Review Notes
Assurance Services – a professional engagement
wherein a CPA provides assurance regarding the reliability
of a subject matter with the aim of increasing the
confidence of intended users regarding the subject matter
(which is not the responsibility of the CPA).
Five Elements of Assurance Engagements
All five must be present for an engagement to be classified
as an assurance engagement. Code 5 Elements: TSECR
Element 1 - three-party relationship
a. Professional accountant / practitioner - CPA, the one
who provides a report expressing assurance.
b. Responsible party - person or class of persons
responsible for the subject matter.
c. Intended users - person or class of persons for whom
the CPA prepares the report. They will benefit from
the report of the CPA. Responsible party could also
be one of the intended users.
procedures are
performed?
procedures (see
next table)
How much
evidence is
gathered?
Consider internal
controls of the
client?
Wording of the
report
Key words
Much evidence
Systems and processes
Behavior
Example
Financial statements
Ranking of TV stations in
the Philippines
Capacity of a bridge, body
characteristics
(archaeology)
enrollment system,
manufacturing system
corporate governance
Element 3 - sufficient appropriate evidence — no
evidence, no opinion
a. Accounting records and documents
b. Source documents
c. Other information - interviews, minutes of meetings
Element 4 - suitable criteria - standards/ benchmarks
used to evaluate evidence and the subject matter
a. Audit of FS — criteria is PFRS (GAAP)
b. Operational audit — criteria is management objectives
and goals
c. Compliance audit — criteria is law or regulation
Inquiry
Absolute assurance
Reasonable assurance
Limited assurance
impossible to achieve
high level of
assurance/comfort that the
subject matter is reliable.
moderate level of
assurance
Examples of Assurance Engagements
Level of
assurance
provided
Auditor
independence
from client
required?
How many audit
Inspection
Observation
Analytical
procedures
Confirmation
Reperformance
Recomputation /
Recalculation
Audits
Reasonable level
(High)
Reviews
Limited level
(Moderate)
Yes
Yes
2.
3.
Two procedures
This procedure consists of seeking
information of knowledgeable
persons, both financial and nonfinancial, throughout the entity or
outside the entity.
Looking at records, documents to
gather evidence regarding an
assertion. Looking at tangible
assets.
Looking at a process or procedure
being performed by others.
The evaluation of financial
information through a study of
plausible relationships among both
financial and non-financial data.
Verify an assertion with a third party
(ex. Cash in bank — bank, AR —
customer, invty with 3rd parties —
consignee, AP — supplier)
An independent execution of
procedures or controls that were
originally performed as part of the
entity’s internal control.
The auditor verifies the accuracy of
a mathematical computation
performed by the client.
Risk assessment procedures – used to obtain
understanding of the entity and its environment
Tests of controls – used to check the operating
effectiveness of controls
Substantive tests – used to detect material
misstatements in the FS
Other assurance services (examples)
1. ISO certifications - assurance that products or services
provided are world-class in quality based on an audit to
check the process for creating the product or providing
the service.
Non-assurance services - services or engagements
where one or more of the elements (TSECR) is/are
missing.
MAS
Seven
Negative
assurance
“Nothing has
come to my
attention…”
Audit procedures can be classified according to purpose,
such as:
1.
Element 5 - written assurance report.
Positive
assurance
“…presented
fairly, in all
material
respects…”
Audit Procedures - steps taken to gather evidence from a
client.
Element 2 - subject matter — the item being given
assurance. Anything can be the subject matter of an
assurance engagement.
Subject matter
Financial performance or
condition
Non-financial
performance or condition
Physical characteristics
Yes
(inquiry,
analytical
procedures)
Lesser evidence
as compared to
an audit
No
2 parties instead of 3 — client and
the advisor (CPA). Provide advice
Review Notes
Compilation
Agreed-upon
procedures
Tax compliance
Tax planning
and technical assistance to clients.
CPA prepared the FS based on
client records — CPA cannot give
an opinion on the FS — written
assurance report is not given. Only
accounting expertise is used.
CPA just performs procedures
agreed in advance with the client —
CPA presents the findings/results of
the procedures, but does not give an
opinion — written assurance report
is not given
assist the client to comply with tax
regulations (ex. Fill-up returns),
written assurance report is not given
before a transaction is entered into,
the auditor is consulted by the client
regarding possible tax
consequences of their planned
transaction — auditor provides
advice on how to legally minimize
the tax due — 2 parties instead of 3
— client and the advisor (CPA)
Basic Concepts of Audits
An audit is a systematic process of objectively obtaining
and evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of
correspondence between those assertions and established
criteria and communicating the results to interested users.
An audit requires the attitude of professional skepticism,
which means that the auditor applies a questioning mind
and a critical approach to the gathering and evaluation of
evidence.
Due audit care is also expected of the auditor (being
conscientious and careful in performing the engagement)
Systematic
process
Objectively
Obtaining and
evaluating
evidence
Evidence
Assertions
Degree of
correspondence
Established
criteria
Communicating
the results
involves a series of sequential steps
neutral, impartial, without bias
evidence is gathered by performing
audit procedures
any information obtained and used
as a basis for the conclusions in an
audit, which ultimately influences the
opinion to be expressed.
representations of management,
explicit or otherwise, that are
embodied in the financial
statements.
the auditor compares what the client
has recorded vs what is required by
the standards (PFRS).
PFRS (in other countries, GAAP)
Completeness
Valuation and
allocation
Rights and
obligations
Occurrence
Accuracy
Cut-off
Classification
All transactions and events that
should have been recorded have
been recorded.
Assets, liabilities and equity
interests are included in the financial
statements at appropriate amounts
and any resulting valuation or
allocation adjustments are
appropriately recorded.
The entity holds or controls the
rights to assets, and liabilities are
the obligations of the entity.
transactions and events that have
been recorded have occurred, and
pertain to the entity.
Amounts and other data relating to
recorded transactions and events
have been recorded appropriately.
Transactions and events have been
recorded in the correct accounting
period.
Transactions and events have been
recorded in the proper accounts.
Four Types of Audit Reports - QUAD
Report No. 1 - Unqualified Opinion - the most common
opinion, the best opinion
Unqualified means there are no exceptions. The entire FS
is fairly stated. The auditor was able to gather sufficient,
appropriate audit evidence, and the auditor did not note
any remaining uncorrected material misstatements.
Report No. 2 - Adverse Opinion - the worst opinion
The auditor noted that the FS contains material and
pervasive misstatements. Almost, if not all, of the entire FS
is materially misstated. FS is misleading.
Report No. 3 - Disclaimer of Opinion - no opinion given
The auditor noted that an opinion cannot be expressed due
to a material and pervasive inability of the auditor to obtain
sufficient appropriate audit evidence.
Report No. 4 - Qualified Opinion - best among the modified
opinions (Q, A, D)
The auditor believes that the FS contains material but not
pervasive misstatements. OR The auditor encountered
material but not pervasive inability to obtain sufficient
appropriate audit evidence during the engagement.
thru issuance of audit report
Different Types of Audits
Examples of financial statement assertions
Existence
interests exist.
All assets, liabilities and equity
interests that should have been
recorded have been recorded.
Assets, liabilities and equity
A.
Audits according to subject matter (SM)
Review Notes
1.
2.
3.
B.
FS audits - expression of an opinion on the fair
presentation of FS. SM - financial statements.
Criteria – GAAP
clients that lack integrity.
1.
Operational audit - determine the efficiency,
effectiveness and areas for improvement of a
company, or a part of the company. SM operations/performance. Criteria - management
goals or targets for the year
Compliance audit - express an opinion on the
compliance (or non-compliance) of a subject
matter. SM - act of a person/company, status of
company, documentation, operations.
Form: Client evaluation form (checklist)
2.
External audit - audit was performed by an
independent CPA. The CPA/auditor was paid a
professional fee (not a salary). External audits
can be FS audits, Operational audits, or
compliance audits.
2.
Internal audit - audits performed by an employee
of the company (internal auditor). The main
objective of this audit is to assist management in
the effective discharge of their responsibilities.
Internal auditors are paid a salary. Internal audits
can be Operational audits or compliance audits.
3.
Government audit - audits performed by
government auditors (from BIR, SEC, BSP, COA,
etc.). This type of audit goes beyond the usual
financial statement audit, to include audits of
compliance with laws and regulations, operations
of governmental entities, and the proper
disbursement and management of public funds.
The FS Audit Process
Audit firm checks - determine if our firm has the
necessary knowledge, time, resources and manpower
to conduct the audit successfully.
Considerations: client industry, applicable accounting
and auditing standards, taxation requirements, size of
the entity (branches, etc.), volume of transactions,
manpower requirements vs. actual manpower present
in the firm, accounting system of client (Quickbooks,
Xero, Sage, SAP, Oracle) - do we have experts that
can help us, tentative timetable (proposed by the
prospective client)
Audits according to the type of person performing the
audit
1.
Client background checks - external sources of
information, as well as internal sources. Interviews,
online research - management, those charged with
governance, media comment, current events and
developments
3.
Ethical considerations
a.
b.
c.
Integrity - do we have reason to believe that the
prospective client lacks integrity?
Competence - are we competent enough to do
the engagement? Do we have experts available?
Independence - is our firm independent from the
prospective client?
yes - we can accept
no - we cannot accept
4.
Auditability - the financial statements must be properly
supported by accounting records and source
documents, as well as tangible assets.
5.
Going concern problems or issues if present - GC
issue (ex. Continuous net losses over several years,
lack of liquidity over an extended period)
Capacity to pay the audit fee.
6.
1.
Pre-engagement — screening of clients to determine
acceptability
2.
Audit planning — effectiveness
The ability to achieve an unqualified opinion is not
considered, since at this point, no evidence has been
gathered about the client yet.
3.
Internal control consideration — efficient audits (focus
on high-risk accounts in the FS)
What if the company has been audited previously by
another CPA?
4.
Substantive testing - actually perform the procedures
that you listed in Steps 2 and 3.
5.
Audit completion - evaluate the evidence gathered,
perform wrap-up procedures and determine your audit
opinion.
6.
Audit reports - prepare, sign and issue the audit report
and give the report to the client, together with the
audited FS.
Terms
a. Successor auditor (SA) - incoming auditor / the CPA
that will perform the next audit. This CPA received the
client from a previous auditor.
b. Predecessor auditor (PA) - outgoing auditor / the CPA
that performed the most recent audit before the
current period. This CPA shall “pass” the client to the
successor auditor.
7.
Post-audit responsibilities - quality management
(debriefing), maintain proper client relations.
Pre-engagement
Major concern: Accept only the engagements that we are
competent to perform, and avoid being associated with
Philippine Standards on Auditing (PSAs) require that the
successor auditor should initiate communication with the
predecessor auditor.
The predecessor auditor cannot initiate communication with
the successor auditor because of the rule of confidentiality
(ex. An auditor cannot volunteer to others, information
about a client, without the client’s permission.)
Review Notes
Process:
1. SA shall determine if the prospective client has a PA.
2. If there is a PA, the SA shall request permission from
the prospective client, to communicate with the PA. (
3. If permission is granted, the SA can now talk with the
PA. If permission is denied, such denial should be
investigated by the SA —this could be grounds for
lack of trust between SA and prospective client —
leading to rejection of the engagement.
4. Once SA makes an inquiry with the PA, the following
items shall be discussed:
a.
b.
c.
5.
Disagreements between PA and prospective
client management - pinag-awayan sa mag
dating audit
• disagreements about accounting principles
• disagreements about audit procedures
Reason for change in auditors
Instances or matters that bring the client’s
integrity into question
Before the PA can reply to the inquiries of the SA (in
number 4 above), the PA shall request permission
from his/her former client - permission to answer the
SA’s questions. If the client says “yes, you may
answer” - no problem, PA shall discuss with SA
without restrictions. If the client says “no, you cannot
answer” —this could be grounds for lack of trust
between SA and prospective client — leading to
rejection of the engagement.
Engagement Letter - letter documenting the
understanding of duties and responsibilities of client and
auditor, including the terms of engagement (stipulations).
The letter is signed by both the partner(s) and the client’s
management/directors and provides a written record of the
agreement between the parties.
Contents: DISUROT
1. Division of responsibilities - management
responsibilities vs auditor’s responsibilities
2. Inherent limitations of audits - we remind the client that
in an audit, there could be remaining undetected
material misstatements, even if a proper audit has
been conducted.
3. Scope of the audit - coverage (HO only, branches
only, both HO and branches, etc.)
4. Unrestricted access - documents, records, assets and
personnel. Should be audit-related.
5. Report formats - short-form vs. long-form
6. Objective of the audit - clarify to the client that the
objective of the audit is to determine if the FS is fairly
stated. Clarify that a standard audit is not a guarantee
that fraud will be discovered.
7. Timetable and fees
In audits of components / group audits - shall we send a
letter to the component as well as the parent/head office?
Group audit - the audit of a parent company and one or
more subsidiaries; the audit of a home office and one or
more branches.
Factors to consider:
1. Who appointed the auditor
2. Legal requirements
3. Whether separate reports will be given for the parent
and the subsidiaries
In the case of recurring engagements - audits that
repeat (suki clients). Should we send a separate EL every
period?
General rule: No need to send a new EL every period.
Exceptions to the rule: 4Rs
1. Revised terms of engagement - ex. Change in scope,
change in timetable or fees, etc.
2. Change in senior management or those charged with
governance - nag-iba yung tao na kausap natin - send
a new EL addressed to the new contact person to
remind the client about the arrangement with the
auditor.
3. Legal requirements
4. Client misunderstood the technical aspects of the
original EL - we send a re-worded version of the letter
to facilitate understanding.
Note!!!! The auditor is required to document the terms of
understanding with the client, but the engagement letter by
itself is not required. This is because there are many ways
to document the terms of engagement:
Examples
1. Most common - engagement letter
2. Minutes of meetings with the client
3. Recorded meeting with client
consent - audio, video
Request for changes in engagement
Sample changes:
1. Change from lower level of assurance to higher level
of assurance - expected. Nothing unusual — does not
require additional investigation. The change can be
accommodated outright.
2.
Change from higher level of assurance to lower level
of assurance — not expected. Unusual — requires
additional investigation before it can be
accommodated.
Procedures to apply when there is a request to change the
engagement (higher to lower)
1. Inquire with the client on the reason for change in
engagement.
2. Determine if the reason for change is justifiable or
valid.
a. The client misunderstood the objective of the
original engagement - ex. Client thought that an
audit is about a CPA preparing the FS of the
client. - valid
b. There was a change in circumstances of the
client - ex. Client originally requested for an audit
because the client plans to apply for a bank loan
(audited FS are required to be submitted when
applying for a loan). Two weeks later, the client
approached the auditor, and informed the auditor
that the audit is no longer required because the
planned loan application has been canceled.
The client requested if the auditor can do a
review engagement instead of the audit. – valid
c.
The client wants a change in engagement in
order to reduce the scope of the engagement.
Client is becoming increasingly uncomfortable
because of the detailed nature of audit
procedures. Client is requesting to change the
Review Notes
engagement into a review (requires significantly
less audit procedures) - client is hiding something
from the auditor — invalid
3.
If the reason for change is unjustifiable or invalid —
you cannot accommodate the requested change.
a. Refuse the client’s request to change the
engagement
b. Ask the client if you can still continue the original
engagement
• If allowed to continue - do so, and issue the
report for the original engagement.
• If not allowed to continue - withdraw from
the engagement, and inform the client and
other relevant parties about the withdrawal.
Audit Planning
1.
2.
3.
4.
2.
If the reason for change is justifiable or valid — you
may accommodate the requested change.
a. Stop the original ongoing engagement.
b. Agree on new terms of engagement (DISUROT)
c. Perform the new/revised engagement.
d. Issue the report for the new/revised engagement.
In the new report, do not mention the story about the
change in engagement, to avoid being misunderstood
by the readers of the new report.
4.
after BS date onwards).
Audit planning involves developing a general audit
strategy and a detailed approach for the expected
conduct of the audit.
Effectiveness - achieve our goal (express an opinion
on FS)
Constraints - budget (audit fee), timeframe (1-2 weeks
usual)
Work-back:
Opinion —> sufficient, appropriate audit evidence —>
audit procedures
a.
b.
What procedures should be performed? (Inquiry,
Inspection, Observation, Analytical procedures,
Confirmation, Re-performance, Re-calculation)
When should the procedures be performed? (On
BS date, earlier than BS date, later than BS date)
c.
Who should perform the procedures? (Associate,
Senior Associate, Audit Manager, Audit Partner)
d.
How much evidence should be gathered?
Outputs of audit planning
Audit strategy - approach to be taken in performing the
audit
1.
With reliance on controls approach –
We believe, based on risk assessment
procedures, that the client’s internal control
system is working effectively. This means that
the client’s unaudited financial statements might
contain less misstatements. Accordingly, the
auditor shall plan to perform less substantive
testing, gather less samples, and schedule the
tests earlier than the BS date, if possible (usually
September 30 onwards).
Audit plan - document containing all the procedures
needed to be performed from the start until the end of the
engagement. Usually presented as a generic template, to
be customized on a per client basis.
Audit programs - contain the list of test of controls and
substantive tests. It also includes the assigned team
member for each procedure, a space for writing comments
and findings, and a column for the time budget.
Procedure
Obtain the bank
reconciliation prepared
by the client for Dec. 31
and test each reconciling
item and the
mathematical accuracy
of the prepared
reconciliation.
Done
by
ERG
Findings
Time
budget
15 minutes.
Reasons for planning an audit:
1.
2.
3.
4.
5.
Helps ensure that appropriate attention is devoted to
important areas of the audit.
Helps to identify potential problems in advance.
Allows the work to be completed expeditiously.
Assists in the proper assignment and coordination of
work.
Helps ensure that the audit is conducted effectively
and efficiently.
Error – refers to unintentional misstatements in the FS,
including the omission of an amount or disclosure, such as:
a.
b.
c.
Mathematical or clerical mistakes in the underlying
records and accounting data.
An incorrect accounting estimate arising from
oversight or misinterpretation of facts.
Mistake in the application of accounting policies
Fraud – Fraud refer to intentional act by one or more
individuals among management, those charged with
governance, employees or third parties, involving the use
of deception to obtain an unjust or illegal advantage. An
auditor is primarily concerned with fraudulent acts that
cause a material misstatement in the FS.
No reliance on controls approach
We believe, based on risk assessment
procedures (“research procedures”), that the
client’s internal control system is missing or
ineffective. This means that the client’s
unaudited financial statements might contain a lot
of misstatements. Accordingly, the auditor shall
plan to perform more substantive testing, gather
more samples, and schedule the tests on or near
the BS date (one week before BS date, one week
Types of Fraud
1.
Fraudulent financial reporting - involves intentional
misstatements or omissions of amounts or disclosures
in the FS to deceive FS users. Usually known as
management fraud. Examples:
Review Notes
-
Manipulation, falsification or alteration of records
or documents
Misrepresentation in, or intentional omission of,
the effects of transactions rom records or
documents
Recording of transactions without substance
Intentional misapplication of accounting policies
2.
Misappropriation of assets - involves theft of an
entity’s assets committed by company employees.
Usually known as employee fraud.
Embezzling receipts
Stealing entity assets such as cash, FVPL, and
inventory
Lapping of AR
2.
Fraud Triangle
1)
Pressure to commit fraud
financial pressure due to great economic need
(debts)
Pressure to keep up an unsustainable lifestyle
Unrealistic promises made by management
regarding company performance
2)
Opportunity to commit fraud - Usually comes in
the form of weaknesses in internal control
Not depositing cash on hand in a timely manner
Lack of segregation of duties
3)
Rationale / justification in committing fraud
Everybody is doing it, so why not I?
Corruption cop-out
The end justifies the means
Responsibilities for Fraud and Error
Preventing fraud - stop fraud from happening
A. Management - responsible to establish a control
environment and to implement internal control policies
and procedures designed to ensure, among others,
the prevention and detection of fraud and error.
B.
Those charged with governance (owners) responsible to ensure the integrity of an entity’s
accounting and financial reporting systems and that
appropriate controls are in place.
The auditor is never responsible for the prevention of
fraud.
Detecting fraud – checking if fraud already happened
A. Management - responsible to detect fraud
B. Those charged with governance (owners) responsible to detect fraud
C. Auditor - responsible to detect fraud that has a
material or direct effect on financial statements.