- No category
Auditing Principles: Audit Process & Risk Assessment
advertisement
AUDITING and Assurance Principles Continuation AUDIT PROCESS: Overview sa kanya. Kailangan hindi ma associate sa entity na walang integrity. How will be able to know if there’s no integrity? - Overview of Audit Process: Client Acceptance and Continuance Decisions -kailan dapat at hindi dapat tanggapin ang engagement. Performing Risk Assessment -inaassess ang risk para maka tulong sa pag plano ng engagement. Obtaining Evidence about Internal Control Operating Effectiveness -also called test of control Obtaining Substantive Evidence about Accounts, Disclosures and Assertions -also called substantive test Completing the Audit and Making Reporting Decisions CLIENT ACCEPTANCE DECISIONS a. Client Acceptance Competence – kailangan alam ang industry and nature ng client na naghhire or nag ooffer ng engagement service. Capability- kailangan hindi lang competent,kundi kaya natin gawin ang isang audit firm. ON THE PART OF AUDITOR Resources- sapat na human resources para gawin ang audit, or magagawa ba within the time set by the client. Ethical Requirements- lahat ng professional accountants kailangan mag follow sa code of ethics. 5 CODE OF ETHICS Integrity Confidentiality Objectivity Professional Competence and Due Care Professional Behavior If there is a PREDECESSOR AUDITOR – dating auditor ng entity) the auditor must communicate the predecessor auditor. If he rejects? - Can based on the experience or other resources. Agreeing the terms of Audit Engagement - - b. Engagement Letter – contract, terms between client and management (responsibilities of auditor and management, scope) before mag start binibigay. Management Representation Letter – sinasabi ni management na inaacknowledge nya ang responsibility, at ang lahat ng evidence na binibigay kay auditor is valid. Sa dulo binibigay. Initial Audit Planning -pinaplano kun ano ang gagawin sa buong audit. CLIENT CONTINUANCE a. - - b. Client Continuance -if itutuloy paba? Revision on Terms of Audit Engagement May nag bago? Do you still have competence? Ethical requirements Nawalan na nag integrity? Reminder on Terms of Audit Engagement Reminders are needed Send again engagement letter (if nakalimutan na or if theres changes) Initial Audit Planning “Planning is not discrete phase, but continual and iterative” RISK ASSESSMENT a. Risk Assessment Procedures Inquiry -kailangan mag tanong It can be: Informational, interrogative, and others. CPA IN PUBLIC PRACTICE (CODE OF ETHICS) Independence Integrity of the Client Management – kaya nya ba ibigay yung mga tunay na information na tatanungin - Analytical Procedures – Analysis of plausible relationships: Ratios Trends Titignan bakit biglang tumaas ang ganitong bagay? Bakit may nag bago? e. Ex. Return on Investment or Net Profit Margin Audit Risk = Inherent Risk x Control Risk x Detection Risk Observation and Inspection – manuod and tignan ang documents. AUDIT RISK - Risk na baka mag sustain tayo ng lost sa engagement. (PWEDE TAASAN OR BABAAN ANG RISK) THESE 3 ARE REQUIRED TO DO WHEN ASSESSING THE RISK. Inherent Risk – susceptibility to misstatement. (INAASSESS LANG) Other factors considered – Prior period information Engagement team discussion b. Control Risk – hindi nadetect ng internal control ang misstatement. (INAASSESS LANG) Understanding the Entity and Its Environment Industry – if saan nag ooperate si client Accounting Principles Laws and Regulations – needs permits Detection Risk – risk na baka hindi madetect ng procedures ni auditor yung material misstatement na nandun sa fs. (PWEDE TAASAN OR BABAAN ANG RISK) Risk of material misstatement Nature – business differs from: Operations – real time ang pag update ng data or not? Ownership & Governance – sino ang may-ari? Partnership? Sole? Structure – organizational chart? Detection Risk = Audit Risk / (Inherent Risk x Control Risk) High – tataasan ang detection risk at KONTI ang procedures Low- bababaan ang detection risk pero mas EXTENSIVE ang procedures. Accounting Policies How he/she determines his/her estimates? f. Objectives and Strategies – ng entity at management. Baka hindi sila same ng objectives? There’s a goal conflict. Overall Audit Strategy Scope, timing, and direction of the audit. Audit Plan – detailed na plano Nature, timing, and extent of procedures. Methods of Measuring and Reviewing Performance – if there’s a significant bonus? Maybe there is a pressure on the management. c. Audit Risk Model Audit Program – mas specific Set of instructions to assistants Understanding the Entity’s Internal Control TEST OF CONTROLS Over Financial Reporting – a. d. Materiality After omission of the information Why do we need to test the control? Makabawas sa substantive test. Overall Materiality – threshold or cut off point at the FS Level b. Performance Materiality – less than the level of overall materiality. Highly based sa judgment ni auditor. Materiality Level for Transaction, Account Balance or Disclosure – inaallocate ang overall materiality’s to different account. “High level of assurance that the financial statements are free from material misstatements, either due to fraud or error.” Test the operating effectiveness only if the design is strong. Attribute Sampling High level of assurance lang ang dapat iprovide ng isang audit. Characteristics ang tinitignan c. Communication to Management and Those Charged with Governance. o Significant Deficiencies -less than material weakness, not necessarily na mag provide ng material misstatement but importante sya sa o o management and those charged with governance. Material Weakness -may possibility nab aka may material misstatement Management Letter -came from auditor to management, suggestion para ma improves ang internal control. SUBSTANTIVE TEST a. - THE AUDITORS REPORT a. STANDARD OPINION Substantive Test Procedures I. II. Pervasive means hindi kalat MODIFIED OPINIONS Transactions Balances Adverse – “do not present fairly” Material and pervasive Misstatements Disclaimer of Opinion – “do not express an opinion” high degree of scope of limitation and uncertainty Or BOTH b. Variables Sampling Corroborating Evidence – more evidence or supporting evidence. COMPLETING THE AUDIT a. Completing the Audit - Search for Unrecorded Liabilities usually, confirmations - - Review Minutes of Meetings Plant acquisition, dividends declaration, material share issuance, business combinations or investments. Final Analytical Procedures Risk Assessment (required) Substantive Test (Optional) Completing the Audit (Required) Loss Contingencies Going Concern Assumption - Review of Subsequent Events Consider pati yung mga after ng audit report date. What can happen? Kapag may na discover beyond issuing the report: EXTENDING THE DATE (pag April, change into May) DUAL DATING (issuing pero dalawa ang date) - Engagement Quality Control Review Report Bawal mag issue ng audit report if wala pa ito. Forming and Audit Opinion and Issue of Audit Report Unqualified Opinion – “present fairly, in all material respect” Qualified – “present fairly except for” material misstatement, scope of limitation, or uncertainty (as long as hindi pervasive) Analytical Procedures – analyze ng plausible relationship Substantive Test of Details of Obtain Management Representation Letter Bawal mag issue ng audit report hanggang hindi nag bibigay si management ng letter na nagsasabi na inaaknowledge niya yung kanyang responsibility. b. Contents of audit report Opinion – (qualified or unqualified) Basis for Opinion – (bakit mo nasabi na qualified or unqualified?) Key Audit Matters – utmost importance and significance. Responsibilities of Management and Those Charged with Governance Auditors Responsibilities Other Legal and Regulatory Requirements It may also include: Emphasis of the Matter Paragraph (ilalagay right after the opinion) Other Matter Paragraph (scope limitations) AUDITORS RESPONSIBILITIES REGARDING FRAUD - “Ninanakaw ng employee ang resources ng entity” - Defalcation or Employee Fraud Kadalasan nagnanakaw ay yung mga low level ng employee FRAUD - - “An intentional act by one or more individuals among management, those charged with governance, employees, or third parties, involving the use of deception to obtain an unjust or illegal advantage.” ‘panloloko’ Not just within the entity, third parties can also be involved. ERROR vs FRAUD ERROR II. - Manipulation of financial statements Binabaan ang liability, tinataasan ang assets Normally ang gumagawa is ang mga managers. III. Management Fraud Examples Misappropriation of Asset Unintentional Misjudgment Miscalculation Misapplication Example: Nagkamali ng judgment with pure intentions FRAUD Fraudulent Financial Reporting (USUALLY MATERIAL) needs to be bantayan Embezzling receipts Stealing physical assets Stealing intellectual property Disbursement for unreceived goods or services Using resources for personal use Fraudulent Financial Reporting Intentional Theft Corruption Manipulation Misrepresentation AUDITOR’S RESPONSIBILITY - “Auditor is responsible for obtaining reasonable assurance that the financial statements as a whole are free from material misstatements, whether due to fraud or error” Fictitious journal entries Inappropriate adjustments Omitting, advancing or delaying recognition Concealing facts Misrepresenting financial statements Altering records FRAUD RISK FACTORS “May indicate the existence of fraud” FRAUD TRIANGLE Auditor is not expected to detect all fraud. Auditors is only liable to fraud that results to material misstatement. ACCOUNTABILITY & RESPONSIBILITY - Opportunity “Management and those charged with governance are responsible for prevention and detection of fraud.” FRAUD Incentive & Pressure How they were able to detect fraud? Designing and Implementing Internal Control FRAUD RELATED TO AUDIT I. - Misappropriation of Assets (MOST COMMON FRAUD) immaterial also Theft or misuse of an organization’s assets Example: inventory, cash, and others Attitude & Rationaliz ation Incentive & Pressure - - Minsan kahit ayaw ng isang tawo na gumawa ng fraud, minsan napipilitan sya dahil may benefit syang makukuha or may pumipilit sa kanya. AVOID CONSEQUENCES - “pressure” it can be internal or external factors eg. (family) Opportunity - Weak control Attitude & Rationalization - Justification of fraud Possible na pag usapan during discussion? DETECTION RISK a. - The risk of not detecting material misstatement due to fraud is higher than due to error. Concealed (ang fraud) Susceptibility to material misstatements due to fraud Indications of earnings management (ano yung mga nakita na factor, na baka mag drive sa entity na mag commit ng fraud) (it can be PRESSURE) External and internal fraud risk factors (fraud triangle must be considered) Audit procedures to respond to susceptibility to fraud (paano madedetect na walang material misstatement due to fraud) Allegations to fraud (if may nalalaman ba sila na fraud within the entity) RISK ASSESSMENT PROCEDURES b. - The risk of not detecting material misstatements due to management fraud is higher than employee fraud. Management can override controls AUDITOR’S OBJECTIVE a. Objectives in relation to fraud Identify and assess risk of material misstatements due to fraud. Obtain sufficient appropriate evidence through designing and implementing appropriate responses. Respond appropriately to identified or suspected fraud HOW CAN THESE BE MET? PROFESSIONAL SKEPTICISM a. Professional Skepticism (ATTITUDE) Questioning mind and critical assessment a. Inquiries of Management Assessment of risk of material misstatements due to fraud Inquiries of knowledge of actual, suspected or alleged fraud b. Those Charged with Governance and Internal Auditor Inquiries of knowledge of actual, suspected or alleged fraud c. d. Analytical Procedures Evaluation of Fraud Risk Factors “Management is in the best position to perpetrate fraud” IDENTIFICATION & ASSESSMENT a. Identify and assess the risk of material misstatements due to fraud At financial statements level At assertion level of transactions, account balances and disclosures. b. Risk of Fraud of Revenue Recognition (Overstatement) Kailangan ipresume na may fraud sa revenue recognition c. Understanding Entity’s Control (RELATED TO FRAUD) Alamin ang design ng entity’s internal control. Internal control must be STRONG. (Kailangan maging alert sa red flags/ mali) Paano naapply? b. Management is neither honest nor dishonest Records and documents are presumed to be genuine Professional Judgment (COMPETENCE) Application of relevant training, professional knowledge, skills and experience in making decisions. (talks about COMPETENCE sa proper judgment) (competence ng auditor) DISCUSSION AMONG THE TEAM a. Discussion among the engagement partner and key audit members. (not necessarily tanan members) RESPONSES TO ASSESSED RISK a. Overall Responses Assignment and supervision of personnel Evaluate accounting policies Element of unpredictability b. Responses to Risk at the Assertion Level Changing the nature, timing and extent of procedures Disclose known and suspected fraud COMMUNICATIONS TO CLIENT - - - Extent Gaano karami yung tinitest na evidence Timing Kailan icoconduct ang procedures? either, Interim Procedures, Near the financial statement date, and at the end of financial statement date. Nature ano yung mga procedures na gagawin? Observations? Confirmations? Recalculation? Inquiry? c. Response to Risk of Management Control Override Test the appropriateness of journal entries and adjustments Reviewing accounting estimates for biases Evaluating the business rationale for significant unusual transactions a. Communication with Management Suspected or detected fraud to appropriate level of management Atleast 1 level above the person involved b. Communication with those charged with Governance (sasabihin kay management whether may fraud or wala, regardless kung material or immaterial man yun) Suspected or detected management fraud and those result to material misstatements. Inquire about known or suspected fraud, and senior management’s integrity and competence. Doubtful Integrity? May seek legal advice COMMUNICATIONS TO REGULATORS Suspected or Detected Fraud? “The auditor shall determine whether there is a responsibility to report the occurrence or suspicion to a party outside the entity.” EVALUATION OF AUDIT EVIDENCE Legal responsibility may override confidentiality. a. b. c. d. Analytical procedures results are consistent with auditor’s understanding Are misstatements due to fraud? Fraud is unlikely to be an isolated occurrence. Reevaluate risk assessment if management fraud is suspected Evaluate implications if auditor is unable to conclude whether the financial statements is materially misstated. Example: DOCUMENTATIONS Qualitative matter based on PROFESSIONAL JUDGMENT. a. WITHDRAWAL FROM ENGAGEMENT Identified fraud or suspected fraud? b. a. b. Determine professional and legal responsibility Consider whether withdrawal is appropriate and legally permitted MANAGEMENT REPRESENTATIONS a. Obtain written representations that Management c. d. Discuss with management and those charged with governance Determine reporting responsibilities Acknowledges its responsibilities to prevent and detect fraud Discloses its assessment of risk of material misstatements due to fraud Report to BSP the occurrence of fraud in financial institutions Report to SEC the material audit findings, if the entity fails to report. Understanding of the entity and its environment and the assessment of the risk of material misstatements. Responses of the assessed risk of material misstatements Communications about fraud to management, those charged with governance, regulators and other. Presumption that risks of fraud of revenue recognition is not applicable. INTERNAL CONTROL “The process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of the entity’s objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, and compliance with applicable laws and regulations” -COSO Achievement of objectives also include Adherence to management policies Safeguarding assets Prevention and detection of fraud and error Accuracy and completeness of accounting records Timely preparation of financial information LIMITATIONS OF INTERNAL CONTROL (PSA 315) “Internal control can provide an entity only with reasonable assurance about achieving the entity’s financial reporting objectives” - Hindi pa rin absolute assurance Hindi 100% sure na maachieve ang goal Factors why we can’t achieve that 100%: Inherent Limitations a. Human Error Misunderstanding Faulty judgment Carelessness Distraction Fatigue b. Employee Collusion There must be a segregation of duties Auditor Responsibilities “PSAs require the auditor to assess the risk of material misstatement through obtaining an understanding of the entity and its environment, including the entity’s internal control” CONTROLS RELEVANT TO THE AUDIT “An entity’s objectives and the controls are directly related however not all of these objectives and controls are relevant to the audit.” Factors to determine a control’s relevance to audit: Materiality and significance of related risk Nature and characteristics of the entity and its internal control Legal and regulatory requirements Prevents, detects and corrects material misstatements RISK ASSESSMENT: UNDERSTANDING CONTROLS “The auditor shall evaluate the design of those controls and determine whether they have been implemented.” Capable of effectively preventing, or detecting and correcting material misstatements. Controls exists and in use Subcategory of Internal Control How can we assess? Procedures may include: Inquiry of entity personnel (by itself, is not sufficient) Observing the application of controls Inspecting the documents and reports Tracing transactions through the system (aka “Walkthrough”) c. Management Override Kaya ni management ibypass ang internal control For small entities, segregation of duties may be limited but management oversight may be more effective. RESPONSIBILITIES OVER CONTROLS Management Responsibilities “Management is responsible for designing, implementing, and maintaining effective internal control over financial reporting.” Management needs to maintain sufficient and appropriate internal control documentation. The auditor shall document his understanding of internal control through: a. - Standardized Internal Control Questionnaires Just like a “survey” “yes or no” questions Advantages: - Easy to prepare and can easily identify deficiencies Disadvantages: - Lacks flexibility and a tendency to be filled mechanically b. - Written narratives Gagawa ng essay according to what he/she understands In paragraph form Advantages: - Show the level of auditor’s understanding Disadvantages: - Deficiencies cannot be easily identified c. - b. A control necessary to prevent, or detect and correct, misstatements on a timely basis is missing Levels of Deficiency Flowcharts Symbols, graphical documentation, (drawing), flow ng internal control a. Advantages: - Clearer and more specific portrayal of the client’s system Disadvantages: - Sufficient understanding of flowcharts and deficiencies cannot be easily identified. - Kailan memorize ang symbols b. c. Material weakness – there is a reasonable possibility that a material misstatement of the financial statements will not be prevented or detected on a timely basis. Significant deficiency – less severe than a material weakness, yet of sufficient importance to merit the attention of those charged with governance Other deficiencies – not significant deficiencies What should an auditor do when he/she detect these deficiencies? The auditor shall communicate Walk-through are performed after the documentation RISK RESPONSE: TEST OF CONTROLS The auditor shall design and perform test of controls to obtain sufficient appropriate evidence as to the operating effectiveness of controls when: a. - b. - The auditor’s assessment of risk of material misstatement includes an expectation that the controls are operating effectively. If maganda ang risk assessment, if mababa or below maximum, it means maybe the internal control are effective. If maganda ang internal control design, tsaka gagawa ng test of control. Mas common na mangyari In writing, significant deficiencies to those charged with governance and, if appropriate, to management on a timely basis Other deficiencies to management that are of sufficient importance to merit management’s attention Maybe made orally COMPONENTS OF INTERNAL CONTROL: OVERVIEW a. Control Environment Substantive procedures alone cannot provide sufficient appropriate evidence Hindi sapat ang substantive test to perform test of controls. Communication and Enforcement of Integrity and Ethical Values Commitment to Competence Participation by Those Charged with Governance Management’s Philosophy and Operating Style Organization Structure Assignment of Authority and Responsibility Human Resource Policies and Practices Strong design = perform test of controls (to make sure it is really strong) Weak design = do not perform test of controls b. Procedures may include: Inquiry of entity personnel Observing the application of controls Inspecting the documents and reports Reperforming control activities (madami kang ittest) c. a. A control is designed, implemented or operated in a way that it is unable to prevent, or detect and correct, misstatements on a timely basis d. Identifying Business Risks Estimating the Significance of the Risks Assessing the Likelihood of Occurrence Deciding Actions Information System and Communication “The auditor may use audit evidence about operating effectiveness of specific controls and only test the controls at least once in every third audit if there are no significant changes to such controls” DEFICIENCY IN INTERNAL CONTROL Deficiency in internal control exist when: Entity’s Risk Assessment Process Infrastructure components) Software People Procedures Data (physical Control Activities Authorization Performance Reviews Information Processing and hardware e. Physical Controls Segregation of Duties o Authorizing transactions o Recording transactions o Custody of assets B. ENTITY’S RISK ASSESSMENT PROCESS The auditor shall obtain an understanding of whether the entity has a process for a. Monitoring of Controls b. c. A. CONTROL ENVIRONMENT The auditor shall evaluate whether: a. b. Management, with the oversight of those charged with governance, has created and maintained a culture of honesty and ethical behavior. The strengths in the control environment elements collectively provide an appropriate foundation for the other components of internal controls. d. Identifying business risks relevant to financial reporting objectives; Estimating the significance or risks; Assessing the likelihood of their occurrence; and Deciding about actions to address those risks Risks may arise from: Rapid growth New technology New products Corporate restructuring Whether the entity’s risk assessment process is appropriate is a matter of judgment. Control Environment sets the tone of an organization A satisfactory control environment is not an absolute deterrent to fraud. C. In itself does not prevent, or detect and correct a material misstatement. The auditor shall obtain an understanding of how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting. Elements of Control Environment a. Communication and Enforcement of Integrity and Ethical Values - Effectiveness of controls cannot rise above the integrity and ethical values of the people who create, administer, and monitor them b. c. - Commitment to Competence Participation by those Charged with Governance Oversight and whistle-blowing mechanism Policy or way for employees na maka pag sumbong in safely. d. - Management’s Philosophy and Operating Style Conservative or aggressive attitude toward financial reporting. e. - Organizational Structure Considering key area of authority and responsibility and appropriate lines of reporting. f. - Assignment of Authority and Responsibility Personnel understanding of objectives, how they contribute, and accountability g. - Human resource Policies and Procedures Recruitment, orientation, training, evaluation, counseling, promotion, compensation and remedial actions INFORMATION SYSTEM AND COMMUNICATION The auditor shall obtain an understanding of the information system, including related business processes, relevant to financial reporting. An information system consists of infrastructure, software, people, procedures and data. Communication forms: Manuals and memoranda Electronic Oral Through actions D. CONTROL ACTIVITIES The auditor shall obtain an understanding of control activities relevant to the audit in order to assess the risk or material misstatement at the assertion level and design further audit procedures. Control activities that are relevant to the audit are those: Related to significant risks and risks for which substantive procedures alone do not provide sufficient appropriate evidence Relevant in the judgment of the auditor Control Activities are the policies and procedures that help ensure that management directives are carried out. Generally, control activities may be categorized as policies and procedures that pertain to the following: a. Authorization = general and specific authorization - General Authorization Established guidelines Applicable sa recurring activities or normal operations - Specific Authorization Specific High-Level Approval Hindi pwede basta basta gagawin, need ng approval b. Performance Reviews = variance analysis, comparing internal and external information, and review of functional performance c. Information Processing = application and general controls - Application Controls Processing of individual applications - General Controls Relate to many application controls the basis upon which the management considers the information to be sufficiently reliable. If the entity has an internal audit function, the auditor shall obtain an understanding of. a. The nature of the function’s responsibilities and how it fits in the entity’s organizational structure - Kanino nag rereport? Sino ang boss? (para ma determine ang objectivity) - Internal auditor usually reports to the audit committee or directly to the BOD b. The activities performed, or to be performed, by the function - Ano ang ginawa at gagawin? (para malaman if namonitor nya ba ang internal control) In determining whether the work of internal auditors can be used, the auditor shall evaluate the internal auditor’s objectivity, technical, competence, due professional care, and whether the internal and external auditor can effectively communicate. ENTITY-WIDE AND TRANSACTION CONTROLS d. Physical Controls = physical security of assets, access to computer programs and data files, and periodic counting and comparison with records. e. Segregation of Duties = reduce the opportunities to both perpetrate and conceal errors of fraud - Segregate authorization, recording and custody Incompatible Duties E. MONITORING OF CONTROLS The auditor shall obtain an understanding of the major activities used to monitor internal control over financial reporting and how the entity initiates remedial actions to deficiencies in its controls. Monitoring is the process to assess the effectiveness of internal control performance over time. Ongoing Evaluations Separate Evaluations Habang ginagawa ang operations, minomonitor mo na rin sya. Merong another department na nag iivaluate o responsible sa monitoring. The auditor shall obtain an understanding of the sources of the information used in entity’s monitoring activities, and a. Entity- wide Controls Affect multiple processes, transactions, accounts and assertions o Controls over management override o Organizations’ risk assessment process o Controls to monitor other controls b. Transaction Controls Affect only certain processes, transactions, accounts and assertions o Segregation of duties over cash receipts and recording o Authorization procedures for purchasing o Physical controls to safeguard inventories PSA 220 and PSQC 1 PSA 210 PRELIMINARY ENGAGEMENT ACTIVITIES THE CODE OF ETHICS FOR PROFESSIONAL ACCOUNTANTS STATES THAT CONTRACT WITH PREDECESSOR AUDITOR IS RELEVANT. PRECONDITIONS FOR AN AUDIT TO KNOW THE: Reasons to decline the engagement a. b. c. d. e. f. Consider the Integrity of the Client Competence to perform the Engagement Compliance to Relevant Ethical Requirements Acceptable Financial Reporting Framework Management Representation Agreement on Engagement Terms CLIENT INTEGRITY The auditor shall not associate with clients who are lacking in integrity. - An auditor must have a public confidence. Before accepting a client, things must be considered: - Identity and business reputation of principal owners, key management and those charged with governance. Nature of client’s operations Including business practices (paano nag rerecord ng cost of goods sold? paano pinipresent yung kanilang current asset?) Attitude on interpretation of accounting standards and internal control environment Aggressive in maintaining audit fee as low as possible Indications of inappropriate scope limitation Indications of involvement in money laundering and other crimes Reason for appointment and non-reappointment of predecessor auditor Identity and business reputation of related parties Sources of information about client integrity o o o Communication with existing and previous provider of accounting services and discussion with other third parties (PREDECESSOR AUDITOR) Inquiry of other firm personnel or third parties (BANKERS, LEGAL COUNSEL, and INDUSTY PEERS) Background searches of relevant databases Integrity of management Disagreements Understanding of the reasons for the change a. b. Needs client permission, preferably in writing. If unable to communicate, take other steps to obtain information. COMPETENCE Competence, capabilities and resources Competence – knowledge and skills Capabilities – if u are capable to do certain skills Resource – sapat na personnel Need to consider: Knowledge of relevant industries and subject matters Experience with relevant regulatory requirements What if walang knowledge and experience? - Ability to gain necessary skills and knowledge effectively - Sufficient personnel Competent and capable - Experts are available Lawyers, doctors, engineer, actuary and appraiser - Engagement quality control reviewer Competent with proper authority (hindi pwede kung sino sino lang) - Completion within the reporting deadline Perform audit in accordance with standards ETHICAL REQUIREMENTS Fundamental Principles a. - Integrity Straight forward and honest b. - Objectivity Uncompromised judgment (hindi standard na iniexpect) c. - Professional Competence and Due Care Knowledge and skills diligent below sa d. - Confidentiality No unauthorized disclosure e. - Professional Behavior Comply with relevant laws and regulations ADDITIONAL ETHICAL REQUIREMENTS FOR THOSE WHO ARE IN PUBLIC PRACTICE: - Prescribed Framework by Law or Regulation PFRS or other framework MANAGEMENT REPRESENTATION Obtain agreement that it acknowledges and understands its responsibilities. (MANAGEMENT REPRESENTATION LETTER) Management ang mananagot sa: a. - Independence Independence of Mind and in Appearance Independence Mind - Alam mo talaga na independent ka, objective ka, meron kang integrity, tama ang judgment Independence in Appearance - Hindi sapat na alam mo na independent ka, kailangan pati sa paningin ng public independent ka rin. b. - Professional Skepticism Attitude Critical assessment and alert to red flags Preparation of Financial Statements Internal Control over Financial Reporting Provide the auditor with o Access to all information relevant to the financial statements o Additional information for the purpose of audit o Unrestricted access to persons within the entity Scope Limitation - kapag hindi nag provide si management ng information na kailangan ni auditor - magiging dahilan para mag issue of declaimer Hindi dapat inaassume na honest/dishonest THREATS TO COMPLIANCE SHALL BE o o Eliminated Reduce to an acceptable level ACCEPTABLE FRAMEWORK - Kailangan acceptable and framework AGREEMENT ON TERMS Agreement with management or those charged with governance includes: (ENGAGEMENT LETTER) - Objective and scope of the audit - Responsibilities of the auditor Responsibilities of the management and those charged with governance - Oversee ng FS Identification of applicable financial reporting framework - Standards na ginamit para magawa ang FS Reference as to the expected form and content of reports - Printed, written or electronic and also the content, key audit matter, responsibilities of auditor and client. Objective is to provide reasonable assurance Mag issue ng opinion Elements of Assurance Engagement a. b. c. - 3-Party Relationship Appropriate Subject Matter Suitable Criteria Financial reporting framework IFRS, PRFS, USGAAP RUN-CR (kailangan ang criteria ay relevant, understandable, neutral, complete and reliable) d. e. Sufficient Appropriate Evidence Written Assurance Report Paano malalaman is acceptable ba ang framework na ginagamit ni client? Relevant Factors - Nature of the Entity Business, public sector entity, or NFP Organization - Purpose of the Financial Statements General or Specific - Nature of the Financial Statements Complete set or single FS ENGAGEMENT LETTER MAY INCLUDE: o o o o o o Elaboration of the scope Form of any other communication of results The fact that there is an unavoidable risk that some material misstatements may not be detected Arrangement on planning and performing the audit The expectation that the management will provide written representations Agreement to make available to the auditor draft financial statements o o o o o o o o o Agreement to inform the auditor of facts that may affect FS Basis on which fees are computed and billing arrangements Request to acknowledge the receipt and agree to the terms in the engagement letter Arrangements involving other auditors and experts Arrangements involving internal auditors and other staff of the client Arrangements to be made with predecessor auditor Any restriction of the auditor’s liability Reference to any further agreements Any obligations to provide working papers to other parties. AUDIT PLANNING How to conduct the Audit Engagement? Planning involves developing a general strategy and a detailed approach for the expected nature, timing and extent of the audit. Audit Plan It is not a discrete phase, but rather a continual and iterative process that often begins shortly after the completion of the previous audit and continues until the completion of the current audit. Risk-based Approach OTHER MATTERS: a. - Audit of Components Other branches ng isang entity If ikaw din ang nag auaudit Separate Engagement Letter? b. - Recurring Audits Hindi kailangan yearly mag provide ng engagement letter ADEQUATE PLANNING Adequate planning helps the auditor: Instances if need mag provide ng engagement letter: - o Revision of engagement letter Bago ng fees, scope or additional - o Reminder of terms to client Baka nakakalimutan na ni client ang terms Examples: Indication of misunderstanding Revised or special terms Changes of management Change of ownership Change in business Change legal or regulatory requirements Change in framework Change in other requirements c. - Changes in Terms Papayag sya if may changes, kapag reasonable ang justification. Overall Audit Strategy Devote appropriate attention to important areas Identify and resolve potential problems on a timely basis Properly organize and manage the audit so that it is performed in an effective and efficient manner. Assist in the selection of team members to respond to anticipated risks, and the proper assignment of work Facilitate the direction and supervision of team members and review of their work Coordination of work done by auditors of components and experts (branch of company from other location) Involvement of the engagement partner and other key members in planning enhances the effectiveness and efficiency of the planning process. Auditor may decide to discuss elements of planning with the client’s management but with care in order not to compromise the effectiveness of the audit. OVERALL AUDIT STRATEGY (PSA 300) In establishing the overall audit strategy, the auditor shall: a. Identify the characteristics of the engagement that define its scope Examples: o Reporting requirements o Expected audit coverage Scope of an audit refers to audit procedures deemed necessary. b. Ascertain the reporting objectives to plan the timing of the audit and the nature of the communications required Examples: o Timetable for reporting o Discussions with management and those charged with governance b. c. c. Consider significant factors in directing the engagement team’s efforts o Determination of materiality levels o Significant changes and developments d. Consider the results of preliminary engagement activities e. Ascertain the nature, timing and extent of resources necessary to perform the engagement o Selection of engagement team and assignment of work o Engagement budgeting BENEFITS OF OVERALL STRATEGY The process of establishing the overall audit strategy assists the auditor to determine: Resources to deploy for specific audit areas such as use of o Experienced team members for high-risk areas o Experts on complex matters Amount of resources to allocate to specific audit areas such as o Number of team members assigned to perform a procedure o Extent of review of other auditor’s work o Budget in hours to allocate to high-risk areas When such resources are to be deployed such as o Interim audit stage o Key cut-off dates How such resources are managed, directed and supervised such as o Schedule of briefing and debriefing meetings o How reviews are expected to take place o Whether to complete engagement quality control reviews AUDIT PLAN Once the overall strategy has been established, an audit plan can be developed. Audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and extent of audit procedures to be performed by engagement team. - The nature, timing and extent of planned further audit procedures at the assertion level Test of control and substantive test Other planned procedures Examples: Special requirements DIRECTION, SUPERVISION & REVIEW DIRECTION - Pag aassign ng task - Normally junior auditors ang gumagawa SUPERVISION - Guidance - Normally senior auditors ang gumagawa REVIEWS - Normally ginagawa ng engagement partner The auditor shall plan the nature, timing and extent of direction and supervision of team members and the review of their work. It may vary depending on factors including: Size and complexity of the entity The more mas complex ang client, then dapat mas may experience. Area of the audit High-risk area, mas experience ang inaassign Assessed risk of material misstatement Competent ang mga engagement members Capabilities and competence of the members performing the work AUDIT PROGRAM An audit program sets out the nature, timing and extent of planned audit procedures required to implement the overall audit plan. It serves as a set of instructions to assistants involved in the audit and as a mean to control the proper execution of work. AUDIT PLAN Includes consideration of: o Risk assessment procedures o Further audit procedures o Other planned procedures AUDIT PROGRAM Schedule of further audit procedures: o Tests of controls o Substantive tests CHANGES TO PLANNING Planning is no a discrete phase, but rather a continual and iterative process. The audit plan shall include a description of: a. The nature, timing and extent of planned risk assessment procedures As a result of unexpected events, changes in conditions, or the audit evidence obtained, the auditor may need to modify the overall audit strategy and audit plan. DOCUMENTATION The auditor shall document the overall audit strategy and the audit plan, including any significant changes. Documentation: a. Overall audit strategy – record of key decisions b. Audit plan – record of planned risk assessment procedures and further procedures c. Significant changes – record of explanation of changes and the final overall audit strategy and audit plan ADDITIONAL CONSIDERATIONS For initial audits, additional matters the auditor may consider include: Arrangements with predecessor auditor, such as review of working papers Any major issues discussed with management Audit procedures regarding opening balances Other procedures required by the system of quality control for initial audits Consideration of work performed by Client’s staff, including internal auditors – may reduce the cost of audit Specialists or experts – brings unique knowledge and judgement Other CPAs – when a component is audited by another firm AUDIT DOCUMENTATION The record of audit procedures performed, relevant audit evidence, obtained and conclusions the auditor reached. - Also called as WORKING PAPERS It provides evidence a. b. Of the basis for conclusion about the achievement of the overall objective of the auditor That the audit was planned and performed in accordance with PSAs and legal and regulatory requirements Documentation provides evidence that the audit complies with the PSAs. OTHER PURPOSES Audit documentation can also Assist the engagement team to plan and perform the audit Assist member to direct and supervise the audit work, and to discharge their review responsibilities Enable the engagement team to be accountable for its work Retains a record of matters of continuing significance to future audits Audit file: Current audit file Permanent audit file (transactions na magagamit pa sa future audits) Enable the conduct of quality control reviews and inspection in accordance with PSQC 1 Enable the conduct of external inspections in accordance with applicable legal, regulatory or other requirements Also serve as the auditor’s primary defense in case of lawsuit. TIMELINESS The auditor shall prepare audit documentation on a timely basis. Timely Documentation Benefits: Helps to enhance the quality of audit Facilitates the effective review and evaluation of the audit evidence obtained and conclusions reached before the auditor’s report is finalized. Documentation prepared after the audit work has been performed is likely to be less accurate than documentation prepared at the time such work is performed. FORM, CONTENT AND EXTENT Documentation should be sufficient to enable an experienced auditor, with no previous connection with the audit, to understand: a. The nature, timing and extent of procedures performed b. The results of the audit procedures performed and the audit evidence obtained c. Significant matters arising during the audit, conclusions reached thereon, and significant professional judgments In documenting the nature, timing and extent of procedures performed, the auditor shall record: Client’s accounting records may be included as part of documentation however, documentation is not a substitute for client’s records. DEPARTURE FROM A REQUIREMENT If, in exceptional circumstances, the auditor judges it necessary to depart from a relevant requirement in a PSA, the auditor shall document how the alternative audit procedures performed achieved the aim of that requirement, and the reasons for the departure. ASSEMBLY OF FINAL AUDIT FILE The auditor shall assemble the audit documentation in an audit file and complete the administrative process of assembling the final audit file on a timely basis after the date of the auditor’s report. Archiving a. The identifying characteristics of specific items or matter tested b. Who performed the audit work and the date such work was completed c. Who reviewed the audit work performed and the extent of such review The auditor shall also document: o Discussions of significant matters Management (inquiry about the managements risk assessment process) o Those charged with governance (audit committee may fraud na ginagawa, material weakness/significant deficiency, hindi pala independent) Others, such as client’s personnel, experts, other auditors and regulators (lawyers, with regards to litigations, components of auditors, regulators) Inconsistency regarding significant matters Documentation may be recorded on paper or on electronic or other media. Examples: audit programs analysis issues memoranda summaries of significant matters letters of confirmation and representation checklists correspondence (including e-mail) concerning significant matters Within 60 days (after the date of audit reports). AUDIT FILE - one or more folders or other storage media, in physical or electronic form, containing the record that comprise the audit documentation for a specific engagement. After the assembly of the final audit file, the auditor shall not delete or discard audit documentation of any nature before the end of its retention period. Within 10 years from the date of audit report – Revised SRC Rule 68 Audit file may not be modified but with documentation of: specific reasons when and by whom they were made and reviewed
0
advertisement
Related documents
Download
advertisement
Add this document to collection(s)
You can add this document to your study collection(s)
Sign in Available only to authorized usersAdd this document to saved
You can add this document to your saved list
Sign in Available only to authorized users