. Affects compliance with regulatory requirements; b. Affects compliance with debt covenants or other contractual requirements; c. Relates to the incorrect selection or application of an accounting policy that has an immaterial effect on the current period’s FS but is likely to have a material effect on future periods’ financial statements; d. Masks a change in earnings or other trends, especially in the context of general economic and industry conditions; e. Affects ratios used to evaluate the entity’s financial position, results of operations or cash flows; f. Affects segment information presented in the FS (for example, the significance of the matter to a segment or other portion of the entity’s business that has been identified as playing a significant role in the entity’s operations or profitability); g. Has the effect of increasing management compensation, for example, by ensuring that the requirements for the award of bonuses or other incentives are satisfied; h. Is significant having regard to the auditor’s understanding of known previous communications to users, for example, in relation to forecast earnings; i. Relates to items involving particular parties (for example, whether external parties to the transaction are related to members of the entity’s management); j. Is an omission of information not specifically required by the applicable FRF but which, in the judgment of the auditor, is important to the users’ understanding of the financial position, financial performance or cash flows of the entity; or, k. Affects other information to be included in the entity’s annual report (for example, information to be included in a “Management Discussion and Analysis” or an “Operating and Financial Review”) that may reasonably be expected to influence the economic decisions of the users. These circumstances are only examples; not all are likely to be present in all audits nor is the list necessarily complete. 105 68. Significant related party matters arising during the audit shall be communicated to management such as: a. Non-disclosure of related parties or significant related party transactions by management b. Significant related party transactions that have not been appropriately authorized and approved giving rise to suspected fraud c. Disagreement with management regarding the accounting for and disclosure of significant related party transactions in accordance with the applicable FRF d. Non-compliance with applicable law or regulations prohibiting or restricting specific types of related party transactions 69. As discussed in ISSAI 1240 in relation to ISSAI 1450, the result of fraud will be considered in relation to other aspects of the audit, even if the size of the misstatement is not material in relation to the FS. Depending on the circumstances, misstatements in disclosures could also be indicative of fraud, and, for example, may arise from: a. Misleading disclosures that have resulted from bias in management’s judgments; or b. Extensive duplicative or uninformative disclosures that are intended to obscure a proper understanding of matters in the FS. B. Elements of Audit Observation 70. The cumulative effect of immaterial uncorrected misstatements related to prior periods may have a material effect on the current period’s FS and should also be reviewed. 71. The working paper supporting the summary should include the conclusions reached containing the elements of audit observation. The required COA format for an audit summary should be followed. 72. The elements of audit observation are explained as follows and presented in Illustration 10: a. criteria - pertains to the standard or the benchmark. This is usually a policy, circular, directive or a law. b. condition – explains whether the criteria were followed or not based on evidence gathered. c. cause – the reason/s for the existing conditions and unmet criteria. d. effect – adverse result of the failure to meet criteria which is expressed in terms of losses, wastage, inability to perform ones tasks or meet client expectations among others. Illustration 10. Sample - Elements of an Audit Observation Inventory balance overstated by P1M due to non-recording of issuances in the books of accounts. The non-recording of inventory issuances distributed to various offices rendered the inventory account overstated by P1M and understating the corresponding inventory account by the same amount due to the non-preparation by the Property Officer of the RSMI and its non-submission to the Accounting Office which is contrary to Paragraph 44 of PPSAS 12 on the recognition of expense. 106 Criteria: Paragraph 44 of PPSAS 12 Condition: Non-recording of inventory issuances Cause: Non-preparation by the Property Officers of the RSMI Effect: Overstatement of Inventory Balance; Understatement of expense 73. Recommendations should address both causes and effects of the observation and may consider inputs from management. The proposed recommendation for the sample audit observation is presented below. Illustration 11. Sample - Audit Recommendation We recommended that the Property Officer be required to submit the RSMI to the Accountant, and the Accountant to adjust the Inventory account and Expense account accordingly. 74. The logical relationships between and among the elements of an audit observation as well as the recommendation is presented in Exhibit 4. Exhibit 4. Diagramming Tool Criteria Cause Condition Effect Recommendations Evidence Recommendations C. Performing Review of Overall Audit Work 75. The auditor shall consider the following: a. Affirmation of Audit Team’s independence Before reporting, the SA/RSA shall affirm that the Team is still independent of the auditee. (Appendix 3-2) b. Consider subsequent events Sufficient evidence should be gathered to ensure that all events occurring between the date of the FS and the date of the Auditor’s Report that require adjustment or disclosure are identified. Subsequent events are more relevant under accrual accounting. c. Update lead schedule and perform final analytical review 107 Should there be any changes in the FS, the schedules shall be updated and additional procedures documented. d. Consider the adequacy of work performance The audit team shall make conclusion on whether all planned audit works have been performed or there are other activities to be undertaken before closing the audit or reporting. D. Tracking Status of Prior Years’ Recommendations 76. In addition to existing COA regulation requiring the submission of AAPSI and APMT, the audit team shall prepare an RTS. 77. All audit issues with unimplemented recommendations per SIPYAR (Part III of the AAR) should be reiterated in Part II (Findings and Observations) of the current year’s audit report if the existing condition still exists that affects the audit opinion. However, the reasons for the failure of the management to implement recommendation should be assessed to determine if there is a need to revise or refocus the recommended action. In such case, the status of affected recommendation in the RTS should be considered “closed for having been revised”. 78. If the audit issues intended to be addressed by the unimplemented recommendation are no longer existing due to, among others, closing of the project, or adoption of new accounting system, or implementation by management of control measures other than the Audit Team’s recommended course of action, the status of such recommendation in the RTS can be considered closed. 79. All unimplemented recommendations considered closed/closed for having been revised shall be recommended by the SA/RSA for approval of the CD/RD, and once approved, the same shall be deleted from the SIPYAR of the succeeding year. 80. If considered necessary, the Head of the audited agency should be formally informed of the unimplemented recommendations and possible action to be taken by COA for continued inaction. Non-implementation of recommendations for no valid reason and without any alternative action taken to address the problem is a criterion for decreasing the performance rating of an agency as discussed in Section 5 of this FAM. 81. The format of the RTS to be maintained by the concerned Audit Team Leader and the Office of the Director for each agency is shown in Appendix 3-3. 82. There are factors preventing the Auditee to implement the agreed upon actions, such as competing priorities; funding issues and lack of staff to implement the recommendations. One other reason for non-implementation of recommendations is that the recommendation is not practical and doable. Recommendations should be: a. b. c. d. Specific – target a specific area for improvement. Measurable – quantify or at least suggest an indicator of progress. Assignable – specify who will do it. Realistic – what results can realistically be achieved, given available resources. 108 e. Time-related – specify when the result(s) can be achieved. III. Conduct Exit Conference 83. The Audit Team Leader prepares the audit highlights as basis for an exit conference with management subject to the approval of the SA/RSA. Points for discussion are: a. b. c. d. e. f. The misstatements identified and the adjustments which the Chief Accountant failed to take up; The effect of failure to take up adjustments as far as the audit opinion is concerned; Additional disclosures or explanations for inclusion in the Notes to FS; Audit observations and tentative audit recommendations using the audit summaries as basis; Deadline for submission of management comments; Pending issues and requests such as related parties, litigation and claims, if remained unsubmitted as of exit conference; g. Submission of the MRL, if remained unsubmitted as of exit conference; h. Unimplemented audit recommendations and its impact on the FS; and, i. Other matters included in the Engagement Letter which have not been addressed. 109 Appendix 3-1. Summary of Audit Observations and Recommendations Agency _____________________ _____________________ Period _____________________ Prepared by: _______________ Reviewed by: ______________ Approved by: ______________ Date: __________ Date: __________ Date: __________ A. Matrix of Financial Audit Observations and Recommendations No. AOM No./Date Observation Recommendation Management Comment Auditor’s Rejoinder 1. 2. 3. 4. B. Summary of Uncorrected Misstatements No. Accounts and WP Description ref Asset Current NonCurrent In Thousand Pesos Liability Current 1. 2. 3. 4. Total 110 NonCurrent Current Period Revenue/ Expense Prior Auditor’s Period Evaluation Revenue/ Expense Appendix 3-2. Affirmation of Audit Team’s Independence and Compliance with Ethical Standards REPUBLIC OF THE PHILIPPINES COMMISSION ON AUDIT Commonwealth Avenue, Quezon City, Philippines AFFIRMATION OF AUDIT TEAM’S INDEPENDENCE AND COMPLIANCE WITH ETHICAL STANDARDS I affirm to the best of my knowledge that, I know of nothing that have impaired the Audit Team’s independence and impartiality that contravened the requirements of any applicable code of professional conduct. __(Signature over printed name)__ Supervising Auditor/Regional Supervising Auditor Date: Cluster/Regional Director’s Certification: I certify that I am not aware of anything that impaired the independence and impartiality of the Audit Team. __(Signature over printed name)__ Cluster/Regional Director Date: 111 Appendix 3-3. Recommendations Tracking Sheet Recommendations Tracking Sheet As of _____________ Agency: Ref. AAR Year Prepared by: Audit Observation Audit Recommendation Date: __(Signature over printed name)__ ATL Audit Recommendation Restated/ Closed/ Reiterated Revised Implemented Reviewed by: Date: __(Signature over printed name)__ SA/RSA 112 Reason for NonImplementation Approved by: Auditor’s Further Action Date: __(Signature over printed name)__ CD/RD Section 4 Reporting Phase 1. After sufficient and appropriate audit evidence has been obtained, the auditor is now ready to prepare the independent auditor’s report on the audit of the financial statements of the Agency/Local Government Unit/Corporation. This phase comprises the following: I. Write the independent auditor’s report A. Forming an audit opinion A.1. Evaluating audit evidence obtained A.2. Considering materiality of uncorrected misstatements A.3. Evaluating financial statements prepared using the appropriate financial reporting framework B. Forms of independent auditor’s report B.1. Unmodified auditor’s report B.2. Modified auditor’s report B.2.1. Matters affecting the Auditor’s unmodified opinion B.2.2. Matters not affecting the unmodified opinion B.3. Auditor’s report on consolidated financial statements B.4. Auditor’s report on comparative financial statements II. Specific Elements of the Independent Auditor’s Report A. Title B. Addressee C. Report on the audit of the financial statements C.1. Opinion section C.2. Basis for opinion C.3. Key audit matters C.4. Emphasis of matter C.5. Other matter C.6. Other information C.7. Responsibilities of management for the financial statements C.8. Auditor’s responsibilities for the audit of the financial statements D. Report on other legal and regulatory requirements E. Name of the engagement partner F. Signature of the auditor G. Auditor’s address H. Date of the independent auditor’s report III. Comparative information A. Corresponding figures and Comparative Financial Statements A.1. Corresponding Figures A.2. Comparative Financial Statements IV. Special Considerations – Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks V. Types of Audit Report 113 I. Write the Independent Auditor’s Report 2. Paragraph 17.1 of the Guide to Using International Standards on Auditing in the Audits of Small- and Medium-sized Entities, Third Edition, Volume 2 – Practical Guidance, 2011 (Guide 2011) states that the final step in the audit process is to evaluate the audit evidence obtained, consider the impact of misstatements identified, form an audit opinion, and prepare an appropriately worded audit report. 3. In a similar way, Chapter 9, Audit Reporting of the Financial Audit ISSAI Implementation Handbook (Handbook 2018) states that the audit report is the final product of the entire audit process, which is prepared based on sufficient appropriate audit evidence gathered by auditors through performing audit procedures. In this regard, according to ISSAI 1700, the objectives of the auditor are to form an opinion on the financial statements, based on an evaluation of the conclusions drawn from the audit evidence obtained; and to express clearly that opinion through a written report that also describes the basis for that opinion. A. Forming an Audit Opinion 4. ISSAI 1700 (Revised), paragraphs 10 to 13 provide that the auditor shall form an opinion on whether the FS are prepared, in all material respects, in accordance with the applicable FRF. In order to form that opinion, the auditor shall conclude as to: a. whether sufficient appropriate audit evidence has been obtained; b. whether uncorrected misstatements are material, individually or in aggregate; and c. whether the FS are prepared in accordance with the requirements of the applicable and appropriate FRF. 5. The applicable and appropriate FRF for National Government Agencies (COA Resolution No. 2014003 dated January 24, 2014), LGUs (COA Resolution No. 2014-003), and Non-GBEs under the CGS (COA Circular No. 2015-003 dated April 16, 2015) is the PPSAS, while that for GBEs, CGS is the PFRS (COA Circular No. 2015-003 dated April 16, 2015). A.1. Evaluating Audit Evidence Obtained 6. The relevant ISSAIs that serve as guide in evaluating the sufficiency and appropriateness of audit evidence obtained in order to draw reasonable conclusions on which to base the audit opinion are: a. b. c. d. e. ISSAI 1220 – Quality Control for an Audit of Financial Statements; ISSAI 1330 – The Auditor’s Responses to Assessed Risks; ISSAI 1450 – Evaluation of Misstatements Identified during the Audit; ISSAI 1520 – Analytical Procedures; and ISSAI 1540 – Auditing Accounting Estimates, Including Fair Value Accounting Estimates, and Related Disclosures. (Item 21, Guide 2011) 7. The objectives of evaluating audit evidence are “to decide, after considering all relevant data obtained whether: 114 a. the assessment of the risks of material misstatement at the assertion level are appropriate; and b. sufficient evidence have been obtained to reduce the risks of material misstatement (RMM) in the financial statements to an acceptably low level.” (Guide 2011) 8. Further, to address such objectives, the important questions to ask and consider under evaluating audit evidence are: a. Has sufficient appropriate audit evidence been obtained? b. Are the accounting estimates made by management reasonable? c. Did the analytical procedures performed at or near the end of the audit corroborate conclusions formed during the audit? (Paragraph 17.3 Forming the Opinion, Guide 2011) 9. The following exhibit shows in graphic form the decision that the auditor has to make in preparing the auditor’s report. Exhibit 5. Decision Tree in Preparing the Auditor's Report Back to risk assessment ACTIVITY REPORTING Evaluate the audit evidence obtained yes PURPOSE DOCUMENTATION Determine what additional work (if any) is required New/revised risk factors and audit procedures Changes in materiality Communications on audit findings Conclusions on audit procedures performed Form an audit opinion based on audit findings Significant decisions Signed audit opinion Is additional work required? no Prepare the auditor’s report 10. It is essential that the auditor has to determine that sufficient appropriate audit evidence has been obtained, and no additional work is required. Otherwise, the auditor should undertake additional risk assessment to address such matters as: 115 a. b. c. d. those that affect the original audit plan; those that have material impact on the auditor’s report; those changes that affect the overall materiality threshold arrived at in the planning phase; and, those which necessitates application of additional audit procedures. 11. Audit evidence represents information used by the auditor in arriving at the conclusions as basis for the auditor’s opinion. Audit evidence includes both information contained in the accounting records underlying the FS and information obtained from other sources (ISSAI 1500-Audit Evidence, par. 5(c)). Examples of the latter are confirmation replies from the Agency’s/Unit’s/Corporation/Project’s depository banks, debtors, or creditors. Information from third parties is considered to be more reliable as they have the impartiality that documents obtained from management lacks. 12. Sufficiency is the measure of quantity of audit evidence. The quantity of audit evidence needed is affected by the auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and also by the quality of such audit evidence (the higher quality, the less may be required). Obtaining more audit evidence, however, may not compensate for its poor quality. (ISSAI 1500, par. A4.) 13. Audit evidence does not have to be copious. As long as the audit is well documented, and the procedures manifested in such documents attained the audit objectives, the auditor may conclude that sufficient evidence is obtained which can support the conclusions made. For example, a working paper (top schedule and sub-schedules) showing how the cash balance is arrived at in the statement of financial position, with corresponding tick marks to show the audit procedures undertaken – vouching (accuracy and/or occurrence), verification of bank reconciliation statements (completeness and/or accuracy), confirmation (existence, disclosure and/or valuation), cash examination (existence and/or accuracy), workback of cash flow statement (accuracy) – to address the risks identified supported with duly validated bank reconciliation statements, cash examination reports and bank confirmation replies is sufficient enough audit evidence. 14. Appropriateness is the measure of the quality of audit evidence; that is its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. (ISSAI 1500, par. A5.) 15. The auditor must make sure that sources of audit evidence are reliable, those that can be trusted in terms of authenticity and truthfulness. For example, contracts properly signed by contracting parties duly witnessed and notarized by a notary public; bank statements obtained directly by management from depository banks; official receipts with complete information. 16. The evaluation of audit evidence obtained would address the following matters (Section 21.1, Guide 2011): a. Materiality i. If the amounts established for overall and performance materiality are still appropriate in the context of the entity’s actual financial results 116 ii. If a lower overall materiality (for the financial statements as a whole) than that initially determined is appropriate, the auditor is required to determine: whether it is necessary to revise performance materiality; and, whether the nature, timing and extent of the further audit procedures remain appropriate. b. Risk In light of the audit observations, assessments of risks of material misstatement at the assertion level are still appropriate. If not, the risk assessments would be revised, and further planned audit procedures would be modified. c. Misstatements The effect on the audit of identified misstatements and uncorrected misstatements, and the reason for misstatements/deviations has been considered. These may indicate an unidentified risk or a significant deficiency in internal control. Revision of the overall audit strategy and the audit engagement plan applies when: i. the nature of identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that, when aggregated with misstatements accumulated during the audit, could be material; or ii. the aggregate of misstatements accumulated during the audit approaches materiality. Additional audit procedures shall be performed to determine whether misstatements remain (in classes of transactions, account balance, or disclosures) where management was asked to correct misstatements. A.2. Considering Materiality of Uncorrected Misstatements 17. Pertinent paragraphs of ISSAI 1450-Evaluation of Misstatements Identified during the Audit that guides the evaluation of the effect of misstatements are: a. Paragraph 3. The objective of the auditor is to evaluate: i. The effect of identified misstatements on the audit; and ii. The effect of uncorrected misstatements, if any, on the FS. b. Paragraph 5. The auditor shall accumulate misstatements identified during the audit, other than those that are clearly trivial. c. Paragraph 6. The auditor shall determine whether the overall audit strategy and audit plan need to be revised if: i. The nature of identified misstatements and the circumstances of their occurrence indicate that other misstatements may exist that, when aggregated with misstatement accumulated during the audit, could be material; 117 ii. The aggregate of misstatements accumulated during the audit approaches materiality determined in accordance with ISSAI 1320-Materiality in Planning and Performing an Audit. d. Paragraph 10. Prior to evaluating the effect of uncorrected misstatements, the auditor shall reassess materiality determined in accordance with ISSAI 1320 to confirm whether it remains appropriate in the context of the entity’s actual financial results. e. Paragraph A.21. Circumstances that may affect the evaluation include the extent to which the misstatement: i. Affects compliance with regulatory requirements; ii. Affects compliance with debt covenants or other contractual requirements; iii. Relates to the incorrect selection or application of an accounting policy that has an immaterial effect on the current period’s FS but is likely to have a material effect on future periods’ FS; iv. Masks a change in earnings or other trends, especially in the context of general economic and industry conditions; v. Affects ratios used to evaluate the entity’s financial position, results of operations or cash flows; vi. Affects segment information presented in the FS (for example, the significance of the matter to a segment or other portion of the entity’s business that has been identified as playing a significant role in the entity’s operations or profitability); vii. Has the effect of increasing management compensation, for example, by ensuring that the requirements for the award of bonuses or other incentives are satisfied; viii. Is significant having regard to the auditor’s understanding of known previous communications to users, for example, in relation to forecast earnings; ix. Relates to items involving particular parties (for example, whether external parties to the transaction are related to members of the entity’s management); x. Is an omission of information not specifically required by the applicable FRF but which, in the judgment of the auditor, is important to the users’ understanding of the financial position, financial performance or cash flows of the entity; or, xi. Affects other information to be included in the entity’s annual report (for example, information to be included in a “Management Discussion and Analysis” or an “Operating and Financial Review”) that may reasonably be expected to influence the economic decisions of the users of the financial statements. ISSAI 1720 (Revised) deals with the auditor’s responsibilities relating to other information. 18. Before the auditor evaluates the results of performing procedures and any misstatements arising therefrom, the first step is to reassess the amounts established for overall and performance materiality. This is necessary because the initial determination of materiality will often be based on estimates of the entity’s financial results, and the actual results may be different. Factors that would lead to a change include: a. Initial determination of materiality is no longer appropriate in the context of the entity’s actual financial results; b. New information becomes available (such as user expectations) that would have caused the auditor to determine a different amount (or amounts) initially; and, 118 c. Unexpected misstatements that may cause the materiality amount for that particular class of transactions, account balance, or disclosure to be exceeded. (Item 21.2, par. 1, Guide 2011) 19. Whenever revisions to materiality is necessary, the auditor is required to consider and document the impact on the nature, timing and extent of further audit procedures required. (Item 21.2, par. 2, Guide 2011) 20. During the execution stage, Management may be unwilling to correct or adjust its accounting records on misstatements determined by the Auditor that affect the fair presentation of its FS for some reason or another. The Auditor summarizes these uncorrected misstatements (Illustration 11), and evaluates whether such uncorrected misstatements are material, individually or in aggregate and whether these will affect the opinion to be rendered. 21. For agencies/corporations with FOUs with complete sets of books, the FOU Team Leader submits to the RSA, the Summary of Uncorrected Misstatements (Illustration 12) for consolidation and submission to the SA at the Head Office. Illustration 12. Summary of Uncorrected Misstatements In Thousand Pesos No. Accounts and Description WP ref Asset Current 1 2 3 Other Expenses Cash in bank To record bank charges Operating expenses Accrued expenses To accrue expenses PPE Accumulated Surplus / Prior Period Adjustments To capitalize major repairs of buildings which were previously charged to expenses Total NonCurrent Liability Current NonCurrent Current Prior Period Period Revenue/ Revenue/ Expense Expense 60 Total Auditor’s Evaluation 60 (60) Not material* 23,000 23,000 23,000 Material* 50,000 50,000 (50,000) Material* 50,060 23,000 23,060 50,000 73,060 Material to modify auditor’s opinion * * Based on the overall materiality of P13.5 million A.3. Evaluating Financial Statements Prepared Using the Applicable Financial Reporting Framework 22. Before determining what appropriate opinion to render, the Auditor must also evaluate if: a. Financial statements are prepared in accordance with the applicable FRF, either PPSAS or PFRS. These accounting standards serve as guide in the preparation of the FS: 119 i. the appropriate presentation and classification of individual and group of accounts – for example, current and non-current distinction of accounts; real accounts are correctly presented in the SFPos, nominal accounts in the SFPer; ii. a complete set of FS that comprises: a statement of financial position, a statement of financial performance/statement of comprehensive income, a statement of changes in net assets/equity, a cash flow statement, a separate statement of comparison of budget and actual amounts or a budget column in the FS (for PPSAS users only), and notes, comprising a summary of significant accounting policies and other explanatory notes (PPSAS 1Presentation of Financial Statements, par. 21/PAS 1-Presentation of FS, par. 1.10); iii. minimum required disclosure in the FS and/or in the notes to FS – the standards require disclosures presented in the FS and/or in the Notes to FS information for each classification or sub-classification of accounts. For example, minimum disclosure required for property, plant and equipment includes the initial and subsequent measurements-either cost or revaluation models; recognition criteria-probable future economic benefit and reliable measurement of either cost or fair value; treatment of transfers; acquisitions and disposals. b. Accounting policies are appropriate and are consistent with PPSAS/PFRS – for example, the adopted accounting policy on measurement of inventory is the lower of cost and net realizable value which is aligned with paragraph 15 of PPSAS 12/PAS 2-Inventories. c. There are adequate disclosure of significant accounting policies – minimum disclosure of a summary of significant accounting policies includes: i. the measurement basis/bases used in preparing the financial statements; ii. the extent to which the entity has applied any transitional provisions in any PPSAS (PFRS); and, iii. other accounting policies used that are relevant to an understanding of the FS (PPSAS/PFRS 1). d. There is reasonable use of accounting estimates – the assumptions underlying the accounting estimates must be reasonable, or practical and rational. For example, the estimated useful life of a motor vehicle of five to 15 years depending on the utility of the vehicle is considered reasonable in computing for depreciation charges on such an asset. e. There is relevant, reliable, comparable and understandable presentation of information – the user must be able to compare the information in the FS with other agencies/units/corporations/ projects within the industry or business it operates; the information in the FS must be easily comprehensible to the user to avoid misconceptions and misunderstanding; such information must also be dependable, pertinent and appropriate. f. There is adequate disclosure of information conveyed in the FS – sufficient disclosure for every account considered as significant is required to avoid misinterpretation and to help the user arrive at an informed judgment/decision. g. There is appropriate use of terminologies – terms and words in the FS and the notes must be correct and proper to be more understandable to all kinds of users. 120 23. The auditors shall use as guide in the evaluation of Management’s disclosure in the Notes to FS, the disclosure requirements of each of the PPSAS/PFRS. For National Government Agencies, a disclosure checklist is provided in the GAM. 24. This stage in the audit is summarized in the following figure (Section 20, Guide 2011): Exhibit 6. Summary of Reporting Phase activities REPORTING Evaluate evidence obtained Complete all required file reviews Consider misstatements identified Resolve any issues with management Communicate audit findings with TCWG* Prepare the auditor’s report Complete audit documentation Document significant decisions Form an opinion Issue the auditor’s opinion *TCWG = those charged with governance B. Forms of Independent Auditor’s Report 25. There are two forms of auditor’s report, unmodified and modified auditor’s report. B.1. Unmodified Auditor’s Report 26. An unmodified auditor’s report is rendered when the auditor concludes that the FS are free from material misstatements and are prepared in accordance with the applicable and appropriate FRF (PPSAS or PFRS). 27. The contents of the opinion paragraph in an unmodified report are: Opinion We have audited the financial statements of (Agency/Unit/Corporation/Project) which comprise the statements of financial position as at December 31, 20X1 and 20X0, statements of financial performance/profit or loss/comprehensive income, statements of cash flows, statements of comparison of budget and actual amounts (for PPSAS users) for the years then ended, and notes to the financial statements, including a summary of significant accounting policies. 121 In our opinion, the accompanying financial statements of (Agency/Unit/Corporation/Project) are prepared in all material respects, in accordance with Philippine Public Sector Accounting Standards or Philippine Financial Reporting Standards. B.2. Modified Auditor’s Report 28. A modified auditor’s report is rendered if the auditor: (a.1) concludes that the FS are not free from material misstatements; or (a.2) is unable to obtain sufficient appropriate audit evidence to conclude that the FS as a whole are free from material misstatement. The auditor’s opinion in a modified auditor’s report is considered modified if he/she issued qualified or adverse opinion or disclaim an opinion. a. Qualified Opinion - The auditor shall express a qualified opinion when: i. The auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are material, but not pervasive, to the FS; or, ii. The auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, but the auditor concludes that the possible effects on the FS of undetected misstatements, if any, could be material but not pervasive. b. Adverse Opinion - The auditor shall express an adverse opinion when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are both material and pervasive to the FS. Misstatements are considered pervasive if in the auditor’s judgment: (a) they are not confined to specific elements, accounts or items of the FS; (b) if so confined, they represent or could represent a substantial proportion of the FS; or (c) in relation to disclosures, they are fundamental to users’ understanding of the FS. c. Disclaimer of Opinion - The auditor shall disclaim an opinion when the auditor is unable to obtain sufficient appropriate audit evidence on which to base the opinion, and the auditor concludes that the possible effects on the FS of undetected misstatements, if any, could be both material and pervasive. A disclaimer is also rendered when, in extremely rare circumstances involving multiple uncertainties, the auditor concludes that, notwithstanding having obtained sufficient appropriate audit evidence regarding each of the individual uncertainties; it is not possible to form an opinion on the FS due to the potential interaction of the uncertainties and their possible cumulative effect on the FS. B.2.1. Matters AFFECTING the Auditor’s Unmodified Opinion 29. The auditor may disagree with Management about certain matters such as the acceptability of accounting policies selected, the method of their application, or the adequacy of disclosures in the FS resulting in the misstatement of the FS. If such disagreements are significant to the FS, the auditor shall express a qualified or an adverse opinion. 30. Examples of material misstatements due to disagreements with Management are: a. Acceptability of accounting policies – for example, policy of using the cost model to recognize property, plant and equipment, lower of cost and net realizable value to recognize inventory, 122 amortized cost for loans and receivables are acceptable. Deviation from such policy may result in material misstatement; b. Method of application – accounting policies must be used consistently from period to period to attain comparability of FS. For example, if Management adopts in the current year the cost model of recognizing property, plant and equipment, and presenting in the FS, it shall apply the same model for the asset for the next year. Inconsistent application of the policy may lead to a material misstatement; c. Adequacy of disclosures – for example, Management discloses the initial and subsequent measurements of transportation equipment, the year’s acquisitions and disposals, depreciation charges, accumulated depreciation and allowance for impairment and other important matters relating to the asset. Anything less would be inadequate, thus, may result in material misstatement. 31. When the auditor is unable to perform necessary audit procedures or the auditor is unable to gather sufficient appropriate evidence, limitations on the scope of the audit arise. Such limitations may be imposed by the entity or imposed by circumstances. The inability to obtain sufficient appropriate audit evidence will result to either a qualified or a disclaimer of an opinion. 32. Scope limitation imposed by the entity takes the form of Management not providing access to accounting records or the status of the entity’s records (is incomplete, etc.), not allowing or limiting the conduct of interview with key personnel, sanctioning the undertaking of inspection of projects or deliveries. 33. Limitations to the scope of the audit should never arise from impositions by the auditor, as this constitutes deviation from audit engagement protocol and demonstrates unprofessionalism. 34. Whenever the auditor expresses a modified opinion, a clear description of all the substantive reasons should be included in the report and, unless impracticable, a quantification of the material uncorrected misstatements. B.2.2. Matters NOT AFFECTING the unmodified opinion 35. There are matters that do not affect the auditor’s unmodified opinion but discussed in the Emphasis of Matter and Other Matter paragraphs in the IAR. B.2.2.1. Emphasis of Matter Paragraph 36. Emphasis of Matter refer to matters appropriately presented or disclosed in the Notes to FS that, in the auditor’s judgment, are of such importance that it is fundamental to users’ understanding of the FS. (ISSAI 1706) The inclusion of an Emphasis of Matter paragraph does not affect the auditor’s opinion. 37. These are uncertainties, going concern uncertainties, justifiable PPSAS/PFRS departure, and inconsistencies that are adequately disclosed in the Notes to the FS. These result in an unmodified opinion with an addition of emphasis of matter paragraph. Lack of disclosure of such matters 123 significant to the FS would result in either a qualified or adverse opinion, not just the addition of emphasis of matter paragraph. 38. An uncertainty is a matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the FS. When there are significant uncertainties that are adequately accounted for and disclosed in the Notes to the FS, the auditor should consider modifying the report by adding an explanatory paragraph to the unmodified report to emphasize the material uncertainty. 39. The auditor should evaluate information gathered during the audit to determine whether there is substantial doubt about the entity’s ability to continue as a going concern. If there is a significant doubt about such an ability to continue as a going concern for a reasonable period of time, the auditor should consider whether the going concern problems are adequately disclosed in the Notes to FS. 40. In extreme cases, such as situations involving multiple uncertainties that are significant to the FS, the auditor may consider it appropriate to issue a disclaimer of opinion instead of adding an emphasis of a matter paragraph. 41. Changes affecting accounting principles and estimates may result in inconsistency of FS presentations. For example, in prior year, the Agency/Unit/Corporation/Project adopted the straight line method of depreciating its assets. In the current year, because of some valid reasons, it has changed its policy to declining balance method. When this arises, Management cannot present depreciation using two different methods for prior and current years, as this is tantamount to inconsistent FS. Management may either restate the prior year FS to use the declining balance method for that year and for the current year to achieve consistency. 42. Management may judge it necessary to depart from financial reporting standards in order to come up with a fair presentation of FS. If the reasons are adequately disclosed and the auditor believes that such a departure is justified the auditor should express an unmodified opinion and disclose the departure in a separate paragraph of the report. Examples of instances of acceptable departure from financial reporting standards are, new legislation or evolution of a new form of business transaction. B.2.2.2. Other Matter Paragraph 43. This refers to a matter other than those presented or disclosed in the financial statements that, in the auditor’s judgment, is relevant to user’s understanding of the audit, the auditor’s responsibilities or the auditor’s report (ISSAI 1706). Instances where this paragraph is included are: a. the law, regulation or accepted practice require or permit elaboration on matters to explain the auditors responsibilities in the audit; b. where FS intending for a specific purpose/user is prepared in accordance with a general purpose framework such as for the ADB. In such case, the auditor may consider inclusion of an Other Matter paragraph stating that the auditor’s report is intended solely for the intended users, and should not be distributed to or used by other parties. 124 c. In accordance with ISSAI 1720 (requirements, paragraph 10) “Material inconsistencies identified in other information obtained prior to the date of the auditor’s report”: if the revision of other information is necessary and Management refuses to make the revision, an Other Matter paragraph describing the material inconsistency is included. d. When the prior year audit opinion is different from the current year audit opinion, the change shall be communicated in the Other Matter paragraph. This applies to audit opinion using comparative FS approach. If during our current audit we became aware of events/circumstances that affect the FS of a prior period, we shall consider such matter when updating our report on the FS of the prior period. If in an updated report, we express an opinion different from our previous opinion on the FS of a prior period, we shall disclose all the substantive reasons for the different opinion in the Other Matter paragraph of our report. Also, if the updated opinion on the prior period FS is other than unmodified, we shall include in the opinion paragraph an appropriate modification with a reference to the Basis for Opinion paragraph. If we have previously modified our opinion on FS of a prior period because of disagreement with management (departure from PFRS/PPSAS, uncorrected misstatements, inadequate disclosure) and prior period FS are restated in the current period to conform with PFRS/PPSAS, our report on the FS of the prior period shall indicate that the FS have been restated and shall express an unmodified opinion with respect to the restated FS or to that matter/s presented which were the subject of prior period modification. 44. Shown in Table 9 is the summary of modifications of the Independent Auditor’s Report: Table 10. Summary of Modifications of the Independent Auditor’s Report Matters that: Affect the Unmodified Opinion Disagreement with Management (FS are materially misstated) Scope Limitation Do NOT affect the Unmodified Opinion Uncertainties Going Concern Uncertainties Inconsistencies Justifiable departure from PPSAS/PFRS Further explanation on auditor’s responsibilities in the audit 6. Financial statement intended for specific purpose but prepared in accordance with general purpose framework 7. Material inconsistency in other information not issued to management 8. Updating of prior year modified opinion to unmodified opinion A. 1. 2. 3. B. 1. 2. 3. 4. 5. Effect on the Financial Statements Material but not pervasive Material and Pervasive Qualified Adverse Qualified Disclaimer If disclosed in the Notes to FS, Unmodified opinion with Emphasis of Matter Paragraph If not disclosed in the Notes to FS, Unmodified opinion with Other Matter Paragraph 125 45. Illustrations for modified opinion is presented in Appendix 4-1 of this Manual. B.3. Auditor’s Report on Consolidated Financial Statements 46. For consolidated FS where auditors are required to render an auditor’s report, the wordings on the auditor’s report are the same except in the title and opinion paragraph where it is specifically stated that the FS and the Notes to FS are consolidated. 47. Consolidated financial statements are the FS of a group presented as those of single economic entity (PFRS 10-Consolidated Financial Statements). It is presented by the parent corporation in which it consolidates its FS with its investments in subsidiaries in accordance with PFRS 10. 48. Following is an example of the opinion paragraph of an unmodified auditor’s report for consolidated FS: Report on the Audit of the Financial Statements Qualified Opinion We have audited the financial statements of the Agency/Unit/Corporation/Project and its subsidiaries (the Group), which comprise the statement of financial position as at December 31, 20X1 and 20X0, and the statement of financial performance, statement of changes in net assets/equity and statement of cash flows for the years then ended, and notes to the financial statements, including a summary of significant accounting policies. In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion section of our report, the accompanying financial statements present fairly, in all material respects, the financial position of the Group as at December 31, 20X1 and 20X0, and their financial performance and cash flows for the years then ended, and notes to the financial statements, in accordance with Philippine Public Sector Accounting Standards or Philippine Financial Reporting Standards/Philippine Financial Reporting Standards. B.4. Auditor’s Report on Comparative Financial Statements 49. The Auditor is required to render an auditor’s report on comparative information. PPSAS 1, par. 53 states that Management must disclose comparative information in respect of the previous period for all amounts reported in the FS. Comparative information shall be included for narrative and descriptive information when it is relevant to an understanding of the current period’s FS. 50. More discussions on comparative FS are presented in Section III, Comparative Information. II. Specific Elements of the Independent Auditor’s Report 51. The IAR prescribed in ISSAI 1700 (Revised) shall be adopted. The elements are enumerated as follows: 126 A. Title The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor. (Ref: ISSAI 1700 (Revised) par. 21) B. Addressee The auditor’s report is normally addressed to those for whom the report is prepared, often either to the shareholders or to those charged with governance of the entity whose FS are being audited. (Ref: ISSAI 1700 (Revised) par. A21) C. Report on the Audit of Financial Statements The title, Report on the Audit of Financial Statements, is included to distinguish the following sections form the other reports required to be contained in the IAR. C.1. Opinion Section The opinion section should also report: a. b. c. d. The agency audited; The FS audited, identify the title of each statements; The Notes to FS, including the summary of significant accounting policies; and, The date of or period covered by each FS. Opinion (for unmodified opinion) We have audited the accompanying financial statements of the (Agency/Unit/Corporation/ Project), which comprise the statements of financial position as at December 31, 20X1 and 20X0, and the statements of financial performance/profit or loss/comprehensive income, statements of changes in net assets/equity, statements of comparison of budget and actual amounts and statements of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies and other explanatory information. In our opinion, the accompanying financial statements present fairly, in all material respects, the financial position of (Agency/Unit/Corporation/Project) as at December 31, 20X1 and 20X0, and its financial performance, cash flows, changes in net assets/equity, and comparison of budget and actual amounts for the year then ended in accordance with Philippine Public Sector Accounting Standards/Philippine Financial Reporting Standards. C.2. Basis for Opinion The auditor’s report shall include a section, directly following the opinion section the “Basis for Opinion”. This section shall: 127 a. States that the audit was conducted in accordance with ISSAI; b. Refers to the section of the auditor’s report that describes the auditor’s responsibilities under the auditing standards; c. Includes a statement that the auditor is independent of the entity in accordance with the relevant ethical requirements relating to the audit and has fulfilled the auditor’s other responsibilities under those ethical requirements. The statement shall identify the jurisdiction of origin of the relevant ethical requirements; and, d. States whether the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s opinion. Basis for Opinion (for unmodified opinion) We conducted our audits in accordance with International Standards of Supreme Audit Institutions (ISSAI). Our responsibilities under those standards are described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Company in accordance with the Revised Code of Conduct and Ethical Standards for Commission on Audit Officials and Employees (Code of Ethics) together with the ethical requirements that are relevant to our audit of the financial statements in the Philippines, and we have fulfilled our other ethical responsibilities in accordance with these requirements and the Code of Ethics. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. In case of modified opinion, this section shall state the basis for modification as the first paragraph. Basis for Qualified Opinion (for Qualified Opinion – same qualification for both years) The Agency’s inventories are carried in the statement of financial position at Pxxx and Pxxx as at December 31, 20X1 and 20X0, respectively. Management has not stated the inventories at the lower of cost and net realizable value but has stated them solely at cost, which constitutes a departure from PPSAS/PFRS. The Agency’s records indicate that, had management stated the inventories at the lower of cost and net realizable value, an amount of Pxxx and Pxxx as at December 31, 20X1 and 20X0, respectively, would have been required to write the inventories down to their net realizable value. This resulted in the understatement as at December 31, 20X1 and 20X0, respectively, of cost of sales by Pxxx and Pxxx and overstatement of income tax by Pxxx and Pxxx, net income by Pxxx and Pxxx, and stockholders’ equity by Pxxx and Pxxx. We conducted our audits in accordance with International Standards of Supreme Audit Institutions. Our responsibilities under those standards are described in the Auditor’s Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Agency in accordance with the Revised Code of Conduct and Ethical Standards for Commission on Audit Officials and Employees (Code of Ethics) together with the ethical requirements that are relevant to our audit of the financial statements, and we have fulfilled our other ethical responsibilities in accordance with these requirements and the Code of Ethics. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our qualified opinion. 128 C.3. Key Audit Matters These are matters that, in the auditor’s professional judgment, are of most significant in the audit of FS of the current period. These matters are addressed in the context of the audit of the FS as a whole. ISSAI 1701 applies to audit of complete sets of general purpose FS of listed entities, thus making this section a requirement for listed entities only. The purposes of reporting on KAM in the audit report are to: a. Increase transparency about the audit that was performed. Communicating KAM provides additional information to intended users of the FS to assist them in understanding those matters that, in the auditor’s professional judgment, were of most significance in the audit of the FS of the current period. b. Focus users of the FS on areas in the FS that are subject to significant management judgment and significant auditor attention, which may assist the users in better understanding the entity and FS, and the outcome of the audit as reflected in the auditor’s opinion. c. Provide users a basis to further engage with management and those in charge of governance, about certain matters related to the entity, the audited FS, or the audit that was performed. Communicating KAM in the auditor’s report is not: a. A substitute for disclosure in the Notes to FS that the applicable FRF requires Management to make, or that are otherwise necessary to achieve fair presentation; b. A substitute for the auditor expressing a modified opinion when required by the circumstances of a specific audit engagement in accordance with ISSAI 1705 (Revised); c. A substitute for reporting in accordance with ISSAI 1570 (Revised) when a material uncertainty exists relating to event or condition that may cast significant doubt on an entity’s ability to continue as a going concern; or, d. A separate opinion on individual matters. When communicating KAM, auditors should consider laws and regulations that restrict the reporting of such information by imposing confidentiality requirements. The need for confidentiality may be based on the mandate of the SAI or legislation related to official secrets or privacy. Auditors should identify such laws and regulations and should consider confidentiality requirements when determining the KAM to communicate. The Auditor is prohibited under ISSAI 1705 (Revised) from communicating KAM when the Auditor disclaims an opinion on the FS, unless such reporting is required by law or regulations. The Auditor shall describe each KAM, using an appropriate subheading, in a separate section of the Auditor’s Report under the heading “Key Audit Matters”. The introductory language shall state that: a. KAMs are those matters that, in the auditor’s professional judgment, were of most significance in the audit of the FS for the period; and, b. Those matters were addressed in the context of the audit of FS as a whole, and in forming the auditor’s opinion thereon; the auditor does not provide a separate opinion on those matters. 129 Key Audit Matters (For unmodified opinion - 1st paragraph) Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements of the current period. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. For each matter below, our description of how our audit addressed the matter is provided in that context. (For qualified opinion – 1st paragraph) Key audit matters are those matters that, in our professional judgment, were of most significance in our audit of the financial statements. These matters were addressed in the context of our audit of the financial statements as a whole, and in forming our opinion thereon, and we do not provide a separate opinion on these matters. In addition to the matter described in the Basis for Qualified Opinion section, we have determined the matters described below to be the key matters to be communicated in our report. We have fulfilled the responsibilities described in the Auditor’s Responsibilities for the Audit of the Consolidated Financial Statements section of our report, including in relation to these matters. Accordingly, our audit included the performance of procedures designed to respond to our assessment of the risks of material misstatement of the consolidated financial statements. The results of our audit procedures, including the procedures performed to address the matters below, provide the basis for our audit opinion on the accompanying consolidated financial statements. C.4. Emphasis of Matter Emphasis of Matter (For unmodified opinion) We draw attention to Note X of the financial statements, which describes the effects of a fire in the agency’s facilities. Our opinion is not modified in respect of this matter. (For qualified opinion) We draw attention to Note 30 to the Financial Statements which describes the contingent liabilities for lawsuits or claims filed by third parties against (Agency/Unit/Corporation/ Project) which are either pending in courts or under negotiation, and cases filed by (Agency/Unit/Corporation) against the (concerned agencies) which are pending before the Supreme Court, Court of Appeals and the Local Board of Assessments of the Local Government Unit. Our opinion is not modified in respect of these matters. 130 (For adverse of opinion) We draw attention to Note X to the financial statements which describes the uncertainties related to pending cases in several courts involving various claims against the Agency. Because of the significance of the matters described in the Basis for Adverse Opinion paragraph, it is appropriate to, and we do not, express an opinion on the information referred to above. C.5. Other Matter Other matter In our report dated March 1, 20X1, we expressed an opinion that the 20X0 financial statements did not fairly present the financial position, results of operations, and cash flows of Agency/Unit/Corporation/Project in accordance with the PPSAS or PFRS because of two departures from such principles: (1) Agency/Unit/Corporation/Project carried its property, plant, and equipment at appraisal values, and provided for depreciation on the basis of such values, and (2) Agency/Unit/Corporation/Project did not provide for deferred income taxes with respect to differences between income for financial reporting purposes and taxable income. The Agency/Unit/Corporation/Project has changed its method of accounting for these items and restated its 20X0 financial statements to conform with the PPSAS or PFRS. Accordingly, our present opinion on the restated 20X0 financial statements, as presented herein, is different from that expressed in our previous report. C.6. Other Information ISSAI 1720 (Revised), The Auditor’s Responsibilities Relating to Other Information, requires reporting on other information, financial or non-financial information included in an entity’s annual report. The auditor shall read the other information and, in doing so shall: a. Consider whether there is a material inconsistency between the other information and the FS. As the basis for this consideration, the auditor shall, to evaluate their consistency, compare selected amounts or other items in the other information (that are intended to be the same as, to summarize, or to provide greater detail about, the amounts or other items in the FS) with such amounts or other items in the FS; and, b. Consider whether there is a material inconsistency between the other information and the auditor’s knowledge obtained in the audit, in the context of audit evidence obtained and conclusions reached in the audit. While reading the other information, the auditor shall remain alert for indications that the information not related to the financial statements or the auditor’s knowledge obtained in the audit appears to be materially misstated. A separate section in the auditor’s report is used to identify the other information, describe the auditor’s responsibilities in relation thereto, and, if applicable, report on any material misstatement of the other information in “Other Matter” paragraph. 131 Some examples of other information to be disclosed are listed below: a. Liquidity and capital resource information, such as cash, cash equivalents and marketable securities; dividends; and debt, capital lease and minority interest obligations b. Amounts involved in guarantees, contractual obligations, legal or environmental claims, and other contingencies c. Financial measures or ratios, such as gross margin, return on average capital employed, return on average shareholders’ equity, current ratio, interest coverage ratio and debt ratio. Some of these may be directly reconcilable to the FS d. Explanations of critical accounting estimates and related assumptions e. Identification of related parties and descriptions of transactions with them f. Descriptions of guarantees, indemnifications, contractual obligations, litigation or environmental liability cases, and other contingencies, including management’s qualitative assessments of the entity’s related exposures g. Management’s qualitative assessments of the impacts of new financial reporting standards that have come into effect during the period or in the following period, on the entity’s financial results, financial position and cash flows Illustration: An auditor’s report of any entity, whether listed or other than listed, containing an unmodified opinion when the auditor has obtained all of the other information prior to the date of the auditor's report and has not identified a material misstatement of the other information. Other Information Management is responsible for the other information. The other information obtained at the date of this auditor’s report is included in the Annual Report of the Agency/Unit/Corporation/ Project, but does not include the financial statements and our auditor’s report thereon. Our opinion on the financial statements does not cover the other information and we do not express any form of assurance conclusion thereon. In connection with our audit of the financial statements, our responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit or otherwise appears to be materially misstated. If, based on the work we have performed, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. C.7. Responsibilities of Management and Those Charged with Governance for the Financial Statements The auditor’s report shall include a section with a heading using the appropriate term to describe those responsible for the preparation of the FS. This heading need not refer specifically to 132 “Management,” but may also refer to “Those Charged with Governance” or such term that is appropriate in the context of the legal framework in the particular jurisdiction. This section shall describe management’s responsibility for: a. Preparing the FS in accordance with the applicable FRF, and for such internal control as management determines is necessary to enable the preparation of FS that are free from material misstatements whether due to fraud or error; and, b. Assessing the entity’s ability to continue as a going concern and whether the use of the going concern basis of accounting is appropriate as well as disclosing, if applicable, matters relating to going concern. The explanation of management’s responsibility for this assessment shall include a description of when the use of the going concern basis of accounting is appropriate. Those responsible for the oversight of the financial reporting process, if different from those responsible for preparing the FS shall also be identified in this section. Responsibilities of Management and Those Charged with Governance for the Financial Statements Management is responsible for the preparation of the financial statements in accordance with the Philippine Public Sector Accounting Standards or Philippine Financial Reporting Standards and for such internal control as management determined is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, management’s responsibility for assessing the agency’s ability to continue as a going concern, disclosing as applicable, matters related to going concern and using the going concern basis of accounting unless management either intend to liquidate the agency or to cease operations, or has no alternative but to do so. Those charged with governance are responsible for overseeing the agency’s financial reporting process. C.8. Auditor’s Responsibilities for the Audit of the Financial Statements The auditor’s report shall state that: a. The objectives of the audit are to: (i) Obtain reasonable assurance about whether the FS as a whole are free from material misstatement, whether due to fraud or error; and, (ii) Issue an IAR that includes an opinion. b. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISSAIs will always detect a material misstatement when it exists; c. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these FS; 133 d. The auditor exercises professional judgment and maintains professional skepticism throughout the audit; e. The Auditor’s responsibilities are: i. To identify and assess the risks of material misstatements of the FS, whether due to fraud or error; to design and perform audit procedures responsive to those risks; and to obtain audit evidence that is sufficient and appropriate to provide a basis for his opinion. The risk of material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. ii. To obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the agency’s internal control. iii. To evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management. iv. To conclude on the appropriateness of management’s use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the agency’s ability to continue as a going concern. If he concludes that a material uncertainty exists, he is required to draw attention in the auditor’s report to the related disclosures in the FS or, if such disclosures are inadequate, to modify his opinion. His conclusions are based on the audit evidence obtained up to the date of the auditor’s report. However, future events or conditions may cause the agency to cease to continue as a going concern. v. To evaluate the overall presentation, structure and content of the FS, including the disclosures, and whether the FS represent the underlying transactions and events in a manner that achieves fair presentation. f. The Auditor communicates with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit observations, including any significant deficiencies in internal control that he identifies during the audit. g. The Auditor provides those charged with governance with a statement that he has complied with relevant ethical requirements regarding independence, and communicate with them all relationships and other matters that may reasonably be thought to bear on his independence, and where applicable, related safeguards. h. From the matters communicated with those charged with governance, the auditor determines those matters that were of most significance in the audit of the FS of the current period and are therefore the key audit matters. i. In cases of group audits where ISSAI 1600, paragraph 14 applies, the auditor’s responsibilities in group audit are: i.1) To obtain sufficient appropriate audit evidence regarding the financial information of the entities and business activities within the group to express an opinion on the 134 group FS; i.2) For the direction, supervision and performance of the group audit; and (i.3) To remain solely responsible for the auditor’s opinion. Auditor’s Responsibilities for the Audit of Financial Statements (For unmodified, qualified, and adverse opinion) Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISSAI will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. As part of an audit in accordance with ISSAIs, we exercise professional judgment and maintain professional skepticism throughout the audit. We also: Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Agency/Unit/Corporation/Project’s internal control. Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by management. Conclude on the appropriateness of management’s use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Agency/Unit/Corporation/Project’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditor’s report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditor’s report. However, future events or conditions may cause the Agency/Unit/Corporation/Project to cease to continue as a going concern. Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation. 135 We communicate with those charged with governance regarding, among other matters, the planned scope and timing of the audit and significant audit observations, including any significant deficiencies in internal control that we identify during our audit. We also provide those charged with governance with a statement that we have complied with relevant ethical requirements regarding independence, and to communicate with them all relationships and other matters that may reasonably be thought to bear on our independence, and where applicable, related safeguards. From the matters communicated with those charged with governance, we determine those matters that were of most significance in the audit of the financial statements of the current period and are therefore the key audit matters. We describe these matters in our auditor’s report unless law or regulation precludes public disclosure about the matter or when, in extremely rare circumstances, we determine that a matter should not be communicated in our report because the adverse consequences of doing so would reasonably be expected to outweigh the public interest benefits of such communication. (The last paragraph is not included if there is no KAM to report) (For disclaimer of opinion) Our responsibility is to conduct an audit of the Agency/Unit/Corporation/Project’s financial statements in accordance with ISSAI and to issue an auditor’s report. However, because of the matter described in the Basis for Disclaimer of Opinion section of our report, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion on these consolidated financial statements. We are independent of the Agency/Unit/Corporation/Project in accordance with the ethical requirements that are relevant to our audit of the financial statements in Code of Ethics, and we have fulfilled our other ethical responsibilities in accordance with these requirements. D. Report on Other Legal and Regulatory Requirements This refers to other reporting responsibilities not addressed under the reporting responsibilities required by the ISSAIs as part of the report. (ISSAI 1720) The Auditor is required to report on other regulatory requirements, such as the entity’s inclusion in the Notes to FS information on taxes, duties and license fees paid or accrued during the taxable year. It may also include applicable requirements from other regulatory bodies. Report on Other Legal and Regulatory Requirements (for unmodified opinion) Our audits were conducted for the purpose of forming an opinion on the basic financial statements taken as a whole. The supplementary information in Note X to the financial statements is presented for the purpose of filing with the Bureau of Internal Revenue and is not a required part 136 of the basic financial statements. Such supplementary information is the responsibility of management and has been subjected to auditing procedures applied in our audits of the basic financial statements. In our opinion, the supplementary information is fairly stated, in all material respects, in relation to the basic financial statements taken as a whole. (for qualified opinion) Our audits were conducted for the purpose of forming an opinion on the basic financial statements taken as a whole. The supplementary information in Note X to the financial statements is presented for the purpose of filing with the Bureau of Internal Revenue and is not a required part of the basic financial statements. Such supplementary information is the responsibility of management and has been subjected to auditing procedures applied in our audits of the basic financial statements. In our opinion, except for the effect of the information of the matter/s described in the Basis for Qualified Opinion paragraph, the supplementary information is fairly stated, in all material respects, in relation to the basic financial statements taken as a whole. (for adverse opnion) Our audits were conducted for the purpose of forming an opinion on the basic financial statements taken as a whole. The supplementary information in Note X to the financial statements is presented for the purpose of filing with the Bureau of Internal Revenue and is not a required part of the basic financial statements. Such supplementary information is the responsibility of management. Because of the significance of the matter/s described in the Basis for Adverse Opinion paragraph, it is inappropriate to and we do not express opinion on the supplementary information referred to above. (for disclaimer of opinion) We were engaged for the purpose of forming an opinion on the basic financial statements taken as a whole. The supplementary information in Note X to the financial statements is presented for the purpose of filing with the Bureau of Internal Revenue and is not a required part of the basic financial statements. Such supplementary information is the responsibility of management. Because of the significance of the matter/s described in the Basis for Disclaimer of Opinion paragraph, it is inappropriate to and we do not express opinion on the supplementary information referred to above. (unmodified opinion & the entity did not disclose all the required supplementary information) Management of X Company has not presented the supplementary information on taxes, duties and license fees required for the purpose of filing with the Bureau of Internal Revenue and is not a required part of the basic financial statements. Our opinion on the basic financial statements is not affected by the non-presentation of the supplementary information. (unqualified opinion & the required supplementary information is presented and clearly differentiated from the audited financial statements but was not audited) Our audits were conducted for the purpose of forming an opinion on the basic financial statements taken as a whole. The supplementary information in Note X to the financial statements is 137 presented for the purpose of filing with the Bureau of Internal Revenue and is not a required part of the basic financial statements. Such supplementary information is the responsibility of management. We were not able to apply auditing procedures on such supplementary information because [state the reason/s]. Accordingly, it is inappropriate to and we do not express an opinion on the supplementary information referred to above. E. Name of the Engagement Partner “COMMISSION ON AUDIT”, placed before the signature and name of the Supervising Auditor. F. Signature of the Auditor The IAR shall be signed by the Supervising Auditor or duly authorized signatory. G. Auditor’s Address This represents the official address of the Auditor. It is usually a part of the letterhead hence, no need to include this after the signature of the Auditor. H. Date of the Independent Auditor’s Report It shall be dated not earlier than the date when the auditor has obtained sufficient appropriate audit evidence, usually after fieldwork or after the exit conference if there are still procedures to be undertaken as a result of what has been discussed, as basis of the auditor’s opinion on the FS. III. Comparative Information 52. ISSAI 1710 – Comparative Information deals with the auditor's responsibilities relating to comparative information in an audit of FS. The nature of the comparative information that is presented in an entity's FS depends on the requirements of the applicable FRF. Comparative information refers to the amounts and disclosures included in the FS in respect of one or more prior periods in accordance with the applicable FRF. A. Corresponding Figures and Comparative Financial Statements 53. There are two different broad approaches to the auditor's reporting responsibilities in respect of such comparative information: corresponding figures and comparative FS. Under the corresponding figures approach, the amounts and other disclosures for the prior period included as an integral part of the current period FS, are intended to be read only in relation to the amounts and other disclosures relating to the current period (referred to as “current period figures”). The level of detail presented in the corresponding amounts and disclosures is dictated primarily by its relevance to the current period figures. 54. The objectives of the auditor are: 138 a. b. To obtain sufficient appropriate audit evidence about whether the comparative information included in the FS has been presented, in all material respects, in accordance with the requirements for comparative information in the applicable FRF; and, To report in accordance with the auditor’s reporting responsibilities. 55. The auditor shall determine whether the FS include the comparative information required by the applicable FRF and whether such information is appropriately classified. 56. For this purpose, the auditor shall evaluate whether: a. b. The comparative information agrees with the amounts and other disclosures presented in the prior period or, when appropriate, have been restated; and, The accounting policies reflected in the comparative information are consistent with those applied in the current period or, if there have been changes in accounting policies, whether those changes have been properly accounted for and adequately presented and disclosed. A.1. Corresponding Figures 57. Under ISSAI 1710, when corresponding figures are presented, the auditor’s opinion shall not refer to the corresponding figures except in the circumstances described below: a. If the auditor’s report on the prior period, as previously issued, included a MODIFIED opinion and the matter which gave rise to the modification is unresolved, the auditor shall modify the auditor’s opinion on the current period’s FS. In the “Basis for Modification” paragraph in the auditor’s report, the auditor shall either: i. ii. Refer to both the current period’s figures and the corresponding figures in the description of the matter giving rise to the modification when the effects or possible effects of the matter on the current period’s figures are material; or, In other cases, explain that the audit opinion has been modified because of the effects or possible effects of the unresolved matter on the comparability of the current period’s figures and the corresponding figures. b. If the auditor obtains audit evidence that a material misstatement exists in the prior period financial statements on which an unmodified opinion has been previously issued, and the corresponding figures have not been properly restated or appropriate disclosures have not been made, the auditor shall express a qualified opinion or an adverse opinion in the auditor’s report on the current period financial statements, modified with respect to the corresponding figures included therein. c. If the prior period financial statements were not audited, the auditor shall state in an Other Matter paragraph in the auditor’s report that the corresponding figures are unaudited. Such a statement does not, however, relieve the auditor of the requirement to obtain sufficient appropriate audit evidence that the opening balances do not contain misstatements that materially affect the current period’s financial statements. 58. When the auditor’s report on the prior period, as previously issued, included a MODIFIED opinion (qualified, disclaimer, or adverse) and the matter which gave rise to the modified opinion is resolved 139 and properly accounted for or disclosed in the FS in accordance with the applicable FRF, the auditor’s opinion on the current period need not refer to the previous modification. A.2. Comparative Financial Statements 59. When comparative FS are presented, the auditor’s opinion shall refer to each period for which FS are presented and on which an audit opinion is expressed. 60. When reporting on prior period FS in connection with the current period’s audit, if the auditor’s opinion on such prior period FS differs from the opinion the auditor previously expressed, the auditor shall disclose the substantive reasons for the different opinion in an Other Matter paragraph in accordance with ISSAI 1706. 61. If the prior period FS were not audited, the auditor shall state in an Other Matter paragraph that the comparative FS are unaudited. Such a statement does not, however, relieve the auditor of the requirement to obtain sufficient appropriate audit evidence that the opening balances do not contain misstatements that materially affect the current period’s FS. 62. Government entities adopt the PPSAS or PFRS as their FRF. These standards require that comparative information shall be disclosed in respect of the previous period for all amounts reported in the FS. IV. Special Considerations - Audits of Financial Statements Prepared in Accordance with Special Purpose Frameworks 63. When forming an opinion and reporting on special purpose FS, the auditor shall apply the requirements of ISSAI 1700 (Revised). The Auditor’s Report shall describe the purpose for which the FS are prepared and if necessary, the intended users or refer to a note in the special purpose FS that contains that information. 64. If management has a choice of FRFs in the preparation of such FS, the explanation of management’s responsibility for the FS shall also make reference to its responsibility for determining that the applicable FRF is acceptable in the circumstances. 65. The auditor’s report shall include an Emphasis on Matter paragraph (ISSAI 1720) alerting users that FS are prepared in accordance with a special purpose framework and that, as a result, the FS may not be suitable for another purpose. The auditor shall include this paragraph under an appropriate heading. V. Types of Audit Report 66. The audit report considers the management’s comments during the exit conference which should be reduced in writing and formed part of documentation. This may be in the form of: a. Annual Audit Report (AAR) – a report prepared at year-end on the results of audit on the accounts and operations of an Agency/Unit/Corporation/Project. It is composed of the IAR and discussion on observations with corresponding recommendations. In case the audited agency 140 failed to submit the FS for audit, no IAR can be issued. The auditor instead will issue ML containing only the observations with corresponding recommendations. For an Agency/Corporation with regional/branch offices and FOUs, the AAR shall be the consolidated report on the results of audit of the head office, and the regional/division/district/field offices of such Agency/Corporation. This report is transmitted to the Agency Head by the CD/RD. In the case of GOCCs, the AAR is also transmitted to the governing board. b. Management Letter (ML) – an audit report on the results of audit of the regional/branch offices, FOUs, staff bureau and line office with complete set of books of accounts. This is addressed to the Regional/Branch/Office Head and transmitted by the SA/RSA. c. Summary of Audit Observations and Recommendations (SAOR) – a report/matrix that summarizes the audit observations, recommendations, management comments and auditor's rejoinder. This is the required year-end audit report for regional/field office agency with incomplete set of books of accounts and national high schools with complete set of books of accounts. This report is transmitted to the Agency Head by the SA/RSA. The SAOR shall be the basis/input for the consolidation of ML/AAR. 67. The audit observations and recommendations are reviewed by the SA/RSA and CD/RD to ensure that the same are based on the results of audit and duly documented, and all material issues and concerns noted during the audit are included in the report and/or cleared by the CD/RD. 68. The guidelines on the preparation of audit report including the transmittal of reports and requirements for the agency to submit the financial statements and documents are prescribed under pertinent COA Issuances. 141 Appendix 4-1A. Illustration of Cases for Modified Opinion 1. Disagreement with management a. Departure from PPSAS/PFRS Recognition of PPE - hospital equipment - does not include an initial estimate of dismantling cost. Amount is material, but effect is not pervasive. Qualified opinion We have audited… In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion section of our report, the accompanying financial statements present fairly, in all material respects, the financial position of the Agency as at December 31, 20CY, and its financial performance and its cash flows for the year then ended in accordance with Philippine Public Sector Accounting Standards. Basis for Qualified Opinion The Agency’s hospital equipment acquired on January 15, 20CY was recognized at a cost of Pxxxxx.xx, but such cost did not include an initial estimate of the cost to dismantle and remove the item and restoring the site on which it is located. The non-recognition of dismantling cost is a departure from Philippine Public Sector Accounting Standards 17-Property, Plant and Equipment. PPE, therefore, is understated by Pxxx.xx at the end of 20CY and depreciation expense and accumulated depreciation are understated by Pxx.xx at the end of the same year. b. Uncorrected misstatements Inventory worth Pxxx.xx is not adjusted for items already expired valued at Pxxx.xx. Further, the Corporation refuses to recognize a material loss on a settlement of a lawsuit that was determinable during the period covered by the audit report. Adverse opinion We have audited… In our opinion, because of the effects of the matters described in the Basis for Adverse Opinion section of our report, the accompanying financial statements do not present fairly, in all material respects, the financial position of the Corporation as at December 31, 20CY, and its financial performance and its cash flows for the year then ended in accordance with Philippine Financial Reporting Standards. Basis for Adverse Opinion 142 The balance of Inventory stated in the financial statements as at December 31, 20CY at P00,000,000 is inaccurate since the Corporation refused to record an allowance for impairment of inventory items that were already expired. The non-recognition of allowance for impairment loss of P000,000 rendered the valuation of the account higher by P000,000, and impairment loss and allowance for impairment loss lower by P000,000 as at the end of the current year. As explained in Note xx to the financial statements, during December 20CY, the Corporation agreed to settle a pending lawsuit by the payment of P00,000,000, which was approximately greater than the amount by P000,000 that had been accrued to cover this litigation. No additional amount was provided in the financial statements. c. Inadequate disclosure Non-disclosure of a major loans payable in the amount of Pxxx.xx in the notes to financial statements incurred to build a new plant in the Visayas to expand its operations. A land acquired for the plant was not also disclosed. Effect is material but not pervasive. Qualified opinion We have audited… In our opinion, except for the effects of the matters described in the Basis for Qualified Opinion section of our report, the accompanying financial statements present fairly, in all material respects, the financial position of the Corporation as at December 31, 20CY, and its financial performance and its cash flows for the year then ended in accordance with Philippine Financial Reporting Standards. Basis for Qualified Opinion The QRST Corporation entered into a loan agreement with BBB Banking Corporation worth P00,000,000 to build a new plant in the Visayas to expand its operations with terms of xx years at xx% interest annually. This was not, however, disclosed in the financial statements as required in PFRS 1-Presentation of Financial Statements and PFRS 23-Borrowing Costs, as well as the information that the Corporation’s payment for the loan’s substantial interest may affect its working capital. The lack of disclosure precluded the users of the financial statements to make informed decisions. Further, a parcel of land acquired where the plant will be situated was not disclosed in the financial statements. The land is stated at P0,000,000 as at December 31, 20CY. 2. Scope limitation a. The LGU did not conduct a physical inventory of its assets. Evidence supporting its PPE assets acquired in prior years is no longer available. The condition of its accounting records does not permit application of adequate alternative procedures. Effect is material and pervasive. Disclaimer of Opinion 143 We were engaged to audit… We do not express an opinion on the accompanying financial statements. Because of the significance of the matter described in the Basis for Disclaimer of Opinion section of our report, the scope of our work was not sufficient to enable us to obtain sufficient and appropriate audit evidence to provide a basis for an audit opinion on these financial statements. Basis for Disclaimer of Opinion The City did not conduct a physical count of its inventory, stated at P000,000 in the accompanying financial statements as at December 31, 20CY. Further, evidence supporting the cost of property and equipment acquired prior to December 31, 20CY is no longer available. The City’s records do not permit the application of adequate alternative procedures regarding the inventories or the cost of property and equipment. b. Non-confirmation of accounts receivable because of a restriction imposed by management Qualified opinion We have audited… In our opinion, except for the possible effects of the matter described in the Basis for Qualified Opinion section of our report, the accompanying financial statements present fairly, in all material respects, the financial position of the Corporation as at December 31, 20CY, and its financial performance and its consolidated cash flows for the year then ended in accordance with Philippine Financial Reporting Standards. Basis for qualified opinion As instructed by management, we did not request confirmation of accounts receivable by direct correspondence with the debtors of the Corporation. Consequently, we were unable to determine whether any adjustments to the balance of accounts receivable as at December 31, 20CY were necessary. 144 Section 5 Quality Control Review 1. Quality control provides reasonable assurance that the audit engagement is performed in compliance with professional standards and applicable legal and regulatory requirements, and the audit report is appropriate in the circumstances. (The definition and discussions are covered by ISSAI 1220). I. Quality Control versus Quality Assurance 2. While Quality Control and Quality Assurance are used interchangeably, there is a clear difference. Quality control involves policies and procedures through which a SAI ensures that the audit is carried out in compliance with the SAI auditing standards, rules and procedures in line with the best international practices while quality assurance is a process through which a SAI monitors and ensures that quality control is working effectively. Both Quality Control and Quality Assurance operate within the Quality Management approach implemented by the SAI to ensure that audit results as well as the means to achieving them, are within the desired level of quality. II. Responsibility for Quality Control System and Quality Control Procedures 3. The SAI has an obligation to establish and maintain a system of quality control to provide reasonable assurance that: (a) The SAI and its personnel comply with professional standards and applicable legal and regulatory requirements; and (b) Reports issued by the Auditors are appropriate in the circumstances. Quality controls are established in all phases of the audit. 4. Within the context of the SAI’s system of quality control, the audit teams are responsible for implementing quality control procedures that are applicable to the audit engagement and provide the SAI with relevant information to ensure that quality controls relating to independence are functional. The SA/RSA is responsible for the overall quality of each audit engagement. 5. The elements of quality control follow (ISQC 1): a. Leadership responsibilities for quality – Engagement partner shall take responsibility for the overall quality of audit. b. Relevant ethical requirements – Fundamental principles of professional ethics are integrity, objectivity, professional competence and due care, confidentiality, and professional behavior. c. Acceptance and continuance of client relationships and specific engagements – Information affecting conclusion include integrity of those charged with governance, competence of the engagement team, compliance with relevant ethical requirements, and significant matters that have arisen during the current or previous audit engagements. d. Human resources – The audit team must have appropriate competence and capabilities such as experience with audit engagements of a similar nature, understanding of professional standards and applicable legal and regulatory requirements, technical expertise, and ability to apply professional judgment. e. Engagement performance – Direction of the engagement team involves discussion with all members of the team, appropriate teamwork and training, and supervision. 145 f. Monitoring – Quality control policies and procedures are relevant, adequate, and operating effectively. III. Quality Control Review Process in COA 6. The responsibility for the quality of an audit and resulting Audit Report rests with the CD/RD and SA/RSA. Following the Revised Guidelines in the Implementation of the Unified Audit Approach, there are three levels of quality control review implemented in all the phases of the audit. These are summarized below: Table 11. Levels of Quality Control Review Outputs Prepared by Reviewed and Signed by ATM ATL ATL SA/RSA SA/RSA CD/RD 7. At the first level, ATLs are responsible for the initial review of the working papers prepared/obtained by the ATMs, namely, results of evaluation and validation of controls over identified risks, substantive work reducing residual audit risks to acceptable levels, supporting documents for the audit report, draft audited FS; and other working papers. 8. At the level of SA/RSA, review should sufficiently satisfy the requirements that the audit documentation contains adequate evidence of the work done and conclusions reached, and provide a reasonable basis for an opinion. 9. The SA/RSA is responsible for: a. Determining whether the overall presentation of the FS, including the related disclosures, is in accordance with the applicable FRF. (This aspect is discussed in Section 4) b. Ensuring that all necessary audit procedures have been completed, reviewed, and sufficiently and appropriately documented. c. Monitoring compliance by the audit team with auditing standards, laws, regulations and ethical requirements. d. Reviewing audit conclusions, recommendations, and professional judgments made by the audit team. e. Ensuring that all significant changes made to the audit strategy and audit plan are justified and appropriately documented and approved. f. Monitoring Management compliance with the requirements included in the Engagement Letter, and action on deficiencies requiring corrections in the final FS. IV. Quality Control Documents 10. Auditor’s Declaration of Independence and Compliance with Other Ethical Standards - At the Preliminary Engagement Phase, the Auditor’s Declaration of Independence and Compliance with Other Ethical Standards signed by all members of the team, confirmed by the SA/RSA during the Execution Phase and concurred by the CD/RD serves as an assurance that the audit is performed by a team composed of competent and professional auditors. 146 11. Engagement Letter - COA formally informs the Auditee of its audit requirements well ahead of time as a matter of professional courtesy and engagement direction. 12. Engagement Planning Memorandum is not only a planning tool but also serves as supervision and monitoring tool for the SA/RSA and the CD/RD. The progress of work by the team members, the audit procedures performed and the timing of audit activities can be kept track through the Plan. Deviations to activities approved in the Plan need to be approved by the SA/RSA before these are effected. Otherwise, the ATL will be required to formally explain why certain procedures were skipped, why budgeted time for each objective was exceeded, among others. This Plan will then serve as a gauge of how well each member in the team performed. V. Quality Control Review Documents 13. Completion Compliance Checklist (Appendix 5-1)- This Checklist enables the SA/RSA and the CD/RD to check that all the required key, sign-off and quality control procedures from the Preliminary Engagement Phase to the Reporting Phase were performed. The accomplished checklist serves as basis for the CD/RD in rating the performance of the audit team along with the Auditee performance rating on the audit team. 14. An Auditee Feedback Sheet (Appendix 5-2) is designed to assess audit team’s performance in the field. It should be sent directly by the CD/RD to the Auditee. This serves as a tool to ensure COA’s commitment to quality service through quality staff. This Sheet should be addressed to the Agency Head who is requested to respond within a given timeframe. The feedback results especially for audit teams receiving negative feedback should be acted upon by the CD/RD. a. It is important to seek explanation of the audit team on negative feedback to make them aware of actions considered unprofessional and/or unethical by the Auditee. b. The CD/RD shall ensure that a report of all feedback results and actions taken by the CD/RD is submitted to the Assistant Commissioner for his/her information after transmittal of all the annual audit reports. 15. Director’s Evaluation Form (Appendix 5-3) a. The Audit Team’s performance including that of the SA/RSA will be assessed based on the Completion Compliance Checklist and the Auditee Feedback Sheet by the CD/RD with the assessment evaluation to the Assistant Commissioner concerned. b. This quality control review tool allows the CD/RD and the Assistant Commissioner to have a reasonable basis for taking appropriate action to ensure the quality of financial audit performed by the audit teams. 16. Financial Management Performance Rating (Appendix 5-4) a. This quality control review tool assesses the quality of an Auditee’s financial management performance using the results of the audit performed, including internal control review. b. When necessary, the results may be provided to the Department of Budget and Management as one of the bases for reviewing the Auditee’s performance. 147 17. A summary of the Quality Control Documents is presented in Exhibit 7. Exhibit 7. Quality Control Documents Q U A L I T Y Preliminary Activities C O N T R O L Reporting Planning Execution Engagement Letter Auditor’s Declaration of Independence and Compliance with Other Ethical Standards Engagement Planning Memorandum OAS, PDA, SRPIR, RRAAL, MT, AP AOM/AAPSI/APMT/RTS/Minutes of Exit Conference Audit Report Completion Compliance Checklist Quality Control Review Auditee Feedback Sheet Director’s Evaluation Form Financial Management Performance Rating 148 Appendix 5-1. Completion Compliance Checklist Name of Agency Completion Compliance Checklist Year end ____________ I. Key Procedures No. Description Preliminary engagement 1. Auditee informed of the audit to be undertaken, its responsibilities under the audit and the audit requirements 2. Auditors are independent from the Auditee and committed to be objective in the conduct of audit Planning 1. Established the Initial overall audit strategy indicating the scope, timing and direction of the audit 2. Auditors gathered/updated and analyzed financial related information as basis for Preliminary Risk Assessment Document Engagement letter signed and delivered Auditor’s Declaration of Independence and Compliance with Other Ethical Standards Overall Audit Strategy - Evaluated results of other audits conducted, cash Working Paper on Preliminary examination, notices of suspension, disallowances and charges issued, personnel/property accountability audit, investigation of current/emerging issues - Obtained understanding of agency’s objectives, operations and outputs in relation to funds/appropriations data analysis UTA/Financial Accountability LogFrame - Assessed existence and design of internal controls related Updated Agency Internal Control to financial statements - Assessed compliance with the Internal Control Policies, Framework/ALCC Walkthrough Analysis Procedures and Practices (or General Accounting Plan for national agencies) - Conducted preliminary analytical review of financial Tie in analysis worksheet/variance 5. statements Summarized information gathered and the results of preliminary risk assessment Determined Materiality level by identifying and selecting appropriate benchmark and financial data Conducted risk assessment process 6. Established the audit engagement plan to execute the audit 3. 4. Execution 1. Approved changes in assessed risks of material misstatements, either due to fraud or errors, reflected in Engagement Planning Memorandum 149 analysis worksheet Summary Report on Preliminary Identification of Risks Materiality Template Results of Risk Assessment at the Assertion Level Approved Engagement Planning Memorandum with Audit Program Approved Revised Risk Assessment Template No. Description 2. Approved changes in the Overall Audit Strategy and Audit Plan 3. Sufficient documents gathered and fieldwork procedures completed 4. Identified, evaluated, and documented related parties and related party transactions; litigation and claims; segment reporting; subsequent events; and account balances and disclosures 5. Discussed all misstatements and errors identified during the audit with the Auditee 6. Summarized all uncorrected misstatements and errors 7. Summarized audit observations and observations for approval by the SA/RSA and discussion with the management 8. Conducted exit meeting with the Auditee or those charged with governance (if appropriate) 9. Tracked Status of Prior Years’ Recommendations Reporting 1. Presented Financial Statements and notes/disclosures complete and in accordance with the prescribed reporting framework 2. Audit observations based on the results of audit and duly documented 3. All material issues and concerns noted during the audit included in the report or cleared 4. AOMs well written with complete elements of an observation 5. All critical matters cleared by the Audit Team Leader with the SA/RSA and CD/RD as deemed appropriate 6. Audit Report dated after and near the date of Management’s written representation certificate 7. Audit Report issued was appropriate given the established materiality level and other qualitative factors deemed significant 8. Audit Report was completed, reviewed and transmitted/ distributed on time Quality assurance 1. All working papers and other documents in proper order, complete and signed off by preparer All top schedules contain the audit conclusion of the auditor 2. All working papers and other documents properly reviewed and signed off by reviewer 150 Document Approved Revised Overall Audit Strategy and Audit Plan Working Papers and audit evidence duly indexed WPs/AOMs/NSs/NDs/NCs Minutes of the meeting Summary of Uncorrected Misstatements Summary of Audit Observations and Recommendations Minutes of exit conference Recommendation Tracking Sheet Financial Statements AOM with supporting documents Working Paper Management Representation Letter Review Notes AAR/ML/SAOR AAR/ML/SAOR Audit documentation/Working Papers No. Description 3. All working papers properly indexed and referenced 4. File and secure all working papers 5. All requirements in the templates from Preliminary engagement to Reporting completed and documented 6. Financial management performance of agency evaluated 7. Team performance evaluated Document Duly approved Financial Management Performance Rating Director’s Evaluation Form Auditee Feedback Sheet Plan for the next audit engagement 1. Actual hours completed and relative documentation placed on file 2. Team debriefing held 3. Overall audit performance/execution reviewed Prepared by: __(Signature over printed name)__ ATL Date: Reviewed by: __(Signature over printed name)__ SA/RSA Date: 151 II. Engagement Sign-off No. Description 1. Based on my consideration of the matters set out below, supported by sufficient review of relevant and significant audit documentation, I confirm that: The engagement has been appropriately executed in accordance with the policies and procedures, sufficient appropriate evidence has been obtained to support our opinion, and the audit report to be issued is appropriate in the circumstances. I have been sufficiently involved in the audit process, including in key meetings with the entity and the team. The extent and timing of my review of the items and matters referred to below is sufficiently evidenced, either in the audit file or through comments below and through this completion sign-off. Further, all significant matters have been evidenced as reviewed. 2. Financial statements I have read the final financial statements [and other information as appropriate] and am satisfied that the presentation and related disclosures are appropriate. 3. I have read the audit report and am satisfied that it was transmitted at an appropriate time after the financial statements were authorized for issue by the entity’s Management. 4. I have reviewed the Recommendation Tracking Sheet, and agree with the disposition of the Audit Team (of restating and/or clearing ________ audit observations and recommendations). 5. I have reviewed the rating given by the Audit Team on the financial management performance of the Auditee and find this in order. 6. I checked and noted that the Auditee Feedback Sheet has been sent to the Office of the Director, Cluster ___. 7. I have prepared the performance rating of the audit team 8. I have discussed the performance rating with the Team. 9. Consultation and significant matters There has been appropriate consultation on complicated or contentious matters, and conclusions from consultation have been agreed, documented and implemented. All significant matters identified, including matters that include information inconsistent with the final conclusions, significant professional judgments, and matters included the Schedule of Uncorrected Misstatements and justified departures have been resolved, communicated to management and documented to my satisfaction. 10. Sufficient appropriate audit evidence about the assessed risks of material misstatement due to fraud has been obtained through designing and implementing the appropriate responses to those risks. Identified or suspected fraud has been appropriately responded to. 11. Sufficient appropriate evidence has been obtained in relation to financial statement assertions for each significant financial statement area, including disclosures, allowing us to draw reasonable conclusions on which to base our audit opinion. 12. Significant changes to the audit strategy and audit plan All significant changes made to the audit strategy and audit plan since planning sign-off 152 SA/RSA sign-off and date No. 13. 14. 15. 16. 17. 18. 19. 20. 21. SA/RSA sign-off and date Description have been appropriately documented and to my satisfaction. The materiality values as assessed in the planning phase represent the final materiality values and are considered appropriate. I am not aware of any other information arising from the audit that requires those materiality values to be revised further. Entity representations have been obtained sufficient to support the audit report. I have been sufficiently involved in the completion process I have reviewed the Auditee performance rating prepared by the Audit Team and agree to the ratings given Independence Since planning sign-off, no other matters have arisen that affect my independence or that of the Audit Team and/or of COA, or any such matters arising have been satisfactorily dealt with. Compliance with ethical requirements Since planning sign-off, no other matters have arisen that affect compliance of members of the engagement team with ethical requirements, or if any matters have arisen, these have been satisfactorily dealt with. Where procedures additional to the original audit strategy and plan were deemed necessary to achieve the stated objectives, these have been included in the audit file and documented to my satisfaction All necessary audit procedures have been completed, reviewed, and sufficiently and appropriately documented. Where matters have arisen after the date of the audit report, which required additional procedures to be performed or resulted in a change to previous conclusions drawn, they have been satisfactorily dealt with. Prepared by: __(Signature over printed name)__ SA/RSA Date: 153 III. Engagement Quality Control Reviewer (EQCR) Sign-off Office of the Director _____________________________________________ EQCR signoff and date Description 1. I have read and assessed at least the documents indicated below. I have included additional comments, where necessary to refer to key meetings attended, any further steps taken and/or any additional documentation reviewed by me. All significant matters Documents reviewed on a selective basis to review work performed in significant areas (specify those documents or indicate if none is selected) The record in the completion sign-off of the engagement team's involvement in the audit Records of internal consultations on significant matters Records of important discussions with the entity (significant matters) Schedule of Uncorrected Misstatements Others (specify) 2. I have sufficiently reviewed the draft audit report before it was finalized and transmitted to the Auditee. I have reviewed related documents for significant audit matters. I have approved the dropping of unimplemented audit recommendation for the Recommendation Tracking Sheet after evaluating the Audit Team report. 3. I have reviewed the Auditee Feedback Sheet and have discussed the contents with the SA/RSA for feedback to the Team and for their formal response, if necessary 4. I have read the formal justifications of the Team to the negative feedback received and taken the necessary action 5. I have reviewed the Performance rating given by the Team on the Agency and have instructed the SA/RSA to take the necessary action. 6. I have given Performance rating of the Team. I have discussed the performance rating with the Team. 7. I have transmitted a copy of the Audit Report to the Auditee. I have sent the Auditee Feedback Sheet to the auditee. Since the start of the audit, I am not aware of any matter that arose that may have affected the independence, objectivity and competence of the audit team. Prepared by: __(Signature over printed name)__ CD/RD Date: 154 Appendix 5-2. Auditee Feedback Sheet (Heading) Auditee Feedback Sheet Addressee: Date Dear _____________________, With reference to the financial audit of the ________________________________________________ please accomplish the attached feedback survey by placing check () mark on the items that best describe the statements 1-12. We consider our audit clients’ feedback on our audit service very valuable as this will enable us to ensure and to continually improve the quality of our audits. Please send the filled-out survey directly to the Office of the Cluster/Regional Director, (Cluster/Region), (Audit Sector), (Address) within five days from receipt. Thank you for your cooperation. Very truly yours, __(Signature over printed name)__ Cluster/Regional Director 155 Agency Name: _______________________ Address: ____________________________ Date: _______________________________ Financial Audit Team to be rated Calendar Year covered: _______________ Supervising Auditor/Regional Supervising Auditor: ____________________ Audit Team Leader: _______________________ Audit Team Members: _____________________ _____________________ _____________________ No Audit Quality 1 Requirements contained in the Engagement Letter were adequately explained by the Audit Team. Entrance meeting was held and all questions/ comments were adequately addressed. The objectives and scope of audit were discussed. The audit was completed within the timeframe communicated. The audit was conducted in a professional and courteous manner. The audit was conducted with minimal disruption to our business. The Audit Team kept us informed of key issues throughout the audit. The exit conference provided us the opportunity to discuss our comments on the observations and recommendations. All our key concerns were attended to by the Audit Team. The audit observations and recommendations contained in the audit report were properly communicated. The audit report reflected our comments and/or actions taken/to be taken. The overall audit provided value to the organization. 2 3 4 5 6 7 8 9 10 11 12 Agree Disagree 156 Not Done Remarks (pls indicate reason if you disagree) Suggestions to improve future financial audits (Please use separate page if necessary.) _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _____________________________________________________________________________________ _______________________________ Accomplished by: Signature: ________________________ Name: ___________________________ Position/Designation: ______________ I fully concur with the answers given, and this form is approved for release to COA Signature: ________________________ Name: ___________________________ Position/Designation: ______________ Date Approved: ___________________ 157 Appendix 5-3. Director’s Evaluation Form DIRECTOR’S EVALUATION FORM Financial Audit Agency __________________________________________________________________ Period Covered____________________________________________________________ Team Composition: Name Position Supervising Auditor/Regional Supervising Auditor Audit Team Leader Audit Team Members Director's Evaluation Remarks for Yes No "No" Answers 1. The financial audit was performed in accordance with the FAM based on the results of the Completion Compliance Checklist. 2. The audit team complied with the ethical and professional standards of COA based on the feedback received from the agency and in case of negative feedback, that the team's justification is acceptable. 3. The Audit Opinion rendered on the Financial Statements was the most appropriate considering the results of the financial audit conducted. The reason for the modified opinion is acceptable considering the reporting materiality threshold and the qualitative conditions cited. (Include only if applicable) 4. The required review process was performed and that critical issues have been addressed or have been discussed with me for my proper action. Considering my responses above, I am (satisfied or not satisfied) with the financial audit performed by the Audit Team. RATING All ‘yes’ answers – Outstanding 3 ‘yes’ answers – Very Satisfactory 2 ‘yes’ answers – Satisfactory 1 and below ‘yes’ answers – Unsatisfactory __________________________________________ Rated by: Signature: ________________________ Name: ___________________________ Position/Designation: Cluster/Regional Director Date Approved:___________________ 158 Appendix 5-4. Financial Management Performance Rating Financial Management Performance Rating based on the financial audit performed on: Agency: _____________________ Period: _____________________ Reliability of Financial Information Score Remarks 1. Audit Opinion rendered (20 points unqualified, zero for other opinions) 20 Adequacy of Internal control 2. Internal control survey indicated adequate control environment (5 points 5 adequate) 3. Ethical awareness seminars are conducted and have been attended by 75% of 1 all staff surveyed. (1 point) 4. Risk assessment is being performed to identify risks and responses to these 7 risks. (7 points) 5. Control activities including forms and reports required in the Internal Control 10 Policies, Procedures and Practices are in place (10 points) 6. An internal audit unit exists. (1 point if yes) 1 7. The internal audit unit reviews the internal control of the agency based on 5 reports received. (5 points if yes) Compliance with Management Representation in the Engagement Letter 8. The requirements in the engagement letter were complied with by the agency. 15 - Submission of complete FS within the deadline set (5 points) - Audit queries and request for documents were addressed on time (5 points) - Submission of written representations required on time and near the date of audit report (5 points) Adjustments required by the Auditor 9. All audit adjustments were considered by the agency and were taken up during 10 the audit period. (0-10 points) Audit observations and recommendations 10. Observations and recommendations as a result of the audit were considered 2 and management has provided a time plan for implementing the recommendations. (2 points) 11. Prior period recommendations were implemented during the current year. (010 10 points) Quality of financial statements furnished for audit 12. The Financial Statements were prepared in accordance with the prescribed 7 reporting framework. 13. The Accounting team that prepared the FS is composed of qualified accounting 2 staff. 14. Cooperation extended to the audit team 5 15. Total Score—perfect score 100 16. Indications of fraud and intentional errors (25) 159 90 to 100% of all applicable criteria 85 to 89% 75% to 84% of total applicable criteria Below 75% Excellent Very Satisfactory Satisfactory Poor Group Assessment of the Agency’s Financial Management Performance We are giving a joint performance score of _______ %. __(Signature over printed name)__ Supervising Auditor/Regional Supervising Auditor Date: __(Signature over printed name)__ Cluster/Regional Director Date: 160 Works Cited Current Audit File. (2018). Retrieved March 6, 2018, from AuditingHelp.com: https://auditinghelp.com/current-audit-file-13747 Bragg, S. (2018). Permanent File. Retrieved March 6, 2018, from accountingtools.com: https://www.accountingtools.com/articles/2017/5/17/permanent-file Nzechukwu, P. O. (2016). Internal Audit Practice from A to Z (1st ed.). Boca Raton, Florida: CRC Press. 161 Technical Working Group and Resource Persons An output of the Technical Working Group under COA Office Order Nos. 2016-185, 2016-185-A, 2016-185-B, and 2017-201, and Resource Persons under COA Office Order Nos. 2017-781 and 2017-866, with the Assistance of National Consultant Juanita A. Villarosa and inputs from International Consultant Karin Holmerin, Senior International Advisor, Swedish National Audit Office. Assistant Commissioner Susan P. Garcia National Government Sector Assistant Commissioner Wilfredo A. Agito Administration Sector Director Irma S. Besas, Cluster 4, NGS Director Estelita B. Catubay, Cluster 7, NGS Director Arlene C. Pira, PMO, CHO OIC Director Joycelyn R. Ramos, Cluster 1, NGS OIC Director Marivel C. Broñola, Cluster 7, NGS Auditor Digna Crescencia G. Filler, Cluster 4, CGS Auditor Jesusa R. Gauang, DENR 1, Cluster 8, NGS Auditor Marilyn B. Miran, BOC, Cluster 2, NGS Auditor Carmela S. Zamora, UPS, Cluster 5, NGS Auditor Cecilia E. Bernales, DOTr 1, Cluster 7, NGS Auditor Jeannelyn V. Dulay, BJMP, Cluster 4, NGS Auditor Andrew T. Garcia, PhilFIDA, Cluster 8, NGS Auditor Mary Joy P. De Jesus, FAPS-DENR, Cluster 8, NGS Auditor Jo Anne Bless A. Clavio, NPDC/IA, Cluster 7, NGS Auditor Vivian P. Reyno, OAC, NGS Ms. Irah Joelle S. Nicdao, OAC, NGS 162
