Add to collection(s) Add to saved
  1. No category
Uploaded by Reyes, Anna Marie P.

notes auditing

advertisement 
AUDITING and Assurance Principles
Continuation
AUDIT PROCESS: Overview
sa kanya. Kailangan hindi ma associate sa entity na
walang integrity.
How will be able to know if there’s no integrity?
-
Overview of Audit Process:





Client Acceptance and Continuance Decisions
-kailan dapat at hindi dapat tanggapin ang
engagement.
Performing Risk Assessment
-inaassess ang risk para maka tulong sa pag plano
ng engagement.
Obtaining Evidence about Internal Control
Operating Effectiveness
-also called test of control
Obtaining Substantive Evidence about Accounts,
Disclosures and Assertions
-also called substantive test
Completing the Audit and Making Reporting
Decisions
CLIENT ACCEPTANCE DECISIONS
a.
Client Acceptance
Competence – kailangan alam ang industry and
nature ng client na naghhire or nag ooffer ng
engagement service.
Capability- kailangan hindi lang competent,kundi
kaya natin gawin ang isang audit firm.
ON THE
PART OF
AUDITOR
Resources- sapat na human resources para gawin
ang audit, or magagawa ba within the time set by
the client.
Ethical Requirements- lahat ng professional
accountants kailangan mag follow sa code of
ethics.
5 CODE OF ETHICS





Integrity
Confidentiality
Objectivity
Professional Competence and Due Care
Professional Behavior
If there is a PREDECESSOR AUDITOR – dating
auditor ng entity) the auditor must communicate
the predecessor auditor.
If he rejects?
-
Can based on the experience or other resources.
Agreeing the terms of Audit Engagement
-
-
b.
Engagement Letter – contract, terms between
client and management (responsibilities of
auditor and management, scope) before mag start
binibigay.
Management Representation Letter – sinasabi ni
management na inaacknowledge nya ang
responsibility, at ang lahat ng evidence na
binibigay kay auditor is valid. Sa dulo binibigay.
Initial Audit Planning
-pinaplano kun ano ang gagawin sa buong audit.
CLIENT CONTINUANCE
a.
-
-
b.
Client Continuance
-if itutuloy paba?
Revision on Terms of Audit Engagement
May nag bago?
Do you still have competence?
Ethical requirements
Nawalan na nag integrity?
Reminder on Terms of Audit Engagement
Reminders are needed
Send again engagement letter (if nakalimutan na
or if theres changes)
Initial Audit Planning
“Planning is not discrete phase, but continual and
iterative”
RISK ASSESSMENT
a.
Risk Assessment Procedures
Inquiry -kailangan mag tanong
It can be:
Informational, interrogative, and others.
CPA IN PUBLIC PRACTICE (CODE OF ETHICS)

Independence
Integrity of the Client Management – kaya nya ba
ibigay yung mga tunay na information na tatanungin
-
Analytical Procedures –
Analysis of plausible relationships:
Ratios
Trends
Titignan bakit biglang tumaas ang ganitong bagay?
Bakit may nag bago?
e.
Ex. Return on Investment or Net Profit Margin
 Audit Risk = Inherent Risk x Control Risk
x Detection Risk
Observation and Inspection – manuod and tignan
ang documents.
AUDIT RISK - Risk na baka mag sustain tayo ng
lost sa engagement. (PWEDE TAASAN OR
BABAAN ANG RISK)
THESE 3 ARE REQUIRED TO DO WHEN
ASSESSING THE RISK.
Inherent Risk – susceptibility to misstatement.
(INAASSESS LANG)
Other factors considered –
Prior period information
Engagement team discussion
b.
Control Risk – hindi nadetect ng internal control
ang misstatement. (INAASSESS LANG)
Understanding the Entity and Its Environment
Industry – if saan nag ooperate si client
Accounting Principles
Laws and Regulations – needs permits
Detection Risk – risk na baka hindi madetect ng
procedures ni auditor yung material misstatement
na nandun sa fs. (PWEDE TAASAN OR BABAAN
ANG RISK)
Risk of
material
misstatement
Nature – business differs from:
Operations – real time ang pag update ng data or
not?
Ownership & Governance – sino ang may-ari?
Partnership? Sole?
Structure – organizational chart?
 Detection Risk = Audit Risk / (Inherent
Risk x Control Risk)
High – tataasan ang detection risk at KONTI ang
procedures
Low- bababaan ang detection risk pero mas
EXTENSIVE ang procedures.
Accounting Policies How he/she determines his/her estimates?
f.
Objectives and Strategies – ng entity at
management.
Baka hindi sila same ng objectives? There’s a goal
conflict.
Overall Audit Strategy
Scope, timing, and direction of the audit.
Audit Plan – detailed na plano
Nature, timing, and extent of procedures.
Methods of Measuring and Reviewing
Performance – if there’s a significant bonus?
Maybe there is a pressure on the management.
c.
Audit Risk Model
Audit Program – mas specific
Set of instructions to assistants
Understanding the Entity’s Internal Control
TEST OF CONTROLS
Over Financial Reporting –
a.
d.
Materiality
After omission of the information
Why do we need to test the control?
Makabawas sa substantive test.
Overall Materiality – threshold or cut off point at
the FS Level
b.
Performance Materiality – less than the level of
overall materiality. Highly based sa judgment ni
auditor.
Materiality Level for Transaction, Account Balance
or Disclosure – inaallocate ang overall
materiality’s to different account.
“High level of assurance that the financial
statements are free from material misstatements,
either due to fraud or error.”
Test the operating effectiveness only if the design
is strong.
Attribute Sampling
High level of assurance lang ang dapat iprovide ng
isang audit.
Characteristics ang tinitignan
c.
Communication to Management and Those
Charged with Governance.
o
Significant Deficiencies
-less than material weakness, not
necessarily na mag provide ng material
misstatement but importante sya sa
o
o
management and those charged with
governance.
Material Weakness
-may possibility nab aka may material
misstatement
Management Letter
-came from auditor to management,
suggestion para ma improves ang internal
control.
SUBSTANTIVE TEST
a.
-
THE AUDITORS REPORT
a.
STANDARD
OPINION
Substantive Test Procedures
I.
II.
Pervasive means hindi kalat
MODIFIED
OPINIONS
Transactions
Balances
Adverse – “do not present fairly”
Material and pervasive
Misstatements
Disclaimer of Opinion – “do not express an
opinion”
high degree of scope of
limitation and uncertainty
Or BOTH
b.
Variables Sampling
Corroborating Evidence – more evidence or
supporting evidence.
COMPLETING THE AUDIT
a.
Completing the Audit
-
Search for Unrecorded Liabilities
usually, confirmations
-
-
Review Minutes of Meetings
Plant acquisition, dividends declaration, material
share issuance, business combinations or
investments.
Final Analytical Procedures
Risk Assessment (required)
Substantive Test (Optional)
Completing the Audit (Required)
Loss Contingencies
Going Concern Assumption
-
Review of Subsequent Events
Consider pati yung mga after ng audit report date.
What can happen?
Kapag may na discover beyond issuing the report:
EXTENDING THE DATE (pag April, change into
May)
DUAL DATING (issuing pero dalawa ang date)
-
Engagement Quality Control Review Report
Bawal mag issue ng audit report if wala pa ito.
Forming and Audit Opinion and Issue of Audit
Report
Unqualified Opinion – “present fairly, in all
material respect”
Qualified – “present fairly except for”
material misstatement, scope of
limitation, or uncertainty
(as long as hindi pervasive)
Analytical Procedures – analyze ng plausible
relationship
Substantive Test of Details of
Obtain Management Representation Letter
Bawal mag issue ng audit report hanggang hindi
nag bibigay si management ng letter na nagsasabi
na inaaknowledge niya yung kanyang
responsibility.
b.
Contents of audit report
Opinion – (qualified or unqualified)
Basis for Opinion – (bakit mo nasabi na qualified
or unqualified?)
Key Audit Matters – utmost importance and
significance.
Responsibilities of Management and Those
Charged with Governance
Auditors Responsibilities
Other Legal and Regulatory Requirements
It may also include:
Emphasis of the Matter Paragraph (ilalagay right
after the opinion)
Other Matter Paragraph (scope limitations)
AUDITORS RESPONSIBILITIES
REGARDING FRAUD
-
“Ninanakaw ng employee ang resources ng entity”
-
 Defalcation or Employee Fraud
Kadalasan nagnanakaw ay yung mga low level ng
employee
FRAUD
-
-
“An intentional act by one or more individuals
among management, those charged with
governance, employees, or third parties, involving
the use of deception to obtain an unjust or illegal
advantage.”
‘panloloko’
Not just within the entity, third parties can also be
involved.
ERROR vs FRAUD
ERROR




II.

-
Manipulation of financial statements
Binabaan ang liability, tinataasan ang assets
Normally ang gumagawa is ang mga managers.

III.
Management Fraud
Examples
Misappropriation of Asset
Unintentional
Misjudgment
Miscalculation
Misapplication




Example:

Nagkamali ng judgment with pure intentions
FRAUD





Fraudulent Financial Reporting (USUALLY
MATERIAL) needs to be bantayan
Embezzling receipts
Stealing physical assets
Stealing intellectual property
Disbursement for unreceived goods or
services
Using resources for personal use
Fraudulent Financial Reporting
Intentional
Theft
Corruption
Manipulation
Misrepresentation
AUDITOR’S RESPONSIBILITY
- “Auditor is responsible for obtaining reasonable
assurance that the financial statements as a whole
are free from material misstatements, whether
due to fraud or error”






Fictitious journal entries
Inappropriate adjustments
Omitting, advancing or delaying recognition
Concealing facts
Misrepresenting financial statements
Altering records
FRAUD RISK FACTORS
“May indicate the existence of fraud”
FRAUD TRIANGLE
Auditor is not expected to detect all fraud.
Auditors is only liable to fraud that results to
material misstatement.
ACCOUNTABILITY & RESPONSIBILITY
-
Opportunity
“Management and those charged with governance
are responsible for prevention and detection of
fraud.”
FRAUD
Incentive
&
Pressure
How they were able to detect fraud?
 Designing and Implementing Internal Control
FRAUD RELATED TO AUDIT
I.
-
Misappropriation of Assets (MOST COMMON
FRAUD) immaterial also
 Theft or misuse of an organization’s assets
Example: inventory, cash, and others
Attitude &
Rationaliz
ation
Incentive & Pressure
-
-
Minsan kahit ayaw ng isang tawo na gumawa ng
fraud, minsan napipilitan sya dahil may benefit
syang makukuha or may pumipilit sa kanya.
AVOID CONSEQUENCES
-
“pressure” it can be internal or external factors eg.
(family)
Opportunity
-
Weak control
Attitude & Rationalization
-
Justification of fraud
Possible na pag usapan during discussion?




DETECTION RISK
a.
-
The risk of not detecting material misstatement
due to fraud is higher than due to error.
Concealed (ang fraud)

Susceptibility to material misstatements due to
fraud
Indications of earnings management (ano yung
mga nakita na factor, na baka mag drive sa entity
na mag commit ng fraud) (it can be PRESSURE)
External and internal fraud risk factors (fraud
triangle must be considered)
Audit procedures to respond to susceptibility to
fraud (paano madedetect na walang material
misstatement due to fraud)
Allegations to fraud (if may nalalaman ba sila na
fraud within the entity)
RISK ASSESSMENT PROCEDURES
b.
-
The risk of not detecting material misstatements
due to management fraud is higher than employee
fraud.
Management can override controls
AUDITOR’S OBJECTIVE
a.
Objectives in relation to fraud
 Identify and assess risk of material
misstatements due to fraud.
 Obtain sufficient appropriate evidence
through designing and implementing
appropriate responses.
 Respond appropriately to identified or
suspected fraud
HOW CAN THESE BE MET?
PROFESSIONAL SKEPTICISM
a.

Professional Skepticism (ATTITUDE)
Questioning mind and critical assessment
a.
Inquiries of Management

Assessment of risk of material misstatements due
to fraud
Inquiries of knowledge of actual, suspected or
alleged fraud

b.
Those Charged with Governance and Internal
Auditor

Inquiries of knowledge of actual, suspected or
alleged fraud
c.
d.
Analytical Procedures
Evaluation of Fraud Risk Factors
“Management is in the best position to perpetrate fraud”
IDENTIFICATION & ASSESSMENT
a.
Identify and assess the risk of material
misstatements due to fraud
 At financial statements level
 At assertion level of transactions, account
balances and disclosures.
b.
Risk of Fraud of Revenue Recognition
(Overstatement)
Kailangan ipresume na may fraud sa revenue
recognition
c.
Understanding Entity’s Control
(RELATED TO FRAUD)
Alamin ang design ng entity’s internal control.
Internal control must be STRONG.
(Kailangan maging alert sa red flags/ mali)
Paano naapply?


b.

Management is neither honest nor dishonest
Records and documents are presumed to be
genuine
Professional Judgment (COMPETENCE)
Application of relevant training, professional
knowledge, skills and experience in making
decisions.
(talks about COMPETENCE sa proper judgment)
(competence ng auditor)
DISCUSSION AMONG THE TEAM
a. Discussion among the engagement partner and
key audit members. (not necessarily tanan
members)
RESPONSES TO ASSESSED RISK
a.
Overall Responses



Assignment and supervision of personnel
Evaluate accounting policies
Element of unpredictability

b.
Responses to Risk at the Assertion Level

Changing the nature, timing and extent of
procedures
Disclose known and suspected fraud
COMMUNICATIONS TO CLIENT
-
-
-
Extent
Gaano karami yung tinitest na evidence
Timing
Kailan icoconduct ang procedures?
either, Interim Procedures, Near the financial
statement date, and at the end of financial
statement date.
Nature
ano yung mga procedures na gagawin?
Observations? Confirmations? Recalculation?
Inquiry?
c.
Response to Risk of Management Control Override

Test the appropriateness of journal entries and
adjustments
Reviewing accounting estimates for biases
Evaluating the business rationale for significant
unusual transactions


a.
Communication with Management

Suspected or detected fraud to appropriate level
of management
Atleast 1 level above the person involved
b.
Communication with those charged with
Governance
(sasabihin kay management whether may fraud or
wala, regardless kung material or immaterial man
yun)

Suspected or detected management fraud and
those result to material misstatements.
Inquire about known or suspected fraud, and
senior management’s integrity and competence.
Doubtful Integrity? May seek legal advice

COMMUNICATIONS TO REGULATORS
Suspected or Detected Fraud?
“The auditor shall determine whether there is a
responsibility to report the occurrence or suspicion to a
party outside the entity.”
EVALUATION OF AUDIT EVIDENCE
Legal responsibility may override confidentiality.
a.
b.
c.
d.
Analytical procedures results are consistent with
auditor’s understanding
Are misstatements due to fraud?
Fraud is unlikely to be an isolated occurrence.
Reevaluate risk assessment if management fraud is
suspected
Evaluate implications if auditor is unable to
conclude whether the financial statements is
materially misstated.
Example:


DOCUMENTATIONS
Qualitative matter based on PROFESSIONAL JUDGMENT.
a.
WITHDRAWAL FROM ENGAGEMENT
Identified fraud or suspected fraud?
b.
a.
b.
Determine professional and legal responsibility
Consider whether withdrawal is appropriate and
legally permitted


MANAGEMENT REPRESENTATIONS
a.
Obtain written representations that Management


c.
d.
Discuss with management and those
charged with governance
Determine reporting responsibilities
Acknowledges its responsibilities to
prevent and detect fraud
Discloses its assessment of risk of
material misstatements due to fraud
Report to BSP the occurrence of fraud in financial
institutions
Report to SEC the material audit findings, if the
entity fails to report.
Understanding of the entity and its environment
and the assessment of the risk of material
misstatements.
Responses of the assessed risk of material
misstatements
Communications about fraud to management,
those charged with governance, regulators and
other.
Presumption that risks of fraud of revenue
recognition is not applicable.
INTERNAL CONTROL
“The process designed, implemented and maintained by
those charged with governance, management and other
personnel to provide reasonable assurance about the
achievement of the entity’s objectives with regard to
reliability of financial reporting, effectiveness and efficiency
of operations, and compliance with applicable laws and
regulations” -COSO
Achievement of objectives also include
 Adherence to management policies
 Safeguarding assets
 Prevention and detection of fraud and error
 Accuracy and completeness of accounting records
 Timely preparation of financial information
LIMITATIONS OF INTERNAL CONTROL (PSA 315)
“Internal control can provide an entity only with reasonable
assurance about achieving the entity’s financial reporting
objectives”
-
Hindi pa rin absolute assurance
Hindi 100% sure na maachieve ang goal
Factors why we can’t achieve that 100%:
Inherent Limitations
a. Human Error
 Misunderstanding
 Faulty judgment
 Carelessness
 Distraction
 Fatigue
b.
Employee Collusion
There must be a segregation of duties
Auditor Responsibilities
“PSAs require the auditor to assess the risk of material
misstatement through obtaining an understanding of the
entity and its environment, including the entity’s internal
control”
CONTROLS RELEVANT TO THE AUDIT
“An entity’s objectives and the controls are directly related
however not all of these objectives and controls are relevant
to the audit.”
Factors to determine a control’s relevance to audit:




Materiality and significance of related risk
Nature and characteristics of the entity and its
internal control
Legal and regulatory requirements
Prevents, detects and corrects material
misstatements
RISK ASSESSMENT: UNDERSTANDING CONTROLS
“The auditor shall evaluate the design of those controls and
determine whether they have been implemented.”
Capable of effectively
preventing, or detecting
and correcting material
misstatements.
Controls exists and in use
Subcategory of Internal Control
How can we assess?
Procedures may include:




Inquiry of entity personnel (by itself, is not sufficient)
Observing the application of controls
Inspecting the documents and reports
Tracing transactions through the system (aka “Walkthrough”)
c.
Management Override
Kaya ni management ibypass ang internal control
For small entities, segregation of duties may be
limited but management oversight may be more
effective.
RESPONSIBILITIES OVER CONTROLS
Management Responsibilities
“Management is responsible for designing, implementing,
and maintaining effective internal control over financial
reporting.”

Management needs to maintain sufficient and
appropriate internal control documentation.
The auditor shall document his understanding of internal
control through:
a.
-
Standardized Internal Control Questionnaires
Just like a “survey”
“yes or no” questions
Advantages:
- Easy to prepare and can easily identify
deficiencies
Disadvantages:
- Lacks flexibility and a tendency to be filled
mechanically
b.
-
Written narratives
Gagawa ng essay according to what he/she
understands
In paragraph form
Advantages:
- Show the level of auditor’s understanding
Disadvantages:
- Deficiencies cannot be easily identified
c.
-
b.
A control necessary to prevent, or detect and
correct, misstatements on a timely basis is missing
Levels of Deficiency
Flowcharts
Symbols, graphical documentation, (drawing),
flow ng internal control
a.
Advantages:
- Clearer and more specific portrayal of the client’s
system
Disadvantages:
- Sufficient understanding of flowcharts and
deficiencies cannot be easily identified.
- Kailan memorize ang symbols
b.
c.
Material weakness – there is a reasonable
possibility that a material misstatement of the
financial statements will not be prevented or
detected on a timely basis.
Significant deficiency – less severe than a material
weakness, yet of sufficient importance to merit the
attention of those charged with governance
Other deficiencies – not significant deficiencies
What should an auditor do when he/she detect these
deficiencies?
The auditor shall communicate
Walk-through are performed after the documentation

RISK RESPONSE: TEST OF CONTROLS
The auditor shall design and perform test of controls to
obtain sufficient appropriate evidence as to the operating
effectiveness of controls when:
a.
-
b.
-
The auditor’s assessment of risk of material
misstatement includes an expectation that the
controls are operating effectively.
If maganda ang risk assessment, if mababa or
below maximum, it means maybe the internal
control are effective. If maganda ang internal
control design, tsaka gagawa ng test of control.
Mas common na mangyari

In writing, significant deficiencies to those charged
with governance and, if appropriate, to
management on a timely basis
Other deficiencies to management that are of
sufficient importance to merit management’s
attention
Maybe made orally
COMPONENTS OF INTERNAL CONTROL: OVERVIEW
a.
Control Environment



Substantive procedures alone cannot provide
sufficient appropriate evidence
Hindi sapat ang substantive test to perform test of
controls.




Communication and Enforcement of Integrity
and Ethical Values
Commitment to Competence
Participation by Those Charged with
Governance
Management’s Philosophy and Operating Style
Organization Structure
Assignment of Authority and Responsibility
Human Resource Policies and Practices
Strong design = perform test of controls (to make sure it is really
strong)
Weak design = do not perform test of controls
b.




Procedures may include:




Inquiry of entity personnel
Observing the application of controls
Inspecting the documents and reports
Reperforming control activities (madami kang ittest)
c.
a.
A control is designed, implemented or operated in
a way that it is unable to prevent, or detect and
correct, misstatements on a timely basis




d.
Identifying Business Risks
Estimating the Significance of the Risks
Assessing the Likelihood of Occurrence
Deciding Actions
Information System and Communication

“The auditor may use audit evidence about operating
effectiveness of specific controls and only test the controls
at least once in every third audit if there are no significant
changes to such controls”
DEFICIENCY IN INTERNAL CONTROL
Deficiency in internal control exist when:
Entity’s Risk Assessment Process
Infrastructure
components)
Software
People
Procedures
Data
(physical
Control Activities



Authorization
Performance Reviews
Information Processing
and
hardware


e.
Physical Controls
Segregation of Duties
o Authorizing transactions
o Recording transactions
o Custody of assets
B. ENTITY’S RISK ASSESSMENT PROCESS
The auditor shall obtain an understanding of
whether the entity has a process for
a.
Monitoring of Controls
b.
c.
A. CONTROL ENVIRONMENT
The auditor shall evaluate whether:
a.
b.
Management, with the oversight of those
charged with governance, has created and
maintained a culture of honesty and ethical
behavior.
The strengths in the control environment
elements collectively provide an appropriate
foundation for the other components of
internal controls.
d.
Identifying business risks relevant to financial
reporting objectives;
Estimating the significance or risks;
Assessing the likelihood of their occurrence;
and
Deciding about actions to address those risks
Risks may arise from:




Rapid growth
New technology
New products
Corporate restructuring
Whether the entity’s risk assessment process is
appropriate is a matter of judgment.
Control Environment sets the tone of an organization
A satisfactory control environment is not an absolute
deterrent to fraud.
C.
In itself does not prevent, or detect and correct a
material misstatement.
The auditor shall obtain an understanding of how
the entity communicates financial reporting roles
and responsibilities and significant matters
relating to financial reporting.
Elements of Control Environment
a. Communication and Enforcement of Integrity and
Ethical Values
- Effectiveness of controls cannot rise above the
integrity and ethical values of the people who
create, administer, and monitor them
b.
c.
-
Commitment to Competence
Participation by those Charged with Governance
Oversight and whistle-blowing mechanism
Policy or way for employees na
maka pag sumbong in safely.
d.
-
Management’s Philosophy and Operating Style
Conservative or aggressive attitude toward
financial reporting.
e.
-
Organizational Structure
Considering key area of authority and
responsibility and appropriate lines of reporting.
f.
-
Assignment of Authority and Responsibility
Personnel understanding of objectives, how they
contribute, and accountability
g.
-
Human resource Policies and Procedures
Recruitment, orientation, training, evaluation,
counseling, promotion, compensation and
remedial actions
INFORMATION SYSTEM AND COMMUNICATION
The auditor shall obtain an understanding of the
information system, including related business
processes, relevant to financial reporting.
An information system consists of infrastructure,
software, people, procedures and data.
Communication forms:




Manuals and memoranda
Electronic
Oral
Through actions
D. CONTROL ACTIVITIES
The auditor shall obtain an understanding of
control activities relevant to the audit in order to
assess the risk or material misstatement at the
assertion level and design further audit
procedures.
Control activities that are relevant to the audit are those:
 Related to significant risks and risks for which
substantive procedures alone do not provide
sufficient appropriate evidence
 Relevant in the judgment of the auditor
Control Activities are the policies and procedures that help
ensure that management directives are carried out.
Generally, control activities may be categorized as policies
and procedures that pertain to the following:
a.
Authorization = general and specific authorization
-
General Authorization
Established guidelines
Applicable sa recurring activities or normal
operations
-
Specific Authorization
Specific High-Level Approval
Hindi pwede basta basta gagawin, need ng
approval
b.
Performance Reviews = variance analysis,
comparing internal and external information, and
review of functional performance
c.
Information Processing = application and general
controls
-
Application Controls
Processing of individual applications
-
General Controls
Relate to many application controls
the basis upon which the management considers the
information to be sufficiently reliable.
If the entity has an internal audit function, the auditor shall
obtain an understanding of.
a.
The nature of the function’s responsibilities and
how it fits in the entity’s organizational structure
-
Kanino nag rereport? Sino ang boss? (para ma
determine ang objectivity)
-
Internal auditor usually reports to the audit
committee or directly to the BOD
b.
The activities performed, or to be performed, by
the function
-
Ano ang ginawa at gagawin? (para malaman if
namonitor nya ba ang internal control)
In determining whether the work of internal auditors can
be used, the auditor shall evaluate the internal auditor’s
objectivity, technical, competence, due professional care,
and whether the internal and external auditor can
effectively communicate.
ENTITY-WIDE AND TRANSACTION CONTROLS
d.
Physical Controls = physical security of assets,
access to computer programs and data files, and
periodic counting and comparison with records.
e.
Segregation of Duties = reduce the opportunities to
both perpetrate and conceal errors of fraud
-
Segregate authorization, recording and custody
Incompatible Duties
E.
MONITORING OF CONTROLS
The auditor shall obtain an understanding of the
major activities used to monitor internal control
over financial reporting and how the entity
initiates remedial actions to deficiencies in its
controls.
Monitoring is the process to assess the effectiveness of
internal control performance over time.
Ongoing Evaluations
Separate Evaluations
Habang ginagawa ang
operations,
minomonitor mo na
rin sya.
Merong another
department na nag
iivaluate o responsible
sa monitoring.
The auditor shall obtain an understanding of the sources of
the information used in entity’s monitoring activities, and
a. Entity- wide Controls
 Affect multiple processes, transactions, accounts
and assertions
o Controls
over
management
override
o Organizations’ risk assessment
process
o Controls to monitor other
controls
b. Transaction Controls
 Affect only certain processes, transactions, accounts
and assertions
o Segregation of duties over cash
receipts and recording
o Authorization procedures for
purchasing
o Physical controls to safeguard
inventories
PSA
220
and
PSQC
1
PSA
210
PRELIMINARY ENGAGEMENT
ACTIVITIES
THE CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS
STATES THAT CONTRACT WITH PREDECESSOR AUDITOR
IS RELEVANT.
PRECONDITIONS FOR AN AUDIT
TO KNOW THE:
Reasons to decline the engagement
a.
b.
c.
d.
e.
f.
Consider the Integrity of the Client
Competence to perform the Engagement
Compliance to Relevant Ethical Requirements
Acceptable Financial Reporting Framework
Management Representation
Agreement on Engagement Terms
CLIENT INTEGRITY
The auditor shall not associate with clients who are lacking
in integrity.
- An auditor must have a public confidence.
Before accepting a client, things must be considered:


-
Identity and business reputation of principal
owners, key management and those charged with
governance.
Nature of client’s operations
Including business practices (paano nag rerecord
ng cost of goods sold? paano pinipresent yung
kanilang current asset?)

Attitude on interpretation of accounting standards
and internal control environment

Aggressive in maintaining audit fee as low as
possible

Indications of inappropriate scope limitation

Indications of involvement in money laundering
and other crimes

Reason for appointment and non-reappointment of
predecessor auditor

Identity and business reputation of related parties
Sources of information about client integrity
o
o
o
Communication with existing and previous
provider of accounting services and discussion
with other third parties (PREDECESSOR AUDITOR)
Inquiry of other firm personnel or third parties
(BANKERS, LEGAL COUNSEL, and INDUSTY
PEERS)
Background searches of relevant databases



Integrity of management
Disagreements
Understanding of the reasons for the change
a.
b.
Needs client permission, preferably in writing.
If unable to communicate, take other steps to
obtain information.
COMPETENCE
Competence, capabilities and resources
Competence – knowledge and skills
Capabilities – if u are capable to do certain skills
Resource – sapat na personnel
Need to consider:

Knowledge of relevant industries and subject
matters

Experience with relevant regulatory requirements
What if walang knowledge and experience?
-
Ability to gain necessary skills and knowledge
effectively

-
Sufficient personnel
Competent and capable

-
Experts are available
Lawyers, doctors, engineer, actuary and appraiser

-
Engagement quality control reviewer
Competent with proper authority (hindi pwede
kung sino sino lang)

-
Completion within the reporting deadline
Perform audit in accordance with standards
ETHICAL REQUIREMENTS
Fundamental Principles
a.
-
Integrity
Straight forward and honest
b.
-
Objectivity
Uncompromised
judgment
(hindi
standard na iniexpect)
c.
-
Professional Competence and Due Care
Knowledge and skills diligent
below
sa
d.
-
Confidentiality
No unauthorized disclosure
e.
-
Professional Behavior
Comply with relevant laws and regulations
ADDITIONAL ETHICAL REQUIREMENTS FOR THOSE WHO
ARE IN PUBLIC PRACTICE:

-
Prescribed Framework by Law or Regulation
PFRS or other framework
MANAGEMENT REPRESENTATION
Obtain agreement that it acknowledges and understands its
responsibilities.
(MANAGEMENT
REPRESENTATION
LETTER)
Management ang mananagot sa:
a.
-
Independence
Independence of Mind and in Appearance
Independence Mind
-
Alam mo talaga na independent ka, objective ka,
meron kang integrity, tama ang judgment
Independence in Appearance
-
Hindi sapat na alam mo na independent ka,
kailangan pati sa paningin ng public independent
ka rin.
b.
-
Professional Skepticism
Attitude
Critical assessment and alert to red flags
Preparation of Financial Statements
Internal Control over Financial Reporting
Provide the auditor with
o Access to all information relevant to the
financial statements
o Additional information for the purpose of
audit
o Unrestricted access to persons within the
entity
Scope Limitation
- kapag hindi nag provide si management ng
information na kailangan ni auditor
- magiging dahilan para mag issue of declaimer
Hindi dapat inaassume na honest/dishonest
THREATS TO COMPLIANCE SHALL BE
o
o



Eliminated
Reduce to an acceptable level
ACCEPTABLE FRAMEWORK
- Kailangan acceptable and framework
AGREEMENT ON TERMS
Agreement with management or those charged with
governance includes: (ENGAGEMENT LETTER)

-
Objective and scope of the audit

-
Responsibilities of the auditor

Responsibilities of the management and those
charged with governance
-
Oversee ng FS

Identification of applicable financial reporting
framework
-
Standards na ginamit para magawa ang FS

Reference as to the expected form and content of
reports
-
Printed, written or electronic and also the content,
key audit matter, responsibilities of auditor and
client.
Objective is to provide reasonable assurance
Mag issue ng opinion
Elements of Assurance Engagement
a.
b.
c.
-
3-Party Relationship
Appropriate Subject Matter
Suitable Criteria
Financial reporting framework
IFRS, PRFS, USGAAP
RUN-CR (kailangan ang criteria ay relevant,
understandable, neutral, complete and reliable)
d.
e.
Sufficient Appropriate Evidence
Written Assurance Report
Paano malalaman is acceptable ba ang framework na
ginagamit ni client?
Relevant Factors

-
Nature of the Entity
Business, public sector entity, or NFP Organization

-
Purpose of the Financial Statements
General or Specific

-
Nature of the Financial Statements
Complete set or single FS
ENGAGEMENT LETTER MAY INCLUDE:
o
o
o
o
o
o
Elaboration of the scope
Form of any other communication of results
The fact that there is an unavoidable risk that some
material misstatements may not be detected
Arrangement on planning and performing the audit
The expectation that the management will provide
written representations
Agreement to make available to the auditor draft
financial statements
o
o
o
o
o
o
o
o
o
Agreement to inform the auditor of facts that may
affect FS
Basis on which fees are computed and billing
arrangements
Request to acknowledge the receipt and agree to
the terms in the engagement letter
Arrangements involving other auditors and
experts
Arrangements involving internal auditors and
other staff of the client
Arrangements to be made with predecessor
auditor
Any restriction of the auditor’s liability
Reference to any further agreements
Any obligations to provide working papers to other
parties.
AUDIT PLANNING
How to conduct the Audit Engagement?
Planning involves developing a general strategy and a
detailed approach for the expected nature, timing and
extent of the audit.
Audit Plan
It is not a discrete phase, but rather a continual and iterative
process that often begins shortly after the completion of the
previous audit and continues until the completion of the
current audit.
Risk-based Approach
OTHER MATTERS:
a.
-
Audit of Components
Other branches ng isang entity
If ikaw din ang nag auaudit
Separate Engagement Letter?
b.
-
Recurring Audits
Hindi kailangan yearly mag provide ng engagement
letter
ADEQUATE PLANNING
Adequate planning helps the auditor:




Instances if need mag provide ng engagement letter:
-
o Revision of engagement letter
Bago ng fees, scope or additional
-
o Reminder of terms to client
Baka nakakalimutan na ni client ang terms
Examples:








Indication of misunderstanding
Revised or special terms
Changes of management
Change of ownership
Change in business
Change legal or regulatory requirements
Change in framework
Change in other requirements
c.
-
Changes in Terms
Papayag sya if may changes, kapag reasonable ang
justification.
Overall Audit Strategy


Devote appropriate attention to important areas
Identify and resolve potential problems on a timely
basis
Properly organize and manage the audit so that it
is performed in an effective and efficient manner.
Assist in the selection of team members to respond
to anticipated risks, and the proper assignment of
work
Facilitate the direction and supervision of team
members and review of their work
Coordination of work done by auditors of
components and experts (branch of company from
other location)
Involvement of the engagement partner and other key members
in planning enhances the effectiveness and efficiency of the
planning process.
Auditor may decide to discuss elements of planning with the
client’s management but with care in order not to compromise
the effectiveness of the audit.
OVERALL AUDIT STRATEGY (PSA 300)
In establishing the overall audit strategy, the auditor shall:
a.
Identify the characteristics of the engagement that
define its scope
Examples:
o Reporting requirements
o Expected audit coverage
Scope of an audit refers to audit
procedures deemed necessary.
b.
Ascertain the reporting objectives to plan the
timing of the audit and the nature of the
communications required
Examples:
o Timetable for reporting
o Discussions with management and those
charged with governance
b.
c.
c.
Consider significant factors in directing the
engagement team’s efforts
o Determination of materiality levels
o Significant changes and developments
d.
Consider the results of preliminary engagement
activities
e.
Ascertain the nature, timing and extent of
resources necessary to perform the engagement
o Selection of engagement team and
assignment of work
o Engagement budgeting
BENEFITS OF OVERALL STRATEGY
The process of establishing the overall audit strategy assists
the auditor to determine:


Resources to deploy for specific audit areas such as
use of
o Experienced team members for high-risk
areas
o Experts on complex matters
Amount of resources to allocate to specific audit
areas such as
o Number of team members assigned to
perform a procedure
o Extent of review of other auditor’s work
o Budget in hours to allocate to high-risk
areas

When such resources are to be deployed such as
o Interim audit stage
o Key cut-off dates

How such resources are managed, directed and
supervised such as
o Schedule of briefing and debriefing
meetings
o How reviews are expected to take place
o Whether to complete engagement quality
control reviews
AUDIT PLAN
Once the overall strategy has been established, an audit plan
can be developed.
Audit plan is more detailed than the overall audit strategy
in that it includes the nature, timing and extent of audit
procedures to be performed by engagement team.
-
The nature, timing and extent of planned further
audit procedures at the assertion level
Test of control and substantive test
Other planned procedures
Examples:
Special requirements
DIRECTION, SUPERVISION & REVIEW
DIRECTION
- Pag aassign ng task
- Normally junior auditors ang gumagawa
SUPERVISION
- Guidance
- Normally senior auditors ang gumagawa
REVIEWS
- Normally ginagawa ng engagement partner
The auditor shall plan the nature, timing and extent of
direction and supervision of team members and the review
of their work.
It may vary depending on factors including:




Size and complexity of the entity
The more mas complex ang client, then dapat mas
may experience.
Area of the audit
High-risk area, mas experience ang inaassign
Assessed risk of material misstatement
Competent ang mga engagement members
Capabilities and competence of the members
performing the work
AUDIT PROGRAM
An audit program sets out the nature, timing and extent of
planned audit procedures required to implement the
overall audit plan.
It serves as a set of instructions to assistants involved in the
audit and as a mean to control the proper execution of work.
AUDIT PLAN
Includes consideration of:
o Risk assessment
procedures
o Further
audit
procedures
o Other
planned
procedures
AUDIT PROGRAM
Schedule of further audit
procedures:
o Tests of controls
o Substantive tests
CHANGES TO PLANNING
Planning is no a discrete phase, but rather a continual and
iterative process.
The audit plan shall include a description of:
a.
The nature, timing and extent of planned risk
assessment procedures
As a result of unexpected events, changes in conditions, or
the audit evidence obtained, the auditor may need to modify
the overall audit strategy and audit plan.
DOCUMENTATION
The auditor shall document the overall audit strategy and
the audit plan, including any significant changes.
Documentation:
a. Overall audit strategy – record of key decisions
b. Audit plan – record of planned risk assessment
procedures and further procedures
c. Significant changes – record of explanation of
changes and the final overall audit strategy and
audit plan
ADDITIONAL CONSIDERATIONS
 For initial audits, additional matters the auditor may
consider include:




Arrangements with predecessor auditor, such as
review of working papers
Any major issues discussed with management
Audit procedures regarding opening balances
Other procedures required by the system of quality
control for initial audits

Consideration of work performed by

Client’s staff, including internal auditors – may
reduce the cost of audit
Specialists or experts – brings unique knowledge
and judgement
Other CPAs – when a component is audited by
another firm


AUDIT DOCUMENTATION
The record of audit procedures performed, relevant audit
evidence, obtained and conclusions the auditor reached.
-
Also called as WORKING PAPERS
It provides evidence
a.
b.
Of the basis for conclusion about the achievement
of the overall objective of the auditor
That the audit was planned and performed in
accordance with PSAs and legal and regulatory
requirements
Documentation provides evidence that the audit
complies with the PSAs.
OTHER PURPOSES
Audit documentation can also






Assist the engagement team to plan and perform
the audit
Assist member to direct and supervise the audit
work,
and
to
discharge
their
review
responsibilities
Enable the engagement team to be accountable for
its work
Retains a record of matters of continuing
significance to future audits
Audit file:
Current audit file
Permanent audit file (transactions na magagamit
pa sa future audits)
Enable the conduct of quality control reviews and
inspection in accordance with PSQC 1
Enable the conduct of external inspections in
accordance with applicable legal, regulatory or
other requirements
Also serve as the auditor’s primary defense in case
of lawsuit.
TIMELINESS
The auditor shall prepare audit documentation on a timely
basis.
Timely Documentation Benefits:

Helps to enhance the quality of audit

Facilitates the effective review and evaluation of
the audit evidence obtained and conclusions
reached before the auditor’s report is finalized.
Documentation prepared after the audit work has been
performed is likely to be less accurate than documentation
prepared at the time such work is performed.
FORM, CONTENT AND EXTENT
Documentation should be sufficient to enable an
experienced auditor, with no previous connection with the
audit, to understand:
a.
The nature, timing and extent of procedures
performed
b.
The results of the audit procedures performed and
the audit evidence obtained
c.
Significant matters arising during the audit,
conclusions reached thereon, and significant
professional judgments
In documenting the nature, timing and extent of procedures
performed, the auditor shall record:
Client’s accounting records may be included as part of
documentation however, documentation is not a substitute for
client’s records.
DEPARTURE FROM A REQUIREMENT
If, in exceptional circumstances, the auditor judges it
necessary to depart from a relevant requirement in a PSA,
the auditor shall document how the alternative audit
procedures performed achieved the aim of that
requirement, and the reasons for the departure.
ASSEMBLY OF FINAL AUDIT FILE
The auditor shall assemble the audit documentation in an
audit file and complete the administrative process of
assembling the final audit file on a timely basis after the date
of the auditor’s report.
Archiving
a.
The identifying characteristics of specific items or
matter tested
b.
Who performed the audit work and the date such
work was completed
c.
Who reviewed the audit work performed and the
extent of such review
The auditor shall also document:
o
Discussions of significant matters
 Management
(inquiry
about
the
managements risk assessment process)


o
Those charged with governance (audit
committee may fraud na ginagawa,
material weakness/significant deficiency,
hindi pala independent)
Others, such as client’s personnel, experts,
other auditors and regulators (lawyers,
with regards to litigations, components of
auditors, regulators)
Inconsistency regarding significant matters
Documentation may be recorded on paper or on electronic
or other media.
Examples:
 audit programs
 analysis
 issues memoranda
 summaries of significant matters
 letters of confirmation and representation
 checklists
 correspondence (including e-mail) concerning
significant matters
Within 60 days (after the
date of audit reports).
AUDIT FILE
- one or more folders or other storage media, in
physical or electronic form, containing the record
that comprise the audit documentation for a
specific engagement.
After the assembly of the final audit file, the auditor shall not
delete or discard audit documentation of any nature before
the end of its retention period.
Within 10 years from the date of
audit report – Revised SRC Rule 68
Audit file may not be modified but with documentation of:
 specific reasons
 when and by whom they were made and reviewed
Related documents
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
Question: 1. If the auditor finds only one instance of... the auditor assume that this is an isolated instance? Why...
New DOCX Document
New DOCX Document
Exercise Chapter 15
Exercise Chapter 15
Download
advertisement