AUDITING THEORY REVIEW NOTES FUNDAMENTALS OF ASSURANCE ENGAGEMENTS1 Assurance Services/Engagements: Assurance services – independent professional services in which a practitioner issues a written communication that expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria Assurance engagement – an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria Assurance services improve the quality of information for decision-making. Assurance refers to the practitioner‘s satisfaction as to the reliability of an assertion being made by one party for use by another party; it is the degree of certainty the practitioner has attained and wishes to convey to intended users Independence is required whenever a professional accountant performs assurance services. Objective of an Assurance Engagement, In General: Assurance engagements performed by professional accountants are intended to enhance the credibility of information about the outcome of the evaluation or measurement of a subject matter against criteria , thereby improving the likelihood that the information will meet the needs of an intended user. Assurance engagements enhance the degree of confidence of the intended user because the quality of information for decision making is improved. Objective of Assurance Engagements: According to the Philippine Framework for Assurance Engagements, an assurance engagement is conducted: a. To provide a high level of assurance that the subject matter conforms in all material respects with identified suitable criteria; or b. To provide a moderate level of assurance that the subject matter is plausible in the circumstances. Types of Assurance Engagements and their Objectives: 1. Reasonable assurance engagements – engagements that provide high, but not absolute, level of assurance Also called high-level engagements The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level as the basis for a positive form of expression of the practitioner‘s conclusion. Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably low level (close to zero). For assurance engagements regarding historical financial information in particular, reasonable assurance engagements are called audit engagements. An audit engagement is an assurance engagement to provide a high level of assurance that the financial statements are free of material misstatement. This high level of assurance is expressed positively in the audit report as ―reasonable assurance‖. Absolute assurance is not attainable: In assurance engagements, absolute assurance is generally not attainable because of such factors as: Use of judgment Use of testing Inherent limitations of internal control Most evidence available to the practitioner is persuasive rather than conclusive In some cases, the characteristics of the subject matter 2. Limited assurance engagements – engagements that provide only a ―moderate‖ or ―limited‖ level of assurance The objective of a limited assurance engagement is a reduction in assurance engagement risk to an acceptable level as the basis for a negative form of expression of the practitioner‘s conclusion. Thus, the risk in limited assurance engagement is greater than for a reasonable assurance engagement. 1 Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable NOTES FROM SIR RED SIRUG HANDOUTS ON AUDITING THEORY AUDITING THEORY REVIEW NOTES level. For assurance engagements regarding historical financial information in particular, limited assurance engagements are called review engagements . Assurance Engagement Risk: Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. Components of assurance engagement risk: 1. Risk of material misstatement – the risk that the subject matter is materially misstated a. Inherent risk – the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls b. Control risk – the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls 2. Detection risk – the risk that the practitioner will not detect a material misstatement that exists Assertion-based and Direct Reporting Engagements: 1. Assertion based engagements – evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the interested users Assertion-based engagements are also known as attestation engagements Examples of assertion-based engagements: a. Audit engagements b. Review engagements In an assertion-based engagement, the practitioner‘s conclusion can be worded in terms of the responsible party‘s assertion. For example: ―In our opinion the responsible party‘s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated‖ 2. Direct reporting engagements – the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users In a direct reporting engagement, the practitioner‘s conclusion is worded directly in terms of the subject matter and the criteria. For example: ―In our opinion internal control is effective, in all material respects, based on XYZ criteria‖ Range of Assurance Engagements: a. Engagements to report on a broad range of subject matters covering financial and non-financial information b. Attest and direct reporting engagements c. Engagements to report internally and externally, and d. Engagements in the private and public sector Examples of Assurance Engagements: 1. Audits of financial statements 2. Examination of prospective financial statements 3. Reporting on compliance with laws, rules and regulations 4. Other assurance services: a. CPA risk advisory b. Business performance measurement services c. Health care performance measurement services d. Elder Care Plus e. Risk Assessment Services f. CPA Web Trust Service g. Information Systems Reliability Requirements before a practitioner can accept an assurance engagement: Only where the practitioner‘s knowledge of the engagement circumstances indicates that: 1. Relevant ethical requirements, such as independence and professional competence will be satisfied; and 2. The assurance engagement exhibits all of the following characteristics: a. The subject matter is appropriate b. The criteria to be used are suitable and are available to the intended users AUDITING THEORY REVIEW NOTES c. The practitioner has access to sufficient appropriate evidence to support the practitioner‘s conclusion; d. The practitioner‘s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited assurance engagement, is to be contained in a written report, and e. The practitioner is satisfied that there is a rational purpose for the engagement. Elements of Assurance Engagements: Not all engagements performed by practitioners are assurance engagements. An assurance engagement must have the following elements: 1. Three party relationship (involving a practitioner, a responsible party and intended users) 2. Appropriate subject matter 3. Suitable criteria 4. Sufficient appropriate evidence 5. Written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement Three Party Relationship: a. Practitioner – CPA in public practice who performs the assurance engagement The term practitioner is broader than the term ―auditor‖ as used in professional standards, which only refers to practitioner performing audit or review engagements with respect to historical financial information. b. Responsible party – person/s who is responsible for the subject matter or the assertion (sub ject matter information) For example, an entity‘s management is responsible for the preparation and presentation of financial statements or the establishment and implementation of internal control. c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the assurance report; they are the users to whom the practitioner usually addresses the report Responsible party and intended user: The responsible party and the intended users may be from different entities or the same entity. The practitioner may be engaged by the responsible party or the intended user. The responsible party can be one of the intended users, but not the only one. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. In cases where the CPA may not be able to identify all intended users, intended users may be limited to major stockholders with significant and common interests. In some circumstances, the intended user may be established by law. The responsible party may also be one of the intended users. The intended user may be established by agreement between the practitioner and responsible party or those engaging or employing the practitioner. Appropriate Subject Matter: Subject matter refers to the information to be evaluated or measured against the criteria. Subject matter information means the outcome of the evaluation or measurement of a subject matter. Subject matter in an audit of financial statements: Subject matter includes the financial position, financial performance and cash flows of the entity Subject matter information is the set of financial statements Responsible party is the client/entity management Requirements for subject matter to be considered appropriate: a. Identifiable b. Capable of consistent evaluation and measurement against suitable criteria c. In the form that can be subjected to procedures for gathering evidence to support that evaluation or measurement Forms of subject matter of an assurance engagement: 1. Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may AUDITING THEORY REVIEW NOTES 2. 3. 4. 5. be the recognition, measurement, presentation and disclosure represented in the financial statements Non-financial performance or conditions (for example, performance indicators of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document Systems and processes (for example, entity‘s internal control or IT system) for which the subject matter information may be an assertion about effectiveness Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness Suitable Criteria: Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Five characteristics of suitable criteria: a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the intended users b. Completeness – criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure. c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the subject matter when used in similar circumstances by similarly qualified practitioners d. Neutrality – neutral criteria contribute to conclusions that are free from bias e. Understandability – understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations Two types of criteria: 1. Established criteria – are those criteria that are embodied in laws or regulations or issued by authorized or recognized bodies of experts that follow a transparent due process Examples: 2. Specifically developed criteria – those criteria specifically designed for the purpose of the engagement Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement. Examples of suitable criteria: Applicable financial reporting framework which is the Philippine Financial Reporting Standards (PFRS) – in case of audit of financial statements Applicable law or regulation or contract – in case of compliance audit Established internal control framework or stated internal control criteria – in case of report on internal control Availability of criteria to intended users: Criteria need to be made available to the intended users in one or more of the following ways: a. Publicly b. Through inclusion in a clear manner in the presentation of the subject matter information c. Through inclusion in a clear manner in the assurance report d. By general understanding, for example, the criterion for measuring time in hours and minutes Sufficient Appropriate Evidence: The practitioner shall plan and perform the engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence that the assertions are free of material misstatements. Professional skepticism – an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence Evidence – refers to the information obtained by the practitioner in arriving at the conclusions on which the conclusion is based Sufficiency – refers to the measure of the quantity of evidence Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and AUDITING THEORY REVIEW NOTES its reliability Written Assurance Report: A written assurance report should be in the form appropriate to a reasonable assurance engagement or a limited assurance engagement. The practitioner should provide a written report containing a conclusion that conveys the assurance obtained about the subject matter information. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so. Levels of assurance provided in the written report: Type or level of assurance Reasonable assurance Limited assurance Form of conclusions Positive expression practitioner‘s Negative expression practitioner‘s form of of the conclusion form of of the conclusion Example ―In our opinion internal control is effective, in all material respects, based on XYZ criteria.‖ ―Based on our work described in this report, nothing has come to our attention that causes us to believe that internal control is not effective, in all material respects, based on XYZ criteria.‖ Attestation Services: An attestation service is a type of assurance service in which a practitioner is engaged to issue a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. Attestation generally refers to an expert's written communication of a conclusion about the reliability of someone else's assertions. The subject matter of attestation services include: Financial and non-financial in nature Future-oriented financial information (such as the examination of prospective financial information) Management's discussion and analysis Effectiveness of internal control Compliance with statutory, regulatory, and contractual obligations Relationships among Auditing, Attestation, and Assurance Services: a. Similarity: These services are often used interchangeably because they encompass the same decision-process b. Main difference/distinction: Scope of services ―Assurance services‖ is broader in scope and in concept than either auditing or attestation. It encompasses both audit and attestation services. Otherwise stated, attestation and audit services are subsets of assurance services. ―Attestation services‖ is broader than audit because attest function is beyond historical FS. Attestation services cover even non-GAAP FS. Auditing, particularly FS audit, is a type of assurance and attestation service that involves examination of historical FS prepared in accordance with GAAP. Non-assurance Engagements: Not all engagements are assurance engagements. Other engagements performed by practitioners that do not meet the definition of assurance engagement are classified as non-assurance engagements or services. Non-assurance engagements are those that do not result in the practitioner‘s expression of a conclusion that provides a level of assurance, whether negative assurance or other form of assurance. The practitioner does not convey to the intended users any assurance as to the reliabi lity of an assertion. The practitioner‘s primary purpose for performing non-assurance services is to provide advice and technical assistance that will enable a client to conduct its business more effectively. Examples of non-assurance engagements: 1. Related services, such as: a. Agreed-upon procedures engagements, and b. Compilations of financial or other information engagements 2. Tax services (such as the preparation of tax returns where no conclusion conveying assurance is expressed) 3. Consulting (or advisory) engagements, such as management and tax consulting AUDITING THEORY REVIEW NOTES Agreed-upon Procedures Engagements: Objective of agreed-upon procedures engagements: For the auditor to carry out procedures of an audit nature as agreed by the auditor and the entity and any appropriate third parties and to report on factual findings No assurance is expressed in the report: The users/recipients of the report assess for themselves the procedures and findings reported by the auditor and form their own conclusions from the report by the auditor. Distribution of report is restricted: The report on agreed upon procedures engagement is restricted to those parties that have agreed to the procedures to be performed since others who are unaware of the reasons for the procedures may misinterpret the results. According to PSRS 4400, the report on an agreed-upon procedures engagement needs to describe the purpose and the agreed-upon procedures of the engagement in sufficient detail to enable the users of the report to understand the nature and extent of the work performed. Compilation of Financial or Other Information Engagements: Objective of compilation engagements: For the accountants to use accounting expertise, as opposed to auditing expertise, to collect, classify and summarize financial information. Compilation engagements ordinarily include preparation of financial statements. No test of assertions: A compilation engagement ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the assertions underlying that information. No assurance is expressed in the report: The procedures employed are not designed to enable the accountant to express any assurance on the financial information. Benefit to users: Users of the compiled financial information derive some benefit as a result of the accountant's involvement because the service has been performed with professional competence and due care. Tax Services: 1. Tax compliance – includes the preparation of tax returns (for individuals, corporations, estates and trusts, and other entities) and acting as client‘s representative to tax authorities or in tax litigations 2. Tax planning – includes the determination of the tax consequences of planned or potential transactions (legally minimizing client‘s tax liability) followed by making suggestions on the most desirable course of action Management Consulting: Management advisory (consulting) services – refers to the function of providing professional advisory (consulting) services, the primary purpose of which is to improve client‘s use of its capabilities and resources to achieve the objectives of the organization. Advisory (consulting) services are professional services that provide advice and assistance to clients by improving their condition directly. Advice or assistance to clients may cover the entity‘s organization, operations, risk management, systems design and implementation, process personnel, corporate finances, or other activities. A pervasive characteristic of a CPA‘s role in a consulting services engagement is that of being an objective advisor on the use of information. Assurance Services vs. Consulting Services: Although assurance services and consulting services have basic similarities in terms of knowledge employed and exercise of skills, they can be distinguished as follows: Points of distinction Primary purpose Number of parties Focus Output’s objective Competing interests Form of communication with the client Assurance services To improve quality or context of information by enhancing its credibility 3 parties Decision makers and information they used for optimum decisions Intended to improve decision maker‘s condition only indirectly through the use of high-quality information May exist between management and users of financial statements Written report Consulting services To recommend uses for information for better outcomes 2 parties: the CPA and the client Outcomes Designed to improve client‘s condition directly through findings, conclusions and recommendations No competing interests Comparative Examples of Assurance and Non-Assurance Services: Either written or oral communication AUDITING THEORY REVIEW NOTES Categories of Services / Engagements Assurance Services Non-Assurance Services Audit Review Other assurance 1. Audit of FS 1. Review of FS 1. Examination of 1. Agreed-upon procedures prospective FS 2. Compilation of financial or other 2. Audit of internal 2. Review of interim information control over financial 2. CPA risk 3. Preparation of tax returns when financial reporting information advisory no conclusion is expressed 4. Consulting or advisory services: Tax consulting Management consulting Other advisory services Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation The basic distinction between audit, review and related services is the level of assurance provided by the auditor in the engagement. Assurance refers to the practitioner‘s satisfaction as to the reliability of an assertion being made by one party for use by another party. The level of assurance is the degree of the practitioner‘s satisfaction or degree of certainty the practitioner has attained and wishes to convey to intended users. Such level o r degree of assurance depends on the procedures performed and the evidence collected by the practitioner. Engagements and level of assurance: 1. Audit: The auditor provides a reasonable (high, but not absolute) level of assurance that the information subject to audit is free of material misstatement. This is expressed positively in the audit report as reasonable assurance . 2. Reviews: The auditor provides a moderate/limited level of assurance that the information subject to review is free of material misstatement. This is expressed in the form of negative assurance. 3. Agreed-upon procedures: No assurance is expressed. The auditor simply provides a report of the factual findings. Users of the report assess for themselves the procedures and findings reported by the auditor and draw their own conclusions from the auditor's work. 4. Compilation: Although the users of the compiled information derive some benefit from the accountant's involvement, no assurance is expressed in the report. Distinctions between Typical Assurance and Non-Assurance Services: Point of distinction Objective Characteristics Non-Assurance Services (Related Services) Assurance Services Audit Review Agreed-upon procedures Compilation To express opinion on fairness of financial statement To report whether anything has come to the auditor‘s attention that causes him to believe that the financial statements are not fair Substantially less in scope of procedures than audit To perform audit procedures agreed on with the client and any appropriate third parties identified in the report To assist the client in financial statements preparation by using accounting expertise as opposed to auditing expertise Audit opinion enhances the credibility of financial statements Evidence gathering procedures Risk assessment, Tests of controls and Substantive tests Limited to: Inquiry; and Analytical procedures (The auditor obtains Recipients of the report must form their own conclusions from the report Report is restricted to contracting parties As agreed Accounting expertise, rather than auditing, is used Users derive some benefit because the service has been performed with due professional skill and care Reading of the FS for obvious misstatements AUDITING THEORY REVIEW NOTES an understanding of the entity and its environment, including internal control, but no evaluation of internal control is conducted.) Level of assurance provided by the CPA Report provided Skills used by the auditor Reasonable assurance (High, but not absolute, assurance) Audit Report containing positive assurance on assertion Audit skills Moderate (limited) assurance No assurance No assurance Review Report containing Factual findings of procedures Compilation Report which identify information compiled Audit skills Accounting skills negative assurance on assertion Audit skills Pronouncements on Assurance Engagements: The following are the forms of pronouncements of the Auditing and Assurance Standards Council (AASC): AASC Engagement Standards Applications Related Practice Statements a. Philippine Standards on Auditing FS audit engagements Philippine Auditing Practice (PSAs) Statements (PAPSs) b. Philippine Standards on Review Review engagements Philippine Review Engagements (PSREs) Engagement Practice Statements (PREPSs) c. Philippine Standards on Assurance Other assurance Philippine Assurance Engagements (PSAEs) engagements dealing Engagement Practice with subject matters other Statements (PAEPSs) than historical financial information d. Philippine Standards on Related Related services Philippine Related Services Services (PSRSs) Practice Statements (PRSPSs) Other pronouncements: e. Philippine Standards on Quality Control (PSQCs) – to be applied for all services that fall under the AASC‘s engagement standards, namely, audit, review, other assurance, and related services f. Philippine Framework for Assurance Engagements – to be applied for assurance engagements PSAs, PSREs, PSAEs, and PSRSs are collectively referred to as the AASC's Engagement Standards. The AASC issues Practice Statements to provide interpretive guidance and practical assistance to practitioners in implementing the Engagement Standards and to promote good practice. Philippine Framework for Assurance Engagements: The Framework: Defines and describes the elements and objectives of an assurance engagement. Identifies engagements to which assurance engagement standards (PSAs, PSREs, and PSAEs) apply Provides frame of reference for: a. Practitioners who perform assurance engagements (such as audit and review engagements) b. Others involved with assurance engagements (such as the intended users and the responsible party), and c. The International Auditing and Assurance Standards Board (IAASB) in its development of assurance engagement standards which will be adopted by the AASC for application in the Philippines. Distinguishes assurance engagements and non-assurance engagements (non-assurance engagements are not covered by the Framework). Sets out characteristics that must be exhibited before a practitioner can accept an assurance engagement. AUDITING THEORY REVIEW NOTES In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who perform assurance engagements are governed by: The Code of Ethics for Professional Accountants in the Philippines The Philippine Standards on Quality Control (PSQCs) The Framework does not itself establish standards or provide procedural requirements for the performance of assurance engagements. Reports on Non-Assurance Engagements: a. Should not use the words ―assurance‖, ―audit‖ or ―review‖ b. Should not imply compliance with assurance engagement standards (PSAs, PSREs or PSAEs) c. Should not include a statement that may be misinterpreted as assurance engagements Practitioner’s association with the subject matter: A practitioner is associated with financial information when: a. The practitioner reports on information about that subject matter, that is, the practitioner attaches a report to that financial information; or b. The practitioner consents to the use of the his name in a professional connection with that subject matter If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner. Remedies in case of inappropriate use of the practitioner’s name by other party: If the practitioner learns that a party is inappropriately using the practitioner‘s name in association with a subject matter, the practitioner should: Require the other party (i.e., management) to cease associating the practitioner with the subject matter Consider what other steps may be needed, such as informing any known third party users of the inappropriate use of the practitioner‘s name Seek legal advice INTRODUCTION TO AUDITING Auditing, Defined: Auditing is ―a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to the interested users.‖ Two processes of auditing: a. Investigative process – involves the systematic gathering and evaluation of evidence as a basis for determining whether assertions made by responsible person correspond with the established criteria b. Reporting process – involves communicating the audit opinion to interested users Important Concepts: 1. Systematic process – auditing involves structured/logical series of sequential steps or procedures known as the audit process 2. Objectively obtaining and evaluating evidence – auditing involves gathering and evaluating sufficient appropriate audit evidence that will support the auditor‘s opinion Objectivity refers to the combination of impartiality, intellectual honesty and freedom from conflicts of interest. Audi evidence is the information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. 3. Assertions about economic actions and events – assertions are the subject matter of auditing In the context of audit of financial statements, assertions are representations of management, explicit or otherwise, that are embodied in the financial statements. Assertions include the accounts, balances/amounts and disclosures appearing on the face of the financial statements (and in the notes to financial statements) and which the management claims to be free of misstatements. AUDITING THEORY REVIEW NOTES Audit evidence gathered and evaluated by the auditor may support or contradict the assertions of management. 4. Established criteria – the standards or benchmarks that are needed to judge the validity of the assertions on the financial statements In the context of audit of financial statements, the established criteria are the applicable financial reporting framework (for example, the PFRS). 5. Ascertain the degree of correspondence between assertions and established criteria – The auditor‘s objective is to determine whether the assertions conform with established criteria, that is, whether the financial statements are prepared, in all ma terial respects, in accordance with the applicable financial reporting framework (such as the PFRS). 6. Communicating the results to the interested users – The ultimate objective of audit is the communication of audit findings/opinion on the fairness of the financial statements to interested users. Communicating results is achieved through issuance of a written audit report which contains the audit opinion (or disclaimer of opinion). Interested users are the wide variety of financial statements users who rely on the auditor‘s opinion such as the stockholders, creditors, potential investors and creditors, management, government agencies, and the public (in general). FS audit is an Assurance Engagement: Financial statements audit engagement is an assurance engagement because it provides a reasonable (high but not absolute) level of assurance that the subject matter conforms in all material respects with identified suitable criteria. It has the elements of an assurance engagement as follows: 1. Three Party Relationship: a. Practitioner: Independent or External auditor b. Responsible party: Client‘s management c. Intended users: Users of financial statements 2. Subject matter: Assertions/Financial statements of the client company 3. Criteria: Applicable financial reporting framework / GAAP in the Philippines (PFRS) 4. Sufficient appropriate evidence: Auditor obtains sufficient appropriate audit evidence as a basis for audit conclusion/opinion 5. Written Assurance Report: Independent auditor‘s report contains the audit conclusion/opinion Need for Independent Audit of Financial Statements: The primary economic reason for an audit of financial statements is the demand by external users for reliable or fairly stated financial statements that they will use in making economic decisions. Thus, the market for auditing services is driven by demand by external financial statements users. An audit can help reduce information risk, that is, the risk that the financial statements that will be used for decision-making are materially misleading, unreliable or inaccurate. Four conditions/reasons that gave rise to a demand for independent audit of financial statements: a. Potential conflict of interest between users and preparers of the financial information can result in biased information – Client management may not be objective in financial reporting. It may provide impressive but biased, unrealistic, or misleading financial statements to obtain benefits that it seeks. On the other hand, financial statement users need unbiased, realistic, or reliable financial statements. b. Remoteness of users – Users do not have access to entity‘s records to personally verify the reliability of the financial information. c. Complexity of subject matter requires expertise – Expertise is often required for information preparation and verification. Users of financial statements are not equipped with the necessary skills, competence, and knowledge of complexities of accounting and auditing to determine whether the financial statements are reliable. d. Consequence for decision making – Financial statements are used for important decisions that involve significant amount of money. If a decision is based on misleading financial information, it could have substantial financial or economic consequences on decision makers. Another condition that gave rise to demand for audit of financial statements is the stewardship or agency theory which means that management wants the credibility an audit adds to the financial statement to enhance stewardship of the financial statement and to lessen the owner‘s mistrust of the management. AUDITING THEORY REVIEW NOTES Elements of Theoretical Framework of Auditing: Auditing concepts and standards are based on the following postulates and assumptions which form part of the elements of theoretical framework of auditing: 1. An audit benefits the public. – the primary beneficiary of reliable financial statements are the wide variety of users (intended users) 2. Financial data and statements to be audited are verifiable. – if financial statements are not verifiable, there can be no audit Financial statements or data are verifiable if two or more qualified individuals, working independently, each reach essentially similar conclusions. 3. The auditor should always maintain independence with respect to the client whose financial statements are subject to audit . – audit opinion and the audit report would be of little or no value if auditor is not independent 4. Effective internal control system reduces the possibility of errors and fraud affecting the financial statements. – Internal control affects the reliability of the financial statements. The stronger the internal control is, the lesser the possibility of errors and fraud, and consequently, the more reliance on internal control can be placed or assurance that it can generate reliable accounting data and financial statements. 5. There should be no long-term conflict between the auditor and the client management. – Short-term conflicts may exist between the management who prepare the data and auditors who examine the data but such conflicts must be resolve since both must be interested in fairness of the financial statements. 6. Consistent application of GAAP results in fair presentation of FS. – The criterion in financial statement audit is an identified or applicable financial reporting framework, which is usually the PFRS. 7. What was held true in the past will continue to hold true in the future in the absence of known conditions to the contrary. – Experience and knowledge accumulated from auditing a client in prior years can be used to determine the appropriate audit procedures that need to be performed. Examples of Instances Requiring Independent Financial Statements Audit: Application for a bank loan Establishing credit worthiness for purchase of merchandise, equipment, or other assets Reporting financial position, operating results, and cash flows to absentee owners (stockholders or partners) SEC requirements: Issuance of securities by a corporation Annual FS by a corporation with securities listed on a stock exchange or traded over the counter Sale of a business (such as merger) requires due diligence audit Termination of a partnership Preparation of income tax returns Establishing losses from fire, theft and burglary Bankruptcy and insolvency cases Audit of Financial Statements: Audit of financial statements is the objective examination of financial statements to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Synonyms: Audit of financial statements is sometimes called: Independent audit because in an audit of financial statements the auditor is independent of the client subject to audit. External audit because it is performed by an external auditor who is not an employee of the client subject to audit. Financial audit Various descriptions: Independent auditing has been described in a variety of ways, as follows: It involves objective examination of and reporting on financial statements prepared by management It is a discipline which attests to the results of accounting and other functional operations and data. It lends credibility to the financial statements. It provides increased assurance to users as to the fairness of the financial statements. AUDITING THEORY REVIEW NOTES Its essence is to determine whether the client‘s financial statements are fairly stated. It enhances the degree of confidence of interested users in the financial statements. It provides reasonable assurance that the financial statements fairly reflect the economic substance of the transactions and events reflected in those statements. Purpose of an Audit of Financial Statements: The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. Such purpose is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Overall Objectives of the Independent Auditor: a. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance means high, but not absolute, level of assurance Reasonable assurance is the basis for the auditor‘s opinion. Reasonable assurance is achieved when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. b. To report on the financial statements and to communicate such report in accordance with the auditor‘s findings. Auditor’s opinion and reasonable assurance: The auditor's opinion, as expressed in the auditor‘s report, enhances the credibility of the financial statements by providing a reasonable assurance that the financial statements are fairly presented or free from material misstatement. Audit opinion is based on whether reasonable assurance is obtained: 1. When reasonable assurance is obtained: Auditor shall express an unqualified opinion 2. When reasonable assurance cannot be obtained: The auditor is required to: a. Express a qualified opinion in the auditor‘s report b. If qualified opinion is insufficient in the circumstances: Disclaim an opinion or Withdraw from the engagement, where withdrawal is legally permitted Audit Opinion and Audit Report: Audit opinion: In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on which to base that opinion. The auditor‘s opinion is on the fairness of the audited financial statements. The auditor's opinion helps establish the credibility of the financial statements. Auditor’s report: the primary product of an audit engagement the end product of the audit process a written report that contains auditor‘s opinion about the fairness of the FS the medium through which the auditor communicates the results of his or her work Example of Standard Independent Auditor’s Report (pls. refer to PSA 700; pls. memorize) Importance of audit opinion/audit report: It lends credibility to the FS. It provides increased assurance (reasonable assurance) to users as to the fairness of the FS. An FS audit is: NOT a certification or guarantee as to accuracy or fairness of the FS. NOT an assurance as to future viability of the entity. NOT an assurance as to efficiency or effectiveness of the client‘s business operations. NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing business with it. AUDITING THEORY REVIEW NOTES Scope of an Audit of Financial Statements: The auditor‘s opinion on the financial statements deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. The auditor‘s opinion or the audit of financial statements is: NOT an assurance as to future viability of the entity. NOT an assurance as to efficiency or effectiveness with which client‘s management has conducted the affairs of the entity. NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing business with it. NOT a certification or guarantee as to accuracy or fairness of the financial statements. When an applicable law or regulation requires an auditor to provide opinions on other specific matters (such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements) the auditor would be required to undertake further work if he had additional responsibilities to provide such opinions. Financial Statements: Financial statements are a structured representation of historical financial information (including related notes which comprise a summary of significant accounting policies and other explanatory information), intended to communicate an entity‘s economic resources or obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework. The term ―financial statements‖ ordinarily refers to a complete set of financial statements, but can also refer to a single financial statement. End Products of Audit Engagement: a. Independent auditor‘s report – the primary product of audit engagement b. Certain other communication and reports – other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, in relation to matters arising from the audit (as may be required by the PSAs or by applicable laws or regulations) Examples: Communication with those charged with governance Auditor‘s responsibilities relating to fraud in an audit of financial statements Management Responsibility for the Financial Statements: An audit in accordance with PSAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged and understand that they have responsibility over the financial statements. Management responsibility over the financial statements includes: 1. Responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework which includes: a. Identification of applicable financial reporting framework, in the context of any relevant laws or regulations b. Preparing the financial statements in accordance with that framework c. Adequate description of that framework in the financial statements d. Making reasonable accounting estimates e. Selecting and applying appropriate accounting policies 2. Responsibility for designing, implementing and maintaining internal control that is relevant or necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error, and 3. Responsibility to provide the auditor with: a. All information (such as records, documentation and other matters) that are relevant to the preparation and presentation of the financial statements b. Any additional information that the auditor may request from management for the purpose of the audit; and c. Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. Auditor’s responsibility vs. client management’s responsibility: The client management, with oversight from those charged with governance, has the responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework. In other words, the management is primarily responsible for the fairness of the financial statements. The auditor‘s responsibility for the financial statements is confined to the expression of opinion on them. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities over the financial statements because the auditor merely audits the financial statements. AUDITING THEORY REVIEW NOTES However, an auditor may make suggestions on the form and content of financial statements or may draft statement. Applicable Financial Reporting Framework: Applicable financial reporting framework means the financial reporting framework adopted by management (and, where appropriate, those charged with governance) in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation. by: The applicable financial reporting framework often encompasses financial reporting standards established An authorized or recognized standards setting organization (such as PFRSC) Legislative or regulatory requirements Other sources of applicable financial reporting framework: The legal and ethical environment (including statutes, regulations, court decisions, and professional ethical obligations in relation to accounting matters) Published accounting interpretations of varying authority issued by standards setting, professional or regulatory organizations Published views of varying authority on emerging accounting issues issued by standards setting, professional or regulatory organizations General and industry practices widely recognized and prevalent; and Accounting literature Where conflicts exist between the financial reporting framework and the sources from which direction on its application may be obtained, or among the sources that encompass the financial reporting framework, the source with the highest authority prevails. Financial reporting frameworks encompass primarily the financial reporting standards established by an organization that is authorized or recognized to promulgate standards to be used by entities for preparing general purpose financial statements are often designed to achieve fair presentation, for example, International Financial Reporting Standards (PFRSs). Basic Distinction between Auditing and Accounting: Auditing involves verification of FS and its fairness of presentation while accounting involves preparation and presentation of FS Accounting precedes auditing because without FS there could be no FS audit. Auditing begins when accounting ends. The end product of the accounting process is a set of FS while the end product of the audit process is an auditor‘s report. An auditor must be proficient/expert in accounting (since the auditor will use GAAP in evaluating the fairness of the FS) as well as in auditing (specifically in accumulation and interpretation of audit evidence); an accountant need not be proficient in auditing Separate disciplines: Auditing is a separate discipline or field of study With different frameworks/foundations: Accounting – Framework for Preparation of FS Auditing – a) Philippine Framework for Assurance Engagements, and b) Framework of Philippine Standards on Auditing Auditing – governed by GAAS; Accounting – governed by GAAP/PFRS Dissimilar bodies of knowledge (accounting – GAAP; auditing – GAAS) Requirements Relating to an Audit of Financial Statements: 1. Relevant ethical requirements – The auditor shall comply with relevant ethical requirements, including those pertaining to independence, relating to financial statement audit engagements. Relevant ethical requirements ordinarily comprise: a. Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics) promulgated by the Board of Accountancy Compliance with the Code of Ethics is necessary in order to ensure the highest quality of performance and to maintain public confidence in the profession and in the context o f audit of financial statements, maintain public confidence in the auditor‘s work. AUDITING THEORY REVIEW NOTES (1) Part A of the Code of Ethics – establishes the fundamental principles of professional ethics relevant to the auditor when conducting an audit of financial statements and provides a conceptual framework for applying those principles The fundamental principles of professional ethics are: a) Integrity b) Objectivity c) Professional competence and due care d) Confidentiality, and e) Professional behavior (2) Part B of the Code of Ethics – illustrates how the conceptual framework is to be applied in specific situations (3) Independence It is in the public interest that the auditor be independent of the entity subject to the audit. The auditor‘s independence from the entity safeguards the auditor‘s ability to form an audit opinion without being affected by influences that might compromise that opinion. Independence enhances the auditor‘s ability to act with integrity, to be objective and to maintain an attitude of professional skepticism. Independence requirements comprise of both: a) Independence of mind b) Independence in appearance b. National requirements that are more restrictive c. Philippine Standard on Quality Control (PSQC) – require the CPA firm to establish and maintain its system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence 2. Professional scepticism – The auditor shall plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. Professional skepticism is an attitude that includes a questioning mind, a critical assessment of validity of audit evidence, and being alert to conditions which may indicate possible misstatement due to error or fraud. Professional skepticism is necessary to the critical assessment of audit evidence. This includes: a. Questioning contradictory audit evidence b. Considering the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance c. Considering the sufficiency and appropriateness of audit evidence obtained in the light of the circumstances (for example, in the case where fraud risk factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount) Professional skepticism includes being alert to: Audit evidence that contradicts other audit evidence obtained. Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. Conditions that may indicate possible fraud. Circumstances that suggest the need for audit procedures in addition to those required by the PSAs. The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. In cases of doubt about the reliability of information or indications of possible fraud, the PSAs require that the auditor investigate further and determine what modifications or additions to audit procedures are necessary to resolve the matter. Maintaining professional skepticism throughout the audit is necessary to reduce the risks of: Overlooking unusual circumstances. Over generalizing when drawing conclusions from audit observations. Using inappropriate assumptions in determining the nature, timing and extent of the audit procedures and evaluating the results thereof. The auditor cannot be expected to disregard past experience of the honesty and integrity of the entity‘s management and those charged with governance. Nevertheless, a belief that they are honest and have integrity does not relieve the auditor of the need to maintain professional AUDITING THEORY REVIEW NOTES skepticism in conducting the audit. 3. Professional judgement – The auditor shall exercise professional judgment in planning and performing an audit of financial statements. Professional judgment is essential to the proper conduct of an audit. This is because interpretation of relevant ethical requirements and the PSAs and the informed decisions required throughout the audit cannot be made without the application of relevant knowledge and experience to the facts and circumstances. Professional judgment is necessary on decisions about: Materiality Audit risk Nature, timing and extent of audit procedures used to meet the requirements of the PSAs and gather audit evidence Evaluating whether sufficient appropriate audit evidence has been obtained Evaluation of management‘s judgments in applying the entity‘s applicable financial reporting framework. Drawing of conclusions based on the audit evidence obtained (for example, assessing the reasonableness of the estimates made by management in preparing the financial statements) The distinguishing feature of the professional judgment expected of an auditor is that it is exercised by an auditor whose training, knowledge and experience have assisted in developing the necessary competencies to achieve reasonable judgments. The exercise of professional judgment in any particular case is based on the facts and circumstances that are known by the auditor. Consultation on difficult or contentious matters during the course of the audit, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm assist the auditor in making informed and reasonable judgments. Professional judgment can be evaluated based on whether the judgment reached reflects a competent application of auditing and accounting principles and is appropriate in the light of, and consistent with, the facts and circumstances that were known to the auditor up to the date of the auditor‘s report. Professional judgment needs to be exercised throughout the audit. It also needs to be appropriately documented. In this regard, the auditor is required to prepare audit documentation sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the significant professional judgments made in reaching conclusions on significant matters arising during the audit. Professional judgment is not to be used as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence. 4. Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion. a. Sufficiency and appropriateness of audit evidence Audit evidence includes information used by the auditor in arriving at the conclusions on which the auditor‘s opinion is based. Audit evidence includes both: Information contained in the accounting records underlying the financial statements and Other information Sufficiency is the measure of the quantity of audit evidence. Sufficiency is influenced or affected by: (1) The auditor‘s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and (2) The quality of such audit evidence (the higher the quality, the less may be required) Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor‘s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. AUDITING THEORY REVIEW NOTES Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion, is a matter of professional judgment. Note: • • • • • • Audit evidence is necessary to support the auditor‘s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. Audit evidence comprises both information that supports and corroborates management‘s assertions, and any information that contradicts such assertions. Most of the auditor‘s work in forming the auditor‘s opinion consists of obtaining and evaluating audit evidence. The sufficiency and appropriateness of audit evidence are interrelated. Obtaining more audit evidence, however, may not compensate for its poor quality. Sources of audit evidence: a. Primarily obtained from audit procedures performed during the course of the audit b. May be obtained from other sources such as: • Previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit) or • A firm‘s quality control procedures for client acceptance and continuance • The entity‘s accounting records • An expert employed or engaged by the entity • In some cases, the absence of information (for example, management‘s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. b. Audit risk Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. Audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. Audit risk is a technical term related to the process of auditing; it does not refer to the auditor‘s business risks such as loss from litigation, adverse publicity, or other events arising in connection with the audit of financial statements. Risk of material misstatements is the risk that the financial statements are materially misstated prior to audit. Risk of material misstatement may exist at two levels: 1. Overall financial statement level – refer to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many assertions 2. Assertion level – refer to risks of material misstatement that relate to classes of transactions, account balances, and disclosures Risk of material misstatement at the assertion level has two components: (a) Inherent risk – the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls (b) Control risk – the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity‘s internal control Control risk is a function of the effectiveness of the design, implementation and maintenance of internal control by management to address identified risks that threaten the achievement of the entity‘s objectives relevant to preparation of the entity‘s financial statements. However, internal control, no matter how well designed and operated, can only reduce, but not eliminate, risks of material misstatement in the financial statements, because of the inherent limitations of internal control. Accordingly, some control risk will always exist. Risks of material misstatement at assertion level (inherent risk and control risk) are the entity‘s risks; they exist independently of the audit of the financial statements. Such risks are AUDITING THEORY REVIEW NOTES assessed in order to determine the nature, timing and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk. The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk relates to the nature, timing and extent of the auditor‘s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a function of the effectiveness of an audit procedure and of its application by the auditor. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level. For example, the greater the risks of material misstatement the auditor believes exists, the less the detection risk that can be accepted and, accordingly, the more persuasive the audit evidence required by the auditor. The following matters assist to enhance the effectiveness of an audit procedure and of its application and reduce the possibility that an auditor might select an inappropriate audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results: • Adequate planning • Proper assignment of personnel to the engagement team • The application of professional scepticism, and • Supervision and review of the audit work performed Detection risk, however, can only be reduced, not eliminated, because of the inherent limitations of an audit. Accordingly, some detection risk will always exist. 5. The auditor shall conduct an audit in accordance with PSAs PSAs contain basic audit principles and essential procedures together with related guidance in the form of explanatory and other material which the auditor should follow An audit in accordance with PSAs includes: a. Compliance with PSAs relevant to the audit 1) Compliance with all PSAs relevant to the audit (a PSA is relevant to the audit when the PSA is in effect and the circumstances addressed by the PSA exist) Complying with relevant requirements means the auditor shall comply with each requirement of a PSA unless, in the circumstances of the audit: a. The entire PSA is not relevant (for example, if an entity does not have an internal audit function, nothing in PSA 610 is relevant) b. The requirement is not relevant because it is conditional (implicit or explicit) and the condition does not exist. Examples of conditional requirements: • The requirement to modify the auditor‘s opinion if there is a limitation of scope represents an explicit conditional requirement. • The requirement to communicate significant deficiencies in internal control identified during the audit to those charged with governance, which depends on the existence of such identified significant deficiencies; and • The requirement to obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment information in accordance with the applicable financial reporting framework, which depends on that framework requiring or permitting 2) Having an understanding of the entire text of a PSA (including its application and other explanatory material) to understand its objectives and to apply its requirements properly 3) Prohibition from the auditor from representing compliance with PSAs in the auditor‘s report when he has not complied with the requirements of PSAs relevant to the audit b. The use of the objectives stated in relevant PSAs in planning and performing the audit to achieve the overall objectives of the auditor. In using the objectives, the auditor is required to have regard to the interrelationships among the PSAs. This is because the PSAs deal in some cases with general responsibilities and in others with the application of those responsibilities to specific topics. AUDITING THEORY REVIEW NOTES The auditor is required to use the objectives to evaluate whether sufficient appropriate audit evidence has been obtained in the context of the overall objectives of the auditor. If as a result the auditor concludes that the audit evidence is not sufficient and appropriate, then the auditor may follow one or more of the following approaches: • Evaluate whether further relevant audit evidence has been, or will be, obtained as a result of complying with other PSAs; • Extend the work performed in applying one or more requirements; or • Perform other procedures judged by the auditor to be necessary in the circumstances. c. In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs). PAPSs provide interpretative guidance and practical assistance to auditors in implementing the PSAs and to promote good practice in the accountancy profession. Contents/Structure of the PSAs a. Objectives – each PSA contains one or more objectives which provide a link between the requirements and the overall objectives of the auditor The objectives in individual PSAs serve to focus the auditor on the desired outcome of the PSA. b. Requirements (requirements are expressed in the PSAs using ―shall‖) – the requirements of the PSAs are designed to enable the auditor to achieve the objectives specified in the PSAs, and thereby the overall objectives of the auditor c. Related guidance in the form of application and other explanatory material that are designed to support the auditor in obtaining reasonable assurance Application and other explanatory material: It provides further explanation of the requirements of a PSA and guidance for carrying them out It may explain more precisely what a requirement means or is intended to cover It may include examples of procedures that may be appropriate in the circumstances. While such guidance does not in itself impose a requirement, it is relevant to the proper application of the requirements of an PSA. It may also provide background information on matters addressed in a PSA. It may include appendices which form part of the application and other explanatory material. When appropriate, it may include additional considerations specific to audits of smaller entities and public sector entities. PSAs may also contain: Introductory material – provides context relevant to a proper understanding of the PSA Introductory material may include, as needed, such matters as explanation of: a. The purpose and scope of the PSA (including how the PSA relates to other PSAs) b. The subject matter of the PSA c. The respective responsibilities of the auditor and others in relation to the subject matter of the PSA d. The context in which the PSA is set Definitions – a description of the meanings attributed to certain terms for purposes of the PSAs Assist in the consistent application and interpretation of the PSAs Not intended to override definitions that may be established for other purposes, whether in law, regulation or otherwise The Glossary of Terms relating to PSAs contains a complete listing of terms defined in the PSAs. It also includes descriptions of other terms found in PSAs to assist in common and consistent interpretation and translation. Nature of the PSAs The PSAs, taken together, provide the standards for the auditor‘s work in fulfilling the overall objectives of the auditor. The PSAs deal with the general responsibilities of the auditor, as well as the auditor‘s further considerations relevant to the application of those responsibilities to specific topics. The scope, effective date and any specific limitation of the applicability of a specific PSA is made clear in the PSA. Unless otherwise stated in the PSA, the auditor is permitted to apply a PSA before the effective date specified therein. In performing an audit, the auditor may be required to comply with legal or regulatory requirements in addition to the PSAs. The PSAs do not override law or regulation that governs AUDITING THEORY REVIEW NOTES an audit of financial statements. In the event that such law or regulation differs from the PSAs, an audit conducted only in accordance with law or regulation will not automatically comply with PSAs. Departure from a relevant requirement in a PSA: In exceptional circumstances wherein the auditor may judge it necessary to depart from a relevant requirement in a PSA, the auditor shall perform alternative audit procedures to achieve the aim of that requirement. The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement. The PSAs do not call for compliance with a requirement that is not relevant in the circumstances of the audit. b. As the basis for the auditor‘s opinion, PSAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion. Considerations Specific to Smaller Entities For purposes of specifying additional considerations to audits of smaller entities, a ―smaller entity‖ refers to an entity which typically possesses qualitative characteristics such as: 1. Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and 2. One or more of the following: a. Straightforward or uncomplicated transactions; b. Simple record-keeping; c. Few lines of business and few products within business lines; d. Few internal controls; e. Few levels of management with responsibility for a broad range of controls; or f. Few personnel, many having a wide range of duties. These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller entities do not necessarily display all of these characteristics. The PSAs refer to the proprietor of a smaller entity who is involved in running the entity on a day-to-day basis as the ―owner-manager.‖ General Principles of Financial Statement Audit 1. The auditor should plan and perform the audit with an attitude of professional skepticism recognizing that circumstances may exist that may cause the FS to be materially misstated. Because of the possibility that the FS may be materially misstated, the auditor should conduct the audit with an attitude of professional skepticism. For example, the auditor would ordinarily expect to find evidence to support management representations and not assume they are necessarily correct. Attitude of professional skepticism: means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. In planning and performing the audit, the auditor neither assumes that the management is honest nor assumes unquestioned honesty. Concept of Reasonable Assurance: Although an independent FS audit in accordance with PSAs lends credibility to the FS, such audit is designed to provide only reasonable assurance , rather than absolute assurance, that the FS taken as a AUDITING THEORY REVIEW NOTES whole are free from material misstatement, whether due to fraud or error. In other words, the level of assurance provided by an audit of detecting a material misstatement is referred to as reasonable assurance. Reasonable assurance means high, but not absolute, assurance. Reasonable assurance refers to the gathering of the audit evidence necessary for the auditor to conclude that there are no material misstatements in the FS, taken as a whole. This concept recognizes the existence of audit risk. Notes on reasonable assurance: Reasonable assurance relates to the conclusion of the auditor that there are no material misstatements in the FS taken as a whole. Reasonable assurance is achieved when the auditor has reduced audit risk to an acceptably low level by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance relates to the whole audit process. Absolute assurance in audit of FS is not attainable. Accordingly, the audit opinion is not a guarantee or certification that the financial statements are free from material misstatements. When reasonable assurance cannot be obtained and a qualified opinion cannot be expressed, the auditor should: Disclaim an opinion, or Withdraw from the engagement (if legally permitted) As the basis for the auditor‘s opinion, PSAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether The level of assurance provided by an audit of detecting a material misstatement is referred to as Reasonable assurance. Inherent Limitations of an Audit A45. The auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain absolute assurance that the financial statements are free from material misstatement due to fraud or error. This is because there are inherent limitations of an audit, which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor‘s opinion being persuasive rather than conclusive. The inherent limitations of an audit arise from: a. The nature of financial reporting – • The preparation of financial statements involves judgment by management in applying the requirements of the entity‘s applicable financial reporting framework to the facts and circumstances of the entity. • Many financial statement items involve subjective decisions or assessments or a degree of uncertainty, and there may be a range of acceptable interpretations or judgments that may be made • Consequently, some financial statement items are subject to an inherent level of variability which cannot be eliminated by the application of additional auditing procedures. For example, this is often the case with respect to certain accounting estimates. Nevertheless, the PSAs require the auditor to give specific consideration to whether accounting estimates are reasonable in the context of the applicable financial reporting framework and related disclosures, and to the qualitative aspects of the entity‘s accounting practices, including indicators of possible bias in management‘s judgments. b. The nature of audit procedures – there are practical and legal limitations on the auditor‘s ability to obtain audit evidence For example: • • • There is the possibility that management or others may not provide, intentionally or unintentionally, the complete information that is relevant to the preparation of the financial statements or that has been requested by the auditor. Accordingly, the auditor cannot be certain of the completeness of information, even though the auditor has performed audit procedures to obtain assurance that all relevant information has been obtained. Fraud may involve sophisticated and carefully organized schemes designed to conceal it. Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an intentional misstatement that involves, for example, collusion to falsify documentation which may cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither trained as nor expected to be an expert in the authentication of documents. An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not given specific legal powers, such as the power of search, which may be necessary for such an investigation. AUDITING THEORY REVIEW NOTES • The need for the audit to be conducted within a reasonable period of time and at a reasonable cost. Timeliness of Financial Reporting and the Balance between Benefit and Cost A48. The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive. Appropriate planning assists in making sufficient time and resources available for the conduct of the audit. Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and there is a balance to be struck between the reliability of information and its cost. This is recognized in certain financial reporting frameworks (see, for example, the IASB‘s ―Framework for the Preparation and Presentation of Financial Statements‖). Therefore, there is an expectation by users of financial statements that the auditor will form an opinion on the financial statements within a reasonable period of time and at a reasonable cost, recognizing that it is impracticable to address all information that may exist or to pursue every matter exhaustively on the assumption that information is in error or fraudulent until proved otherwise. A49. Consequently, it is necessary for the auditor to: • Plan the audit so that it will be performed in an effective manner; • Direct audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas; and • Use testing and other means of examining populations for misstatements. A50. In light of the approaches described in paragraph A49, the ISAs contain requirements for the planning and performance of the audit and require the auditor, among other things, to: AUDITING • Have a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels by performing risk assessment procedures and related activities;21 and • Use testing and other means of examining populations in a manner that provides a reasonable basis for the auditor to draw conclusions about the population. Other Matters that Affect the Inherent Limitations of an Audit A51. In the case of certain assertions or subject matters, the potential effects of the inherent limitations on the auditor‘s ability to detect material misstatements are particularly significant. Such assertions or subject matters include: • Fraud, particularly fraud involving senior management or collusion. See ISA 240 for further discussion. • The existence and completeness of related party relationships and transactions. See ISA 55023 for further discussion. • The occurrence of non-compliance with laws and regulations. See ISA 250.24 for further discussion. • Future events or conditions that may cause an entity to cease to continue as a going concern. See ISA 570.25 for further discussion. Relevant ISAs identify specific audit procedures to assist in mitigating the effect of the inherent limitations. A52. Because of the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with ISAs. Accordingly, the subsequent discovery of a material misstatement of the financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit in accordance with ISAs. However, the inherent limitations of an audit are not a justification for the auditor to be satisfied with less than persuasive audit evidence. Whether the auditor has performed an audit in accordance with ISAs is determined by the audit procedures performed in the circumstances, the sufficiency and appropriateness of the audit evidence obtained as a result thereof and the suitability of the auditor‘s report based on an evaluation of that evidence in light of the overall objectives of the auditor. Limitations of Financial Statements Audit: (Reasons why absolute assurance in auditing is not attainable or why reducing audit risk to zero is not attainable) Absolute assurance in auditing is not attainable because of inherent limitations in an audit that affect the auditor‘s ability to detect material misstatements. These limitations result from factors such as: AUDITING THEORY REVIEW NOTES 1. Need for auditor’s judgment The auditor‘s work requires exercise of professional judgment such in the following matters: Identifying and addressing risk factors Deciding what evidence to gather Making decisions about materiality and audit risk Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent of audit procedures) Evaluating management‘s judgments in applying the entity‘s applicable financial reporting framework. Assessing the sufficiency and appropriateness of audit evidence Drawing of conclusions based on the evidence gathered Forming an opinion (the phrase ―in our opinion‖ in the auditor‘s report is intended to inform that auditors based their conclusions on professional judgment) 2. Use of testing / sampling risk – An audit is conducted on a test basis or by examining only sample of less than 100% of a population. This may introduce some risk that a misstatement will not be detected. 3. Reliance on management representation – Some audit evidence must be obtained by obtaining oral or written representations from management because many FS assertions cannot be audited. 4. Inherent limitations of accounting and internal control – Although the auditor performs audit procedures to detect material misstatements, such procedures may not be effective in detecting misstatements resulting from the possibility of: management override of controls circumvention of internal control collusion among employees 5. Nature of audit evidence available – This is the fact that most of the evidence available to the auditor is persuasive, rather than conclusive, in nature. 6. Undetected fraud – Fraud is specifically designed not to be detected. Thus, there is always the possibility that fraud will not be detected. 7. Availability of audit evidence – Insufficient support may be available for drawing absolute conclusions on specific assertions such as fair value estimates. 8. Other limitations may affect the persuasiveness of audit evidence available to draw conclusions on particular assertions (for example, transactions between related parties). Not a limitation of audit: Physical limitations of auditors due to fatigue and stress. Concept of Materiality and Audit Risk 1. Materiality: the magnitude of misstatement or omission; the ability to influence the economic decision of reasonable FS user The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the FS are fair or are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. When is a misstatement or omission material? It is material if it could influence the economic decision of FS users. If it is probable that the judgment of a reasonable person would have been changed or influenced by the omission or misstatement of information, then that information is material. Meaning of the term "present fairly, in all material respects": The auditor considers only those matters that are significant to the FS users; the phrase refers to the auditors expression of opinion 2. Audit Risk: the risk that audit opinion is inappropriate specifically, it is the risk that the auditor expresses an inappropriate (unqualified) audit opinion when the FS are materially misstated concept of reasonable assurance acknowledges the existence of audit risk AUDITING THEORY REVIEW NOTES General Types of Audit: 1. According to objectives or nature of assertion a. Financial statement audit – an audit conducted to determine whether the financial statements of an entity are fairly presented in accordance with an identified financial reporting framework (or PFRS) An of financial statements is the type of audit most frequently performed by CPAs (due to the widespread use of audited financial statements) on a fee basis and for more than one client. Financial audit is also called: External audit – because it is performed by external auditors, whether individual CPAs or CPA firms, who are not employees of the client Independent audit – because the auditor is independent of the client subject to audit Financial audit b. Compliance audit: a review of an entity‘s degree of compliance with applicable laws and rules/regulations or contracts; usually performed by government auditors Examples: Examination conducted by: i) BIR examiners: compliance of taxpayers with tax law, rules or regulations ii) BSP examiners: compliance of banks with banking laws, rules or regulations iii) COA auditors: compliance of government transactions/expenditures with the requirements of applicable laws, rules or regulations c. Operational audit involves a systematic review and evaluation of the specific operating units (or procedures, methods or activities) of an organization in relation to specified objectives for the purpose of measuring/assessing its performance in terms of efficiency and effectiveness of operations, identifying opportunities for improvement and making recommendations to improve performance (such as introduction of controls to reduce waste). Also called performance audit or management audit Example: Evaluation of a company‘s computerized accounting system Usually performed by internal auditors Efficiency relates to use of its resources, while effectiveness relates to accomplishing objectives. Internal auditor's responsibilities in operational audits: In operational audits, the company's management is responsible for setting operating standards. The internal auditor's responsibilities are to determine that: a. Management has established such standards. b. The standards are being met. c. Deviations from established standards are being identified and corrected. d. Corrective action has been taken. Objective of operational auditing: a. To assess performance in terms of efficiency and effectiveness of operations (1) Effectiveness – To verify fulfillments of plans and sound business requirements (2) Efficiency – To determine whether the entity is managing or utilizing its resources economically and efficiently b. To identify areas for improvement c. To develop recommendations to improve performance (example of such as introduction of controls to reduce waste) Operational audit includes: Program or effectiveness audit : an audit to determine whether the entity has been effective in achieving the desired results or benefits of the program or activity Economy audit: an audit to determine whether company objectives or goals are met at a cost commensurate with the task Efficiency audit: whether company objectives or goals are met at the least or minimal costs Major differences between financial and operational auditing: The financial audit is oriented to the past whereas an operational audit concerns performance for the future. The financial audit report is distributed to many readers whereas the operational audit report goes to a few managers. Financial audits are limited to matters that directly affect the financial statements whereas operational audits cover any aspect of efficiency and effectiveness. AUDITING THEORY REVIEW NOTES 2. According to types of auditor or their affiliation with the entity being examined: a. External / Independent audit: performed by practitioners or independent CPAs who offer their professional services for a fee to various clients on a contractual basis Independent or external auditors are not employees of the client External audit complements internal audit b. Internal audit: audit performed by entity‘s own employees known as internal auditors; internal auditors investigate and apprise the effectiveness and efficiency of operations and internal controls of the firm Internal auditing is defined as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes." Internal auditing includes the audit of: Financial and operating information; Compliance with policies, plans, procedures, laws, regulations, and contracts; The means of safeguarding assets and verifying the ir existence; The economy and efficiency with which resources are employed; and Operations or programs to ascertain whether results are consistent with established objectives and goals and whether they are being carried out as prescribed. Internal auditing is an appraisal control that measures and evaluates other controls. The increased complexity and sophistication of business operations have required management to rely on this appraisal control. Internal auditors review the adequacy of the company's internal control system primarily to ascertain whether the system provides reasonable assurance that the company's objectives and goals will be achieved efficiently and economically. Efficient performance implies the use of minimal resources to meet the company's objectives and goals. Economical performance is the accomplishment of objectives and goals at a cost commensurate with the task. Internal auditors assist in the prevention of fraud by examining and evaluating the system of internal control. Internal auditors are required to review the means employed by the company to safeguard its assets from various types of losses such as those resulting from fire, theft, unscrupulous or illegal activities, and exposure to the elements. i) Internal auditing: An independent appraisal function or control or activity established within an entity to examine and evaluate its activities or other controls as a service to the entity. It is an independent, objective assurance and consulting activity designed to add value and improve an organization‘s operations. It helps an organization to accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. ii) Overall objective of internal auditing: to assist the members of the organization, particularly management and board of directors, in the effective discharge of their responsibilities; in short, to provide assistance to management or board of directors (it serves the needs of management). c. Internal auditors usually perform operational audits Internal auditors usually focus on improving the efficiency and effectiveness of their employer, unlike external auditors (public accounting firms) whose focus is the fairness of the FS of their clients. Government auditing: audit performed by government employees whose main concern is to determine whether persons or entities comply with government laws, rules and regulations Scope of government audit: may extend beyond FS audit to include: i) FS audit ii) Performance audit (includes (a) program results (effectiveness) audit and (b) economy and efficiency audit) iii) Compliance audit AUDITING THEORY REVIEW NOTES A governmental audit is typically designed to determine whether the auditee has complied with applicable laws and regulations. The types of audits conducted by the Commission on Audit (COA) are financial audit and performance audit. Performance audits include economy, efficiency, and program audits. Included in the scope of financial and performance audits is determining whether the entity has complied with applicable laws and regulations. Government auditors are required to prepare a written report on the entity's internal control and assessment of control risk made as part of a financial statement audit. The auditor's report should include the following: 1. The scope of the auditor's work in obtaining an understanding of the entity's internal control and in his/her assessment of control risk. 2. The entity's significant controls including those that are established to ensure compliance with laws and regulations that have a material impact on the financial statements. 3. The conditions, including the identification of material weaknesses, identified as a result of the auditor's work. The Government Auditing Standards require auditors to prepare a written report on the entity's internal control. This report should include the conditions, including the identification of material weaknesses, discovered as a result of the auditor's work. However, the report should not give any form of assurance on the design and effectiveness of the entity's internal control. Government auditors are required to obtain an understanding of the possible financial statement effects of laws and regulations having direct and material effects on amounts reported. Also, they are required to make an assessment whether management has identified such laws that might have such effects. The audit of a government program involves obtaining information about the costs, outputs, benefits, and effects of the program. Auditors attempt to measure the accomplish ments and relative success of the program based on the actual intent of the legislation that established the program. Types of Auditors: 1. Independent auditors or external auditors – are CPA firms and individual practitioners who perform audit services on contractual basis for more than one client Independent auditor – because the auditor is independent with respect to the client whose FS are being audited; External auditor – the auditor is an outsider (not an employee of the client) Practitioners perform operational audits and compliance audits as part of consultancy services 2. Internal auditors – they are employed by the entity thus they are not independent. However, to operate effectively, an internal auditor must be independent of the line functions of the entity. Internal auditors perform operational and compliance audits. 3. Government auditors – employed in government agencies BIR examiners perform compliance audits BSP examiners perform compliance and operational audits COA auditors perform compliance and operational audits The relationship between an external auditor and an internal auditor is that both of them use basically an identical approach; however, there are differences in the application of auditing techniques. The audit committee is composed of outside directors who are independent of management. The primary purpose is to assure that the directors are exercising due care and external and internal auditors are independent of management. The following are some of the audit committee's functions: Select the external auditors. Review the external auditor's overall audit plan. Evaluate the results of external and internal audits. Review the internal auditing work schedule, budget, etc. Meet regularly with the internal auditing director. The above functions should increase public confidence on the fair presentation of the company 's financial statements. Acceptability of the Financial Reporting Framework AUDITING THEORY REVIEW NOTES The auditor should determine whether the financial reporting framework adopted by management in preparing the FS is acceptable. An acceptable financial reporting framework is what is referred to as the ―applicable financial reporting framework.‖ The auditor determines whether the financial reporting framework adopted by management is acceptable in view of the nature of the entity (for example, whether it is a business enterprise, a public sector entity or a not for profit organization) and the objective of the FS. In 1. 2. 3. 4. FS audit, financial reporting frameworks that are acceptable as valid criteria include: Philippine Financial Reporting Standards (PFRSs) Philippine Accounting Standards (PASs) International Accounting Standards (IASs) Other authoritative basis Financial statements need to be prepared in accordance with one, or a combination of the above-cited financial reporting framework. Distinction: Types of audit according to objectives or nature of assertion/data Point of distinction FS Audit Compliance audit Primary objective To enable the auditor to express an opinion on the fairness of the FS To determine degree of compliance Subject matter (Assertion) Assertion that the FS are presented in accordance with identified financial reporting framework (GAAP) Assertion that the organization has complied with laws, regulations and specific procedures Established criteria GAAP – Identified financial reporting framework (as by standard setting bodies) Sufficient appropriate evidence / outcome Communication of results to intended users Audit findings whether the FS are in accordance with Identified financial reporting framework (GAAP) Auditor‘s report containing an opinion whether the FS are fairly presented in accordance with identified financial reporting framework (GAAP) Applicable laws, regulations and specific procedures (as set by authoritative bodies) Findings on degree of compliance Users of audit report Different groups for different purposes; wide variety of users (both internal and external users) Independent / external auditors – practitioners Type of auditor performing the audit Reports on the degree of compliance with applicable laws, regulations or specific procedures Authoritative bodies that sets down the regulations, rules and procedures Government auditors Operational audit To assess entity‘s performance (in terms of efficiency and effectiveness) Assertion that the organization‘s activities/operations are conducted effectively and efficiently in relation to specified objectives Objectives (as set by the board of directors) Findings on assessment of performance / operations Recommendations or suggestions on how to improve operations Management of the entity Internal auditors PUBLIC ACCOUNTING PROFESSION Characteristics/Attributes of a Profession: a. Mastery of a particular intellectual skill, acquired by training and education; b. Adherence by its members to a common code of values and conduct established by its administering body, including maintaining an outlook which is essentially objective; and c. Acceptance of a duty to society as a whole (usually in return for restrictions in use of a title or in the granting of a qualification) AUDITING THEORY REVIEW NOTES Accountancy meets all characteristics of a profession as follows: a. To be a member of the accounting profession, one must first obtain a BSA degree, pass a difficult CPA board exam and continue learning through meaningful working experience and continuing professional education. b. In acting in the public interest a professional accountants observe and comply with the ethical requirements of the Code of Ethics for professional accountants in the Philippines . c. A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in public interest. Therefore, a professional accountant‘s responsibility is not exclusively to satisfy the needs of an individual client or employer. The Code of Ethics for CPAs in the Philippines – the document that contains the norms and principles governing the practice of the accountancy profession in the highest standards of ethical conduct Objectives of the Accountancy Profession: 1. To work to the highest standards of professionalism 2. To attain the highest levels of performance, and 3. To meet the public interest requirement Public interest – the collective well-being of the public the CPA serves Public interest imposes responsibility on the accountancy profession and on its members Public – community of people and institutions who rely on the objectivity and integrity of CPAs; consists of clients, credit grantors, governments, employers, employees, investors, the business and financial community, and others who make such reliance Important Role of CPAs in Society: The public rely on CPAs for: a. Sound financial accounting and reporting b. Effective financial management and c. Competent advice on a variety of business and taxation matters CPA – a person who holds a valid Certificate of Registration and a Professional Identification card issued by the PRC/BOA to those who satisfactorily complied with all the legal and procedural requirements for such issuance, including in appropriate cases, having passed the CPA licensure examination Also referred to as professional accountant A member of the accountancy profession in the Philippines Regulation of the Accounting Profession: 1. Public Regulation – RA 9298 otherwise known as ―The Philippine Accountancy Act of 2004‖ (including its Implementing Rules and Regulations) 2. Regulation by the Profession – through the implementation of the Code of Ethics for professional accountants / CPAs in the Philippines 3. Regulation within the Firm – through implementation of a system of quality control Organizations that Affect Public Accounting: 1. Regulatory Government Agencies: a. Professional Regulation Commission (PRC) – the government agency that administers, implements and enforces the regulatory policies of the Philippine Government with respect to the regulation and licensing of the various professions (such as the accountancy profession) under its jurisdiction the professional regulation commission of the Philippines created under RA No. 8981 The PRC derives its authority from the PRC Modernization Act of 2000. The PRC is the government agency that has overall jurisdiction over the regulatory boards (such as the Board of Accountancy) in the Philippines. b. Professional Regulatory Board of Accountancy (BOA) – the government agency empowered to administer/enforce the Philippine Accountancy Act of 2004 (RA 9298) BOA is under the administrative supervision of the PRC Objectives of RA 9298: The standardization and regulation of accounting education; The examination for registration of CPAs; and AUDITING THEORY REVIEW NOTES The supervision, control, and regulation of the practice of accountancy in the Philippines. Councils/committee formed to assist BOA: 1. Financial Reporting Standards Council (FRSC) – assists BOA in the establishment and promulgation of GAAP in the Philippines 2. Auditing and Assurance Standards Council (AASC) – created to assist BOA in the establishment and promulgation of GAAS in the Philippines 3. Education Technical Council (ETC) – assists BOA in continuously upgrading accounting education in the Philippines 4. Quality Review Committee (QRC) – conducts an oversight into the quality of audits of financial statements through a review of the quality control measures instituted by an Individual CPAs, Firm or Partnership of CPAs engaged in the practice of public accountancy to ascertain his/her/its compliance with prescribe professional, ethical and technical standards of public practice Functions of the QRC: a. Conduct quality review on applicants for registration to practice accountancy and render a report which shall be attached to the application for registration. b. Recommend to the BOA the revocation of the Certificate of Registration and the Professional Identification Card of CPAs who has not observed the quality control measures and who has not complied with the standards of quality prescribed for the practice of public accountancy c. In the event that the QRC cannot accomplish the aforesaid functions for any reason whatsoever, the BOA or its duly authorized representatives may conduct the required quality review. 5. PRC CPE Council – assists BOA in implementing its CPE program c. Securities and Exchange Commission (SEC) – the government agency that regulates the registration and operations of corporations (whether stock or non-stock), partnerships and other forms of associations in the Philippines Laws governing the registration: Civil Code of the Phils. – for partnerships Corporation Code of the Phils. – for corporations Securities Regulation Code Overall objective of the SEC: The overall objective of the SEC is to assist in providing investors with reliable information upon which to make investment decisions. SEC reportorial requirements: The SEC prescribes financial reporting requirements. SEC requires companies that plan to issue new securities to the public to submit a registration statement to the SEC for approval. The financial statements to be filed with the SEC shall be accompanied by a Statement of Management‘s Responsibility for Financial Statements. Composition of SEC: a chairperson and four (4) commissioners appointed by the President of the Philippines for a term of 7 years d. Bangko Sentral ng Pilipinas (BSP) – regulates and supervises the banking industry The primary objective of the BSP is to maintain price stability conducive to a balanced and sustainable economic growth. It also aims to promote and preserve monetary stability and the convertibility of the peso. Monetary Board – the policy-making body of the BSP Composition of Monetary Board: composed of 7 members appointed by the President of the Philippines for a term of 6 years, as follows: BSP Governor A member of the Cabinet to be designated by the President of the Philippines Five (5) members from private sector e. Commission on Audit (COA) – the government agency examines whether government units handle their funds in compliance with existing laws and regulations and whether their programs are being conducted effectively, efficiently and economically AUDITING THEORY REVIEW NOTES Principal duties of the COA: a. Examine, audit and settle all accounts pertaining to the revenue or receipts and expenditures or uses of government funds and property. b. Act as central accounting office of the government (Keep the general accounts pertaining thereof and preserve the vouchers pertaining thereof), c. Define the scope of its audit and examination. d. Promulgate accounting and auditing rules and regulations including those for the prevention of irregular, unnecessary, excessive or extravagant expenditures or uses of funds and property. e. Submit to the President, at the time fixed by law, an annual financial report of the government, its subdivisions, agencies and instrumentalities, including GOCCs, and recommend measures necessary to improve their efficiency and effectiveness. f. Perform such other duties and functions as may be prescribed by law. f. The COA is the highest and final authority in state auditing. Its jurisdiction and responsibility is defined by the Philippine Constitution (under Article IX – D). The COA acts as the sole external auditor of all government departments and agencies, including government-owned or controlled corporations. Commission proper – governing body of COA Composition: The COA is composed of a Chairman and two (2) Commissioners to be appointed by the President of the Philippines with the consent of the Commission of Appointments for a term of 7 years without reappointment Qualifications of COA members: 1. Natural-born citizens of the Philippines 2. At least thirty-five years of age at the time of their appointment 3. CPAs with not less than 10 years of auditing experience or members of the Philippine Bar who have been engaged in the practice of law for at least 10 years, and 4. Not have been candidates for any elective position in the elections immediately preceding their appointment COA Audit: The COA conducts a comprehensive audit that includes financial, compliance, and management audits. At no time shall all Members of the COA belong to the same profession. Insurance Commission (IC) – government agency regulates and supervises the insurance industry for the promotion of national interest g. Bureau of Internal Revenue (BIR) – government agency that enforce tax laws; the BIR is empowered to collect taxes to raise revenues for the use and support of the government 2. Standard-Setting Bodies: a. Local/Domestic: (1) Financial Reporting Standards Council (FRSC) – accounting standard-setting body/council created by the BOA FRSC Composition/Membership: Chairman (had been or presently a senior practitioner in any of the scope of accounting practice) BOA SEC BSP BIR COA A major organization composed of preparers and users of FS Accredited National Professional Organization of CPAs (APO) – PICPA: Public practice Commerce and industry Academe/Education Government Total members 1 1 1 1 1 1 1 2 2 2 2 8 15 AUDITING THEORY REVIEW NOTES (2) Auditing and Assurance Standards Council (AASC) – auditing standard-setting body/council created by the BOA AASC Composition/Membership: Chairman (had been or presently a senior accounting practitioner in public accountancy) BOA SEC BSP COA Association or organization of CPAs in active public practice of accountancy Accredited National Professional Organization of CPAs - PICPA: Public practice Commerce and industry Academe/Education Government Total members 1 1 1 1 1 1 6 1 1 1 9 15 BIR representation. The BIR, although represented in the FRSC, is not represented in the AASC. Appointment. The Chairman and members of the FRSC and AASC shall be appointed by the PRC upon the recommendation of the BOA in connection with the APO (PICPA). Term of office. The Chairman and members of both the FRSC and AASC shall have a term of 3 years renewable for another term. Main function of FRSC and AASC: To assist BOA in carrying out its powers and functions on monitoring the conditions affecting the practice of accountancy and adoption of such measures, including promulgation of accounting and auditing standards, rules and regulations and best practices b. Foreign/International: (1) International Federation of Accountants (IFAC) – the recognized global/worldwide organization for the accountancy profession The International Federation of Accountants (IFAC) is the worldwide organization for the accountancy profession. Founded in 1977, its mission is ―to serve the public interest, IFAC will continue to strengthen the worldwide accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high-quality professional standards, furthering the international convergence of such standards and speaking out on public interest issues where the profession‘s expertise is most relevant.‖ IFAC is comprised of 158 members and associates in 123 countries worldwide, representing approximately 2.5 million accountants in public practice, industry and commerce, the public sector, and education. No other accountancy body in the world and few other professional organizations have the broad-based international support that characterizes IFAC. (2) International Accounting Standards Board (IASB) – the international accounting standardsetting body Foreign counterpart of the FRSC Its issuances are called IFRS It replaced the International Accounting Standards Committee (IASC) (3) International Auditing and Assurance Standards Board (IAASB) – international auditing standard-setting body Foreign counterpart of the AASC It replaced the International Auditing Practices Committee (IAPC) Both the IASB and IAASB are under the IFAC. 3. Professional and Sectoral Organizations: a. Philippine Institute of Certified Public Accountant (PICPA) – the globally-recognized and integrated national professional organization of CPAs in the Philippines accredited by the BOA and the AUDITING THEORY REVIEW NOTES PRC PICPA is designated as the accredited professional organization (APO) in the Philippines. The Mission of PICPA is to enhance the integrity of the accountancy profession, serve the best interest of its members and other stakeholders, and contribute to the attainment of the country's national objectives. As the APO, PICPA is tasked to meet the following requirements: a. It is established for the benefit and welfare of the CPAs, the advancement of their profession, and the attainment of other professional ends; b. Its membership is open to all registered CPAs without discrimination; c. It's membership shall include CPAs in all sectors; d. It shall have a creditable plan to enlist into active membership within three (3) years, at least a majority of the CPAs in the practice of accountancy. e. It shall have adequate chapters/regions in major areas in the Philippines to effectively attend to the needs of its members. Its national directors shall be elected in accordance with the provisions of the Corporation Code. f. It shall be judicious and prudent in the management of its financial resources. g. It shall have a full-time career Executive Director who shall implement the policies promulgated by the PICPA Board of Directors and shall have direct supervision over the PICPA Secretariat. h. It is duly registered as a non-stock corporation or association by the SEC. i. It has paid the prescribed accreditation fee. PICPA must renew its accreditation once every three years. b. Sectoral Organizations Serve the needs of CPAs in different scopes of practice Provide seminars, programs and workshops that specifically serve the interests of the CPAs in their respective sectors Each sector has its own organization as follows: (1) Public Practice – Association of CPAs in Public Practice (ACPAPP) (2) Commerce and Industry – Association of CPAs in Commerce and Industry (ACPACI) (3) Education/Academe – Association of CPAs in Education (ACPAE) (4) Government – Government Association of CPAs (GACPA) ESTABLISHMENT, ORGANIZATION AND MANAGEMENT OF A PUBLIC ACCOUNTING FIRM Allowed Forms of Organization for the Practice of Public Accountancy: a. Single practitioners (individual CPAs) or sole proprietorship, and b. Partnership of CPAs (general partnerships and limited liability partnerships) Corporation form of CPA/Audit firm is not allowed in the Philippines. Allowed Names for the Practice of Accountancy: 1. Individual CPA: Shall use his/her registered name (the name registered with the BOA and the PRC and as printed on his/her CPA certificate) For example: Jessie Garcia, CPA 2. Firms: Shall use the duly registered and authorized firm name appearing in the registration documents issued by the DTI or any other proper government office/s and such firm name shall include the real name of the sole proprietor as printed in his/her CPA certificate For example: Denver Roncal and Associates 3. Partnerships: In case of registered partnership – shall use the partnership name as indicated in the Articles of Partnership and certificate of registration issued by the SEC In case of unregistered partnership – shall use the partnership name indicated in the Articles of Partnership For example: Sycip, Gorres, Velayo & Company In case of death or withdrawal of all partners, the surviving partner may continue to practice under the partnership name for a period of not more than 2 years after becoming a sole proprietor. AUDITING THEORY REVIEW NOTES Prohibition on Use of Name: CPAs shall practice only under a name allowed by law and: Shall NOT include any fictitious name Shall NOT indicate specialization (such as tax specialist or expert) Shall NOT misleading as to the type of organization Registration for Accreditation with the BOA and PRC: Registration for accreditation with the BOA and PRC is required for CPAs (individuals, firms and partnerships, including its partners and staff members) before they can engage in public accountancy. They shall not commence public practice until a valid Certificate of Registration to practice public accountancy has been issued to such CPA(s). The Certificate of Accreditation attests that the applicant is duly accredited to practice public accountancy in the Philippines. Basic requirements for registration: a. Application for registration (accomplished in a form prescribed by the BOA, in triplicate, and duly signed by the applicant CPA) b. Submission of registration documents such as: Certificate of registration issued by the SEC together with the certified copy of the current Articles of Partnership for registered partnerships, or Certified copy of the Articles of partnership for unregistered partnership, or Certified copy of the certificate of registration of Firm name with the DTI and other proper government agencies. c. A minimum of three (3) years meaningful experience in any of the areas of practice of accountancy d. Compliance with the quality review (this is a required condition prior to registration or renewal any thereof The BOA created Quality Review Committee (QRC) to conduct quality review on applicants for registration to practice accountancy and render a report which shall be attached to the application for registration. Validity of registration for accreditation is for a period of 3 years (renewable after 3 years on or before September 30 on the year of expiry). The registration of applicants approved during any month of the year shall expire on December 31 on the third year following its approval. Example: If the application for registration of a CPA firm is approved on July 31, 2004, the registration shall expire on December 31, 2006 and therefore it shall file for renewal on or before September 30, 2006 for the three year period beginning January 1, 2007. The next renewal will be on or before September 30, 2009. Tax and other Legal Requirements: a. Payment of privilege tax as a CPA on occupations with the city or municipality where they practice public accountancy b. Business permits (from local and national government) c. Accreditation with other government agencies: a. SEC – also accredits external auditors An external auditor should file with the SEC a representation letter for audit clients whenever his audit client files its financial statements with the SEC b. BSP – Rendering/offering of independent audits to banks and other financial institutions under BSP supervision requires BSP accreditation c. BIR – also accredits external auditors Foreign CPAs: The practice of accountancy in the Philippines is limited to Filipino CPAs. A foreign CPA is not allowed to be as owner, sole proprietor, partner or any staff thereof, unless he/she is qualified to practice accountancy in the Philippines (unless the foreign CPA qualifies to practice under Sections 34 and 35 of RA 9298.) Under no circumstances shall the correspondent relationship, membership, or business dealings with foreign CPAs be a scheme for the foreign CPAs to engage in the practice of public accountancy in the Philippines which under the present laws is limited to Filipino CPAs Hierarchy/ Ranks/Levels within a CPA Firm: 1. Partners – owners of the CPA/Auditing firm Duties and responsibilities: Determine operating policies of the firm 2. Senior or Senior-in-charge Duties and responsibilities: Directly responsible to the manager or the AUDITING THEORY REVIEW NOTES Select and hire audit staff Obtain clients Establish contracts with clients (sign engagement letter) Approve billings to clients Assume overall responsibility for each engagement Plan and review all phases of the audit Approve and sign the report and firm correspondence (such as audit report and other documents 3. Managers / Supervisors Duties and responsibilities: Act as liaison between partners and other team members Prepare the overall audit plan Discuss with clients items of material importance (such as problems that may arise in course of the audit) Directly supervise senior auditors Review working papers Draft the report Discuss reports and results to clients and settle accounting problems with the client Take charge of training programs partner Take charge of field work Prepares audit program for a specific engagement (subject to review by superiors) Assigns particular phases of audit to staff auditors Directly supervises staff auditors Perform more important audit procedures Reviews non-financial records such as articles of incorporation and by-laws Discusses with clients or with the partner or manager problems or questions that arise in the course of the audit Assemble audit working papers Prepare income tax returns Prepares the original draft of audit report and audited financial statements (subject to review and approval by the partner or manager/supervisor) 4. Junior or staff auditor/assistant Duties and responsibilities: Prepare analyses, schedules, reconciliations and reports of findings Verify footings, extensions and postings on accounting records Trace evidence such as examination of vouchers supporting a disbursement Observe client‘s physical count of inventories Performs other tasks as may be assigned Professional Fees: 1. Amount of fees to be charged to clients: Fees charged should be a fair reflection of the value of the professional services, taking into account the following: a. The skill and knowledge required b. The level of training and experience of the persons necessarily engaged on the work c. The time necessarily occupied by each person engaged on the work, and d. The degree of responsibility and urgency that the work entails A fee lower than previous fee is acceptable if calculated using the above factors. Other factors to be considered are those influenced by legal, social and economic conditions in the Philippines. No standard amount of fee: A CPA in public practice may determine or quote whatever fee deemed appropriate. He may quote a fee lower than another but not too low (or significantly lower) nor excessive. If fees that are too low: It is considered unethical There would be a risk of a perception that the quality of work could be impaired 2. Methods of billing clients (billing arrangements): The methods of determining professional fees are: a. Per diem basis – the charges are based on the actual time spent at a rate depending on the experience and expertise of the members of the engagement team Also known as actual time charges basis It is computed as actual time spent x rate per hour as agreed upon b. Fixed fee or Flat fee basis – lump-sum fee for the entire engagement. The charges for out-ofpocket expenses are separate from the audit fee and are to be billed separately c. Maximum fee basis – a combination of fixed fee and per diem basis. The billing is similar to per diem basis subject to a maximum limit as agreed between the practitioner and the client d. Retainer fee basis – the client pays a uniform/fixed monthly charge, plus additional fee annually, payable upon submission of the audit report AUDITING THEORY REVIEW NOTES Out-of-pocket expenses – reimbursable expenses, in addition to the professional fees, that are chargeable to the client, such as: Traveling expenses Supplies Billing arrangements should be clearly defined, preferably in writing, before the start of the engagement to help in avoiding misunderstanding with respect to fees. 3. Prohibition against contingent fee: An assurance engagement should not be performed for a fee that is contingent on the result of the assurance work or on items that are the subject matter of the assurance engagement. Contingent fee – a fee calculated on a predetermined basis relating to the outcome or result of a transaction or the result of the work performed Contingent fee is unacceptable billing arrangement because it impairs independence and objectivity. Examples of contingent fees: a. Fee based on % of audited net income b. Fee based upon % of the acquisition price of another company c. Fee based on amount of taxes saved d. Tax preparation where the fee will be based on whether the CPA signs the tax return prepared e. Fee based on amount of insurance settlement f. Fee is charged if bank loan is obtained/approved g. No fee will be charged unless specific finding or result is obtained Not considered contingent fees: a. If fixed by a court or other public authority b. If determined based on the results of judicial or government agency proceedings c. If authorized by statute d. If approved by a member body as generally accepted practice for certain professional services Some reasons why the above are not considered contingent fees: Fees fixed by courts and other public authority, although may be uncertain in nature at that moment, are not known and cannot be influenced by the auditor and the client. Fees based on determination by taxing authorities are a matter of judicial proceedings which do not involve third parties. Marketing Professional Services: A professional accountant in public practice should not bring the profession into disrepute when marketing professional services. The professional accountant in public practice should be honest and truthful and should NOT: a. NOT make exaggerated claims for services offered, qualifications possessed or experience gained; or b. NOT make disparaging references to unsubstantiated comparisons to the work of another. If the professional accountant in public practice is in doubt whether a proposed form of advertising or marketing is appropriate, the professional accountant in public practice should consult with the relevant professional body. Publicity, Solicitation and Advertising: Publicity – the communication to the public of facts about a professional accountant which are not designed for the deliberate promotion of that professional accountant Solicitation – the approach to a potential client for the purpose of offering professional services Advertising – the communication to the public of information as to the services or skills provided by professional accountants in public practice with a view to procuring professional business Rules on Solicitation, Advertising and Referrals: a. Solicitation of clients – prohibited by the Code of Ethics b. Advertising (or other form of marketing) – not allowed Advertising is a form of solicitation c. Payment or receipt of commission – not allowed d. Referral – allowed e. Payment or receipt of referral fee – not allowed Sources of Clients: AUDITING THEORY REVIEW NOTES a. Referrals from businessmen, clients (present or previous), financial and government institutions, other CPAs, and legal and other professional firms b. Walk-in clients Death or disability of an Individual CPA, and Dissolution or Liquidation of a Firm or Partnership of CPAs: Such must be reported to the BOA by any designated staff member of the Individual CPA, or by the sole practitioner of a firm (or his/her designated staff member if the proprietor is unavailable), or by the managing partner (or any designated partner in case the managing partner in case the managing partner is unavailable) not later than 30 days from the date of such death, dissolution, or liquidation The report must be: a. In affidavit form – in case of Individual CPA or a Firm b. A certified copy of dissolution or liquidation papers filed with the SEC – in case of a partnership Failure to notify the BOA shall subject the designated individual to penalty. Fees and Penalties: Fee – Fee for initial registration, renewal, or request for reinstatement: P1,000 or to such an amount as the PRC may prescribe Penalties: Suspension of CPA certificate, certificate of registration (to practice), and professional identification card. If the violator is criminally liable, such party responsible shall be proceeded against criminally, independent of any action therein provided. Subject to the approval of the PRC, the BOA may, for justifiable reasons, lift the sanctions imposed on violators. Examples of Violations of the IRR: a. Engaging in public accounting practice without first registering with the BOA and the PRC b. Continuing to engage in public accounting practice after the expiration of registration c. Continuing to engage in public accounting practice after suspension, revocation or withdrawal of registration d. Giving any false information, data, statistics, reports or other statement which tend to mislead, obstruct, or obscure the registration of an Individual CPA, Firm or Partnership of CPAs under the IRR e. Giving any misrepresentation to the effect that registration was secured when in truth and in fact, it was not secured f. Failure or refusal to undergo quality review g. Failure to comply with the requirements on accomplishment of the application for registration, including submission of required documents GENERALLY ACCEPTED AUDITING STANDARDS Auditing Standards: Popularly known as the Generally Accepted Auditing Standards (GAAS ) The general guidelines that the auditors must follow in conducting the audit. The minimum standards of auditor‘s performance that must be achieved on each audit engagement The guidance for measuring the quality of the auditor‘s performance GAAP vs. GAAS: GAAP: the principles for the preparation and presentation of financial statements that are used by the auditor as criteria in determining the overall fairness of the financial statements; foundation of accounting GAAS: standards/measures/guidance that the auditors must follow when conducting an audit; foundation of auditing Auditing Standards vs. Auditing Procedures: a. Definition: Auditing standards: the measures of the quality or minimum standard of auditor‘s performance Auditing procedures: the means used (or the acts to be performed) by the auditor to attain the quality or minimum standard of auditor‘s performance b. Basic difference: "auditing procedures" relate to acts to be performed, whereas "auditing standards" deal with measures of audit quality and the objectives to be achieved in an audit. c. Relationship: Every independent audit engagement involves both auditing standards and auditing procedures. From one engagement to another engagement, auditing standards are applied uniformly but auditing procedures may vary. AUDITING THEORY REVIEW NOTES THE 10 GENERALLY ACCEPTED AUDITING STANDARDS (GAAS): GENERAL STANDARDS – standards/criteria which present guidance in the personal qualifications an auditor must possess to undertake the audit engagement 1. Adequate technical training and proficiency: competence This standard refers to professional Professional competence of the auditor is primarily met by having professional education/training and practical experience in auditing Competence can also be acquired by the auditor through the following: Continuing professional development Consulting others if additional technical information is needed Coaching by more experienced staff Research to obtain knowledge of client business and industry Competence does not include warranting the infallibility of the work performed . 2. Independence: This standard requires that the auditor must be impartial when dealing with the client or without bias with respect to the client entity. The auditor must be independent in fact and in appearance. a. Independence of mind – The state of mind that permits the expression of a conclusion without being affected by influences that compromise professional judgment, allowing an individual to act with integrity, and exercise objectivity and professional skepticism; this is also known as ―independence in fact‖ or ―independence in mental attitude.‖ b. Independence in appearance – The avoidance of facts and circumstances or situations that are so significant that would lead a reasonable and informed third party or the public to believe or conclude that the auditor is not independent. In other words, independence in appearance requires that activities or relationships that even suggest or imply a possible lack of independence must be avoided by the auditor. Independence is often called the cornerstone of the profession since it is necessary to add credibility to the auditor‘s work. Auditor strives to achieve independence in appearance in order to: maintain public confidence in the profession or to achieve public confidence. The audit opi nion and the audit report would be of little or no value if auditor is not independent because of absence of public confidence. The auditor ultimately decides whether or not he/she is independent. Independence in mental attitude cannot be regulated. However, to encourage independence in fact and to maintain the appearance of independence, the auditor can have no direct financial interest in the client. ―Direct‖ includes the auditor and members of immediate family. ―Financial interest‖ is ownership of equity shares, other client financial instruments, or any other potential financial benefit. In addition, there can be no material indirect financial interest such as ownership through a mutual fund. To ensure independence, auditor cannot render an opinion on statements of one year until all fees from the prior year audit have been paid. To emphasize independence from management, auditor is usually appointed by audit committee of the board of directors. Independence may be impaired by performing consulting services, especially those that involve making management decisions. 3. Due professional care: This standard requires that an auditor, in fulfilling his duties, should act diligently and carefully, exercise reasonable prudence, and apply judgment in a conscientious manner, carefully weighing the relevant factors before reaching a decision. Due professional care is often called the "average auditor" concept. The auditor should do what the average auditor would do and never less, including review of work performed by assistants and maintaining an attitude of professional skepticism. Due professional care does not mean/imply infallibility or exercise of error-free judgment. The auditor is not and cannot be held responsible for losses because of errors of pure judgment. Exercise of due professional care in the performance of the audit requires: a. Observance of the standards of field work and reporting b. Critical review of the audit work performed at every level of supervision c. Degree of skill commonly possessed by others in the profession d. Exercise of the same components of professional care as a reasonable auditor would exercise AUDITING THEORY REVIEW NOTES e. Exercise of professional skepticism STANDARDS OF FIELD WORK – the standards / criteria for planning and evidence-gathering 1. Adequate planning and proper supervision: Planning involves establishing the overall audit strategy for the engagement and developing an audit plan. The auditor should also supervise the work of assistants. Supervision is critical because of assistants‘ lack of experience. Audit programs are designed to enumerate appropriate action, and all work of staff auditors should be reviewed by a qualified auditor. Audit program is developed before substantive testing to ensure that adequate planning has occurred. 2. Sufficient understanding of the entity and its environment, including internal control: As part of the planning activities, the auditor is required to obtain sufficient understanding of the entity and its environment. This means that the auditor should obtain a more detailed knowledge of the client's business and the environment/industry in which the entity operates. A sufficient understanding of internal control is to be obtained to plan the audit. Appropriate internal controls provide the auditor with confidence that material misstatements will be prevented or detected on a timely basis. Strong internal control implies that the auditor will require less evidence. Weak internal control implies that the auditor will require more evidence. 3. Sufficient appropriate audit evidence: The auditor should obtain sufficient appropriate audit evidence by performing audit procedures to be able to draw reasonable conclusions on which to base the opinion regarding the financial statements under audit. Evidence gathering is sometimes called substantive testing. Any testing that confirms the ending balance of an account is known as a test of a balance. Evidence gathered to support an account by looking at the various transactions that have affected it during the period is called a test of details. All specific audit work is performed in order to gather evidence. The quantity and quality of evidence to be gathered depends on the judgment of the auditor. The decision as to how much evidence to be accumulated requires professional judgment; not provided in the PSAs; the rule is, evidence must be sufficient to afford a reasonable basis for opinion STANDARDS OF REPORTING – standards on auditor‘s expression of audit opinion through a medium known as the auditor‘s report 1. Whether the financial statements are in accordance with GAAP/PFRS: Conformity with GAAP/PFRS is explicit in the auditor‘s report Explicit statement means that the auditor should state whether or not the financial statements subject to audit are prepared in accordance with GAAP/PFRS. When an overall opinion cannot be expressed, as where the auditor disclaims an opinion, the reasons therefore should be stated. 2. Consistent application of GAAP/PFRS: Consistency is implicit in the auditor‘s report If there is no material consistency as to application of GAAP/PFRS, no statement as to consistency is required in the auditor‘s report. However, if a material inconsistency exists, auditor shall identify such inconsistency in the auditor‘s report. In short: If GAAP/PFRS is consistently applied: no express statement as to consistency is necessary because consistency is implicit in the auditor‘s report If GAAP/PFRS is not consistently applied: auditor shall identify in the auditor‘s report such inconsistency 3. Adequacy of informative disclosures: Adequacy of disclosure is implicit in the auditor‘s report. If informative disclosure is adequate, no statement as to adequacy of disclosure is required in the auditor‘s report. However, if informative disclosure is inadequate, auditor must state such inadequacy in the auditor‘s report. AUDITING THEORY REVIEW NOTES If disclosure is adequate: no statement as to adequacy of disclosure is necessary because adequacy of disclosure is implicit in the auditor‘s report If disclosure is inadequate: auditor must state in the audit report such inadequacy 4. Opinion regarding the financial statements taken as a whole: opinion is explicit in the auditor‘s report expression of audit Objective of 4th standard of reporting: To indicate the character of the engagement and the degree of responsibility assumed by the auditor. This would prevent FINANCIAL STATEMENTS users from misinterpreting the degree of responsibility the auditor is assuming/taking. Reference to the expression "taken as a whole" in the fourth generally accepted auditing standard of reporting means that the audit opinion applies equally to a complete set of financial statements and to each individual financial statement. Philippine Standards on Auditing (PSAs): The PSAs are interpretations of GAAS, meaning, they are intended to clarify the meaning of "generally accepted auditing standards." The PSAs contains basic audit principles and essential procedures together with related guidance in the form of explanatory and other material which the auditor should follow when conducting financial statements audit. Application of PSAs: PSAs apply to independent examination of (historical) financial statements of any entity conducted for the purpose of expressing an opinion. Compliance with PSA: The auditor should conduct an audit in accordance with PSA. Compliance with PSAs means application of basic audit principles and performance of essential audit procedures. Compliance with relevant PSAs is mandatory. Only in exceptional instances where departure from relevant PSA is allowed such as when the auditor believes that the: Amount involved is insignificant; or Requirement of the PSA is impractical to perform; or Requirement of the PSA is impossible to perform. NATURE OF SYSTEM OF QUALITY CONTROL: One of the recognized objectives of the accountancy profession is to attain the highest levels of performance. To achieve this objective, there is a need for assurance that all professional services provided by CPAs are carried out to the highest quality or standards of performance. Reasonable assurance of meeting such need is provided through a system of quality control. A system of quality control refers to quality control policies and procedures adopted by CPA firms that are designed to provide reasonable assurance that the firm and its personnel comply with professional standards and regulatory and legal requirements and that reports issued by the firm or engagement partners are appropriate in the circumstances. System of Quality Control in an Audit Engagement: Policies and procedures to provide reasonable assurance that all audits are conducted in accordance with PSAs and that audit reports issued are appropriate in the circumstances QC policies vs. QC procedures: a. Quality control policies – are the objectives and goals to be achieved b. Quality control procedures – are steps/procedures to be taken to: accomplish the policies adopted, or implement and monitor compliance with those policies Mandatory requirement for CPA firms to establish SQC: Under Philippine Standard on Quality Control 1 (PSQC 1) CPA firms are required to establish and implement a system of quality control. Nature and Extent of a System of Quality Control: The nature and extent of the SQC developed by CPA firms vary from firm to firm due to various factors such as: a. Size of the CPA firm b. Nature of its practice c. Operating characteristics d. Its organization e. Geographical dispersion AUDITING THEORY REVIEW NOTES f. Cost-benefit consideration g. Whether it is part of a network Elements of System of Quality Control: Although the nature and extent of the system of quality control developed by CPA firms vary from one firm to another, a system of quality control must have the following elements: 1. Leadership responsibilities for quality within the firm – The CPA firm should establish policies and procedures that: Promote an internal culture based on recognition that quality is essential in the performance of the engagements Require CPA firm‘s leader (CEO/ managing board of partners or its equivalent), to assume ultimate responsibility for the firm‘s system of quality control. 2. Ethical requirements, including independence – The CPA firm should establish policies and procedures to provide reasonable assurance that the firm and its personnel comply with relevant ethical requirements (including independence): 3. Acceptance and continuance of client relationships and specific engagements – The CPA firm should establish policies and procedures to provide reasonable assurance that the CPA firm will only undertake or continue relationships and engagements where it: a. Has considered the client‘s integrity b. Is competent to perform the engagement and has the capabilities, time and resources to do so; and c. Can comply with ethical requirements 4. Human resources – The CPA firm should establish policies and procedures to provide reasonable assurance that it has sufficient personnel with the capabilities, competence, and commitment to ethical principles necessary to perform the engagement. 5. Engagement performance – The CPA firm should establish policies and procedures to provide reasonable assurance that engagements are performed in accordance with professional standards and regulatory and legal requirements, and that the firm or engagement partner issue reports that are appropriate in the circumstances. 6. Monitoring – The CPA firm should establish policies and procedures to provide reasonable assurance that quality control are relevant, adequate and operating effectively and complied with in practice and should include an ongoing consideration and evaluation of the firm‘s system of quality control, including a periodic inspection of a selection of completed engagements. The purpose of monitoring compliance with quality control policies and procedures is to provide an evaluation of: a. Adherence to professional standards and regulatory and legal requirements; b. Whether the quality control system has been appropriately designed and effectively implemented; and c. Whether the firm‘s quality control policies and procedures have been appropriately applied, so that reports that are issued by the firm or engagement partners are appropriate in the circumstances. The following shall also be included in the CPA firm’s SQC: 1. Complaints and Allegations: The firm should establish policies and procedures designed to provide it with reasonable assurance that it deals appropriately with: a. Complaints and allegations that the work performed by the firm fails to comply with professional standards and regulatory and legal requirements; and b. Allegations of non-compliance with the firm‘s system of quality control. 2. Documentation: The firm should establish policies and procedures requiring appropriate documentation to provide evidence of the operation of each element of its system of quality control. Distinction between GAAS/PSA and SQC: GAAS/PSAs relate to each individual audit engagement, whereas SQC relates to all professional activities/services of the firms practice as a whole. QUALITY REVIEW COMMITTEE: To ensure that CPAs work to the highest standards, the government thru the Professional Regulatory Board of Accountancy (BOA) has required all CPA firms and individual CPAs in public practice to obtain a certificate of accreditation to practice public accountancy. Such certificate is valid for three (3) years and can be renewed after complying with the requirements of the BOA. As a condition to the renewal of the certificate of accreditation to practice public accountancy, the BOA requires individual CPAs and CPA firms to undergo a quality control review to ensure that these CPAs comply with accounting and auditing standards and practices. The BOA has created a Quality Review Committee (QRC) which shall conduct a quality review on applicants for registration to practice public accountancy. AUDITING THEORY REVIEW NOTES Functions of the Quality Review Committee: Conducts quality review on applicants for registration, or renewal thereof, to practice public accountancy Render a report on such quality review, which shall be attached to the application for registration Recommend to BOA revocation of registration and professional ID cards of CPAs for not observing the SQC requirements Quality review – an oversight into (or study or appraisal of) the quality of audit of FS through a review of quality control measures established by CPA firms and individual CPAs in public practice to ensure compliance with accounting and auditing standards and practices Republic Act No. 9298 – PHILIPPINE ACCOUNTANCY ACT OF 2004 (and its Implementing Rules and Regulations) Objectives of the Philippine Accountancy Act: a. The standardization and regulation of accounting education; b. The examination for registration of CPAs; and c. The supervision, control, and regulation of the practice of accountancy in the Philippines. Scope of Practice of Accountancy: Practice of accountancy shall include, both not limited to the following: 1. Practice of Public Accountancy – Practice of public accountancy shall constitute in a person, be it his/her individual capacity, or as a partner or as a staff member in an accounting or auditing firm, holding out himself/herself as one skilled in the knowledge, science and practice of accounting, and as a qualified person to render professional services as a certified public accountant; or offering or rendering, or both, to more than one client on a fee basis or otherwise, services such as: a. The audit or verification of financial transaction and accounting records b. The preparation, signing, or certification for clients of reports of audit, balance sheet, and other financial, accounting and related schedules, exhibits, statements or reports which are to be used for publication or for credit purposes, or to be filed with a court or government agency, or to be used for any other purpose c. The design, installation, and revision of accounting system d. The preparation of income tax returns when related to accounting procedures e. The representation of clients before government agencies on tax and other matters related to accounting f. Renders professional assistance in matters relating to accounting procedures and the recording and presentation of financial facts or data 2. Practice in Commerce and Industry – Practice in commerce and industry shall constitute in a person: a. Involved in decision making requiring professional knowledge in the science of accounting, (as well as the accounting aspects of finance and taxation); or b. When the CPA represents his employer before government agencies on tax and other matters related to accounting c. When such employment or position requires that the holder thereof must be a CPA. The IRR provides that business or company in the private sector should employ a duly registered CPA if: a. Paid-up capital is at least P5.0 million; and/or b. Annual revenue is at least P10.0 million 3. Practice in Education / Academe – Practice in education or the academe shall constitute in a person in an educational institution which involve teaching of accounting, auditing, management advisory services, finance, business law, taxation, and other technically related subjects. AUDITING THEORY REVIEW NOTES A CPA is considered to be engaged in the practice of accountancy in education / academe if he/she is employed in educational institutions as teachers of accounting, auditing, MAS, (accounting aspects of) finance, business law, taxation and other technically related subjects. Members of the Integrated Bar of the Philippines (IBP) may be allowed to teach business law and taxation subjects. The position of either the Dean or department chairman (or its equivalent) that supervises the BSA program of an educational institution is deemed to be in practice of accountancy in the academic /education and therefore must be occupied only by a duly registered CPA. 4. Practice in Government – Practice in the government shall constitute in a person who holds, or is appointed to, a position in an accounting professional group in government or in a government-owned and/or controlled corporation, including those performing proprietary functions, where decision making requires professional knowledge in the science of accounting, or where a civil service eligibility as a CPA is a prerequisite. Sector – is the area of practice of accountancy namely public accountancy, commerce and industry, academe/education and government Limitations of the Practice of Public Accountancy: Single practitioners (individual CPAs) and Partnership of CPAs shall be registered CPAs in the Philippines. The SEC shall not register any corporation organized for the practice of public accountancy. In other words, corporation form of CPA firm is not allowed. A certificate of accreditation issued only after showing that the registrant has acquired the minimum 3 years meaningful experience in any of the areas of accountancy (whether in the public accountancy, commerce and industry, education/academe and government) Certificate of Accreditation – a certificate under seal, issued by the PRC upon the recommendation by the BOA, attesting that Individual CPAs, including the staff members thereof, firms including the sole proprietors and the staff members thereof and partnerships of CPAs including the partners and the staff members thereof, are duly accredited to practice public accountancy in the Philippines. Definition of Meaningful Experience: In Public practice Shall include: At least 1 year as audit assistant and At least 2 years as auditor-in-charge of audit engagements covering full audit functions of significant clients In Commerce and Includes significant involvement in: Industry General accounting, budgeting and tax administration Internal auditing and liaison officer Representing his/her employer before government agencies on tax and matters related to accounting or any other related functions In the Academe or Shall include: Education Teaching for at least 3 trimesters or 2 semesters subjects in either financial accounting, business law and tax, auditing problems, auditing theory, financial management and management services Provided, that the accumulated teaching experience on these subjects shall not be less than 3 school years In Government Includes significant involvement in: General accounting Budgeting Tax administration Internal auditing Liaison with the COA Any other related functions AUDITING THEORY REVIEW NOTES Prohibition in the Practice of Accountancy: Non-CPAs: Are not allowed to practice accountancy in the Philippines Cannot use the title ―Certified Public Accountant‖ or ―CPA‖ Should not indicate (thru display or use any title, sign, card, advertisement, or other device) that he practices or offers to practice accountancy or that he is a CPA Non-Filipino professional accountants/CPAs: Are also not allowed to practice accountancy in the Philippines, unless: a. Through foreign reciprocity b. With valid temporary/special permit duly issued by the BOA and the PRC Professional Regulatory Board of Accountancy (BOA): The BOA is the official government agency empowered to enforce RA 9298. BOA is under the supervision and administrative control of the Professional Regulation Commission (PRC) 1. Composition of BOA: BOA shall be composed of a chairman and 6 members (all of which are to be appointed by the President of the Philippines) BOA shall elect a vice-chairman from among its members for a term of 1 year. According to the IRR, the 4 sectors in the practice of accountancy shall as much as possible be equitably represented in the BOA. 2. Qualifications of BOA members: At the time of appointment, he/she must be: a. Natural-born citizen and a resident of the Philippines; b. Duly registered CPA with at least 10 years of work experience in any scope of practice of accountancy c. Of good moral character and must not have been convicted of crimes involving moral turpitude d. Not have any pecuniary interest, directly or indirectly, in any school, college, university or institution conferring an academic degree necessary for admission to the practice of accountancy (those that offer BSA degree) or where review classes in preparation for the licensure examination are being offered or conducted (such as RESA, PRTC and CPAR), nor shall he/she be a member of the faculty or administration thereof at the time of his/her appointment to the BOA, and e. Not be a director/officer of the APO (PICPA) at the time of his/her appointment – this is an additional requirement under the IRR 3. Term of office of BOA members: The Chairman and the members of the BOA members shall hold office for a term of 3 years. Any vacancy during the term of a member shall be filled up for the unexpired portion of the term only. Appointment to fill up an unexpired term is not to be construed as a complete term. No person who has served 2 successive complete terms shall be eligible for reappointment until the lapse of 1 year. No person shall serve in the BOA for more than 12 years. (addition under the IRR) 4. Powers and Functions of the BOA: The BOA shall exercise the following specific powers, functions and responsibilities: a. To prescribe and adopt the rules and regulations necessary for carrying out the provisions of this Act (RA 9298) b. To supervise the registration, licensure and practice of accountancy in the Philippines; c. To administer oaths d. To issue, suspend, revoke, or reinstate the Certificate of Registration for the practice of the accountancy profession e. To adopt its own official seal f. To prescribe and/or adopt a Code of Ethics for the practice of accountancy g. To monitor the conditions affecting the practice of accountancy and adopt such AUDITING THEORY REVIEW NOTES h. i. j. k. l. m. n. o. measures, including promulgation of accounting and auditing standards, rules and regulations and best practices as may be deemed proper for the enhancement and maintenance of high professional, ethical, accounting and auditing standards To conduct an oversight into the quality of audits of financial statements through a review of the quality control measures To investigate violations of this Act as IRR, to issue summons, subpoena and subpoena ad testificandum and subpoena duces tecum to violators or witness thereof and compel their attendance to such investigation or hearings and the production of documents in connection therewith The Board may, motu propio in its discretion, make such investigations as it deems necessary to determine whether any person has violated any provisions of this law, any accounting or auditing standard or rules duly promulgated by the BOA as part of the rules governing the practice of accountancy To issue a cease or desist order to any person, association, partnership or corporation engaged in violation of any provision of this Act, any accounting or auditing standards or rules duly promulgated by the BOA as part of the rules governing the practice of accountancy in the Philippines To punish for contempt of the BOA, both direct and indirect, in accordance with the pertinent provisions of and penalties prescribed by the Rules of Court To prepare, adopt, issue or amend the syllabi of the subjects for examinations in consultation with the academe, determine and prepare questions for the licensure examination which shall strictly be within the scope of the syllabi of the subjects for examinations as well as administer, correct and release the results of the licensure examinations To ensure, in coordination with the Commission on Higher Education (CHED) or other authorized government offices that all higher educational instruction and offering of accountancy comply with the policies, standards and requirements of the course prescribed by CHED or other authorized government offices in the areas of curriculum, faculty, library and facilities; and To exercise such other powers as may be provided by law as well as those which may be implied from, or which are necessary or incidental to the carrying out of, the express powers granted to the BOA to achieve the objectives and purposes of this Act. 5. Grounds for Suspension or Removal of BOA Members: The President of the Philippines, upon the recommendation of the PRC may suspend or remove any BOA member on the following grounds: a. Neglect of duly or incompetence b. Violation or tolerance of any violation of RA 9298 and its IRR or the CPA Code of Ethics and the technical and professional standards of practice for CPAs c. Final judgment of crimes involving moral turpitude d. Manipulation or rigging of the CPA's licensure examination results, disclosure of secret and confidential information in the examination questions prior to the conduct of the said examination or tampering of grades. The President‘s power to appoint carries with it the power to suspend or removed a BOA member based on the abovementioned grounds. When a member of the BOA has been sued of crimes involving moral turpitude, it is not a valid ground for suspension or removal of BOA members. FRSC and AASC: (Refer to notes on public accounting profession) Education Technical Council (ETC): Assists BOA in continuously upgrading accounting education in the Philippines 1. Functions of the ETC: Determine a minimum standard curriculum for the study of accountancy to be implemented in all schools offering accountancy as an undergraduate degree. Established teaching standards, including the qualifications of members of the faculty of schools and colleges of accountancy. Monitor the progress of the program on the study of accountancy and undertaking AUDITING THEORY REVIEW NOTES measures for the attainment of a high quality of accountancy education in the country. Evaluate periodically the performance of educational institution offering accountancy education. 2. ETC Composition/Membership: Chairman (had been or presently a senior accounting practitioner in the academe/education) BOA Accredited National Professional Organization of CPAs - PICPA: Public practice 1 Commerce and industry 1 Academe/Education 2* Government 1 Total *1 private school and 1 public school offering Bachelor of Science in 1 1 5 7 Accountancy Appointment. The Chairman and members of the ETC shall be appointed by the PRC upon the recommendation of the BOA in connection with the APO (PICPA). Term of office. The Chairman and the members of the ETC shall have a term of 3 years renewable for another term. CPA Examinations: All applicants for registration for the practice of accountancy shall be required to undergo a licensure examination to be given by the BOA in such places and dates as the PRC may designate subject to compliance with the requirements prescribed by the PRC in accordance with Republic Act No. 8981. 1. Qualifications of Applicants for CPA Examinations: a. Must be a Filipino citizen b. Must be of good moral character c. Must be a holder of the degree of BSA conferred by a school, college, academy or institute duly recognized and/or accredited by the CHED or other authorized government offices, and d. Has not been convicted of any criminal offense involving moral turpitude 2. Scope of Examinations: The CPA examination shall cover, but are not limited to, the following subjects: 1. Theory of Accounts (80 – 100 items) 2. Business Law and Taxation (50 – 70 items) 3. Management Services (50 – 70 items) 4. Auditing Theory (80 – 100 items) 5. Auditing Problems (40 – 50 items) 6. Practical Accounting I (40 – 50 items) 7. Practical Accounting II (40 – 50 items) Each subject has a corresponding syllabus. The BOA, subject to the approval of the PRC, may revise or exclude any of the subjects and their syllabi, and add new ones as the need arises. 3. Rating in the CPA Examinations: To pass the CPA exams – 75%; 65%: A candidate must obtain at least a general average of 75%, with no grades lower than 65% in any given subject. Conditional status: If a candidate obtains a rating of 75% and above in at least a majority of the subjects tested, he/she will be given conditional credits for the subjects passed. 4. Removal Examination: The candidates with conditional status shall take an examination in the remaining subjects within 2 years from the preceding examination. If the candidate fails to obtain at least a general average of 75% and a rating of at least 65% in each of the subjects reexamined, he/she shall be considered as failed in the entire examination. The original exam and the removal exam are counted as one exam only. AUDITING THEORY REVIEW NOTES 5. Candidates required to take Refresher Course: Any candidate who fails in 2 complete CPA exams shall be disqualified from taking another set of examinations unless he/she submits evidence to the satisfaction of the BOA that he/she enrolled in and completed a refresher course with at least 24 units of subjects given in the CPA exams. The examination in which the candidate was conditioned together with the removal examination on the subject in which he/she failed shall be counted as one complete examination. The IRR provides that the required refresher course (whether regular or special refresher course) shall be offered only by an educational institution granting a degree of BSA. Oath: All successful candidates in the CPA examination, prior to entering upon the practice of the profession, shall be required to take an oath of profession before: a. Any member of the BOA; or b. Any government official authorized by the PRC; or c. Any person authorized by law to administer oaths Issuance of Certificates of Registration and Professional Identification Card: Certificate of Registration – a certificate under seal bearing a registration number, issued to an individual, by the PRC, upon recommendation by the BOA, signifying that the individual has complied with all the legal and procedural requirements for such issuance including, in appropriate cases, having successfully passed the CPA licensure examination A certificate of registration shall be issued to examinees who pass the CPA licensure examination subject to payment of fees prescribed by the PRC. The Certificate of Registration shall bear the signature of the chairperson of the PRC and the chairman and members of the BOA, stamped with the official seal of the PRC and of the BOA, indicating that the person named therein is entitled to the practice of the profession with all the privileges appurtenant thereto. The said certificate shall remain in full force and effect until withdrawn, suspended or revoked. Professional Identification Card – a card with validity of 3 years bearing the registration number, date of issuance with an expiry date, due for periodic renewal, duly signed by the Chairperson of the PRC issued by the PRC to a registered CPA upon payment of the annual registration fees for 3 years Certificate of Registration – has no expiry; shall remain in full force until/unless withdrawn, suspended or revoked Professional Identification Card – subject to expiry; renewable every 3 years Grounds for Refusal to Issue Certificate of Registration and Professional ID: The BOA shall not register and issue a certificate of registration and professional identification card to any successful examinee due to the following grounds: a. Convicted by a court of competent jurisdiction of a criminal offense involving moral turpitude or b. Guilty of immoral and dishonorable conduct or c. Of unsound mind The BOA shall not register either, any person who has falsely sworn, or misrepresented himself/herself in his/her application for examination. Registration shall not be refused and a name shall not be removed from the roster of CPAs on conviction for a political offense (or for an offense, in the opinion of the BOA, that does not disqualify a person from practicing accountancy) Suspension and Revocation of Certificates of Registration Identification Card and Cancellation of Special Permit: The BOA shall have the power, upon due notice and hearing, to: and Professional AUDITING THEORY REVIEW NOTES a. Suspend or revoke the practitioner‘s certificate of registration and professional identification card b. Suspend him/her from the practice of his/her profession c. Cancel his/her special permit Causes or Grounds for Suspension/Revocation/Cancellation: a. Convicted by a court of competent jurisdiction of a criminal offense involving moral turpitude or b. Guilty of immoral and dishonorable conduct or c. Of unsound mind d. Any unprofessional or unethical conduct e. Malpractice f. Violation of any of the provisions of this Act and its IRR g. Violation of the CPA‗s Code of Ethics and the technical and professional standards of practice for CPAs Reinstatement, Reissuance and Replacement of Revoked or Lost Certificates: The BOA may, after the expiration of 2 years from the date of revocation of a certificate of registration and upon application and for reasons deemed proper and sufficient, reinstate the validity of a revoked certificate of registration and in so doing, may, in its discretion, exempt the applicant from taking another examination. Ownership of Working Papers: All working papers, schedules and memoranda made by a CPA and his staff in the course of an examination, including those prepared and submitted by the client, incident to or in the course of an examination, by such CPA, except reports submitted by a CPA to a client shall be treated confidential and privileged and remain the property of such CPA in the absence of a written agreement between the CPA and the client, to the contrary, unless such documents are required to be produced through subpoena issued by any court, tribunal, or government regulatory or administrative body. Working papers – owned/property of the CPA/Practitioner Practitioner must observe the rule on confidentiality (subject to certain exceptions such as production of documents through subpoena issued by any court, tribunal, or government regulatory or administrative body). Accredited Professional Organization (APO) – PICPA: All registered CPAs whose names appear in the roster of CPAs shall be united and integrated through their membership in a one and only registered and accredited national professional organization of registered and licensed CPAs, which shall be registered with the SEC as a nonprofit corporation and recognized by the BOA, subject to the approval by the PRC. The members in the said integrated and accredited national professional organization shall receive benefits and privileges appurtenant thereto upon payment of required fees and dues. Membership in the integrated organization shall not be a bar to membership in any other association of CPA. Continuing Professional Education (CPE) Program: Rationale: Voluntary compliance with the CPE program is an effective and credible means of ensuring competence, integrity and global competitiveness of professional in order to allow them to continue the practice of their profession. CPE Objective: a. To provide and ensure the continuous education of a registered professional with the latest trends in the profession brought about by modernization and scientific and technological advancements; b. To raise and maintain the professional's capability for delivering professional services; c. To attain and maintain the highest standards and quality in the practice of his profession; d. To make the profession globally competitive; and e. To promote the general welfare of the public. AUDITING THEORY REVIEW NOTES Continuing Professional Education (CPE) – refers to the inculcation assimilation and acquisition of knowledge, skills, proficiency and ethical and moral values, after the initial registration of a professional that raise and enhance the professional's technical skills and competence CPE program – consists of properly planned and structured activities, the implementation of which requires the participation of a determinant group of professionals to meet the requirements of voluntarily maintaining and improving the professional standards and ethics of the profession All CPAs shall comply with the rules and regulations on CPE. PRC CPE Council: The PRC CPE Council was created to assist BOA in implementing the CPE program. 1. Composition of PRC CPE Council: a. 1 Chairperson (the chairperson shall be chosen from among the members of BOA by the BOA members themselves) and b. 2 members (1) First member – the president or, in his absence or incapacity, any officer chosen by the Board of Directors of PICPA (2) Second member – the president, or in his absence or incapacity, any officer of the organization of deans or department heads of schools, colleges or universities, offering the degree requiring licensure examination (BSA); or shall be appointed by the PRC from 3 recommendees of the BOA concerned. Such recommendees shall be well-known academicians. 2. Term of office of CPE Council members: a. Chairperson – co-terminus with his/her incumbency in the PRC b. First member – co-terminus with his/her incumbency as officer of the PICPA c. Second member – co-terminus with his/her incumbency as officer of the organization of deans or department heads of colleges or universities offering BSA degree CPE Program: Program activities and sources of accreditation: a. Seminars b. Conventions c. Masteral degree and doctoral degree d. Authorship e. Self-directed learning package f. Post-graduate/in-house training g. Resource speaker h. Peer reviewer i. CPE provider j. CPE program, activities or sources CPE credit units: 60 credit units for 3 years Minimum of 15 credit units shall be earned in each year. Exemption from CPE requirement: 1. Permanent exemption: Upon reaching the age of 65 years old 2. Temporary exemption: If the following conditions are met: a. During their stay abroad for at least 2 years immediately prior to the date of renewal; and b. Working or practicing his/her profession or furthering his/her studies abroad Seal and Use of Seal: All licensed CPAs shall obtain and use a seal of a design prescribed by the BOA bearing the registrant‘s name, registration number and title. AUDITING THEORY REVIEW NOTES The auditor‘s reports shall be stamped with said seal, indicating therein his/her current Professional Tax Receipt (PTR) number, date/place of payment when filed with government authorities or when used professionally. Foreign Reciprocity: A person not a citizen of the Philippines may be allowed to practice accountancy in the Philippines: Where there is foreign reciprocity (in accordance with provisions of existing laws, international treaty obligations including mutual recognition agreements entered into by the Philippine government with other countries) Upon presentation of proof that his country admits citizens of the Philippines to the practice of accountancy without restriction Coverage of Temporary or Special Permits: Special / temporary permit may be issued by the BOA subject to the approval of the PRC and payment of the fees the latter has prescribed and charged thereof to the following Foreign CPAs: a. A foreign CPA called for consultation or for a specific purpose which, in the judgment of the BOA, is essential for the development of the country: Provided, That his/her practice shall be limited only for the particular work that he/she is being engaged: Provided, further, That there is no Filipino CPA qualified for such consultation or specific purposes; b. A foreign CPA engaged as professor, lecturer or critic in fields essential to accountancy education in the Philippines and his/her engagement is confined to teaching only; and c. A foreign CPA who is an internationally recognized expert or with specialization in any branch of accountancy and his/her service is essential for the advancement of accountancy in the Philippines. Penal Provisions: Any person who shall violate any of the provisions of this Act or any of its IRR shall, upon conviction, be punished by: Fine – not less than P 50,000.00, or Imprisonment – for a period not exceeding 2 years, or Both AUDITING THEORY REVIEW NOTES PRELIMINARY ENGA GEMENT ACTIVITIES (PRE-PLANNING ACTIVITIES) Purpose of Preliminary Engagement Activities: Preliminary engagement activities assist the auditor in identifying and evaluating events or circumstances that may adversely affect the auditor‘s ability to plan and perform the audit engagement. Such activities help ensure that: a. There are no issues with client management‘s integrity that may affect the willingness to continue the engagement b. The auditor maintains the necessary independence and ability to perform the engagement c. There is no misunderstanding with the client as to the terms of the engagement Preliminary Engagement Activities: 1. Perform procedures regarding acceptance or continuance of the client relationship Acceptance or selection procedures – in case of initial audit (prospective/new client) a. Evaluate integrity of the client‘s management Evaluation of management integrity is necessary to avoid association with clients whose management lacks integrity. Most of litigations involving CPAs are due to lack of integrity of client‘s management. Lack of management integrity usually results to high audit risk. Factors to consider in evaluating client‘s integrity: Identity, attitude and business reputation of the client (such as its principal owners, key management or those charge with corporate governance, and related parties, if any) Nature of the client‘s operations Indications of an inappropriate limitation in the scope of work Involvement in money laundering or other criminal activities The reasons for the proposed appointment of the CPA firm or auditor and nonreappointment of the previous CPA firm or auditor (1) Investigate/research the client’s background Internet searches Review the entity‘s financial statements Consider engaging professionals/investigators to evaluate the principals associated with the prospective client Obtain credit ratings and reports, if necessary (2) Inquiring from other firm personnel or third parties (such as bankers, legal counsel/advisors, industry peers and others in the financial or business community who may have knowledge regarding the client) (3) Communicate with prospective client’s predecessor auditor: Matters to be inquired of or discussed with the predecessor (previous/former) auditor by the incoming/successor auditor: a) Facts/information that might bear on the integrity of the prospective client AUDITING THEORY REVIEW NOTES b) Predecessor auditor‘s understanding as to the reasons for the change of auditors c) Any disagreement between the predecessor auditor and the client regarding accounting principles or auditing procedures or other similarly significant matters d) Communication to management, the audit committee, and those charged with governance regarding fraud, illegal acts by the client, and matters relating to internal control. Under the Code of Ethics for CPAs, the successor auditor has the responsibility to initiate communication with the predecessor auditor. However, the communication requires prior client‘s permission/consent (preferably in writing) to avoid violation of confidentiality principle. If the client is unwilling to agree to such communication (communication is not permitted by the client or the client limits the responses of the predecessor auditor), the successor auditor should: Consider the implications of such refusal/limitation, and Decide whether or not to accept the engagement. Auditability of client‘s financial statements – determine whether the auditor will be able to accumulate sufficient appropriate audit evidence to render an opinion on the financial statements by considering: a. The adequacy of accounting records b. Quality of internal control High level of public scrutiny and media interest The financial health of the client Ability to pay audit fees b. Other Considerations: Continuance or retention procedures – in case of recurring audit (or existing client) To ensure the audit firm‘s continuing compliance with acceptance and continuance procedures, existing clients should be evaluated once a year or upon occurrence of the following: Changes in management, directors or ownership Nature of client‘s business 2. Evaluate compliance with ethical requirements, including independence a. Independence – The CPA firm or auditor shall identify, evaluate and respond to any threat to independence The CPA firm or auditor must be independent of the client whose financial statements are subject to audit. Audit opinion is not credible or of little or no value if the auditor is not independent. b. Professional competence – determine if the CPA firm or auditor has the necessary skills and competence Professional accountants should not portray themselves as having the required expertise which they do not possess. The auditor should obtain preliminary understanding of prospective client‘s business and industry to determine whether the auditor has the required degree of competence. If the auditor does not possess the industry expertise, he should obtain knowledge of matters that relate to the nature of the entity‘s business and industry. AUDITING THEORY REVIEW NOTES c. Ability to serve the client properly – the CPA firm or auditor must have capability, time and resources to perform the audit Examples: Availability of appropriately qualified staff when the work is required The firm is able to complete the engagement within the reporting deadline (proximity of the deadline) Consider the need for expert‘s assistance and any conflicts of interest Firm personnel have knowledge of relevant industries The firm has sufficient personnel with the necessary capabilities and competence. 3. Establish an understanding of the terms of the engagement The CPA firm or auditor shall accept or continue an audit engagement only when: a. The preconditions for an audit are present: (1) Management has used acceptable financial reporting framework (or suitable criteria or appropriate basis for) in the preparation of the financial statements Factors to consider in determining the acceptability of the financial reporting framework: a. The nature of the entity (for example, whether it is a business enterprise, a public sector entity or a not-for-profit organization); b. The purpose of the financial statements (for example, whether they are prepared to meet the common financial information needs of a wide range of users or the financial information needs of specific users); • Financial statements prepared in accordance with a financial reporting framework designed to meet the common financial information needs of a wide range of users are referred to as general purpose financial stateme nts. Financial statements prepared in accordance with a financial reporting framework designed to meet the financial information needs of specific users are referred to as special purpose financial statements. c. The nature of the financial statements (for example, whether the financial statements are a complete set of financial statements or a single financial statement); and d. Whether law or regulation prescribes the applicable financial reporting framework. • Examples of financial reporting frameworks: IFRSs PFRSs IPSASs – International Public Sector Accounting Standards (2) Management agrees to the premise that it has acknowledged and understood its responsibilities If the preconditions for an audit are not present, the auditor shall not accept the proposed audit engagement, unless acceptance is required by law or regulation. Preconditions for an audit are within the control of the entity. b. There is a common understanding between the auditor and management (and, where appropriate, those charged with governance) of the terms of the audit engagement. Agreement on audit engagement terms: AUDITING THEORY REVIEW NOTES The auditor shall agree on the terms of the audit engagement with management or those charged with governance, as appropriate. Such agreed terms shall be recorded in an audit engagement letter or other suitable form of written engagement. Preliminary conference: A preliminary conference with the client is scheduled after the CPA has determined that: The firm is independent The firm is competent to perform the audit The firm can serve the client properly, and The client‘s reputation is one of integrity The terms of engagement are usually agreed with the client during a preliminary conference with the client, and formalized through a signed engagement letter. During the preliminary conference, the auditor and client agree on the following issues: The specific services to be rendered The cooperation and work expected to be performed by the client‘s personnel Expected start and completion dates of the engagement The possibility that the completion date may be changed if unforeseen a udit problems arise if unforeseen audit problems arise if adequate cooperation from client‘s personnel is not received The nature and limitations of the audit engagement An estimate of the fee to be charged for the engagement Engagement letter – an agreement between the CPA firm or auditor and the client for the conduct of the audit. It is a letter from the auditor to the client management, and when signed by the client it serves as a formal written contract between them. Engagement letter documents and confirms the: a. Auditor‘s acceptance of the appointment b. Client‘s acceptance of the terms of the audit engagement c. Responsibilities of both the client management and the auditor d. Arrangements or agreed terms of the engagement (such as the objectives and scope of the audit, the form of any reports, etc.) Importance (primary reason) of an engagement letter: It clarifies the nature of the engagement and the responsibilities of management and those of the auditor. This will help in avoiding or minimizing or resolving future misunderstandings disagreement between the auditor and the client with respect to the engagement. Engagement letter should be sent to the client preferably before the start of the engagement. An engagement letter is normally addressed to whoever hired the CPA. Form and Contents of the Engagement Letter: The form and content of engagement letters may vary for each client. Engagement letters should be adapted according to individual requirements and circumstances of the engagement. Generally, engagement letters should include reference to: 1. Principal Contents: a. Objective and scope of the audit of the financial statements b. Responsibilities of the auditor c. Responsibilities of management d. Identification of financial reporting framework for the preparation of the financial statements e. Reference to any form and content of any reports to be issued by the auditor and a statement that there may be circumstances in which a report may differ from its expected form and content AUDITING THEORY REVIEW NOTES 2. In addition, and audit engagement letter may make reference to, for example: Elaboration of the scope of the audit, including reference to applicable legislation, regulations, PSAs, and ethical and other pronouncements of professional bodies to which the auditor adheres. The form of any other communication of results of the audit engagement The fact that because of the inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some material misstatement may not be detected, even though the audit was properly planned and performed in accordance with the PSAs Arrangements regarding the planning and performance of the audit, including the composition of the audit team Expectation that management will provide written representations The agreement of management to make available to the auditor draft financial statements and any accompanying other information in time to allow the auditor to complete the audit in accordance with the proposed timetable The agreement of management to inform the auditor of facts that may affect the financial statements, of which management may become aware during the period from the date of the auditor‘s report to the date the financial statements are issued. Basis on which fees are computed and any billing arrangements A request for management to acknowledge receipt of the engagement letter and to agree to the terms of the engagement outlined therein 3. Other arrangements, when relevant, such as: Involvement of other auditors and experts in some aspects of the audit Involvement of internal auditors and other staff of the entity Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit Any restriction of the auditor‘s liability when such possibility exists A reference to any further agreements between the auditor and the client Any obligations to provide audit working papers to other parties Audits of Components: Factors to consider whether to send a separate engagement letter to the component when the auditor of the parent company is also the auditor of its component (subsidiary, branch or division): 1. Who appoints the auditor of the component 2. Whether a separate auditor‘s report is to be issued on the component 3. Legal requirements in relation to audit appointments 4. The extent of any work performed by other auditors 5. Degree of ownership by parent, and 6. Degree of independence of the component‘s management from the parent entity Audit Engagement in Recurring Audits: 1. The auditor may decide not to send a new engagement letter or other written agreement each period. 2. The following factors may make it appropriate to send a new engagement letter: a. Revision of the terms of audit engagement because: Any revised or special terms of the engagement A recent change of senior management or those charged with governance A significant change in ownership A significant change in nature or size of the client‘s business A change in legal or regulatory requirements A change in the financial reporting framework adopted in the preparation the financial statements A change in other reporting requirements b. Reminder to the client of the existing terms of the engagement Any indication that the client misunderstands the objective and scope of the audit. Audit procedures when the client requests for a change in engagement: AUDITING THEORY REVIEW NOTES 1. Consider the appropriateness of reasons for the engagement 2. If there is a reasonable justification for the change – stop the original engagement and agree on the new terms of engagement. And then proceed with the new engagement To avoid confusing the users of the new report, do not mention the following in the new report: a. The original engagement b. Any procedures that may have been performed in the original engagement (except where the engagement is changed to an engagement to undertake agreed- upon procedures and thus the reference to the procedures performed is a normal part of the report) 3. If there is no reasonable justification – refuse the client‘s request, and continue to perform the original engagement and issue the original report If the auditor is not permitted to continue the original engagement, the auditor should withdraw from the engagement and consider reportorial responsibilities to the BOD or shareholders of the client. Whether or not to accept a change in engagement: Change in the terms of the audit engagement: The auditor shall not agree where there is no justification/basis for the change in the terms of the audit engagement. Reasonable basis includes: a. A change in circumstances affecting the entity‘s requirements For example, the client's bank required an audit before committing to a loan, but the client subsequently acquired alternative financing. b. A misunderstanding as to the nature of the service originally requested Not a reasonable basis: Change that relates to information that is incorrect, incomplete or otherwise unsatisfactory.For example, the entity asks for the audit engagement to be changed to a review engagement to avoid a qualified opinion or disclaimer of opinion. Change to a lower level assurance engagement: The auditor shall not agree where there is no justification/basis for the change to a lower level assurance engagement. 1. The auditor should agree if there is reasonable basis, such as: a. A change in circumstances affecting the entity‘s requirements or need for the service For example, the client's bank required an audit before committing to a loan, but the client subsequently acquired alternative financing. b. A misunderstanding as to the nature of an audit or related service originally requested c. A restriction on the scope of the engagement, whether imposed by management or caused by circumstances If there is a reasonable change, no reference of the same shall be included in the report. 2. Not agree if there is no reasonable justification – if the change relates to incorrect, incomplete or otherwise unsatisfactory information. For example, in an audit engagement, the auditor is unable to obtain sufficient appropriate audit evidence regarding receivables and the client asks for the engagement to be changed to a revie w engagement to avoid a qualified audit opinion or a disclaimer of opinion. Withdraw from the engagement – if the auditor is unable to agree to the change and is not permitted/allowed to continue the original engagement because of his disagreement AUDITING THEORY REVIEW NOTES AUDIT PLANNING Audit Planning: Audit planning involves establishing the overall audit strategy for the engagement and developing an audit plan, in order to reduce audit risk to an acceptably low level Objective of the auditor in planning the audit: So that the audit will be performed in an effective manner Who are involved in planning the audit: Engagement partner and other key members of the engagement team (because of their experience and insight to enhance the effectiveness and efficiency of the planning process) Benefits/Importance of adequate audit planning: Appropriate attention is devoted to important areas of the audit Potential problems are identified and resolved on a timely basis The audit is performed in an effective and efficient manner The audit engagement is properly organized, staffed and managed The audit is completed expeditiously Assists in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks Assists in the proper assignment of work or proper utilization of assistants Facilitates the direction and supervision and the review of work Assists in coordination of work done by auditors of components and experts Proper utilization of experience gained from previous years‘ engagements and other assignments Nature of Planning: Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. In other words, planning is a continuous function that last throughout the audit. Factors that affect the nature and extent of audit planning: The nature and extent of planning activities will vary according to the following factors: a. The size and complexity of the entity – big companies and companies with more complex operations require more audit planning time b. Changes in circumstances that occur during the audit engagement – for example, expansion of operation because of diversification c. The auditor’s previous experience with and understanding of the entity – more work is required to obtain information regarding a new client than for an existing client Initial audit requires more audit time because the auditor has no previous knowledge or is unfamiliar with the client‘s business, industry and internal control which need to be carefully studied. Recurring audit requires lesser audit time because of auditor‘s previous knowledge of the entity and its industry Whether the audit is initial or recurring, the purpose and objective of audit planning are the same. It is the nature and extent of audit planning that varies. For example, in case of initial audit the auditor may need to expand the planning activities because he does not ordinarily have the previous experience with the entity that is considered when planning recurring audit engagements. Additional considerations in initial audit engagements are necessary such as the need for the auditor to review the predecessor‘s working papers and to perform audit procedures regarding opening balances. d. The composition and size of the audit team Planning stage of audit – the time before fieldwork starts, when the auditor is gathering information about the client and its environment and designing overall audit strategy and audit plan Effect of timing of appointment of auditor on audit planning: AUDITING THEORY REVIEW NOTES The earlier the auditor is appointed, the more efficient the audit plan and performance can be. Thus, early appointment of the auditor allows the auditor to plan a more efficient audit. It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the auditor should consider whether late appointment will pose limitations on the audit that may lead to a qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client. PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT: In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall: 1. Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that guides the development of the more detailed audit plan (Note 1) 2. Develop an audit plan that addresses the various matters identified in the overall audit strategy Audit plan includes a description of: a. The nature, timing and extent of planned risk assessment procedures (Note 2) b. The nature, timing and extent of planned further audit procedures (at the assertion level) – to be performed during testing stage Further audit procedures include: (1) Tests of controls – tests of the operating effectiveness of internal control (2) Substantive tests/procedures – include tests of details and analytical procedures c. Other planned audit procedures (that are required to be carried out to comply with PSAs) AUDIT PLANNING ALSO INVOLVES: 1. Modifying (updating) the overall audit strategy and the audit plan as necessary during the course of the audit Revision is necessary because of: Unexpected events Changes in conditions Audit evidence obtained from the results of audit procedures The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete and or sequential processes, but are closely inter-related since changes in one may result in consequential changes to the other. 2. Planning the nature, timing and extent of direction, supervision of the engagement team members and the review of their work The nature, timing and extent of direction, supervision of audit engagement team members and review of their work depend on the following factors: a. Size and complexity of the entity – Audits of small entities requires lesser (or even no) direction, supervision, and review of the work of assistants b. Area of audit – Difficult aspects of audit demand increased direction, supervision, and a more detailed review of work of assistants. c. Risks of material misstatement – As the assessed risk of material misstatement increases, a given area of the audit, the auditor ordinarily increases the extent and timeliness of direction, supervision and review d. Capabilities and competence of personnel performing the audit work. 3. Other planning considerations: The auditor should consider the work of experts and other independent auditors a. Considering the work of an expert – An expert is a person or firm possessing special skill, knowledge and experience in a particular field or discipline other than accounting and auditing. Examples of work of experts include: Valuation of certain assets (such as precious stones, works of arts, real estate, plant and machinery) Valuation of financial instruments Actuarial valuation Determination of quantities or physical condition of assets such as minerals stored in stockpiles, underground mineral and petroleum reserves, and the remaining useful life of plant and machinery Measurement of % of completion on contracts in progress Legal opinions concerning interpretations of statute and regulations and contracts such as legal documents or legal title to property When determining the need for an expert, the auditor would consider: a. The materiality of the financial statement item being considered b. The risk of misstatement AUDITING THEORY REVIEW NOTES c. The quality and quantity of other audit evidence available b. Considering the work of other independent auditors – applicable when a component of the entity is to be audited by other independent auditor Discussing planned audit procedures with client management: Discussion is allowed to facilitate the conduct and management of the audit engagement (for example, to coordinate some of the planned audit procedures with the work of the client‘s personnel) Discussion should not compromise the effectiveness of the audit (audit procedures should not be too predictable) Audit engagement team discussions : The members of the engagement team should discuss the susceptibility of the entity‘s financial statements to material misstatements. Communication between audit team members is necessary at all stages of the engagement to ensure all matters are appropriately considered. The objective of audit team discussions is to: Share insights based on their knowledge of the entity; Exchange information about business risks; Gain a better understanding of the potential for material misstatements (especially for the audit areas assigned to them); Consider the susceptibility of the entity‘s financial statements to material misstatement due to fraud; Consider application of the applicable financial reporting framework to the entity‘s facts and circumstances; and Understand how the results of the audit procedures performed may affect other aspects of the audit including the decisions about the nature, timing, and extent of further audit procedures. Members of the engagement team have an ongoing responsibility to discuss: Their understanding of the entity to be audited; The business risks to which the entity is subject; Application of the applicable financial reporting framework; and The susceptibility of the financial statements to material misstatements, including fraud. 4. Developing the audit program: The auditor should prepare an audit program. An audit program is a listing of audit procedures (tests of controls and/or substantive tests) that the auditor will perform to gather sufficient appropriate evidence. It sets out in detail the nature, timing and extent of planned audit procedures required to implement the overall audit plan. It is a set of instructions to assistants involved in the audit and as a means to control and record the proper execution of work It provides a proof that the audit was adequately planned It is a basic tool used by the auditor to control the audit work and review the progress of the audit. The form and content of audit program may vary for each particular engagement. The auditor may use standard audit programs or audit completion checklists but should appropriately tailor to suit the circumstances on particular engagement. An audit program at the beginning of the audit process is temporary because a complete audit program for an engagement generally should be developed after evaluation of internal control. Time budget – an estimate of time that will be spent in executing audit procedures listed in the audit program that provides a basis for estimating audit fees and assists the auditor in assessing the efficiency of the assistants 5. The auditor should document the planning activities: Documentation of the following serves as a record/evidence of the proper planning and performance of the audit procedures: a. The overall audit strategy – documentation or record of the key decisions b. The audit plan (including the audit program) – documentation of the planned nature, timing and extent of audit procedures c. Record of: Any significant changes made to the overall audit strategy and the audit plan during the audit Resulting changes to the planned nature, timing and extent of audit procedures Final overall audit strategy and audit plan Appropriate response to the significant changes occurring during the audit AUDITING THEORY REVIEW NOTES The following shall also be documented: a. Discussion among the engagement team b. Key elements of the understanding of the entity, its environment, including internal control c. The identified and assessed risks of material misstatements d. The risks identified, and related controls about which the auditor has obtained an understanding Note 1: Establishing the overall audit strategy involves: a. Identifying the characteristics of the engagement that define its scope Examples: Financial reporting framework (Ex. PFRS) Industry specific reporting requirements (Reports required by industry regulators) Expected coverage of the audit (Ex. Locations and number of components of the entity to be included in the audit) Nature of the control relationships between a parent and its components (this affects how the group is to consolidated) Extent to which components are audited by other auditors Nature of business segments to be audited (this may require the need for specialized knowledge) Reporting currency to be used (may involve foreign currency translation) The need for a statutory audit of standalone financial statements in addition to an audit for consolidation purposes Availability of the work of internal auditors and the extent of the auditor‘s reliance on such work (Note 1.1) The entity‘s use of service organizations Expected use of audit evidence obtained in previous audits (in case of recurring audit), for example, audit evidence related to risk assessment procedures and tests of controls The effect of information technology (IT) on the audit procedures Coordination of audit work with reviews of interim financial information Availability of client personnel and data b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required Examples: Deadlines or timetable for interim and final reporting Organization of meeting with the management to discuss the nature, timing and extent of the audit work Discussion with management regarding the expected type and timing of reports to be issued and other communications, both oral and written, including the auditor‘s report, management letter and communications to those charged with governance Discussion with management regarding the expected communication and status of audit work throughout the engagement Communication with auditors of components Expected nature and timing of communications among engagement tem members Any other expected communications with third parties c. Considering the factors that are significant in directing the engagement team‘s efforts Examples: Determining the appropriate materiality levels (Note 1.2) Preliminary identification of areas where there may be higher risks of material misstatement (Note 1.3) The impact of assessed risk of material misstatement at the overall financial statement level on direction, supervision and review The manner in which professional skepticism is emphasized to engagement team members Management commitment to a sound internal control Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control Importance attached to internal control throughout the entity to the successful operation of the business Significant business developments affecting the entity (such as changes in information technology, changes in key management, acquisitions, mergers and divestments) Significant industry developments (such as changes in industry regulations and new reporting requirements) Significant changes in financial reporting framework (such as changes in accounting standards) AUDITING THEORY REVIEW NOTES Other significant relevant developments (such as changes in the legal environment affecting the entity) d. Considering the results of preliminary engagement activities and, where applicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant, and Examples: Results of previous audit regarding evaluation of internal control, identified weaknesses and action taken to address them The discussion of matters that may affect the audit with firm personnel responsible for performing other services to the entity e. Ascertaining the nature, timing and extent of resources necessary to perform the engagement. Examples: Selection of the engagement team Assignment of audit work to team members (experienced team members are assigned to areas where there may be higher risks of material misstatement Engagement budgeting (more audit time is set aside for areas where there may be higher risks of material misstatement) Benefits of developing the overall audit strategy: Establishing the overall audit strategy assists the auditor in determining the following: a. The resources to deploy for specific audit areas For example: Use of experienced team members for high risk areas Involvement of experts on complex matters b. The amount of resources to allocate to specific audit areas For example: Number of team members assigned to observe the inventory count at material locations Extent of review of other auditors‘ work in the case of group audits Audit budget in hours to allocate to high risk areas c. When these resources are to be deployed Is it at an interim audit stage or at key cut-off dates? d. How such resources are managed, directed and supervised When to hold team briefing and debriefing meetings How engagement partner and manager reviews are expected to take place (for example, on-site or off-site) Whether to complete engagement quality control reviews Note 1.1 – Considering the work of internal auditing/ auditors The external auditor should consider the work of internal auditing in order to minimize audit costs. The auditor should obtain a sufficient understanding of the internal audit function because the work performed by internal auditors may be a factor in determining the nature, timing, and extent of external auditor‘s procedures. Internal auditing can affect the scope of the external auditor‘s audit of financial statements by decreasing the auditor‘s need to perform detailed tests. The tasks that could be delegated to the internal audit staff include preparation of schedules. The auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced by any use made of internal auditing. Considering the work of internal auditing involves two important phases: 1. Making a preliminary assessment of internal auditing – important criteria in assessment of internal auditor‘s: a. Technical competence – personal qualifications and experience as internal auditors b. Objectivity / organizational status – organizational level to which the internal auditor report the results of his work c. Due professional care – proper planning, supervision and documentation of internal auditor‘s work d. Scope of function – nature and extent of internal auditing assignments performed 2. Evaluating and testing the work of internal auditing Note 1.2 – Determining the appropriate materiality levels The auditor shall determine materiality and performance materiality when planning the audit. Concept of materiality: Materiality is the amount (threshold or cut-off point) at which judgment of informed decision makers based on the financial statement may be altered (changed or influenced). An item or information is material if its omission or misstatement could influence the economic AUDITING THEORY REVIEW NOTES decisions of users taken on the basis of the financial statements. In determining appropriate level of materiality, the auditor uses professional judgment using his perception of the needs of reasonable users of the financial statements. Uses of materiality in planning the audit: a. To determine the nature, timing and extent of risk assessment procedures b. To identify and assess risk of material misstatement, and c. To determine the nature, timing and extent of further audit procedures Considering materiality throughout the audit: 1. Planning stage a. To identify and assess risks of material misstatements b. To determine the nature, timing and extent of further audit procedures 2. Testing stage (materiality levels set during audit planning are simply updated/revised if necessary) 3. Completion stage c. To evaluate the effect of uncorrected misstatements, if any, on the financial statements and in forming the opinion in the auditor‘s report Documentation on materiality: Documentation should include the amounts and the factors considered in their determination: a. Materiality level for the financial statements as a whole b. Materiality level or levels for a particular classes of transactions, account balances or disclosures, if applicable c. Performance materiality d. Any revision of materiality levels (a to c) as the audit progresses Qualitative and quantitative considerations: Materiality should address qualitative and quantitative considerations. In some cases, misstatements of relatively small amounts could have a material effect on the financial statements. For example, an illegal payment of an otherwise immaterial amount or failure to comply with a regulatory requirement may be material if there is a reasonable possibility of such payment or failure leading to a material contingent liability, a material loss of assets, or a material loss of revenue. Inverse relationship between materiality and audit procedures/evidence: More evidence will be required for a low peso amount of materiality than for a high peso amount. The lower the tolerable misstatement, the more extensive the required audit procedures. Materiality levels: a. Materiality at financial statement as a whole – it is the smallest aggregate level that could misstate/distort any of the financial statements Also known as materiality threshold or planning materiality or overall materiality Overall materiality is usually expressed as a % of a chosen benchmark (such as profit before tax, total revenues, gross profit, total expenses, total equity or net asset value). Profit from continuing operations is often used for profit-oriented entities except when the profit from continuing operations is volatile. Relevant financial data as source of benchmarks: Prior periods‘ financial statements Annualized interim financial statements Period-to-date financial statements Budgeted financial statements of the current year b. Materiality at assertion level – materiality level for individual or particular class of transactions, account balance, or disclosure where appropriate; this is also known as tolerable misstatement Tolerable misstatement refers to allocated materiality to affected accounts (usually statement of financial position accounts because they are fewer) Account balance – an individual line item in the financial statements, such as cash and cash equivalents, loans and receivable, etc. Class of transactions – type of transaction processed by the client‘s accounting system, such as sales transactions and purchasing transactions Allocation may be done judgmentally or using formal quantitative approaches. Materiality at this level are lesser than the overall materiality level but could reasonably be expected to influence the economic decisions of financial statement users. c. Performance materiality – amount or amounts set by the auditor: AUDITING THEORY REVIEW NOTES At less than materiality for the financial statements as a whole At less than materiality level or levels for particular classes of transactions, account balances or disclosures Purpose of performance materiality: It provides margin to reduce the possibility of undetected misstatements because: a. It reduces to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds the materiality level for the financial statements as a whole b. It reduces to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the particular class of transactions, account balance or disclosure exceeds the materiality level for that particular class of transactions, account balance or disclosure Note 1.3 – Preliminary identification of areas where there may be higher risks of material misstatement a. Risks of material misstatements may be greater for significant non-routine transactions which involves: Greater management intervention to specify the accounting treatment Greater manual intervention for data collection and processing Complex calculations or accounting principles b. Risk of material misstatements may be greater for significant judgmental matters such as: Accounting estimates Revenue recognition may be subject to differing interpretation Required judgment may be subjective or complex or require assumptions about the effects of future events (for example, judgment about fair value) c. Significant risk of relating to risk of material misstatement due to fraud d. There are areas where special audit consideration may be necessary, for example: Existence of related parties and related party transactions Related party transaction – a transfer of resources, services or obligations between related parties, regardless of whether a price is charged The auditor shall inquire of management regarding: a. The identity of the entity‘s related parties (relationships and transactions), including changes from the prior period; b. The nature of the relationships between the entity and these related parties; and c. Whether the entity entered into any transactions with these related parties during the period and, if so, the type and purpose of the transactions. Management‘s use of going concern assumption (financial statements are prepared based on going concern assumption but there is a significant doubt as to the continued existence of the entity) – the auditor shall assess the appropriateness of management‘s use of going concern assumption Note 2: Risk assessment procedures – are audit procedures whose purposes include: a. To obtain understanding of the entity and its environment, including the entity‘s internal control (Note 2.1) b. To identify risks of material misstatements, whether due to fraud or error, at the financial statement and assertion levels (Note 2.2) c. To assess risks of material misstatement (Note 2.3) d. To provide a basis for the identification and assessment of risks of material misstatements e. To provide a basis for designing and implementing responses to the assessed risks of material misstatement Risk assessment procedures include (Note 2.4): 1. Inquiry of management and other firm personnel 2. Analytical procedures 3. Observation and inquiry Note 2.1 – Required understanding of the entity and its environment, including internal control: 1. Understanding of the environment – external factors: a. Relevant industry’s factors – the industry in which the entity operates may give rise to specific risks of material misstatements arising from the nature of the business or the degree of regulation Examples of industry factors: AUDITING THEORY REVIEW NOTES Industry conditions such as the competitive environment, supplier and customer relationships and technological developments Specific examples of industry factors: Market and competition (including demand, capacity, and price competition) Cyclical or seasonal activity Product technology relating to the entity‘s products Energy supply and cost b. Regulatory factors – include the regulatory environment Accounting principles and industry specific practices Regulatory framework for a regulated industry Laws/legislations or regulations that significantly affect the entity‘s operations, including direct supervisory activities Taxation Legal and political environment Government policies currently affecting the conduct of the entity‘s business Environmental requirements affecting the industry and the entity c. Applicable financial reporting framework d. Other external factors affecting the entity – such as general economic conditions, interest rates and availability of financing, and inflation or currency revaluation 2. Entity – internal factors: a. Nature of the entity: An understanding of the nature of an entity enables the auditor to understand the classes of transactions, account balances, and disclosures to be expected in the financial statements. Factors to consider include: Entity‘s operations Ownership and governance structures Types of investments that the entity is making and plans to make Entity structure (locations, subsidiaries, etc.) – complex structures may give rise to risks of material misstatement How the entity is financed How related party transactions are identified and accounted for b. Entity’s selection and application of accounting policies – consider whether accounting policies are: Appropriate for the entity‘s business Consistent with the applicable financial reporting framework, and Used in the relevant industry c. Entity’s objectives and strategies, and those related business risks that may result in risks of material misstatement of the financial statements 1. Objectives – relate to entity‘s mission, vision or values statement 2. Strategies – pertain to operational approaches by which management intends to achieve its objectives 3. Business risks – risks of inability to achieve the objectives The term ―business risk‖ is broader than the risks of material misstatement in the financial statements. Not all business risks give rise to risk of material misstatement. An understanding of business risks increases the likelihood of identifying the risks of material misstatement. However, the auditor does not have a responsibility to identify or assess all business risks. d. Measurement and review of the entity’s financial performance Performance measures, whether external or internal, create pressures on the entity that may motivate management to take action to improve the business performance or to manipulate/misstate the financial statements. e. Internal control – The auditor shall obtain an understanding of internal control relevant to the audit. Internal control is designed, implemented and maintained to address identified business risks that threaten the achievement of any of the entity‘s objectives that concern: 1. The reliability of the entity‘s financial reporting; 2. The effectiveness and efficiency of its operations; and 3. Its compliance with applicable laws and regulations. An understanding of internal control assists the auditor in identifying types of potential misstatements and factors that affect the risks of material misstatement, and in designing the nature, timing, and extent of further audit procedures. Note 2.2 – Identify the risks of material misstatement: Identify risks of material misstatement (inherent risk and control risk) based on understanding the entity and its environment, including the entity‘s relevant internal control. The auditor shall provide reasonable assurance of detecting material misstatements, whether arising from errors or fraud. Risk of material misstatement (RMM) – the risk that the financial statements contain a AUDITING THEORY REVIEW NOTES material misstatement. Components of RMM: The risks of material misstatement are a combination of inherent risk and control risk: 1. Inherent risk – the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming there are no related controls to mitigate such risks Inherent risk may also be described as follows: The concept of inherent risk recognizes that the risk of misstatement is greater for some assertions than for others. Inherent risk is the risk that financial statements are likely to be materially misstated. Examples of inherent risk: Cash is more susceptible to theft than an inventory of coal Complex calculations are more likely to be misstated than simple calculations Estimation transactions, especially if they involve accounting estimates that are subject to significant measurement uncertainty High value inventory (could be easily stolen, thus, there would be an inherent risk relating to the existence assertion) 2. Control risk – the risk that a material misstatement, either individually or when aggregated with other misstatements, that could occur will not be prevented or detected and corrected on a timely basis by the entity‘s internal control Control risk is a function of the effectiveness of the entity‘s internal control. Control risk is the type of risk that the management has the most control over in the short term. Some control risk will always exist because of the inherent limitations of any internal control system. Risk of material misstatement (inherent risk and control risk) cannot be eliminated or controlled by the auditor because these are entity‘s risks that exist independently of t he audit of financial statements. Causes of misstatements of the financial statements: 1. Errors – refer to mistakes or unintentional misstatements or omissions of amounts or disclosures in the financial statements. Examples: Mistakes in gathering or processing data from which FS are prepared Incorrect accounting estimate arising from oversight or misinterpretation of facts Mistake in applying accounting principles 2. Fraud – intentional misstatements or omissions of amounts or disclosures in the financial statements The term ―fraud‖ refers to an intentional act by one or more individuals among management, those charged with governance, employees or third parties, involving the use of deception to obtain an unjust or illegal advantage. The factor that distinguishes fraud from error is whether the underlying action is intentional or unintentional. Two types of Fraud: a. Fraudulent financial reporting (or management fraud) – intentional misstatements committed by members of management or those charged with governance or oversight to render financial statements misleading to deceive users of the financial statements The most serious types of fraud usually involve management. This results from the fact that management is primarily responsible for the design and implementation of internal control in the first place. Fraudulent financial reporting may be accomplished by: Manipulation, falsification, or alteration of accounting records or related supporting documents Misrepresentation in, or intentional omission from, the FS of events/transactions or other significant information Intentional misapplication of accounting principles Examples of techniques used by management are: Recording fictitious journal entries AUDITING THEORY REVIEW NOTES Using inappropriate assumptions in accounting estimate Untimely recognition in the FS of events and transactions Concealing, or not disclosing, facts that could affect the amounts recorded in the FS Manipulation of financial statements occurs when a higher or lower level of earnings is reported than that which actually occurred. It could also take the form of omissions (failure to disclose certain matters) or false statements in the notes and/or other disclosures. The motive may be to raise finances, reach a bonus threshold, inflate the value of the business or simply minimize taxes. b. Misappropriation of assets (employee fraud or defalcation) – theft of assets and is often perpetrated by non-management employees. Examples: Misappropriating collections on accounts receivable Stealing inventory Colluding with a competitor by disclosing technological data in return for payment Payments to fictitious employees or vendors Using the entity‘s assets as collateral for a personal loan The most popular ways to manipulate financial statements involves journal entries and accounting estimates because if manipulation is discovered management can easily deny involvement. A bias in estimates can be attributed to excessive conservatism or optimism. An unsupported journal entry, if discovered, can be characterized as a simple mistake. This differs from strategies such as falsified records that, if discovered by the auditor, would be quite difficult for management to deny. Fraud Risk Factors: Fraud risk factors – conditions that could heighten an auditor‘s concern about risk of material misstatements because they provide clues or red flags to the existence of fraud 1. Incentives/pressures – reasons to commit fraud. A pressure is often generated by immediate needs (such as having significant personal debts or meeting an analyst‘s or bank‘s expectations for profit) that are difficult to share with others. Examples: Management is under pressure to reduce earnings to minimize taxes Management is under pressure to inflate earnings to secure bank financing Meeting analyst‘s or bank‘s expectations for profit Inflating the purchase price of the business Meeting the threshold for a performance bonus Having significant personal debts or poor credit Trying to cover financial losses Being greedy or involved in gambling, drugs, and/or affairs Being under undue peer or family pressure to succeed Living beyond one‘s means Other situations or characteristics, not necessarily financial in nature, include: Enjoying the challenge of beating the system Fearing personal loss of pride, position or status such as when a company is doing poorly Being dissatisfied with a job or wanting revenge against an employer Being emotionally unstable Some of these pressures can easily be identified (such as performance incentive plans). Others are more difficult to identify (such as family or peer pressure, living beyond one‘s means or having a gambling problem). 2. Opportunity (whether perceived or real) – Opportunity pertains to an individual‘s perception that he can commit fraud and that it will not be detected. Potential perpetrators who think they might be detected and charged with a criminal offense would not likely to commit fraud. A poor corporate culture and a lack of adequate internal control procedures can often create the confidence that a fraud could go undetected. Opportunity often emanates from: Poor corporate culture Where a person feels they can take advantage of the trust placed in him or her Knowledge of specific control weakness 3. Attitudes/rationalizations – fraud involves some rationalization to commit fraud or the belief that a crime has not been committed. For example: Some individuals possess an attitude or character to knowingly and intentionally commit AUDITING THEORY REVIEW NOTES a dishonest act Being dissatisfied with pay Feeling underappreciated (such as not getting an expected promotion) Degree of assurance between detection of material fraud and material errors: 1. Fraud is harder to detect than errors: Reasons: a. Fraud may involve sophisticated and carefully organized schemes designed to conceal it. b. Fraud may be accompanied by collusion. 2. Management fraud vs. employee fraud – the risk of not detecting a material misstatement resulting from management fraud is greater than for employee fraud Reasons: Management has the most opportunity to commit fraud, while employees need to exploit weakness in internal control in order to commit fraud. Management has the ability to override or bypass an existing effective internal control. Management can influence the preparation and presentation of financial statements. Conditions and events that may indicate risks of material misstatement: The following are examples of conditions and events that may indicate the existence of risks of material misstatement. The examples provided cover a broad range of conditions and events; however, not all conditions and events are relevant to every audit engagement and the list of examples is not necessarily complete. Operations in regions that are economically unstable, for example, countries with significant currency devaluation or highly inflationary economies. Operations exposed to volatile markets, for example, futures trading. Operations that are subject to high degree of complex regulation. Going concern and liquidity issues including loss of significant customers. Constraints on the availability of capital and credit. Changes in the industry in which the entity operates. Changes in the supply chain. Developing or offering new products or services, or moving into new lines of business. Expanding into new locations. Changes in the entity such as large acquisitions or reorganizations or other unusual events. Entities or business segments likely to be sold. Existence of complex alliances and joint ventures. Use of off-balance-sheet finance, special-purpose entities, and other complex financing arrangements. Significant transactions with related parties. Lack of personnel with appropriate accounting and financial reporting skills. Changes in key personnel including departure of key executives. Weaknesses in internal control, especially those not addressed by management. Inconsistencies between the entity‘s IT strategy and its business strategies. Changes in the IT environment. Installation of significant new IT systems related to financial reporting. Inquiries into the entity‘s operations or financial results by regulatory or government bodies. Past misstatements, history of errors or a significant amount of adjustments at period end. Significant amount of non-routine or non-systematic transactions including intercompany transactions and large revenue transactions at period end. Transactions that are recorded based on management‘s intent, for example, debt refinancing, assets to be sold and classification of marketable securities. Application of new accounting pronouncements. Accounting measurements that involve complex processes. Events or transactions that involve significant measurement uncertainty, including accounting estimates. Pending litigation and contingent liabilities, for example, sales warranties, financial guarantees and environmental remediation Considering compliance with laws and regulations: Non-compliance refers to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations. The auditor should consider compliance with laws and regulations since noncompliance by the entity with laws and regulations may materially affect the financial statements. However, an audit cannot be expected to detect noncompliance with all laws and regulations. Noncompliance is sometimes described as violations of law or regulations or illegal acts. Common examples of non-compliance: AUDITING THEORY REVIEW NOTES Violation of tax laws and environmental laws Occupational safety and health Inside trading of securities Result of non-compliance with laws and regulations: Fines/penalties Damages Threat of expropriation of assets Enforced discontinuation of operations Litigation Auditor‘s responsibility in detecting non-compliance is limited to material direct-effect noncompliance or illegal act. (Reason: Generally, the further removed non-compliance is from the events and transactions that are ordinarily reflected in financial statements, the less likely the auditor is to become aware of or to recognize non-compliance. Responsibility for the compliance with laws and regulations rests with management. This responsibility includes prevention and detection (and correction) of noncompliance with laws and regulations. Indications that noncompliance may have occurred: The entity is under investigation by government departments Payment of fines or penalties. Payments for unspecified services or loans to consultants, related parties, employees or government employees. Sales commissions or agent's fees that appear excessive in relation to those ordinarily paid by the entity or in its industry or to the services actually received. Purchasing at prices significantly above or below market price. Unusual payments in cash, purchases in the form of cashiers' checks payable to bearer or transfers to numbered bank accounts. Unusual transactions with companies registered in tax havens. Payments for goods or services made other than to the country from which the goods or services originated. Payments without proper exchange control documentation. Existence of an accounting system with inadequate audit trail or sufficient evidence. Unauthorized transactions or improperly recorded transactions Media comment Note 2.3 – Assess the identified risks of material misstatement: Factors to consider whether a risk is significant: Whether the risk is a risk of fraud Whether the risk is related to recent significant economic accounting or other developments and, therefore, requires specific attention Complexity of transactions Whether the risk involves significant transactions with related parties The degree of subjectivity in the measurement of financial information related to the risk, especially those involving uncertainty Whether the risk involves significant transactions that are outside the normal course of business for the entity, or that otherwise appear to be unusual Significant risk – an identified and assessed risk of material misstatement that, in the auditor‘s judgment, requires special audit consideration Significant risks often relate to: a. Non-routine transactions – unusual (in size or nature) and infrequent transactions b. Judgmental matters – such as those involving accounting estimates for which there is significant measurement uncertainty Note 2.4 – Risk assessment procedures include: 1. Inquires of management and others within the entity that is likely to assist the auditor in identifying risk of material misstatement due to fraud or error For example, inquiries of management, audit committee, board of directors, internal auditors, inhouse legal counsel, and other client personnel 2. Analytical procedures Analytical procedures – evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data Purpose of preliminary analytical procedures: AUDITING THEORY REVIEW NOTES a. To identify areas that may represent specific risks such as the existence of unusual transactions or events, and amounts, ratios, and trends that may assist the auditor in identifying risks of material misstatements that the auditor may need to investigate further b. To enhance the auditor‘s understanding of the entity‘s business and transactions to help plan the nature, timing, and extent of substantive auditing procedures that will be used to gather audit evidence Analytical procedures performed during audit planning is known as preliminary analytical procedures Analytical procedures involve: a. Analysis of significant ratios and trends or the study of plausible relationships among both financial and non-financial data b. Investigation of fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts by: Inquiries of management Corroboration of management responses, and Applying other appropriate audit procedures Basic premise underlying the use of analytical procedures: The basic premise underlying the use of analytical procedures is that plausible relationships among data may reasonably expected to exist and continue (predictable) in the absence of known conditions to the contrary. The relationship among data should be both: a. Plausible – there is a clear cause and effect relationship among data b. Predictable – reasonably expected to exist and continue in the absence of known conditions to the contrary Generalizations in assessing the predictability of the accounts: Income statements accounts are more predictable than balance sheet accounts. Accounts that are not subject to management discretion are generally predictable. Relationships in a stable environment are more predictable that those in a dynamic or unstable environment. Main purpose of analytical procedures: To assess the overall reasonableness of account balances and transactions Specific purpose/focus/objective of analytical procedures in the three stages of audit: 1. In the planning stage – performed as risk assessment procedures (required/mandatory) to obtain an understanding of the entity and its environment Objective/purpose/focus during planning stage: To enhance the auditor‘s understanding of the entity‘s business and transactions to help plan the nature, timing, and extent of substantive auditing procedures that will be used to gather audit evidence. To identify areas that may represent specific risks (such as unusual transactions and events or abnormal/significant fluctuations in amounts, ratios, or trends) that the auditor may need to investigate further 2. In testing stage – as substantive procedures when their application is, based on the auditors judgment, more effective and efficient than test of details (not required) Objective/purpose/focus during testing stage: To obtain audit evidence to confirm individual account balances 3. In the overall review or completion stage – As an overall review of the financial statements (required) Objective/purpose/focus: To identify a previously unrecognized risk of material misstatement (unusual fluctuations that were not identified in the planning and testing phases of the audit) To confirm conclusions reached with respect to the fairness of the financial statements 3. Observation and inspection – these include: Observation of entity activities and operations Inspection of documents (such as business plans and strategies, records, and internal control manuals) Inspection of reports prepared by management (such as quarterly management reports) and those charged with governance (such as minutes of board of directors‘ meetings) Visit or tour of entity‘s premise/facilities Note 3 – Reducing audit risk to an acceptably low level To reduce audit risk to acceptably low level the auditor shall: a. Assess the risks of material misstatement (inherent and control risk); and AUDITING THEORY REVIEW NOTES b. Limit detection risk. This may be achieved by performing procedures that respond to the assessed risks of material misstatement at the financial statements, class of transactions, account balance and assertion levels. Steps in assessing Audit Risk: 1. Set the desired level of Audit Risk Audit risk – the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated; it is the risk that the auditor may unknowingly fail to modify appropriately the opinion on financial statements that are materially misstated 2. Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if likelihood of misstatement is low Inherent risk – the susceptibility of an assertion to a misstatement that could be material, either individually or when aggregated with other misstatements, assuming there are no related controls to mitigate such risks Sources of assessment include knowledge of entity and its environment and preliminary analytical procedures. 3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control risk if internal control is effective, or high control risk if internal control is not effective Control risk – the risk that a material misstatement, either individually or when aggregated with other misstatements, that could occur will not be prevented or detected and corrected on a timely basis by the entity‘s internal control Sources of assessment include knowledge of internal control and observation and inspection Combined assessment: The auditor usually makes combined assessment of inherent and control risks. If the combined assessment of inherent risk and control risk is high, the auditor should: Place more emphasis on obtaining external evidence Reduce reliance on internal evidence Design more effective substantive procedures 4. Determine the acceptable level of detection risk: The acceptable level of detection risk depends on the assessed level of inherent and control risk (inverse relationship) Detection risk – the risk that the auditor will not detect such a material misstatement that exists/occurs in an assertion Detection risk is a function of the effectiveness of an auditing procedure and its application by the auditor Detection risk is significantly affected by the nature, timing, and extent of the auditor‘s substantive procedures Detection risk is a complement of assurance provided by substantive tests (for example, a 10% detection risk means a 90% assurance of detecting material misstatement) Detection risk can be increased or decreased by the auditor by performing substantive tests but can never be reduced to zero because of the inherent limitations in the procedures carried out, the human judgments required, and the nature of the evidence examined. The auditor uses the Audit Risk Model: Audit Risk = Inherent risk x Control risk x Detection risk Acceptable level of Detection risk = Audit risk Inherent risk x Control risk 5. Design audit substantive tests Auditor‘s reaction to level of detection risk: a. Lower acceptable level of detection risk – higher assurance are to be provided by substantive tests by changing any or combination of the following: Nature – performing more effective substantive procedures Timing – performing substantive procedures at year-end rather than at interim dates (decreases detection risk by reducing the risk for the period subsequent to the performance of those tests) Extent – increasing the extent of substantive tests by using larger sample size b. Higher acceptable level of detection risk – low assurance are to be provided by substantive tests by changing any or combination of the following: Nature – performing less effective substantive procedures Timing – performing substantive procedures at interim dates Extent – decreasing the extent of substantive tests using smaller sample size AUDITING THEORY REVIEW NOTES In summary, the auditor performs audit procedures to assess the risks of material misstatement and seeks to limit detection risk by performing further audit procedures based on that assessment. Summary of relationships among audit risk components: The acceptable level of detection risk for a given level of audit risk bears an inverse relationship to the risks of material misstatement at the assertion level. Therefore: ↑ Risk of material misstatement (inherent risk and control risk), ↓ detection risk that can be accepted, and vice versa. Audit risk and detection risk move in the same direction: ↑ Audit risk, ↑ detection risk, and vice versa The relationship between the risks can also be expressed mathematically in the following formula: Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk Inherent risk and control risk are independent variables while detection risk is a dependent variable. All the components of audit risk cannot be eliminated by the auditor due to the following reasons: a. Inherent risk – some accounts are susceptible to a material misstatement or the risk of such misstatement is greater for some accounts than for others b. Control risk – due to inherent limitations of internal control system c. Detection risk – Use of testing/sampling Use of auditor‘s judgment Even when the auditor conducts 100% examination because audit evidence is persuasive rather than conclusive in nature The components of audit risk that can or cannot be controlled by the auditor: a. Inherent risk and control risk – cannot be controlled because these are entity‘s risk and exist independently of the audit b. Detection risk – can be directly controlled (increased or decreased) by the auditor because detection risk relates to the auditor‘s procedures and can be altered by adjusting the nature, timing, and extent of substantive procedures The relationship between materiality and audit risk: There is an inverse relationship between materiality and the level of audit risk – ↑ materiality level, ↓ audit risk and vice versa. Materiality is directly related to the acceptable level of detection risk. It would lead to most audit work if both audit risk and materiality levels are low. CONSIDERATION OF INTERNAL CONTROL BASIC CONCEPTS AND ELEMENTS OF INTERNAL CONTROL Internal control (IC) – the process designed, implemented and maintained by those charged with governance, management and other personnel to provide reasonable assurance about the achievement of an entity‘s objectives. Essential concepts of internal control: a. Internal control is a process. Internal control is not an end in itself but a means of achieving the entity's objectives. b. Internal control is effected by those charged with governance, management and other personnel. Internal control is accomplished by people at every level of organization. Responsibilities: Management: to design, implement and maintain internal control to assist in achieving the entity's objectives Those charged with governance: to ensure the integrity of accounting and financial reporting systems through oversight of management Staff personnel: to perform their respective functions in order to accomplish the objectives of the entity c. Primary purpose/reason for establishing internal control is to provide reasonable assurance about the achievement of an entity’s objectives. d. Internal control can be expected to provide reasonable assurance of achieving the entity's AUDITING THEORY REVIEW NOTES objectives – this is due to inherent limitations of any system of internal control; although internal control is designed to prevent, detect and correct problems, an effective internal control can only minimize but not eliminate material misstatements, whether due to fraud or error. Inherent limitations of internal control: 1. Management overriding the internal control. 2. Circumvention of internal controls through the collusion among employees. 3. The cost-benefit relationship is a primary criterion in designing internal control, that is, the cost of a control should not exceed its expected benefits. This is known as the concept of reasonable assurance. 4. Most internal controls tend to be directed at routine transactions rather than non-routine transactions. 5. The potential for human error due to carelessness, distraction, mistakes of judgment and the misunderstanding of instructions. Human error may include errors in the design or use of automated controls. 6. The possibility that procedures may become inadequate due to changes in conditions, and compliance with procedures may deteriorate. 7. Segregation of duties may be difficult to achieve in a smaller entity. e. Internal control is designed to help achieve the entity's objectives. Internal control is geared towards the achievement of the entity's objectives. Entity’s objectives: what an entity strives to achieve Categories of entity's objectives: 1. Financial reporting objective – this objective relates to reliability of financial reporting 2. Operational effectiveness objective – this objective is intended to enhance effectiveness and efficiency of operations 3. Compliance objective – this objective relates to entity‘s compliance with applicable laws and regulations Classification of internal control: 1. According to objectives: a. Financial reporting controls – controls to achieve reliability of financial reporting objective b. Operational effectiveness controls – controls to achieve operational effectiveness objective c. Compliance controls – controls to achieve compliance objective There is a direct relationship between the entity‘s objectives and the internal control it implements to provide reasonable assurance about their achievement. Both the entity‘s objectives and controls relate to financial reporting, operations and compliance. 2. According to functions: a. Preventive controls – to deter problems before they arise Examples: Segregation of employee duties Control physical access to assets, facilities and information b. Detective controls – to discover problems as they arise Examples: Preparing bank reconciliation Preparing monthly trial balance c. Corrective controls – to remedy problems discovered with detective controls Example: Maintaining backup copies of transactions and master files Benefits of strong internal control: Reduced cost of an external audit Availability of reliable data for decision-making purposes Protection of important documents and records Assurance of compliance with applicable laws and regulations Internal control objective relevant to the audit: not all entity‘s objectives and internal control are relevant to the auditor‘s risk assessment 1. Relevant to the auditor – financial reporting objective Reasons: It is relevant to the financial statement assertions AUDITING THEORY REVIEW NOTES Pertain to the management of risk that may give rise to material misstatement to financial statements 2. May be relevant to the auditor – operational and compliance objectives are not usually relevant to the audit but may relevant to the auditor only if they relate to data the auditor evaluates to determine the reliability of some financial statement assertions Examples of operational controls that are not normally be relevant to the audit production and staff scheduling, quality control, and employee compliance with health and safety requirements. However, these may be relevant to the auditor if: a. The information produced is used to develop an analytical procedure. For example: Controls pertaining to non-financial data that the auditor uses in analytical procedures, such as production statistics Controls pertaining to detecting non-compliance with laws and regulations that may have a direct and material effect on the financial statements, such as controls over compliance with income tax laws and regulations used to determine the income tax provision b. The information is required for disclosure in the financial statements. Example, Controls to ensure the accuracy of such data to produce statistics that were used as a basis for an analytical procedure Controls for detecting and reporting on non-compliance with certain laws and regulations that has a direct and material effect on the financial statements Controls related to the safeguarding of assets often relate to both operations and financial reporting and objectives. The auditor would generally consider only those controls related to financial reporting, such as controls that limit access to the programs used to process cash disbursements. Components of Internal Control: the interrelated components of internal control represent means used by an entity to help it achieve its objectives (CRIME) Five interrelated and essential components or aspects of internal control: 1. Control environment – the overall tone of the organization 2. Risk assessment – management‘s identification and assessment of risks 3. Information, financial reporting and communication systems – a means of recording transactions and communicating responsibilities 4. Monitoring the controls – assessment of internal control performance over time 5. Existing control activities – control policies and procedures Component 1 – Control Environment: It sets the tone of an organization, influencing the control consciousness of its people. It includes the governance and management functions the attitudes, awareness, and actions of those charged with governance and management concerning the entity‘s internal control and its importance in the entity. It is a set of characteristics that defined good control working relationships in an entity. It is the foundation for effective internal control for it provides an appropriate foundation for other components of internal control. Elements of control environment: 1. Integrity and ethical values – The entity should establish ethical standards. Ethical standards influence the effectiveness of the design, administration and monitoring of controls. 2. Participation by those charged with governance (BOD and audit committee). 3. Management’s philosophy and operating style – Management‘s approach to taking and managing business risks, attitudes and actions toward financial reporting, and attitudes toward information processing and accounting functions and personnel. 4. Assignment of authority and responsibility – How authority and responsibility for operating activities are assigned and how reporting relationships and authorization hierarchies are established. Appropriate methods of assigning responsibility must be implemented to avoid incompatible functions and to minimize the possibility of errors because of too much work load assigned to an employee. 5. Commitment to competence – Management‘s consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge. Competence is the knowledge and skills necessary to accomplish tasks that define the AUDITING THEORY REVIEW NOTES individual‘s job. 6. Personnel or Human resource policies and procedures – The entity must implement appropriate policies for recruitment/hiring, orientation, training, evaluating, counseling, promoting, compensating, and remedial actions because the competence of the entity's employees will bear directly on the effectiveness of the entity's internal control. 7. Organizational structure – The framework within which an entity‘s activities for achieving its objectives are planned, executed, controlled and reviewed. Establishing a relevant organizational structure includes considering key areas of authority and responsibility and appropriate lines of reporting. The appropriateness of an entity‘s organizational structure depends, in part, on its size and the nature of its activities. Component 2 – Risk Assessment: An entity‘s risk assessment for financial reporting purposes is its identification, analysis, and management of risks relevant to the preparation of financial statements that are fairly presented in conformity with generally accepted accounting principles. (Note that this component concerns the assessment by management of risk facing the entity, not the auditor's assessment of control risk.) Matters the auditor should consider are how management: a. Identifies business risks (inherent and residual risks) relevant to financial reporting; b. Estimates the significance of the risks; c. Assesses the likelihood of their occurrence; and d. Decides upon actions to manage them. Component 3 – Information and Communication System: Information and communication systems support the identification, capture, and exchange of information in a timely and useful manner. The auditor shall obtain an understanding of the information system, including the related business processes, relevant to financial reporting, including the following areas: a. The classes of transactions in the entity‘s operations that are significant to the financial statements; b. The procedures, within both information technology (IT) and manual systems, by which those transactions are initiated, recorded, processed, corrected as necessary, transferred to the general ledger and reported in the financial statements; c. The related accounting records, supporting information and specific accounts in the financial statements that are used to initiate, record, process and report transactions; this includes the correction of incorrect information and how information is transferred to the general ledger. d. The records may be in either manual or electronic form; e. How the information system captures events and conditions, other than transactions, that are significant to the financial statements; f. The financial reporting process used to prepare the entity‘s financial statements, including significant accounting estimates and disclosures; and g. Controls surrounding journal entries, including non-standard journal entries used to record nonrecurring, unusual transactions or adjustments. The information system relevant to financial reporting objectives, which includes the accounting system, consists of the methods and records established to record, process, summarize, and report entity transactions (as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting. Communication may take such forms as policy manuals and financial reporting manuals. Open communication channels help ensure that exceptions are reported and acted on. Accounting system: means the series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. The tasks identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events. Component 4 – Control Activities: Control activities are the policies and procedures that help ensure management‘s directives are carried out and that necessary steps to address risks are taken. Control activities address risks that if not mitigated would threaten the achievement of the entity‘s objectives. The auditor should obtain a sufficient understanding of control activities to assess the risks of material misstatement at the assertion level and to design further audit procedures responsive to assessed risks. Categories of Control activities: Categories of specific control activities that may be relevant to an audit: 1. Prenumbering of documents – helps to assure that: AUDITING THEORY REVIEW NOTES a. All transactions are recorded (completeness). b. No transactions are recorded more than once (existence). 2. Authorization of transactions – authorization should occur before commitment of resources 3. Independent checks to maintain asset accountability – independent checks involve the verification of work previously performed by others Examples include: a. Review of bank reconciliations b. Comparison of subsidiary records to control accounts c. Comparison of physical counts of inventory to perpetual records 4. Documentation – provides evidence of the underlying transactions and is a basis for establishing responsibility for the execution and recording of transactions 5. Performance reviews – includes review of the following: a. Reviews and analyses of actual performance versus budgets, forecasts, and prior period performance b. Relating different sets of data to one another, together with analyses of the relationships and investigative and corrective actions (for example, the management of a sports team might use attendance data to ascertain the reasonableness of ticket sales). c. Comparing internal data with external sources of information, and d. Review of functional or activity performance (for example, sales reports, receivable reports, etc., may be used to analyze performance and to identify errors). 6. Information processing controls – ensure that transactions are valid, properly authorized, and completely and accurately recorded a. Application controls – controls which apply to the processing of individual applications Examples of application controls: Checking the arithmetical accuracy of records Maintaining and reviewing accounts and trial balance Automated controls such as edit checks of input data and numerical sequence checks Manual follow-up of exception reports Controls surrounding receivables Controls surrounding payroll b. General controls – which are controls that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. General controls apply to information processing throughout the company. Examples of general controls: Program change controls Controls that restrict access to programs or data Controls over the implementation of new releases of packaged software applications Controls over system software that restrict access to or monitor the use of system utilities that could change financial data or records without leaving an audit trail Controls over data center/network 7. Physical controls – are physical controls for safeguarding assets involve security devices and limited access to programs and to restricted areas, including computer facilities a. Physical segregation and security of assets, including adequate safeguards such secured facilities over access to assets and records. Examples of physical controls: Protective or security devices Bonded or independent custodians Physical and security of assets: Cash – placed in cash boxes, vault or safe deposit boxes Cash – deposited in a bank Inventory – placed in a warehouse PPE items – tagged with non-movable labels b. Authorization for access to computer programs and data files (for example, requiring password prior to access) c. Authorized access to assets and records (such as through the use of computer access codes, prenumbered forms, and required signatures on documents for the removal or AUDITING THEORY REVIEW NOTES disposition of assets) d. Required signatures on documents for the removal or disposition of assets e. Periodic counting and comparison with amounts shown on control records Examples: Comparing the results of cash, security and inventory counts with accounting records Reconciliations f. The extent to which physical controls intended to prevent theft of assets are relevant to the reliability of financial statement preparation, and therefore the audit, depends on circumstances such as when assets are highly susceptible to misappropriation. 8. Segregation of duties – involves ensuring that individuals do not perform incompatible duties. Duties should be segregated such that the work of one individual provides a crosscheck on the work of another individual. A proper segregation of duties (or incompatible functions) requires that one person should not be responsible for all phases of a transaction. It requires assigning different people the responsibilities of: Authorizing transactions Recording transactions – recordkeeping Maintaining custody of assets involved in the transactions This means that different employees authorize transactions in the asset, record the transactions, and have custody of the asset. Segregation of duties is intended to reduce the opportunities to allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of the person‘s duties. Example of segregation of duties: The responsibilities of the treasury department include handling of cash and custody of securities but do not include data processing. Component 5 – Monitoring the Controls: Monitoring is a process that assesses the quality of internal control performance on an ongoing basis. Management‘s monitoring of controls includes considering whether they are operating as intended and that they are modified as appropriate for changes in conditions. Monitoring assesses the effectiveness of the internal control‘s performance over time. The objective is to ensure the controls are working properly and, if not, to take necessary corrective actions. Management accomplishes monitoring of controls through ongoing activities, separate evaluations or a combination of the two. Management‘s monitoring activities may also include using information from external parties such as complaints from customers or comments from regulatory bodies that may indicate problems, highlight areas in need of improvement, or require communications relating to internal control from external auditors. Internal Control in Smaller Entities In smaller entities, there are often few employees, which can limit the extent to which segregation of duties is practicable and the paper trail of documentation available. But internal control still exists. In such entities, the control environment (management‘s commitment to ethical values, competence, attitude toward control, and their day-to-day actions) will be very important to evaluate. This will involve assessing the behavior, attitudes, and actions of management. The presence of a highly involved owner-manager can be both an internal control strength and an internal control weakness. The strength is that the person (assuming his or her competence) will be knowledgeable about all aspects of operations and that it is highly unlikely material errors will be missed. The weakness is that the person is also in a good position to override internal controls. Effect of Information Technology on Internal Control Effect on Internal Control An entity's use of information technology may affect any of the five components of internal control: a. Management's failure to appropriately address IT risks may negatively impact the control environment. b. The use of IT may enhance an entity's risk assessment by providing more timely information. c. Many information and communication systems make extensive use of IT, and the way in which IT AUDITING THEORY REVIEW NOTES is used often affects an entity's internal control. d. Much of the information used in monitoring is provided by IT, and therefore, the accuracy of the IT system is crucial. e. The use of IT may affect the way in which existing control activities are implemented. Also, the effectiveness of user controls may depend upon the accuracy of information provided to the user by IT systems. Manual vs. Automated Controls a. Manual controls may be more appropriate than automated controls in situations where judgment and discretion is required, such as circumstances in which misstatements are difficult to define, anticipate, or predict. b. Manual controls, however, may pose additional risks because they can be more easily ignored or overridden, they are subject to human error, and they are less consistent than automated controls. Testing Automated Controls a. In testing automated controls, the auditor needs to identify and test not just specific application controls but relevant general controls on which the application controls depend. (Application controls and general controls are covered further below.) b. In a manual system, manual controls such as approvals, reviews, and reconciliations are used. In an automated system using information technology, both manual and automated controls may be used; however, even manual controls may be dependent to some extent on the effective functioning of IT. IT Benefits IT is used by an entity to improve the efficiency and effectiveness of its internal control. The auditor should consider the effect of such benefits as part of assessing internal control. Benefits may include: a. The ability to process large volumes of transactions and data accurately and consistently. b. Improved timeliness and availability of information. c. Facilitation of data analysis and performance monitoring. d. Reduction in the risk that controls will be circumvented. e. Enhanced segregation of duties through effective implementation of security controls. IT Risks The use of IT may also create additional internal control risks. The auditor must evaluate the entity's use of IT to determine whether and to what extent the following risks exist: a. Potential reliance on inaccurate systems. b. Unauthorized access to data, which may result in loss of data and/or data inaccuracies. c. Unauthorized changes to data, systems, or programs. d. Failure to make required changes or updates to systems or programs. CONSIDERING INTERNAL CONTROL Considering internal control – involves study and evaluation of internal control Reasons/purpose of the auditor’s study and evaluation of internal control: 1. Primary: to provide a basis for planning the audit to determine the nature, timing, and extent of audit procedures 2. Secondary: to provide a basis for constructive suggestions to management about improvements in internal control structure Steps in consideration of internal control: 1. Obtain sufficient understanding of the internal control relevant to the audit – involves obtaining understanding of the design and operation of internal control relevant to the audit The auditor should use the understanding of the five components of internal control sufficient to evaluate the design and determine if the control has been implemented. While the five components of internal control provide a useful framework for identifying and evaluating controls, the auditor should be more concerned with whether and how a specific control prevents, or detects and corrects, material misstatements, than with the classification of controls into categories. Internal control is relevant to the entire entity and each of the five components of internal control may affect any of the three entity objectives, but not all of an entity's objectives and related controls are relevant to the audit. Generally, those controls that pertain to financial reporting objective are most relevant to the audit; it is primarily those controls that the auditor must consider and understand. The auditor need not assess all controls related to financial reporting, but rather applies professional judgment in determining which controls to assess. AUDITING THEORY REVIEW NOTES a. Evaluate the design of relevant control – involves determining whether the control, individually or in combination with other controls, is capable of effectively preventing or detecting and correcting material misstatements Major emphasis in the design of effective control a. Assets are properly protected b. Duties are segregated c. Transactions are authorized b. Determine whether the control has been implemented – whether the control is placed in operation; a control has been implemented if the control exists and is being used by the entity Procedures to obtain evidence about the design and implementation of controls: Inquiry of entity personnel (inquiry alone is not sufficient) Inspecting documents and records Observing of application of specific controls Performing a ―walk-through‖ test – tracing a transaction through the accounting system, from initial recording to presentation in the financial statements The understanding of internal control is used by the auditor in: Identify types of potential misstatements that can occur Consider factors that affect the risks of material misstatements Determine the nature, timing, and extent of audit procedures 2. Perform preliminary assessment of control risk – the assessment of control risk is based on understanding of internal control a. Assess control risk at a high level: (1) If internal control is poor or not effective, or (2) If it is inefficient to rely on internal control (inefficient to perform tests of controls) Auditor‘s response if control risk is assessed at a high/maximum level: Skip or do not perform tests of controls Rely primarily on substantive tests b. Assess control risk at less than high level: (1) If internal control is effective or reliable, and (2) If it is inefficient to obtain evidence to justify the assessment of control risk at less than high level Note: Even if the internal control is effective, the auditor should assess control risk at a high level if it is inefficient to obtain evidence to justify the assessment of control risk at less than high level. The PSA requires the auditor to document the basis which is the evidence to justify the assessment of control risk at less than high level. Auditor‘s response if control risk is assessed at less than high/maximum level: Perform tests of controls – to confirm operating effectiveness of controls 3. Perform tests of controls – tests of controls are performed when the auditor plans to rely on internal control; the auditor will only test those controls that he plans to rely upon (controls that are likely to prevent or detect and correct material misstatement relevant to the financial statements) Tests of controls – Tests performed to test the operating effectiveness (as to design and operation) of internal controls that are likely to detect or prevent material misstatements in support of a reduced assessed level of control risk. Thus, tests of controls are performed to substantiate the reduced assessed level of control risk Tests performed confirm that the controls tested are working effectively Unlike substantive tests of details, tests of controls are not required audit procedure. The greater the reliance the auditor plans to place on internal control, the more extensive the tests of those controls that need to be performed. Tests of controls generally consist of one (or combination of the following evidence gathering techniques: a. Inquiry AUDITING THEORY REVIEW NOTES b. Observation c. Inspection d. Reperformance a. Results of tests of controls does not confirm effectiveness of controls – the auditor should revise the preliminary risk assessment of control risk from less than high to high level; the auditor should also make the necessary revision on the overall audit strategy, audit plan and preliminary audit program b. Results of tests of controls confirm effectiveness of controls – the auditor may rely on entity‘s internal control and decrease substantive testing Required Documentation: 1. Document the understanding of accounting and internal control systems Form of documentation may vary One form or a combination of forms of documentation may be used at the same time Forms of documentation: 1. Internal control questionnaire – consists of a list of questions on internal control be answered by "Yes" or "No" response. A negative response is designed to draw attention to a possible weakness in internal control. Written explanations are required for "No" answers. 2. Flowcharts – pictorial/symbolic diagram depicting the operation of a program/system or the sequential flow of authority, processes, transactions and documents. The use of standard symbols makes flowcharts easy to understand. a. Systems flowcharts – used to evaluate internal control because it shows the origin of each document in the system, its subsequent processing, and its final disposition b. IT flowcharts – used in evaluating the internal control in an automated/computerized accounting environment. The auditor can use these flowcharts to evaluate both the flow of the program and the internal controls related to the IT function in general. 3. Internal control checklists – a detailed listing of ideal control measures (the auditor tickmarks the controls adopted by the client) 4. Narrative memoranda – a written version of a flowchart. It is a description of the auditor's understanding of the system of internal control. Note that flowcharts are more appropriate for documenting complex control structures, while written narratives are more appropriate for less complex structures. 5. Decision trees or tables – a. Decision trees – are graphic illustrations that depict the logic of an operation or process. They generally employ questions with "Yes" or "No" answers, which direct the user to the next relevant questions. b. Decision tables – are graphic illustrations that depict the logical relationships of a system in table form. Both approaches document the auditor's understanding of a process. 2. Document the assessed level of control risk If the control risk is assessed at a high level, the auditor should document his conclusion that control risk is at a high level. If the control risk is assessed at less than high level, the auditor should document: a. His conclusion that control risk is at less than high level, and b. The basis for that assessment – results of tests of controls confirming the assessment of control risk at below high/maximum level Communicating with those charged with governance and management: The auditor should communicate audit matters of governance interest arising from the audit of financial statements with those charged with governance of an entity. Governance refers to the role of persons entrusted with the supervision, control and direction of an entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its objectives, financial reporting, and reporting to interested parties. Reportable conditions are significant deficiencies/weaknesses in the design or operation of the internal control which have come to the auditor‘s attention that should be reported to the appropriate level of management such as the highest official of the company or those charged with governance (usually to the entity‘s audit committee of the board of directors) in writing, in a formal management letter (the byproduct of the audit engagement) at the earliest opportunity so that appropriate corrective actions may be taken as soon as possible. AUDITING THEORY REVIEW NOTES A deficiency may be of such magnitude as to be considered a material weakness in internal control. A material internal control weakness is a condition in which material errors or fraud would ordinarily not be detected within a timely period by employees in the normal course of performing their assigned functions. No expression of opinion on entity’s internal control: Consideration of internal control in financial statement audit is not sufficient to express an opinion on an entity‘s controls because only those controls on which an auditor intends to rely are reviewed, tested, and evaluated. Moreover, the auditor is not required to identify or search for internal control weaknesses. Internal control weaknesses: Examples of significant weaknesses in internal control include: Weak control environment (such as ineffective oversight, poor attitude toward internal control, or instances found of management override or fraud) Weaknesses in IT general controls. Significant business risks that have not been addressed by policies, procedures or internal controls. Inadequate policies and procedures in place for: Appropriately assessing and applying accounting principles Determining accounting estimates and assessing their reasonableness Preparing the financial statements and the disclosures required, and Safeguarding assets Significant internal control activities or application controls not operating as designed, not applied consistently by appropriate individuals, or not monitored by appropriate individuals. Significant deficiencies previously communicated to management or those charged with governance that remain uncorrected after some reasonable period of time. ASSERTIONS, AUDIT PROCEDURES AND AUDIT EVIDENCE ASSERTIONS AND AUDIT OBJECTIVES Nature of Assertions: Financial statements are not statements of facts. They are a collection of claims and assertions, made implicitly or explicitly by the entity‘s management, about the recognition, measurement, presentation, and disclosure of information in the financial statements. Assertions (or management assertions) are representations by management, explicit or otherwise, that are embodied in the financial statements. These assertions relate to the fairness of presentation of the financial statements, thus, they are directly related to applicable financial reporting framework. Examples of assertions: All the assets exist. (Existence) All sales transactions have been recorded. (Completeness) Inventories are properly valued. (Valuation) All amounts are properly presented and disclosed in the financial statements. (Accuracy) Levels of Assertions: 1. Financial statement level – entity‘s management representation that the financial statements as a whole are presented fairly, in all material respects, in accordance with the applicable financial reporting framework For example, management asserts the financial statements are free from material misstatements. 2. Account balance or class of transactions level – entity‘s management representation that the underlying account balances and class of transactions, including related disclosures, are free of material misstatements For example, when considering the sales balance, management is asserting that sales revenue is complete (completeness assertion), the transactions occurred (occurrence assertion), and transactions have been appropriately recorded in the accounting records (accuracy assertion). Categories of Assertions used by the Auditor: 1. Assertions about classes of transactions and events for the period under audit a. Occurrence – recorded transactions and events have occurred and pertain to the entity AUDITING THEORY REVIEW NOTES b. Completeness – all transactions and events that should have been recorded have been recorded c. Accuracy – amounts and other data relating to recorded transactions and events have been recorded appropriately d. Cutoff (proper period) – transactions and events have been recorded in the correct accounting period e. Classification – transactions have been recorded in the proper accounts 2. Assertions about account balances at the period end a. Existence – assets, liabilities, and equity interests exist b. Rights and obligations – the entity holds or controls the rights to assets, and liabilities are the obligations of the entity c. Completeness – all assets, liabilities and equity interests that should have been recorded have been recorded d. Valuation and allocation – assets, liabilities, and equity interests are included in the FS at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded 3. Assertions about presentation and disclosure a. Occurrence and rights and obligations – disclosed events, transactions, and other matters have occurred and pertain to the entity b. Completeness – all disclosures that should have been included in the financial statements have been included c. Classification and understandability – financial information is appropriately presented and described, and disclosures are clearly expressed d. Accuracy and valuation – financial and other information are disclosed fairly and at appropriate amounts The existence and completeness objectives emphasize opposite audit concerns. Existence deals with overstatements and completeness deals with understatements (such as due to unrecorded transactions). Auditor’s Use of Relevant Assertions: The auditor uses relevant assertions in developing audit objectives that will be the basis for designing audit procedures. Relevant assertions are assertions that have a meaningful bearing on whether an account is fairly stated. For example: Existence assertion, not valuation, is typically relevant to the audit of cash account. The valuation assertion would be relevant to assessing the inventory balance than assessing sales balance. The auditor should use relevant assertions to: a. Consider the types of potential misstatements that may occur Examples include: Does the asset exist? (Existence) Are all sales transactions recorded? (Completeness) Is inventory properly valued? (Valuation) Did the transaction occur? (Occurrence) Are amounts properly presented and disclosed in the financial statements? (Accuracy) b. Assess the risks of material misstatement – The auditor should identify what controls have been implemented to address the relevant assertions. Examples: How does management ensure transactions are recorded? (Completeness) How does management ensure that significant estimates are based on reasonable assumptions and properly recorded in the financial statements? (Accuracy) c. Design audit procedures that are responsive to the assessed risks Examples: If the risk is high that receivables are being overstated, the audit procedures should be designed to specifically address the valuation assertion. When the auditor designs tests of controls, emphasis should be placed on testing controls over the relevant assertions rather than just significant controls. An audit procedure may provide evidence supporting more than one assertion. For example, when an auditor obtains confirmation of inventories held at outside AUDITING THEORY REVIEW NOTES locations, evidence is obtained not just about completeness, but also about the existence of inventory. More than one procedure may be required to fully support an assertion. For example, in order to be reasonably certain that inventory quantities include all inventories on hand at year-end, the auditor should also inspect receiving transactions near year-end for recording in the proper period. Audit Objectives: The auditor develops audit objectives that relate to management assertions about the financial statement components. To achieve audit objectives, the auditor shall design audit procedures and gather sufficient appropriate audit evidence whether the assertions are in accordance with the applicable financial reporting framework. Audit objectives are used to verify management assertions. Thus, there should be proper matching of auditor‘s objectives with management assertions. Types of Audit Objectives: 1. Whether general or specific: a. General audit objectives – are broad objectives of auditing an account balance or class of transactions Examples of general audit objectives include existence, completeness, valuation, classification, cut-off, accuracy, presentation and disclosure, validity, ownership, and overall reasonableness b. Specific audit objectives – audit objectives stated in terms tailored to the specific audit engagement The general audit objectives remain the same for every audit engagement, but the evidence varies, depending on the circumstances. The general audit objectives are applicable to every account balance on the financial statements. After the general objectives are understood, specific objectives for each account balance on the financial statements can be developed. There should be one specific audit objective for each relevant general objective. 2. Whether substantive or compliance a. Substantive audit objectives – objectives that relate to the determination of the validity of assertions on account balances or class of transactions or disclosures found in the financial statements b. Compliance audit objectives – objectives that relate to the degree of entity‘s compliance with relevant controls AUDIT PROCEDURES Based on audit objectives, the auditor should plan and perform audit procedures. Audit procedures are the means for obtaining sufficient appropriate audit evidence to satisfy financial statement assertions and to support audit opinion on the fairness of the financial statements. They are the detailed instructions for the collection of a particular type of evidence that is to be obtained during the audit. Since audit procedures are performed to verify management assertions, they would differ depending on the particular assertion or account audited. Primary Purpose of Audit Procedures: Audit procedures are performed to gather necessary (not all) corroborative evidence to achieve audit objectives in order to result to sufficient appropriate audit evidence on the fairness of the presentation of the entity‘s financial statements. Audit procedures distinguished from audit standards and audit techniques: Audit standards – measure of the quality of the audit performance; they are set by the AASC, thus, they remain the same from one audit engagement to another Audit procedures – performed to meet the audit standards; determined by the auditor, thus, they vary from audit to audit; although they vary from audit to audit, the auditor should perform relevant essential audit procedures provided by the audit standards (PSAs) AUDITING THEORY REVIEW NOTES Audit techniques – methods used by the auditor or the details of the audit procedures; they also vary from audit to audit Nature, Timing and Extent of Audit Procedures: a. Nature of an audit procedure – refers to: (1) Its purpose (i.e., test of controls or substantive procedure) and (2) Its type (i.e., inspection, observation, inquiry, confirmation, recalculation, reperformance, or analytical procedures) When RMM is assessed at high level it affects the types of audit procedures to be performed and their combination. b. Timing of an audit procedure – refers to when to perform the audit procedure, or the period or date to which the audit evidence applies Audit procedures are normally performed: a. Early in the accounting period being examined b. Throughout the accounting period being examined, but with emphasis of the transactions near the end c. Within one to three months after the close of the accounting period Audit procedures performed before period end are known as interim work. The nature and timing of the audit procedures to be used may be affected by the fact that some of the accounting data and other information may be available only in electronic form or only at certain points or periods in time. c. Extent of an audit procedure – refers to the quantity to be performed or the extent of testing or the number of items to be examined (for example, a sample size, or the number of observations of a control activity) Audit Procedures for Obtaining Audit Evidence: 1. Risk assessment procedures – procedures to obtain an understanding of the entity and its environment, including its internal control, in order to identify and assess the risks of material misstatement (RMM) Risk assessment procedures include: a. Inquiry of management and other personnel b. Analytical procedures (as a planning tool) c. Observation and inspection Risk assessment procedures alone do not provide audit evidence sufficient to support an audit opinion. Risk assessment procedures must be supplemented by tests of controls, when necessary, and substantive procedures. 2. Further audit procedures – The auditor shall design and perform audit procedures whose nature, timing, and extent are based on and are responsive to the assessed RMM at the assertion level. Further audit procedures are actually audit procedures classified according to purpose In designing the further audit procedures to be performed, the auditor shall: (1) Consider the assessed RMM (2) Obtain more persuasive audit evidence the higher the auditor‘s assessment of risk by: a. Increasing the quantity of evidence; or b. Obtain evidence that is more relevant or reliable (such a obtaining third party evidence or by obtaining corroborating evidence from a number of independent sources) Auditor’s responses to assessed risks of material misstatements (RMM) include both: a. Overall responses – The auditor shall design and implement overall responses to address the RMM at the financial statement level. Overall responses may include: Emphasizing to the audit team the need to maintain professional skepticism Assigning more experienced staff or those with special skills or using experts Providing more supervision Incorporating additional elements of unpredictability in the selection of further audit procedures to be performed AUDITING THEORY REVIEW NOTES Making general changes to the nature, timing, or extent of audit procedures (such as performing substantive procedures at the period end instead of at an interim date) Overall responses affect auditor‘s general approach: Substantive approach – an approach whose emphasis is on substantive procedures Combined approach – an approach that uses both tests of controls and substantive procedures b. Further audit procedures Further audit procedures include: (1) Tests of controls (compliance tests) – audit procedures designed to evaluate the operating effectiveness of relevant controls in preventing, or detecting and correcting material misstatements at the assertion level In designing and performing tests of controls, the auditor shall obtain more persuasive audit evidence the higher/greater reliance the auditor places on the effectiveness of a control. Test of controls, although not intended to detect material misstatements, may provide evidence that a misstatement is likely to occur. When to perform tests of controls: a. When the auditor intends to rely on the operating effectiveness of relevant controls in determining the nature, timing and extent of substantive procedures; or Tests of controls are performed only on those controls that the auditor has determined are suitably designed to prevent, or detect and correct, a material misstatement in an assertion. b. When substantive procedures alone cannot provide sufficient appropriate evidence at the assertion level For example, an entity conducts its business using IT and no documentation of transactions is produced or maintained, other than through the IT system. Dual purpose test: The auditor may design a test of controls to be performed concurrently with a test of details on the same transaction. Although the purpose of a test of controls is different from the purpose of a test of details, both may be accomplished concurrently by performing test of controls and test of details on the same transaction, also known as a dual-purpose test. (2) Substantive procedures – audit procedures designed to detect material misstatements at the assertion level Other best descriptions: Substantive procedures may also be described as audit procedures that are designed to: Detect material peso/monetary errors or fraud Substantiate the validity of management's assertions regarding the financial statements. Thus, substantive procedures are sometimes called validation procedures because they provide evidence about the existence of misstatement. Gather evidence in respect to all material classes of transactions, account balances, and disclosures. Be performed in response to the assessment of the risks of material misstatement at the assertion level, which includes the results of tests of controls, if any. In other words, substantive procedures are performed in response to the planned level of detection risk. Substantive procedures are mandatory: Irrespective of the assessed risks of material misstatement, substantive procedures are required for all relevant assertions related to each material class of transactions, account balance, and disclosure. This requirement reflects the fact that: a. The auditor‘s assessment of risk is judgmental and so may not identify all risks AUDITING THEORY REVIEW NOTES of material misstatement; and b. There are inherent limitation to internal control Substantive testing cannot be eliminated. However, it may be reduced by auditor‘s reliance on entity‘s effective internal control. Nature, timing and extent of substantive tests: When internal control is not reliable, the auditor will have to perform extensive substantive tests. Thus, the result of test of controls is a major factor in determining the nature, timing and extent of substantive tests. 1. Nature: relates the quality of audit evidence (performing more effective or less effective audit procedures) 2. Timing: also relates to the quality of evidence (performing the audit procedures at year-end or at interim date) 3. Extent: relates to the quantity of audit evidence (using larger sample size or smaller sample size) Reliance on substantive tests: The reliance placed on substantive tests in relation to the reliance placed on internal control has an inverse relationship. Types of substantive procedures: Whether or not to use substantive analytical procedures or to perform tests of details of transactions and balances, the auditor usually consider the relative effectiveness and efficiency of the tests. 1. Tests of details – examining or obtaining audit evidence on the actual details of account balance, class of transactions, and disclosure The objective of tests of details is to substantiate or identify misstatements in the recorded amounts. Directional testing – refers to the direction of an audit test a. Tracing – if the auditor starts from original source documents and traces forward to the accounting records, this tests the assertion of completeness. This helps the auditor identify understatement errors. b. Vouching – If the auditor starts from the accounting records and vouches backwards to the original source documents, this tests the assertion of existence or occurrence. This helps the auditor identify overstatement errors. a) Test of details of transactions – testing of transactions which give rise to the ending balance of a given account; these involve examining authorization, recording and posting of transactions (such as examining receipts or disbursements of Cash account) Applicability of test of details of transactions: It is used when the account being substantiated has relatively few or smaller volume of transactions of relatively material amounts occurring during the year (for example, PPE, intangibles, bonds payable and stockholders‘ equity accounts) Test of transactions are often performed several months prior to the balance sheet date. Tests of details of transactions primarily involve tracing and vouching. b) Tests of details of balances – direct testing of accounts ending balance Tests of details of balances focus on obtaining evidence directly about an account balance. More types of evidence are obtained using tests of details of balances than by using any other type of test. Test details of balances is usually the most costly to perform. Applicability of test of details of balances: For accounts whose balances are affected by large volume transactions of relatively immaterial amounts (such as cash, accounts receivable and inventories). AUDITING THEORY REVIEW NOTES If an account has a high turnover rate with many transactions occurring during the year, the auditor generally will concentrate more on the ending balance total. It is used when the auditor is satisfied that internal control is strong. 2. Substantive analytical procedures – these are analytical procedures performed during testing phase to substantiate predictable relationships among both financial and non-financial data Analytical procedures are evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data. Analytical procedures generally involve comparisons of recorded amounts to independent expectations developed by the auditor. The application of planned analytical procedures is based on the expectation that relationships among data exist and continue in the absence of known conditions to the contrary. Analytical procedures will result to circumstantial evidence rather than conclusive evidence. Results of substantive analytical procedures would entail additional tests to be performed. Analytical procedures are the audit tests that are usually the least costly to perform. Applicability of substantive analytical procedures: Generally more applicable to large volume of transactions that tend to be predictable over time Not required substantive procedures during testing phase (but are required during audit planning and final or overall review stages) When appropriate, they are used on accounts that are predictable and plausible. Limitations of analytical procedures: Since analytical procedures are based on expected plausible relationships among data, differences do not necessarily indicate errors or fraud, but simply indicate the need for further investigation. Changes in an account, changes in accounting principle, and inherent differences between industry norms and the client all contribute to fluctuations in expected amounts. Audit Procedures According to Types: The following procedures, individually or in combinations, may be used as risk assessment procedures, test of controls, or substantive procedures, depending on the context in which they are applied by the auditor: 1. Inspection – consists of examining records or documents (whether internal or external, in paper form, or other media), or a physical examination of an asset For example, an inspection of records or documents for evidence of authorization is a test of controls. 2. Observation – consists of viewing/looking at a process or procedure being performed by others. Examples: Observation of the counting of inventories by the entity‘s personnel Observation of the performance of control activities that leave no audit trail 3. External confirmation – represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form, or by electronic or other medium Confirmation is a specific type of inquiry that involves the process of obtaining a representation of information or of an existing condition about account balances and transactions or events directly from independent third parties. Confirmations are controlled by the auditor because the auditor: a. Selects the parties to be contacted b. Prepares and mails the confirmation requests, and c. Receives the confirmation replies directly from the third parties AUDITING THEORY REVIEW NOTES External confirmations frequently are relevant when addressing assertions associated with certain account balance and their elements. However, they are not restricted to account balances only. Examples of external confirmation: Confirmation of accounts receivable balances: a. Positive confirmation – customers should reply whether or not they agree with their respective balances; it is considered more effective than negative confirmation b. Negative confirmation – customers should reply if there are discrepancies Bank confirmation of account balances (including amount of loan outstanding) Suppliers‘ confirmation of accounts payable Confirmation from lenders Inventory confirmation when inventory is under custody and control of a third party Confirmation from lawyers or financiers who have custody over client‘s property title deeds Confirmations of the terms of agreements or transactions an entity has with third parties Confirmation about the absence of certain conditions, for example, the absence of a ―side agreement‖ that may influence revenue recognition d. Recalculation (computation) – consists of checking the mathematical accuracy (manually or electronically) of documents or records Examples: Auditor‘s recalculation of depreciation, interest expense or earnings per share e. Reperformance – involves the auditor‘s independent execution of procedures or controls that were originally performed (by the client‘s staff) as part of the entity‘s internal control f. Analytical procedures – consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data Analytical procedures also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. g. Inquiry – consists of seeking information of knowledgeable persons, both financial and non-financial, within the entity or outside the entity. Inquiry is used extensively throughout the audit in addition to other audit procedures. Inquiries may be formal written inquiries or informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. Evidence obtained from inquiry can be gathered with every type of audit test. In respect of some matters, the auditor may consider it necessary to obtain written representation from management and, where appropriate, those charged with governance to confirm responses to oral inquiries. Audit Techniques: The auditor applies audit techniques (methods) to gather corroborative evidence and uses his professional judgment to determine which audit techniques would best result to the audit evidence he needs. Examples of audit techniques: 1. Confirm – to obtain information directly from an independent third party 2. Inspect – to obtain evidence through physical examination 3. Count – physical examination of assets (such as cash count or petty cash count) 4. Compare – technique used after count of assets; also used to compare current period balances with those of prior periods 5. Inquire – asking questions, whether oral or written, directed to the client or to third parties 6. Trace – to determine whether transactions supported by source documents are properly recorded and posted 7. Vouch – examine and authenticate of underlying evidential papers 8. Verify – to prove the accuracy of extensions, footings, postings, ownership and existence 9. Reconcile – to bring into agreement information obtained from two groups of related, but independent, figures Reconciliation involves comparing financial amounts from two independent sources for agreement, such as: AUDITING THEORY REVIEW NOTES Reconciling the cash balance per the books with the balance per bank Reconciling the physical inventory count with the perpetual inventory records Reconciling lead schedules to general ledger amounts 10. Analysis of accounts – to detail the composition of an account or to detail the individual debits and credits in the account in a chronological sequence 11. Review – perform to obtain evidence of authoritative documentation to support certain transactions 12. Extend – to prove the accuracy of multiplications (on invoices, payroll records, etc.) 13. Foot – to prove the accuracy of vertical or horizontal additions 14. Scan – looking for evidence of unusual amounts/items, which, if found, would be further investigated Scanning may also be considered an analytical procedure, as the auditor uses professional judgment to search for large, significant, or unusual items in the accounting records. AUDIT PROGRAM An audit program is a detailed listing of the nature, timing and extent of planned audit procedures (tests of controls and/or substantive tests) that the auditor will perform to gather sufficient appropriate evidenced. It is a set of instructions to assistants involved in the audit and as a means to control and record the proper execution of work. AUDIT EVIDENCE The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining reasonable assurance or sufficient appropriate audit evidence to reduce audit risk at acceptably low level thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion. Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating audit evidence. The auditor shall conclude whether sufficient appropriate audit evidence has been obtained based on his professional judgment. Audit Evidence, Defined: Audit evidence refers to all the information used by the auditor in arriving at the conclusions on which the audit opinion is based. Thus, audit evidence supports the opinion and the auditor's report. Sometimes called as evidential matter, it is the main output/product of performing audit procedures. Audit Evidence Relationship with Assertions: Audit evidence comprises both: a. Information that supports and corroborates management's assertions, and b. Information that contradicts such assertions. Nature of Audit Evidence: Audit evidence includes both information contained in the accounting records underlying the financial statements and other information: 1. Accounting records (Underlying data) – accounting records/data prepared by the client‘s personnel and from which financial statements are prepared a. Records of initial accounting entries b. Supporting records, such as checks and records of electronic fund transfers, invoices and contracts c. General and subsidiary ledgers d. Journal entries and other adjustments to the financial statements that are not reflected in formal journal entries e. Records such as worksheets and spreadsheets supporting cost allocations, computations, reconciliation and disclosures 2. Corroborating evidence – corroborating information that are used by the auditor to verify the fairness of the accounting records AUDITING THEORY REVIEW NOTES a. Documents (such as checks, bank statements, contracts and minutes of meetings) b. Information/evidence from other sources such as: Previous audits Quality control procedures for client acceptance and continuance Confirmations from third parties Industry analysts‘ reports Comparable data about competitors (benchmarking) Client written representation c. Information obtained by he auditor from audit procedures such as inquiry, observation, inspection and computation d. Other information developed by, or available to, the auditor that permits the auditor to reach conclusions through valid reasoning Types of Audit Evidence: 1. Physical evidence – obtained by physical examination of assets (such as count of stock certificates in support of stock investment account or observation of client‘s processes or procedures) 2. Mathematical recomputations – auditor‘s recomputation of the accuracy of client‘s computations such as depreciation, amortization, doubtful accounts, etc. 3. Documentation – examination of the supporting documents of recorded transactions and balances appearing in the financial statements 4. Representation by third parties (or confirmation) – a document originating from independent outside party and sent directly to the auditor 5. Representation by client personnel – statements from client personnel in response to queries posed by the auditor 6. Results of analytical procedures 7. Internal control – existence of effective internal control may be regarded as a strong evidence of the validity of the accounts and amounts found in the financial statements 8. Subsequent events – they provide additional evidence regarding conditions that already existing on the balance sheet that and affect accounting estimates Sources of audit evidence: Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. However, it may also include information obtained from other sources such as: Previous audits (where the auditor performs audit procedures to establish its continuing relevance) Firm's quality control procedures for client acceptance and continuance Audit evidence may come from: a. Internal sources (inside the entity) – generated internally, such as evidence existing within the accounting records, minutes of meetings, or a management representation b. External or independent sources (outside the entity) – for example, confirmations from third parties analysts‘ reports, and comparable data about competitors (benchmarking data) c. Direct knowledge of the auditor Audit evidence may also come from: a. Information obtained from testing the accounting records (accounting records are an important source of audit evidence) – for example, through analysis and review, reperforming procedures followed in the financial reporting process, and reconciling related types and application s of the same information b. Non-financial original records Audit evidence may include information prepared using the work of a management‘s expert. In some cases the absence of information (for example, management's refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. Information to Be Used as Audit Evidence When designing and performing audit procedures, the auditor shall consider the relevance and reliability of the information to be used as audit evidence. AUDITING THEORY REVIEW NOTES When information to be used as audit evidence has been prepared using the work of a management's expert, the auditor shall, to the extent necessary, having regard to the significance of that expert's work for the auditor's purposes: a. Evaluate the competence, capabilities and objectivity of that expert; b. Obtain an understanding of the work of that expert; and c. Evaluate the appropriateness of that expert's work as audit evidence for the relevant assertion. When using information produced by the entity, the auditor shall evaluate whether the information is sufficiently reliable for the auditor's purposes, including as necessary in the circumstances: a. Obtaining audit evidence about the accuracy and completeness of the information; and b. Evaluating whether the information is sufficiently precise and detailed for the auditor's purposes. Sufficient Appropriate Audit Evidence: The auditor shall design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence. 1. Sufficiency – the measure of the quantity or amount of audit evidence that the auditor shall accumulate Sufficiency is determined based on the auditor‘s professional judgment. Audit evidence is sufficient if there is enough of it to afford a reasonable basis for an audit opinion on the financial statements. Factors affecting sufficiency of audit evidence: Auditor‘s judgment as to the quantity of audit evidence is influenced by: a. Auditor‘s assessment of the risks of misstatement – the higher the assessed risks, the more audit evidence is likely to be required For example, as risk of material misstatement increases in Accounts Receivable, audit evidence required also increases. b. Quality or competence of audit evidence – the higher the quality, the less may be required. Obtaining more audit evidence, however, may not compensate for its poor quality. c. Materiality of item being examined – more material amounts, more evidence to support its validity d. Experience gained during previous audit may indicate the amount of evidence taken before and whether such evidence was enough e. Type of information available Merely obtaining more audit evidence may not compensate for audit evidence of lower quality. The auditor should exercise professional judgment and professional skepticism in evaluating the sufficiency and appropriateness of audit evidence to support the audit opinion. The sufficiency and appropriateness of audit evidence are interrelated. 2. Appropriateness – measures the quality of audit evidence, that is, its relevance and its reliability in providing support for the conclusions on which the auditor's opinion is based a. Relevance – deals with the logical connection with, or bearing upon, the purpose of audit procedures and the assertion under consideration Audit evidence is considered relevant if it pertains to the assertions being evaluated or to the specific audit objective being tested. For example: Obtaining audit evidence relating to the physical existence of inventory is not relevant in obtaining audit evidence relating to the valuation of inventory. Accounts receivable confirmations are relevant to the existence of receivables, but not to their valuation (i.e., a customer can confirm that a receivable exists, but this does not necessarily imply that the customer has the intent or the ability to pay). The relevance of information to be used as audit evidence may be affected by the direction of testing. A given set of audit procedures may provide audit evidence that is relevant to certain assertions, but not to others. AUDITING THEORY REVIEW NOTES Obtaining audit evidence regarding a particular assertion, for example, the existence of inventory, is not a substitute for obtaining audit evidence regarding another assertion. Audit evidence from different sources or of a different nature may often be relevant to the same assertion. b. Reliability – objectivity of evidence Reliability of evidence is influenced by: Its source (external or internal) Its nature (visual, documentary, or oral) The circumstances under which it is obtained Where relevant, the controls over its preparation and maintenance Generalizations about the reliability of audit evidence: 1. The reliability of audit evidence is increased when it is obtained from knowledgeable independent sources outside the entity. Examples of information from sources independent of the entity may include confirmations from third parties, analysts' reports, and comparable data about competitors (benchmarking data). 2. The reliability of audit evidence that is generated internally is increased when the related controls, including controls over its preparation and maintenance, imposed by the entity are effective. (Effective internal control provides more reliable audit evidence than ineffective internal control.) 3. Audit evidence obtained directly by the auditor is more reliable than evidence obtained indirectly or by inference. For example, observation of the application of a control is more reliable than inquiry about the application of a control). 4. Audit evidence in documentary form (whether paper, electronic, or other medium) is more reliable than evidence obtained orally. For example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation of the matters discussed. 5. Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles. The above generalizations should be considered in determining which evidence is persuasive or least persuasive. Generalizations about reliability are subject to important exceptions, for example, even when the information to be used as audit evidence is obtained from sources external to the entity, circumstances may exist that could affect its reliability (such as if the source is not knowledgeable or a management‘s expert may lack objectivity). More assurance is ordinarily obtained from consistent audit evidence obtained from different sources or of a different nature than from items of audit evidence considered individually. Hierarchy of reliability of evidence: (from most reliable to least reliable) 1. Direct evidence or personal observation and knowledge (such as physical observation) 2. Externally generated evidence sent directly to the auditor (such as confirmations from banks and customers and bank statements and cut-off bank statements received from banks) 3. Externally generated evidence kept by the client (such as vendor‘s invoices, bank statements received from the client) 4. Internally generated evidence circulated externally (such as sales invoices from sale to customers and paid checks and cost allocations) 5. Internally generated evidence not circulated externally (such as purchase requisitions, customer‘s order and cost allocations) 6. Oral evidence AUDITING THEORY REVIEW NOTES Persuasive Evidence: Audit evidence is persuasive if it is sufficient both in quantity and quality to support audit opinion. Thus, sufficiency and appropriateness of audit evidence are the determinants of persuasiveness of audit evidence. The auditor may need to rely on audit evidence that is persuasive rather than conclusive. However, to obtain reasonable assurance, the auditor must not be satisfied with audit evidence that is less than persuasive. Cost-benefit considerations: The auditor should consider the relationship between the cost of obtaining audit evidence and the usefulness of the information obtained. The valid bases for omitting an audit test/procedure for which there is no alternative are: a. Relative risk (or inherent risk) involved b. Relationship between the cost of obtaining audit evidence and the usefulness of the information obtained c. Degree of reliance on the relevant internal controls (or Assessment of control risk at a low level) Difficulty and expense involved in testing a particular item is not a valid basis for an auditor of deciding to omit an audit procedure. Information produced by a management expert as audit evidence: A management expert is an individual or organization possessing expertise in a field other than accounting or auditing, whose work in that field is used by the entity to assist the entity in preparing the financial statements. When information to be used as audit evidence has been prepared using the work of a management‘s expert, the auditor shall, to the extent necessary, having regard to the significance of that expert‘s work for the auditor‘s purposes: 1. Evaluate the competence, capabilities and objectivity of that expert a. Competence – relates to the nature and level of expertise of the management‘s expert b. Capability – relates to the ability of the management‘s expert to exercise that competence in the circumstances c. Objectivity – relates to the possible effects that bias, conflict of interest or the influence of others may have on the professional or business judgment of the management expert Sources of information regarding competence, capabilities and objectivity of a management‘s expert: Personal experience with previous work of that expert Discussions with that expert Discussions with others who are familiar with that expert‘s work Knowledge of that expert‘s qualifications, membership of a professional body or industry association, license to practice, or other forms of external recognition Published papers or books written by that expert An auditor‘s expert, if any, who assists the auditor regarding the information produced by the management expert 2. Obtain an understanding of the work or field of expertise of that management’s expert Aspects of the management‘s expert‘s filed relevant to the auditor‘s understanding may include: Whether that expert‘s field has areas of specialty within it that are relevant to the audit. Whether any professional or other standards, and regulatory or legal requirements apply. What assumptions and methods are used by the management‘s expert, and whether they are generally accepted within that expert‘s filed and appropriate for financial reporting purposes. The nature of internal and external data or information the auditor‘s expert uses AUDITING THEORY REVIEW NOTES 3. Evaluate the appropriateness of that expert’s work as audit evidence for relevant assertion The auditor shall consider: a. The relevance and reasonableness of that expert‘s findings or conclusions, their consistency with other audit evidence, and whether they have been appropriately reflected in the financial statements; b. If the expert‘s work involves use of significant assumptions and methods, the relevance and reasonableness of those assumptions and methods; and c. If that expert‘s work involves significant use of source data the relevance, completeness, and accuracy of that source data Evaluating the Sufficiency and Appropriateness of Audit Evidence: Based on the audit procedures performed and the audit evidence obtained, the auditor shall evaluate before the conclusion of the audit whether the assessments of the RMM at the assertion level remain appropriate. Factors affecting sufficient appropriate audit evidence: The auditor‘s judgment as to what constitutes sufficient appropriate audit evidence is influenced by such factors as the following: Significance of the potential misstatement in the assertion and the likelihood of its having a material effect on the financial statements. Effectiveness of management‘s responses and controls to address the risks. Experience gained during previous audits with respect to similar potential misstatements. Results of audit procedures performed, including whether such audit procedures identified specific instances of fraud or error. Source and reliability of the available information. Persuasiveness of audit evidence. Understanding of the entity and its environment, including internal control. AUDIT SAMPLING Definition of terms: Sampling – testing of less than 100% of the items within a population to form a conclusion about the population Audit sampling – applying audit procedures to less than 100% of the items within an account balance or class of transactions, such that all sampling units have a chance of selection, to form a conclusion about the balance or class Error – either control deviations, when performing tests of control, or misstatements, when performing substantive procedures. Total error – either the rate of deviation (in case of tests of control) or total misstatement (in case of substantive procedures) Anomalous error – means an error that arises from an isolated event that has not recurred other than on specifically identifiable occasions and is therefore not representative of errors in the population Sampling risk – the possibility that the auditor‘s conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure. Non-sampling risk – arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, most audit evidence is persuasive rather than conclusive, the auditor might use inappropriate procedures, or the auditor might misinterpret evidence and fail to recognize an error. Population – the entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions. For example, all of the items in an account balance or a class of transactions constitute a population. A population may be divided into strata, or sub-populations, with each stratum being examined separately. The term population is used to include the term stratum. Confidence levels – the mathematical complements of sampling risks Sampling unit – the individual items constituting a population, for example checks listed on deposit slips, credit entries on bank statements, sales invoices or debtors‘ balances, or a monetary unit Stratification – the process of dividing a population into subpopulations, each of which is a group of sampling units which have similar characteristics (often monetary value) AUDITING THEORY REVIEW NOTES Tolerable error – a. Tolerable error amount – in substantive procedures, it is the maximum total error in a population that the auditor is willing to accept b. Tolerable deviation rate – in tests of control, it is the maximum rate of deviation from the prescribed control procedure the auditor is willing to accept without changing control risk assessment or planned reliance on internal control. Expected error – a. Expected error amount – in substantive tests, it is the auditor's best estimate of the amount of error the auditor expects to find in the population b. Expected deviation rate – in tests of control, it is the auditor's best estimate of the rate of deviation from a prescribed control procedure in the population Whether audit sampling is a required: Audit sampling is not required part of any audit procedure because when designing audit procedures, the auditor should determine appropriate means of selecting items for testing as follows: a. Selecting all items (100% examination) b. Selecting specific items from a population judgmentally based on such factors as knowledge of the client‘s business, preliminary assessments of inherent and control risks, and the characteristics of the population being tested (subject to non-sampling risk) Specific items selected: High value or key items that exhibit some other characteristic (for example, items that are suspicious, unusual, particularly risk-prone or that have a history of error) All items over a certain amount. The auditor may decide to examine items whose values exceed a certain amount so as to verify a large proportion of the total amount of an account balance or class of transactions. Items to obtain information. The auditor may examine items to obtain information about matters such as the client‘s business, the nature of transactions, accounting and internal control systems. Items to test procedures. The auditor may use judgment to select and examine specific items to determine whether or not a particular procedure is being performed. c. Audit sampling: Sampling is essential throughout audits as auditors attempt to gather sufficient appropriate evidence in a cost efficient manner. When to use audit sampling: Where an auditor has no special knowledge about likely misstatements contained in account balances and transactions When the auditor believes that the sample is to be a good representative of the population (account balances and transactions) Situations where sampling may not apply: Sampling concepts generally do not apply to: a. Risk assessment procedures performed to obtain an understanding of internal control. b. Tests of automated application controls when effective general controls are present. (Generally, such controls would only be tested once or a few times.) c. Analyses of security and access controls, or other controls that do not provide documentary evidence of performance (e.g., controls related to segregation of duties). d. Some tests related to the operation of the control environment or the accounting system (e.g., examination of the effectiveness of activities performed by those charged with governance). Lists procedures that do not involve sampling: a. Inquiry and observation b. Analytical procedures c. Procedures applied to every item in a population d. Tests of controls where application is not documented e. Procedures from which the auditor does not intend to extend a conclusion to the remaining item in the account f. Untested balances Approaches to audit sampling: 1. Statistical sampling – any approach to sampling that has the following characteristics: a. Random selection of a sample; and b. Use of probability theory to evaluate sample results, including measurement of sampling risk AUDITING THEORY REVIEW NOTES In statistical sampling, auditors specify the sampling risk they are willing to accept and then calculate the sample size that provides that degree of reliability. Results are evaluated quantitatively. Statistical sampling measures quantitatively the risk from testing only part of an audit population. a. Advantages of statistical sampling: Conclusions may be drawn in more precise ways when using statistical sampling because it enables the auditor to: a. Measure the sufficiency of the audit evidence obtained. b. Provide an objective basis for quantitatively evaluating sample results. c. Design an efficient sample. d. Quantify sampling risk so as to limit/control risk to an acceptable level. b. Random sample selection: Random sample selection methods should be used in statistical sampling. Such methods give all items in the population an equal chance to be included in the sample to be audited. 2. Nonstatistical sampling – the sample size is not determined mathematically. Auditors use their judgment in determining sample size, and sample results are evaluated judgmentally. Conclusions may be drawn in more precise ways when using statistical sampling methods. It is acceptable for auditors to use either or combination of statistical and nonstatistical sampling. Both sampling approaches involve judgment in planning, executing the sampling plan, and evaluating the results of the sample. Both sampling approaches can provide sufficient competent evidence. Sampling methods are used by auditors in both control testing and substantive testing. Basic distinction between statistical sampling and nonstatistical sampling: Statistical sampling is a mathematical approach to inference, whereas nonstatistical sampling is a more subjective approach. Auditor’s professional judgment: Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional judgment. The auditor must exercise professional judgment in both statistical and nonstatistical sampling to: a. Define the population and the sampling unit; b. Select the appropriate sampling method; c. Evaluate the appropriateness of audit evidence; d. Evaluate the nature of deviations or errors; e. Consider sampling risk; and f. Evaluate the results obtained from the sample and project those results to the population. Types of sampling: Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of transactions and balances (usually, variables sampling). In both attributes sampling and variables sampling, the plans may be either nonstatistical or statistical. 1. Attribute sampling – estimates the quality characteristic of a population; it estimates the rate of deviation for internal controls that the auditor decides to rely upon Applicability of attribute sampling: primarily used for test of controls because attribute sampling deals with estimating deviation from internal control procedures 2. Variables sampling – estimates the numerical quantity of a population Applicability of variable sampling: typically used in substantive testing of account balances because variables sampling deal with peso balances Sampling risk: The possibility that the auditor‘s conclusion, based on a sample may be different from the conclusion reached if the entire population were subjected to the same audit procedure. The risk that the sample is not representative of the population and that the auditor's conclusion will be different from the conclusion had the auditor examined 100% of the population. The possibility that even though a sample is properly chosen, it may not be representative of the population. Two types of sampling risk: 1. Risk that affects audit effectiveness and may lead to an inappropriate audit opinion (“Beta risk” or “Type II error‖) – the risk the auditor will conclude that: a. In the case of a test of control, that control risk is lower than it actually is, or AUDITING THEORY REVIEW NOTES b. In the case of a substantive test, that a material error does not exist when in fact it does 2. Risk affects audit efficiency as it would usually lead to additional work to establish that initial conclusions were incorrect (“Alpha risk” or “Type I error”) – the risk the auditor will conclude that: a. In the case of a test of control, that control risk is higher than it actually is, or b. In the case of a substantive test, that a material error exists when in fact it does not Aspects of audit risk: (Sampling risk and Nonsampling risk) 1. Sampling risk: aspects of audit risk that are due to sampling; the risk or the possibility that, when a test of controls or a substantive test is restricted to a sample, the auditor's conclusions may be different from the conclusions which would have been reached had the tests been applied to all items in the account balance or class of transactions a. Sampling risks in substantive testing: (Risk of incorrect acceptance and risk of incorrect rejection) 1) Risk of incorrect acceptance – the risk that the recorded account balance (based on the sample) is not materially misstated when in fact it is materially misstated (i.e., sample results fail to identify an existing material misstatement). This means that the auditor wrongly concludes material error in an account balance does not exist when in fact it does. 2) Risk of incorrect rejection – the risk that the recorded account balance (based on the sample) is materially misstated when in fact it is not materially misstated (i.e., sample results mistakenly indicate a material misstatement). This means that the auditor wrongly concludes that material error in an account balance exists when in fact it does not. b. Sampling risks in tests of controls: (Risk of assessing control risk to low and Risk of assessing control risk to high) a. Risk of assessing control risk too low – the risk that the assessed level of control risk (based on the sample) is lower than the true level of control risk (i.e., sample results indicate a lower deviation rate than actually exists in the population). This means that the auditor wrongly concludes that the control risk is low or that client’s internal control system can be relied upon. b. Risk of assessing control risk too high – the risk that the assessed level of control risk (based on the sample) is higher than the true level of control risk (i.e., sample results indicate a greater deviation rate than actually exists in the population). This means that the auditor wrongly concludes that the control risk is high or that the client’s internal control system cannot be relied upon. Analysis of sampling risks: Aspects of sampling risks Risk of incorrect acceptance Risk of incorrect rejection Risk of assessing control risk too low Risk assessing of Auditor’s wrong conclusion Not materially misstated when in fact materially misstated Effect on audit work because of wrong conclusion Performance of less extensive substantive tests Materially misstated when in fact not materially misstated ↓ CR than actual CR – internal control is reliable Additional work (performance of unnecessary more extensive substantive tests) Performance of tests of controls and less extensive substantive tests ↑ CR than actual CR – internal Additional work (because non- Sacrificed Effectiveness of the audit because it may lead to inappropriate opinion due to inappropriate less extensive substantive tests Efficiency of the audit because of unnecessary additional work Effectiveness of the audit because it may lead to inappropriate opinion due to inappropriate less extensive substantive tests Efficiency of the audit because of unnecessary AUDITING THEORY REVIEW NOTES control risk too high control is not reliable performance of tests of controls would lead to the performance of unnecessary more extensive substantive tests additional work 2. Nonsampling risk: all aspects of audit risk that are not due to sampling. Nonsampling risk is the possibility that auditors will arrive at an erroneous conclusion not because of the chosen sample but due to other factors. Nonsampling risk is always present and cannot be measured. Nonsampling risk can be controlled by adequate planning and supervision of audit work and proper adherence to quality control standards. Examples of nonsampling risk: The auditor might use/select inappropriate procedures (audit procedures that are not appropriate to achieve a specific objective) The auditor might misinterpret evidence or the results of audit tests and fail to recognize an error (for example, failure by the auditor to recognize misstatements in documents examined) Sampling risk and non-sampling risk can affect the components of audit risk. For example, when performing tests of control, the auditor may find no errors in a sample and conclude that control risk is low, when the rate of error in the population is, in fact, unacceptably high (sampling risk). Or there may be errors in the sample which the auditor fails to recognize (nonsampling risk). Types of statistical plans: 1. Attribute sampling – sampling in tests of controls Attribute sampling is a statistical sampling method used to estimate the rate (%) of occurrence (exception) of a specific characteristic or attribute. Samples taken to test the operating effectiveness of controls are intended to provide a basis for the auditor to conclude whether the controls are being applied as prescribed. Attribute sampling generally deals with yes/no questions. For example, "Are time cards properly authorized (i.e., to assure recorded hours were worked)?", or "Are invoices properly voided (e.g., stamped "paid") to prevent duplicate payments?" Attribute sampling models: a. Discovery sampling – a special type of attribute sampling appropriate when the auditor believes the population deviation rate is zero or near zero. It is used when the auditor is looking for a very critical characteristic or deviations (e.g., fraud). The auditor predetermines the desired reliability (confidence) level (e.g., 95%) and the maximum acceptable tolerable rate (e.g., 1%), and a table is then used to determine sample size. If no deviations are found in the sample, the auditor can be 95% certain that the rate of deviation in the population does not exceed 1%. If deviations are found, a regular attribute sampling table may be used to estimate the deviation rate in the population, and audit procedures may need to be expanded. b. Stop-or-go sampling (sequential sampling) – is designed to avoid oversampling for attributes by allowing the auditor to stop an audit test before completing all steps. It is used when few errors are expected in the population. Sequential sampling separates the sampling process into several states. After a step, the auditor determines if it is warranted to accept or increase the preliminary level of control risk. 2. Variables sampling – sampling in substantive tests: a. Probability-proportional-to-size (PPS) sampling – sampling technique where the sampling unit is defined as an individual peso in a population. Once a peso is selected, the entire account (containing that peso) is audited. It is a sampling plan that automatically stratifies the population. b. Classical variables sampling – a statistical sampling method used to estimate the numerical measurement of a population, such as a peso value (e.g., accounts receivable balance). This sampling method is used primarily in substantive testing. The objective of variables sampling is to obtain evidence about the reasonableness of monetary amounts. The auditor estimates the true value of the population by computing a point estimate of the population and computing a AUDITING THEORY REVIEW NOTES precision interval around this point estimate. Classical variables sampling measures sampling risk by using the variation of the underlying characteristic of interest. Three commonly used classical variables sampling: 1. Mean-per-unit estimation – a sampling plan that uses the average value of the items in the sample to estimate the true population value (i.e., estimate = average sample value x number of items in population). MPU does not require the book value of the population to estimate true population value. 2. Ratio estimation – a sampling plan that uses the ratio of the audited (correct) values of items to their book values to project the true population value. Ratio estimation is a highly efficient technique when the calculated audit amounts are approximately proportional to the client's book amounts. 3. Difference estimation – a sampling plan that uses the average difference between the audited (correct) values of items and their book values to project the actual population value. Difference estimation is used instead of ratio estimation when the differences are not nearly proportional to book values. Comparison of PPS sampling to classical variables sampling 1. 2. 3. 4. 5. 6. Advantages of PPS sampling Generally easier to use Size of sample not based on variation of audited amounts Automatically results in a stratified sample Individually significant items are automatically identified Usually results in a smaller sample size if no misstatements are expected Can be easily designed and sample selection can begin before the complete population is available Advantages of classical variables sampling 1. May result in a smaller sample size if there are many differences between audited and book values 2. Easier to expand sample size if that becomes necessary 3. Selection of zero balances does not require special sample design considerations 4. Inclusion of negative balances does not require special sample design considerations Factors influencing determination of sample size for tests of control and substantive procedures: Factor Tests of control Expected deviation rate Substantive procedures Assessed level of IR and CR Relationshi p to sample size Direct Required sample size ↓ ↑ Smaller Larger ↓ Lower ↑ Higher Acceptable level of detection risk Direct ↓ Lower ↑ Higher Reliance on other substantive procedures Inverse ↑ Higher ↓ Lower Expected error Direct ↓ Lower ↑ Higher Analysis The higher the auditor‘s assessment of inherent risk and control risk, the larger the sample size needs to be. Higher inherent risk and control risk imply that a lower detection risk is needed to reduce the audit risk to an acceptable low level, and lower detection risk can be obtained by increasing sample size. The more the auditor is relying on other substantive procedures to reduce to an acceptable level the detection risk, the less assurance the auditor will require from sampling and, therefore, the smaller the sample size can be. The higher the rate of deviation that the auditor expects, the larger the sample size needs to be so as to be in a position to make a reasonable estimate of AUDITING THEORY REVIEW NOTES the actual rate of deviation. The greater the amount of error the auditor expects to find in the population, the larger the sample size needs to be in order to make a reasonable estimate of the actual amount of error in the population. The more assurance the auditor intends to obtain from accounting and internal control systems, the lower the auditor‘s assessment of control risk will be, and the larger the sample size will need to be. The greater the degree of confidence that the auditor requires that the results of the sample are in fact indicative of the actual incidence of error in the population, the larger the sample size needs to be. The lower the rate of deviation that the auditor is willing to accept, the larger the sample size needs to be. The lower the total error that the auditor is willing to accept, the larger the sample size needs to be. The more assurance the auditor intends to obtain from accounting and internal control systems, the lower the auditor‘s assessment of control risk will be, and the larger the sample size will need to be. This is a sampling risk and sampling risk is reduced by increasing the sample size. The greater the degree of confidence that the auditor requires that the results of the sample are in fact indicative of the actual incidence of error in the population, the larger the sample size needs to be. This is a sampling risk and sampling risk is reduced by increasing the sample size. For large populations, the actual size of the population has little, if any, effect on sample size. For small populations however, audit sampling is often not as efficient as alternative means of obtaining sufficient appropriate audit evidence. Degree/level of intended reliance Tolerable deviation rate Degree/level of confidence Direct ↓ Lower ↑ Higher Tolerable error Inverse and indirect ↑ Higher ↓ Lower Inverse ↑ Higher ↓ Lower Inverse ↑ Higher ↓ Lower Risk of assessing control risk too low Risk of incorrect acceptance Number of items in the population Negligible effect, that is, virtually no effect on sample size unless the population is very small. In other words, population size is not an issue provided the population is large. When the deviation in the sample is at the expected deviation rate or less, the auditor can continue using his planned assessment of control risk. If it happens to be greater than expected, reassessment of risk is necessary. Usually, an increase in such should be made. The stronger the internal control, the lower the control risk, the lower the tolerable deviation rate. Principal sample selection methods: Appropriate sample selection methods could reduce sampling risk. a. Random-number sampling – use of a computerized random number generator or random number tables. AUDITING THEORY REVIEW NOTES b. Systematic selection – the number of sampling units in the population is divided by the sample size to give a sampling interval regardless of the amount involved (for example 50, and having determined a starting point within the first 50, each 50th sampling unit thereafter is selected). c. Haphazard selection – the auditor selects the sample without following a structured technique, but the method is intended to avoid or predictability (for example avoiding difficult to locate items, or always choosing or avoiding the first or last entries on a page) and thus attempt to ensure that all items in the population have a chance of selection. Haphazard selection is not appropriate when using statistical sampling. Other sample selection methods: 1. Value-weighted selection – sets the high-value items as priority to be included in the sample 2. Block selection – involves selecting a block(s) of contiguous items from within the population. Block selection cannot ordinarily be used in audit sampling because most populations are structured such that items in a sequence can be expected to have similar characteristics to each other, but different characteristics from items elsewhere in the population. 3. Stratification – grouping of items of similar size and each group is treated as a separate population. For example, assume 1,000 items are stratified into two groups: the 100 largest items will all be examined individually, but sampling techniques will be applied to the remaining 900 items. In this case, the population size for the sampling application would be 900, not 1,000. Stratification is used when there is a wide range (variability) in the monetary size of items in the population. Steps when applying a variables sampling 1. Define the objective of the test For example, the auditor wishes to estimate the value of an account balance (e.g., the client's accounts receivable balance). 2. Define the population For example, the population might consist of 5,000 accounts with a recorded book value of P4,500,000. The auditor would examine 100% of accounts for which potential errors could equal or exceed the tolerable error and would exclude those accounts from the population to be sampled. 3. Define the sampling unit The auditor should consider the completeness of the population in defining the sampling unit (for example, each of the 5,000 accounts is a sampling unit) 4. Determine the sample size The auditor uses the following parameters, in conjunction with tables or formulas to determine sample size. 1) Tolerable misstatement 2) Expected misstatement (size, frequency, etc.) 3) Acceptable level of risk: audit risk, risk of incorrect acceptance, and risk of incorrect rejection 4) Characteristics of the population (e.g., an estimate of the standard deviation, or variability, of the population) 5) Assessed risk: asses 5. Select the sample Sample items should be selected in such a way that the sample can be expected to be representative of the population (e.g., random sampling). In this example, an appropriate sample would consist of individual account balances. Confirmations could then be used to determine the audited values for sample items. 6. Evaluate the sample results The auditor projects the misstatements found in the sample to the population using one of several methods (e.g., MPU, ratio, difference, etc.). The projected misstatement is applied to the recorded balance to obtain a "point estimate" of the true balance. The auditor must then add an allowance for sampling risk (sometimes called a "precision interval") to this estimate. AUDITING THEORY REVIEW NOTES 7. Form conclusions about the balances (or transactions) tested In deciding whether to accept the client's book value, the auditor determines whether the recorded book value falls within the acceptable range (i.e., the point estimate +/- the allowance for sampling risk). If so, the book value is fairly stated. The auditor's treatment of items selected for sampling that cannot be located (e.g., are "lost") will depend on their effect on the auditor's evaluation of the sample. If the sample is representative of the population, the auditor generally will make a correct decision regarding whether the account balance is fairly stated. If the sample is not representative of the population, the auditor will make an incorrect decision, either accepting a materially misstated balance, or rejecting a fairly stated balance. 8. Document the sampling procedure The auditor must document each step in audit sampling, starting with planning and including the rationale for the auditor's parameters, the performance of procedures, the observed results, and the evaluation and interpretation of those results. AUDIT DOCUMENTATION / WORKING PAPERS AUDIT DOCUMENTATION The auditor should prepare, on a timely basis, audit documentation that provides: a. A sufficient and appropriate record of the basis for the auditor‘s report; and b. Evidence that the audit was performed in accordance with PSAs and applicable legal and regulatory requirements. Audit documentation: It refers to the documentation of audit evidences collected and evaluated by the auditor to support the audit opinion. The records kept by the auditor that documents: a. The procedures applied b. The tests performed c. The information or evidenced obtained, and d. The conclusions the auditor reached in the engagement Also called ―working papers‖ or ―workpapers‖ or audit file Purposes / functions of audit documentation: File documentation plays a critical role in the planning and performance of the audit. During an audit engagement, data are compiled and included in the audit working papers. It provides the record that work was in fact performed and it forms the basis for the auditor‘s report. It will also be used for quality control reviews, monitoring of adherence to the accounting firm‘s standards, and possibly inspections by third parties. 1. Primary To support the auditor's conclusions/opinion/report on the financial statements (and not to support the FS). To provides a basis for determining the appropriate audit report. To support the auditor's representation that an adequate audit was conducted in accordance with PSA/GAAS To provide evidence of the audit work performed To assist the auditor in the planning, performance, review, supervision and coordination of the engagement and in preparation of the audit report To show that the accounting records agree or reconcile with the financial statements Provide supervisory personnel the opportunity to assess the sufficiency of evidence obtained during the audit 2. Other objectives: To assist the auditor in planning future audits To enable the audit team to be accountable for its work To provide information useful in rendering other services (MAS or tax consulting) To provide adequate defense in case of litigation To enable an experienced auditor to conduct quality control reviews and inspections in accordance with quality control standards To enable an experienced auditor to conduct external inspections in accordance with applicable legislation, regulations or other requirements AUDITING THEORY REVIEW NOTES To comply with the quality control standards, firms should have policies and procedures that specifically address engagement documentation. These documentation policies should be documented and communicated to all staff. Design of audit documentation: When preparing working papers, the auditor should remember that working papers should be designed to meet the circumstances and the auditor's needs on each engagement. Form, content and extent of audit documentation: Form, content and extent of audit documentation depend on auditor‘s judgment – since it is neither necessary nor practical to document every matter. Audit documentation should be complete in itself and should not require subsequent or additional oral explanation. Audit documentation should be concise and limited only to essentials. Audit documentation should be appropriately organized to provide a clear link to the significant matters Experienced auditor: The audit documentation should be in such form, content and extent of audit documentation that would enable an experienced auditor, having no previous connection with the audit, to understand: a. The nature, timing, and extent of the audit procedures performed to comply with PSAs and applicable legal and regulatory requirements b. The results of the audit procedures and the audit evidence obtained, and c. Significant matters arising during the audit and the conclusions reached thereon. Factors to consider by the auditor in deciding the form, content and extent of audit documentation: a. Nature of the audit procedures to be performed; b. Risks of material misstatement; c. Extent of judgment required in performing the work and evaluating the results; d. The significance of the audit evidence obtained; e. Nature and extent of exceptions identified; f. The need to document a conclusion or the basis for a conclusion not readily determinable from the documentation of the work performed or audit evidence obtained; and g. Audit methodology and tools used Classification and composition of auditor’s working papers: A. Continuing engagement (recurring audit): 1. Permanent file – contains information of continuing or long-term significance/interest to the auditor in performing recurring audits, such as: a. Information Organizational chart Analysis of business and industry Analyses of long-term accounts (such as PPE, long-term liabilities and of stockholders' equity accounts) Analyses of internal control (flowchart, narrative descriptions, etc.) b. Copies or extracts of entity‘s important legal documents and agreements: Corporate charter or articles of Incorporation (or articles of co-partnership) and by-laws Major contracts (such as bond and note indentures) Pension plans, stock option plans, profit-sharing plans and employee bonus Terms of share capital and bond issues Engagement letter 2. Current audit file – contains evidence gathered and conclusions reached relevant to the audit of a particular year. It is designed to support management assertions. Includes all papers accumulated during the current year‘s audit: Copy of the financial statements Audit plan and audit programs Working (top) trial balance – listing of unadjusted ending balances of accounts (contains columns for adjusting and reclassifying entries) Adjusting and reclassifying entries – adjustments are made to correct material errors while reclassifications are made to properly present information in the financial statements Lead or top schedule (assembly sheet) – shows the major components of an amount reported in the financial statements; this working paper show the grouping of related accounts; it eliminates voluminous details from the auditor‘s working trial balance by classifying and summarizing similar or related items AUDITING THEORY REVIEW NOTES Supporting schedules – schedules that support specific amounts on the financial statements; usually the largest portion of the audit file Audit memoranda – includes documentation on discussions of certain items such as internal control, inventory observation, errors identified, and problems encountered Account analysis – shows the activity during the period in a particular short-term account Correspondence with other parties such as lawyers, customers, banks, and management Audit notes – used to record items of work to be done and questions concerning the audit investigation Abstract or copies of minutes of board of directors‘ meeting B. One-time engagement – no distinction as to permanent or current file Other types of files: 1. Tax files – contain file of information on client‘s current and income taxes and other business taxes that may be used as bases for: a. Preparing current year‘s tax returns b. Preparing other tax-related services c. Representing the client in tax assessment case 2. Correspondence file – contains all correspondence/letters to or from (or in behalf of) a client 3. Completion memorandum – a summary that describes the significant matters identified during the audit and how they are addressed Ownership of working papers or audit documentation: Legal provision on ownership of working papers (Sec. 29 of RA 9298 – Ownership of Working Papers): All working papers, schedules and memoranda made by a CPA and his staff in the course of an examination, including those prepared and submitted by the client, incident to or in the course of an examination, by such CPA, except reports submitted by a CPA to a client shall be treated confidential and privileged and remain the property of such CPA in the absence of a written agreement between the CPA and the client, to the contrary, unless such documents are required to be produced through subpoena issued by any court, tribunal, or government regulatory or administrative body. Audit documentation or working papers are the property of the auditor/audit firm and the client has no right to the working papers prepared by the auditor. Confidentiality of working papers: Although working papers are the personal property of the auditor, they can not be shown to third parties under the rule on confidentiality unless it falls under the certain exceptions such as production of documents through subpoena issued by any court, tribunal, or government regulatory or administrative body. Although certain working papers may sometimes serve as a useful reference source for his client, auditor‘s working papers should not be regarded as part or substitute for the client's accounting records. The audit documentation for a specific audit engagement is assembled in an audit file. Auditor/CPA firm’s responsibility on audit documentation: 1. Policies and procedures: Establishment of policies and procedures on audit documentation 2. Confidentiality and safe custody: Adopt appropriate procedures for maintaining confidentiality and safe custody of working papers and 3. Retention of audit documentation: Working papers should be retained by the auditor for a period of time sufficient to meet the needs of his practice and to satisfy any pertinent legal requirements of record retention. Retention period should be no shorter than 5 years from the date of the auditor‘s report, or, if later, the date of the group auditor‘s report. The auditor should not delete or discard audit documentation before the end of its retention period. 4. Completion of final audit file: within 60 days after the date of the auditor‘s report Deletion from/changes to audit documentation: After completion date: Not allowed During assembly process: Allowed but limited to changes that are administrative in nature, such as: 1. Deleting or discarding superseded documentation 2. Sorting, collating and cross-referencing working papers 3. Signing off on completion checklists relating to the file assembly process 4. Documenting audit evidence that the auditor has obtained, discussed and agreed with the relevant members of the audit team before the date of the auditor‘s report. Elements of working papers: Working papers should be properly organized to facilitate their review. Working papers should have the following elements: AUDITING THEORY REVIEW NOTES 1. Heading – used to properly identify each working paper; it includes the name of the client, type/title of working paper, description of its content, and the date or period covered by the examination. 2. Dates and initial of staff and reviewers 3. Indexing – use of lettering or numbering system to aid in cross-referencing to other working papers 4. Cross-indexing / cross referencing – Audit working papers are indexed by means of reference numbers. The primary purpose of cross-indexing audit working papers is to permit cross-referencing and simplify supervisory review by providing a trail useful to the auditor and supervisors in reviewing the working papers. (For example, reported findings should be adequately cross-referenced to supporting documentation.) Audit working papers should have an indexing system that shows the relationship between findings, conclusions, and the related facts. The main advantage of properly indexed working papers is to better organize the working papers. 5. Tick marks – symbols that describe the audit procedures performed. Tick marks are explained in working papers. Using electronic tools in working papers: There are three important principles to note when using electronic tools in working paper preparation: All the requirements of the PSAs still apply; Electronic files require electronic document management. This addresses matters such as accessibility (such as password access), data security, application management (including training), back-up routines, edit rights, storage locations, review procedures, and decisions on what changes to files will be tracked to provide the necessary audit trail; and Final documents (all documents that are required to be maintained to support the audit opinion) must be retained and be accessible in accordance with the firm‘s file retention policies. COMPLETING THE AUDIT The procedures being performed in completing the audit are necessary. These procedures are usually performed by audit managers or other senior members of the audit team who have extensive audit experience with the client because the procedures involve many subjective judgments by the auditor. These procedures do not pertain to specific transaction cycles or accounts. REVIEWING RELATED PARTY TRANSACTIONS Management’s responsibility: Identification and disclosure of: a. Related parties; and b. Related party transactions Auditor’s responsibility 1. Review related party transactions to ensure that they have been properly identified, recorded and disclosed in the financial statements 2. Obtain a written representation from management concerning: a. Completeness of information on identification of related parties; and b. Adequacy of disclosure in the FS The auditor needs to have the level of knowledge of the entity‘s business and industry that will enable identification of the events and transactions and practices that may have material effect on the financial statements. An audit cannot be expected to detect all related party transactions. Reasons for the review: The auditor should modify the auditor‘s report in case of: Inability to obtain sufficient appropriate audit evidence concerning related parties and transactions with such parties Inadequate disclosure in the FS PERFORM SUBSEQUENT EVENTS REVIEW Subsequent events refer to events occurring between period end (the date of the financial statements or the balance sheet date) and the date of the auditor‘s report that may affect the financial statements and the auditor‘s report. These events are also called post-balance sheet events/transactions since they occur after or subsequent to the balance sheet date. Subsequent events may also refer to facts discovered after the date of the auditor‘s report. The period between the date of the financial statements and the date of the auditor's report is called the subsequent period. During this period, the auditor has an active responsibility to investigate certain subsequent events. AUDITING THEORY REVIEW NOTES Types of subsequent events: 1. Those requiring adjustment – those that provide evidence of conditions that existed at the date of the financial statements. Examples: Settlement of litigation in excess of amount recorded Loss on uncollectible accounts resulting from of customer‘s continued deteriorating financial condition leading to bankruptcy 2. Those requiring disclosure – events that are indicative of conditions that arose after the date of the financial statements. Examples: Issuance of bonds/stocks after the BS date Major purchase of a business Loss on inventory due to fire that occurred in the subsequent period Loss of plant due to flood Loss on uncollectible receivable because of a major catastrophe suffered by the customer after the BS date Subsequent events relevant to the auditor: limited to those subsequent events (both requiring adjustment or disclosure) that occur subsequent to date of the FS and the date of the auditor‘s report Auditor’s responsibility for subsequent events: 1. Perform audit procedures designed to identify subsequent events The auditor should perform procedures designed to obtain sufficient appropriate audit evidence that all events up to the date of the auditor‘s report that may require adjustment of, or disclosure in, the financial statements have been identified. These procedures would include: a. Reviewing procedures management has established to ensure that subsequent events are identified. b. Inquiry: Inquiring of management as to whether any subsequent events have occurred which might affect the financial statements. Inquiring of the entity‘s legal counsel concerning litigation claims, and assessments c. Reading minutes of the meetings (of shareholders, those charged with governance, audit and executive committees) including those held after period end and inquiring about matters discussed at meetings for which minutes are not yet available. d. Reading the entity‘s latest available interim financial statements as well as budgets and cash flow forecasts and other related management reports; compare them with the financial statements under audit. e. Obtaining representation letter from management regarding whether any events occurred during the subsequent period that require adjustments to or disclosure in the financial statements. Examples of inquiries of management on specific matters are: Current status of items that were accounted for on the basis of preliminary or inconclusive data New commitments, borrowings or guarantees Sales or acquisition of assets that have occurred or are planned Issue of new shares or debentures or an agreement to merge or liquidate that is made or planned Any assets that have been appropriated by government or destroyed, for example, by fire or flood Any developments regarding risk areas and contingencies Any unusual accounting adjustments made or contemplated Any events that have occurred or are likely to occur which will bring into question the appropriateness of accounting policies used in the financial statements (such as goingconcern issues). 2. To consider/evaluate the effect of subsequent events (whether such events are properly accounted for and adequately disclosed) on the financial statements and on the auditor’s report AUDITING THEORY REVIEW NOTES When subsequent events that materially affect the financial statements are identified, the auditor should consider whether such events are properly accounted for and adequately disclosed in the financial statements. LITIGATIONS AND CLAIMS Litigation and claims involving an entity may have a material effect on the financial statements and thus may be required to be disclosed and/or provided for in the financial statements. Audit procedures regarding litigation and claims: 1. Identify existence of any litigation and claims The auditor should carry out procedures to identify existence of any litigations and claims involving the entity which may result in a material misstatement of the financial statements. Such procedures would include the following: Make appropriate inquiries of management including obtaining representations Review minutes of those charged with governance and correspondence with the entity‘s legal counsel Examine legal expense accounts, and Use any information obtained regarding the entity‘s business including information obtained from discussions with any in-house legal department. 2. Communicate directly with the entity’s lawyers. The auditor should seek direct communication with the entity‘s lawyers when litigation or claims have been identified or when the auditor believes they may exist. The letter would ordinarily specify the following: A list of litigation and claims; Management‘s assessment of the outcome of the litigation or claim and its estimate of the financial implications, including costs involved; and A request that the entity‘s legal counsel confirm the reasonableness of management‘s assessments and provide the auditor with further information if the list is considered by the entity‘s legal counsel to be incomplete or incorrect. The letter, which should be prepared by management and sent by the auditor, should request the lawyer to communicate directly with the auditor. If management refuses to give the auditor permission to communicate with the entity‘s legal counsel, this would be a scope limitation and should ordinarily lead to a qualified opinion or a disclaimer of opinion. Where the entity‘s legal counsel refuses to respond in an appropriate manner and the auditor is unable to obtain sufficient appropriate audit evidence by applying alternative audit procedures, the auditor would consider whether there is a scope limitation which may lead to a qualified opinion or a disclaimer of opinion. PERFORMING WRAP-UP PROCEDURES Performing analytical procedures in the overall review at/near the end of the audit Analytical procedures involve analysis of significant ratios and trends including the resultant investigation of fluctuations and relationships that are inconsistent with other relevant information or expectation: Analytical procedures are required to be performed during the planning and overall review stages. Purpose of performing analytical procedures in the overall review stage of the audit: to ensure that the auditor‘s overall conclusion as to whether the financial statements as a whole are consistent with the auditor‘s understanding of the entity. Auditor’s focus when performing analytical procedures in the overall review stage: a. Identifying unusual fluctuations or transactions or unexpected account balances that were not previously identified Requires investigation, adequate explanation and appropriate corroborative evidence by performing additional tests of details AUDITING THEORY REVIEW NOTES b. Assessing the validity of the conclusions reached and evaluating the overall financial statements presentation Assessing going concern assumption Financial statements are ordinarily prepared based on going concern basis, contrary to the quitting concern basis, in the absence of information to the contrary. This means that the assets and liabilities are recorded on the basis that the entity will be able to realize its assets and discharge its liabilities in the normal course of business. Going concern assumption – an entity is ordinarily viewed as continuing in business for the foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading or seeking protection from creditors pursuant to laws and regulations. Management’s responsibility: a. Management should assess the entity‘s ability to continue as a going concern – making a judgment about the future outcome of uncertain events or conditions (for a period of one year from balance sheet date) b. To disclosure (based on the result of assessment) Disclosure requirements if FS are not prepared on a going concern basis: a. The fact that FS are not prepared on a going concern basis b. The basis on which the FS are prepared, and c. The reasons why the entity is not regarded as a going concern Auditor’s responsibility: a. Overall evaluation of the appropriateness of management‘s use of the going concern assumption in the preparation of the financial statements b. Identifying material uncertainties about the entity‘s ability to continue as a going concern that need to be disclosed in the financial statements c. Whether such events or conditions are adequately disclosed in the financial statements d. Consider report modification because of these events or conditions e. If conditions or events such as those identified previously create substantial doubt as to the ability of the entity to continue as a going concern, the auditor should consider whether management has feasible plans (plans for and the ability to implement alternative means of maintaining adequate cash flows) The auditor has no responsibility to predict future events or conditions that may cause an entity to cease to continue as a going concern. Thus, auditors are not required to design audit procedures solely to detect going concern problems. Examples of events/conditions that may signify existence of a material going concern uncertainty Events or conditions that may give rise to business risks, that individually or collectively, may cast doubt about the entity‘s ability to continue as a going concern: Financial events and conditions: Net liability or net current liability position Maturing fixed-term borrowings without realistic prospects of renewal or repayment Indications of withdrawal of financial support by debtors and other creditors Negative operating cash flows Adverse key financial ratios Substantial operating losses Significant deterioration in value of assets used to generate cash flows Arrears or discontinuance of dividends Inability to pay creditors on due dates Inability to comply with the terms of loan agreements or other statutory requirements Change from credit to cash-on-delivery transactions with suppliers Inability to obtain financing for essential new product development or other essential investments Operating events and conditions: Loss of key management without replacement Loss of a major market, franchise, license, or principal supplier AUDITING THEORY REVIEW NOTES Labor difficulties or shortages of important supplies Other events and conditions: Noncompliance with capital or statutory requirements Pending legal or regulatory proceedings against the entity that may, if successful, result in claims that are unlikely to be satisfied Changes in legislation or government policy expected to adversely affect the entity Factors that can mitigate the adverse effects of identified material going concern uncertainty: The auditor should consider whether management has plans for and the ability to implement alternative means of maintaining adequate cash flows to mitigate events and conditions that may cast doubt about the entity‘s ability to continue as a going concern. Examples of mitigating factors: When there is a history of profitable operations and a ready access to financial resources Management has plans and ability to maintain adequate cash flows by alternative means, such as: Disposal of assets (including disposal of operations producing negative cash flows) Borrowing money or restructuring debt Leasing (instead of purchasing) of PPE items Renewal or, extension or rescheduling of loan repayments Reducing or delaying or postponing expenditures Obtaining additional capital Reducing or postponing dividend payments Availability of alternative source of supply in case of loss of a principal supplier Audit procedures to identify conditions and events that may cast doubt about an entity’s ability to continue as a going concern: Analytical procedures Subsequent events review Review of compliance with debt and loan agreements Reading minutes of meetings Inquiry of legal counsel Confirmation with related and third parties of arrangements for financial support MANAGEMENT REPRESENTATION LETTER: Auditor’s responsibility: The auditor should obtain appropriate written representations from management. Management letter vs. management representation letter: Management letter is a letter to management regarding internal control deficiencies/weaknesses. On the other hand, management representation letter is a letter from the management confirming its responsibility and its oral representations. Management’s responsibility: Management has responsibility to provide written representations (this responsibility is included in the engagement letter that sets out the terms of engagement). Purposes of a management representation letter: a. Main: To emphasize or impress upon management its ultimate responsibility for the financial statements b. Other purposes: It confirms oral representations made by management during the audit It reduces the possibility of misunderstanding between the auditor and the client concerning the matters that are the subject of the representations It documents management‘s acceptance acknowledgment of its responsibility for fair presentation of the financial statements It may provide corroborative evidence when audit evidence may not be reasonably expected to be available For example: Audit evidence to corroborate management‘s intention to hold a specific investment for long-term appreciation or to discontinue a line of business It complements, but do not replace or substitute, other audit procedures or other audit evidence that the auditor could reasonably expect to be available Forms of management representations: Management representations may be verbal, whether solicited or unsolicited, or written, whether explicitly such as contained in a management AUDITING THEORY REVIEW NOTES representation letter or implicitly such as contained in financial information provided. The forms of representations include: a. A representation letter from management – known as the management representation letter or client’s representation letter b. A letter from the auditor ( confirmatory letter) – outlining the auditor‘s understanding of management‘s representations, duly acknowledged and confirmed by management c. Relevant minutes of meetings (of the board of directors or similar body) d. Signed copy of the financial statements e. Matters communicated in discussions or electronically such as e-mails or telephone messages. f. Schedules, analyses, and reports prepared by the entity, and management‘s notations and comments therein. Basic elements of a management representation letter: a. Addressee: Should be addressed to the auditor b. Contents: Should contain the specified information c. Date: Should be appropriately dated (ordinarily coincides with date of the auditor‘s report) d. Signatory: Should be appropriately signed by the members of management who have primary or overall responsibility for financial and operating aspects of the entity Appropriate signatory of a management representation letter: Owner-manager Chief/senior executive officer Chief/senior financial officer Other members of management Basic contents of management representation letter: That management acknowledges its responsibility for the fair presentation of the financial statements in accordance with the applicable financial reporting framework That management has approved the financial statements That management acknowledges its responsibility for the design and implementation of internal control to prevent and detect error That management believes the effects of those uncorrected financial statement misstatements aggregated by the auditor during the audit are immaterial, both individually and in the aggregate, to the financial statements taken as a whole Classification of matters to be included in a management representation letter: Written confirmation or representations should be obtained for all significant representations provided to the auditor for all financial statements on which the auditor reports. These representations are grouped below: a. Representations that directly relate to items that are material, either individually or in aggregate, to the financial statements. b. Representations not directly related to items that are material to the financial statements but are significant, either individually or in aggregate, to the engagement. c. Representations that are relevant to management‘s judgments or estimates that are material, either individually or in aggregate, to the financial statements. Specific matters included in a management representation letter: Management‘s acknowledgement of its responsibility for the fair presentation of the FS Management‘s acknowledgement of its responsibility for the design and implementation of internal control to prevent and detect error Availability of all financial records and related data and minutes of meetings (of shareholders, board of directors, and committee of directors) Irregularities involving management or employees Confirmation on the completeness of the information provided regarding the identification of related parties That the FS are free of material misstatements, including omissions Compliance or noncompliance with aspects of contractual agreements or requirements of regulatory that could have a material effect on the FS in the event of noncompliance. Plans or intentions that may materially alter the carrying value or classification of assets and liabilities Plans to abandon lines of product or other plans or intentions that will result in any excess or obsolete inventory, and no inventory is stated at an amount in excess of net realizable value Satisfactory title on assets and liens or encumbrances on the company‘s assets Communications from regulatory agencies concerning noncompliance with/or AUDITING THEORY REVIEW NOTES deficiencies in financial reporting practices Information or recording and/or disclosure of: The identity of, and balances and transactions with, related parties Losses arising from sale and purchase commitments Agreements and options to buy back assets previously sold Assets pledged as collateral All liabilities, both actual and contingent Formal or informal compensating balance arrangements or other arrangements involving restrictions on cash balances and credit line or similar arrangements Subsequent events requiring adjustment of or disclosure in the FS Claims and assessments in connection with litigation Capital stock repurchase options and agreements, and capital stock reserved for options, warrants, conversions and other requirements Limitations of management representations: although management representations are considered part of evidential matter, they (are): Not a substitute for performing other audit procedures or a means to reduce the auditor‘s responsibility Not as the sole source of evidence on significant audit matters Cannot be substitute for other audit evidence that the auditor could reasonably expect to be available Auditor’s responsibility on representations relating to matters that are material to the financial statements: a. Seek corroborative audit evidence from sources inside or outside the entity; b. Evaluate whether the representations made by management appear reasonable and consistent with other audit evidence obtained, including other representations; and c. Consider whether the individuals making the representations can be expected to be well informed on the particular matters. Example of a management representation letter: The following letter is not intended to be a standard letter. Representations by management will vary from one entity to another and from one period to the next. (Entity Letterhead) (To Auditor) (Date) This representation letter is provided in connection with your audit of the financial statements of ABC Company for the year ended December 31, 19X1 for the purpose of expressing an opinion as to whether the financial statements present fairly, in all material respects, the financial position of ABC Company as of December 31, 19X1 and of the results of its operations and its cash flows for the year then ended in accordance with (indicate applicable financial reporting framework). We acknowledge our responsibility for the fair presentation of the financial statements in accordance with (indicate applicable financial reporting framework). We confirm, to the best of our knowledge and belief, the following representations: There have been no irregularities involving management or employees who have a significant role in internal control or that could have a material effect on the financial statements. We have made available to you all books of account and supporting documentation and all minutes of meetings of shareholders and the board of directors (namely those held on March 15, 19X1 and September 30, 19X1, respectively). We confirm the completeness of the information provided regarding the identification of related parties. If required, add ―On behalf of the board of directors (or similar body).‖ The financial statements are free of material misstatements, including omissions. The Company has complied with all aspects of contractual agreements that could have a material effect on the financial statements in the event of noncompliance. AUDITING THEORY REVIEW NOTES There has been no noncompliance with requirements of regulatory authorities that could have a material effect on the financial statements in the event of noncompliance. The following have been properly recorded and, when appropriate, adequately disclosed in the financial statements: The identity of, and balances and transactions with, related parties. Losses arising from sale and purchase commitments. Agreements and options to buy back assets previously sold. Assets pledged as collateral. We have no plans or intentions that may materially alter the carrying value or classification of assets and liabilities reflected in the financial statements. We have no plans to abandon lines of product or other plans or intentions that will result in any excess or obsolete inventory, and no inventory is stated at an amount in excess of net realizable value. The Company has satisfactory title to all assets and there are no liens or encumbrances on the company‘s assets, except for those that are disclosed in Note X to the financial statements. We have recorded or disclosed, as appropriate, all liabilities, both actual and contingent, and have disclosed in Note X to the financial statements all guarantees that we have given to third parties. Other than . . . described in Note X to the financial statements, there have been no events subsequent to period end which require adjustment of or disclosure in the financial statements or Notes thereto. The . . . claim by XYZ Company has been settled for the total sum of XXX which has been properly accrued in the financial statements. No other claims in connection with litigation have been or are expected to be received. There are no formal or informal compensating balance arrangements with any of our cash and investment accounts. Except as disclosed in Note X to the financial statements, we have no other line of credit arrangements. We have properly recorded or disclosed in the financial statements the capital stock repurchase options and agreements, and capital stock reserved for options, warrants, conversions and other requirements. Yours truly, (Senior Executive Officer) (Senior Financial Officer) Legal representation letter – client‘s letter of inquiry to lawyer who have been consulted by the client concerning litigation, claims, or assessments to provide corroborative evidential matter; such letter of inquiry should be mailed only by the auditor after preparation by the client and review by the auditor Application of materiality: 1. Representations may be limited to matters that are considered either individually or collectively material to the financial statements 2. Materiality limits would not apply when obtaining written client representation on: a. Fraud or irregularities involving management b. Availability of minutes of meetings Effect if management refuses to provide the necessary written representations: Refusal by management to provide a written representation requested by the auditor that the auditor deems necessary constitutes a scope limitation and would result in a qualified opinion or a disclaimer of opinion. In such circumstances, also consider: a. Any reliance placed on other representations made by management during the audit; and b. Any additional implications of the refusal on the auditor‘s report. AUDITING THEORY REVIEW NOTES When management representation is contradicted by other audit evidence: The auditor should investigate the circumstances and, when necessary, reconsider the reliability of other representations made by management SUBSEQUENT DISCOVERY OF OMITTED PROCEDURES AFTER SUBMISSION OF THE AUDIT REPORT Omitted audit procedures may be discovered (after the audit report has been submitted) during a firm's internal inspection program or during peer review. Auditor’s action: a. The auditor should assess the importance of the omitted procedures to his ability to support the audit opinion. b. The auditor should determine whether other audit procedures that were applied tend to compensate for the omitted audit procedures. If so, no further action is necessary. c. If, on the other hand, the omitted audit procedures impair the auditor's ability to support the previously issued opinion, and there are people relying (or likely to rely) on the report, then the auditor should promptly undertake to apply the omitted procedures or the corresponding alternative procedures. d. If, after applying the omitted procedures, the auditor determines that the financial statements are materially misstated and that the auditor's report is inappropriate, the auditor should discuss the matter with the management and take steps to prevent future reliance on the report. THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS (Based on PSA 700 revised – The Independent Auditor‘s Report On a Complete Set of General Purpose Financial Statements) Introduction At the end of the audit, the auditor shall: a) Form an opinion on the financial statements (FSs) based on an evaluation of the conclusions drawn from the audit evidence obtained; and b) Express clearly that opinion through a written report that also describes the basis for the opinion. Auditor’s Opinions Types of Auditor‘s Opinions a) Unmodified (unqualified) opinion—The opinion expressed when the FSs are prepared, in all material respects, in accordance with the applicable FRF. b) Modified opinion—The three types of are: i. Qualified opinion – the auditor is satisfied that the FSs are presented fairly, except for a specific aspect of them. ii. Adverse opinion – the auditor does not believe the FSs are fairly presented. iii. Disclaimer of opinion – the auditor does not know if the FSs are presented fairly. The table below illustrates how the auditor‘s judgment about the affects the type of opinion to be expressed. Nature of Matter Giving Rise to the Modification Material but Not Pervasive Material and Pervasive FSs are materially misstated Qualified opinion Adverse opinion Qualified opinion Resign, if appropriate; or Disclaimer of opinion Disclaimer of opinion Inability to obtain SAAE (Scope limitation): Due to management imposed limitation Other limitations Qualified opinion Pervasive effects or possible effects on the FSs are those that, in the auditor‘s judgment: a) Are not confined to specific elements, accounts or items of the FSs; b) If so confined, represent or could represent a substantial proportion of the FSs; or c) In relation to disclosures, are fundamental to users‘ understanding of the FSs. AUDITING THEORY REVIEW NOTES Auditor’s Reports The auditor‘s report shall be in writing (hard copy format or an electronic medium). Standard Auditor‘s Report The following are the parts of a standard auditor‘s report with unqualified opinion without emphasis of matter paragraph and other matter paragraph: a) Title b) Addressee c) Sub-title (if the report includes ―Other Reporting Responsibilities‖ paragraph in (h)) d) Introductory Paragraph e) Management‘s Responsibility for the financial statements f) Auditor‘s Responsibility g) Auditor‘s Opinion h) Other Reporting Responsibilities, if applicable i) Signature of the Auditor j) Date of the Auditor‘s Report k) Auditor‘s Address Title The auditor‘s report shall have a title that clearly indicates that it is the report of an independent auditor. For example, ―Independent Auditor‘s Report,‖ affirms that the auditor has met all of the relevant ethical requirements regarding independence and distinguishes the independent auditor‘s report from reports issued by others. Addressee The auditor‘s report is normally addressed to those for whom the report is prepared, often either to the shareholders and/or to TCWG of the entity. Introductory Paragraph The introductory paragraph in the auditor‘s report shall: a) Identify the entity whose FSs have been audited; b) State that the FSs have been audited; c) Identify the title of each statement comprising the FSs; d) Refer to the summary of significant accounting policies and other explanatory information; and e) Specify the date or period covered by each FS comprising the FSs. Management‘s Responsibility for the Financial Statements This section describes the responsibilities of those in the organization responsible for the FSs and internal control relevant to the preparation of FSs that are free from material misstatement, whether due to fraud or error. Auditor‘s Responsibility This section states that the responsibility of the auditor is to express an opinion on the FSs based on the audit. Auditor‘s Opinion This includes a section with the heading ―Opinion.‖ Use the phrase: The financial statements present fairly, in all material respects, in accordance with [the applicable financial reporting framework]. Other Reporting Responsibilities If the auditor addresses other reporting responsibilities (e.g., reportorial requirement of regulatory authorities) in the auditor‘s report on the FSs that are in addition to to report on the FSs, these shall be addressed in a separate section in the auditor‘s report that shall be sub-titled ―Report on Other Legal and Regulatory Requirements‖. AUDITING THEORY REVIEW NOTES Signature of the Auditor The auditor‘s report shall be signed. The auditor‘s signature is either in the name of the audit firm, the personal name of the auditor or both, as appropriate. In the Philippines, Securities Regulation Code (SRC) Rule 68 requires that the auditor‘s report on FSs filed with the Securities and Exchange Commission (SEC), which will likewise be filed with the Bureau of Internal Revenue (BIR), be manually signed. In case of an auditing firm, the certifying partner shall sign his/her own signature and shall indicate that he/she is signing for the firm, the name of which is also indicated in the report. The auditor is also required to state the signing accountant‘s license number, Tax Identification No. (TIN), Privilege Tax Receipt (PTR) No., registration number with the PRC/BOA, and accreditation issued by the SEC. Date of the Auditor‘s Report The auditor‘s report shall be dated no earlier than the date on which the auditor has obtained SAAE on which to base the auditor‘s opinion on the FSs, including evidence that: a. All the statements that comprise the FSs, including the related notes, have been prepared; and b. Those with the recognized authority have asserted that they have taken responsibility for those FSs. The date of the auditor‘s report informs the user of the auditor‘s report that the auditor has considered the effect of events and transactions of which the auditor became aware and that occurred up to that date. In the Philippines, under SRC Rule 68, management is required to submit to the SEC, together with the FSs, a ‗Statement of Management Responsibility‘ that indicates, that the company‘s Board of Directors reviewed and approved the FSs before such statements are submitted to the stockholders of the company. Modifications to Auditor‘s Report The instances of modifications include when the auditor: adds ―Emphasis of Matter Paragraph‖ includes ―Other of Matter Paragraph‖ provides modified auditor‘s opinion Emphasis of Matter Paragraph A paragraph included in the auditor‘s report that refers to a matter appropriately presented or disclosed in the FSs, in the auditor‘s judgment, is of such importance that it is fundamental to users‘ understanding of the FSs. The auditor can include emphasis of matter paragraph provided the auditor has obtained SAAE that the matter is not materially misstated in the FSs. The inclusion of this paragraph in the auditor‘s report does not affect the auditor‘s opinion. When the auditor includes an Emphasis of Matter paragraph in the auditor‘s report, the auditor shall: Include it immediately after the Opinion paragraph; Use the heading ―Emphasis of Matter,‖ or other appropriate heading; Include in the paragraph a clear reference to the matter being emphasized and to where relevant disclosures that fully describe the matter can be found in the FSs; and Indicate that the auditor‘s opinion is not modified in respect of the matter emphasized Other Matter Paragraph A paragraph included in the auditor‘s report that refers to a matter other than those presented or disclosed in the FSs that, in the auditor‘s judgment, is relevant to users‘ understanding of the audit, the auditor‘s responsibilities or the auditor‘s report. The auditor shall include this paragraph immediately after the Opinion paragraph and any Emphasis of Matter paragraph, or elsewhere in the auditor‘s report if the content of the Other Matter paragraph is relevant to the Other Reporting Responsibilities section. Modified Auditor‘s Opinions Description of Introductory Paragraph Qualified or Adverse Opinion – No modification made. Disclaimer of Opinion – Amend this paragraph of the auditor‘s report to state that the auditor was only engaged (not audited) to audit the FSs. AUDITING THEORY REVIEW NOTES Description of Auditor‘s Responsibility Paragraph Qualified or Adverse Opinion – Amend this section to state that the auditor believes that the audit evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor‘s modified audit opinion. Disclaimer of Opinion – Amend this section to state only the following: ―Our responsibility is to express an opinion on the financial statements based on conducting the audit in accordance with Philippine Standards on Auditing. Because of the matter(s) described in the Basis for Disclaimer of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.‖ Basis for Modification Paragraph The auditor shall include additional paragraph on the standard auditor‘s report immediately before the opinion paragraph, and use the heading ―Basis for Qualified Opinion,‖ ―Basis for Adverse Opinion,‖ or ―Basis for Disclaimer of Opinion,‖ as appropriate. Opinion Paragraph The auditor shall use the heading ―Qualified Opinion,‖ ―Adverse Opinion,‖ or ―Disclaimer of Opinion,‖ as appropriate, for the opinion paragraph. Sample of Auditor’s Reports INDEPENDENT AUDITOR’S REPORT The Board of Directors and Shareholders Report on the Financial Statements We have audited [if disclaimer of opinion, We were engaged to audit] the accompanying financial statements of [Name of Client], which comprise the statements of financial position as at [Reporting Date], 2012 and 2011, and the statements of [comprehensive income, income, operations, or other appropriate title used in the financial statements], statements of changes in equity and statements of cash flows for the years then ended, and a summary of significant accounting policies and other explanatory information. Management‘s Responsibility for the Financial Statements Management is responsible for the preparation and fair presentation of these financial statements in accordance with [Applicable Financial Reporting Framework], and for such internal control as management determines is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditors‘ Responsibility [If qualified opinion or adverse] Our responsibility is to express an opinion on these financial statements based on our audits. We conducted our audits in accordance with Philippine Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditors‘ judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditors consider internal control relevant to the entity‘s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity‘s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our [qualified or adverse, as appropriate] audit opinion. [If disclaimer of opinion] Our responsibility is to express an opinion on these financial statements based on conducting the audit in accordance with Philippine Standards on Auditing. Because of the matter described in the Basis for Disclaimer AUDITING THEORY REVIEW NOTES of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Opinion [If unqualified/unmodified opinion] In our opinion, the financial statements present fairly, in all material respects, the financial position of [Name of Client] as at [Reporting Date], 2012 and 2011, and its financial performance and its cash flows for the years then ended in accordance with [Applicable financial reporting framework]. [If qualified opinion] Basis for Qualified Opinion The Company‘s inventories are recognized in the statement of financial position at P16 million Based on the audit evidence obtained, we believe that an adjustment to inventories of P5 million is required to recognize slow moving items at their net realized value. The tax effect of this adjustment is P1.5 million. Accordingly, we believe that shareholders‘ equity and profit for the year are overstated by P3.5 million respectively.] Qualified Opinion In our opinion, except for the effects of the matters descried in the basis for qualified opinion paragraph, the financial statements present fairly, in all material respects, the financial position of [Name of Client] as of [Reporting Date], 2012 and 2011, and its financial performance and its cash flows for the years ended in accordance with Philippine Financial Reporting Standards. [If adverse opinion] Basis for Adverse Opinion As discussed in Note X to the financial statements, the Company‘s financing arrangements expired and the amount outstanding was payable on December 31, 20XI. The company has been unable to re-negotiate or obtain replacement financing and is considering filling for bankruptcy. Based on the audit evidence obtained, we believe that the company will not be able to meet its obligations in the ordinary course of business. Accordingly, we do not agree with management‘s preparation and presentation of financial statements on a going concern basis. Had the financial statements been prepared on a liquidation basis of accounting, we believe that it would have had a significant negative effect on the company‘s financial position and financial performance. Adverse Opinion Adverse Opinion In our opinion, because of the significance of the matter discussed in the basis for adverse opinion paragraph, the financial statements do not present fairly, in all material respects the financial position [Name of Client] as of [Reporting Date], 2012 and 2011, and of its financial performance and its cash flows for the years then ended in accordance with Philippine Financial Reporting Standards. [If disclaimer of opinion] Basis for Disclaimer of Opinion The company‘s investment in its joint venture XYZ (Country X) Company is carried at xxx on the company‘s statement of financial position, which represents over 90% of the company‘s net assets as at December 31, 2012. We were not allowed access to the management and the auditors of XYZ, including XYZ‘s auditors‘ audit documentation. As a result, we were unable to determine whether any adjustments were necessary in respect of the company‘s proportional share of XYZ‘s assets that it controls jointly, its proportional share of XYZ‘s liabilities for which it is jointly responsible, its proportional share of XYZ‘s income and expenses for the year, and the elements making up the statement of changes in equity and statement of cash flow. Disclaimer of Opinion Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express an opinion on the financial statements. AUDITING THEORY REVIEW NOTES [If with emphasis of a matter] Emphasis of Matter We draw attention to Note X to the financial statements, which appropriately describe the significant uncertainty related to the outcome of a lawsuit in which the company is the defendant. The lawsuit alleges infringement of certain patent right and claims royalties and punitive damages in the amount of P10 million to the outcome of the lawsuit, the company believes that it will be able to successfully defend its case and, accordingly, no provision for any liability that may result has been recognized in the financial statements. Our opinion is not qualified in respect of this matter. Report on Other Legal and Regulatory Requirements [NAME OF AUDITING FIRM] BOA Registration No. SEC Accreditation No. TIN By: [NAME OF PARTNER] Partner CPA License No. SEC A.N. TIN BIR AN. PTR No., Issued on [Date, Place of Issue] Makati City, Philippines [Date of Auditors‘ Report] Supplementary Information Presented with the Financial Statements Supplementary information – information that is presented together with the FSs that is not required by the applicable FRF used to prepare the FSs, normally presented in either supplementary schedules or as additional notes. The auditor shall evaluate whether such supplementary information is clearly differentiated from the audited FSs. If such supplementary information is not clearly differentiated, the auditor shall ask management to change how the unaudited supplementary information is presented. If management refuses to do so, the auditor shall explain in the auditor‘s report that such supplementary information has not been audited. The fact that supplementary information is unaudited does not relieve the auditor of the responsibility to read that information to identify material inconsistencies with the audited financial statements. Comparative Information The two broad approaches to the auditor‘s reporting responsibilities in respect of comparative information are: a) Corresponding figures –comparative information where amounts and other disclosures for the prior period are included as an integral part of the current period FSs, and are intended to be read only in relation to the amounts and other disclosures relating to the current period (referred to as ―current period figures‖). The level of detail presented in the corresponding amounts and disclosures is dictated primarily by its relevance to the current period figures; and b) Comparative FSs –comparative information where amounts and other disclosures for the prior period are included for comparison with the FSs of the current period but, if audited, are referred to in the auditor‘s opinion. The level of information included in those comparative FSs is comparable with that of the FSs of the current period. Audit Procedures The auditor shall evaluate whether: a) The comparative information agrees with the amounts and other disclosures presented in the prior period or, when appropriate, have been restated; and b) The accounting policies reflected in the comparative information are consistent with those applied in the current period or, if there have been changes in accounting policies, whether those changes have been properly accounted, presented and disclosed. AUDITING THEORY REVIEW NOTES If the auditor becomes aware of a possible material misstatement in the comparative information while performing the current period audit, the auditor shall perform such additional audit procedures necessary to obtain SAAE, including requesting written representations for all periods referred to in the auditor‘s opinion. Audit Reporting The essential audit reporting differences between the approaches are: a) For corresponding figures, the auditor‘s opinion on the FSs refers to the current period only; whereas b) For comparative FSs, the auditor‘s opinion refers to each period for which FSs are presented. Corresponding figures The auditor‘s opinion shall not refer to the corresponding figures because the auditor‘s opinion is on the current period FSs includes corresponding figures, except: a) Modification in auditor‘s report on the prior period remain unresolved b) Misstatement in prior period FSs c) Prior period FSs not audited d) Prior period FSs audited by a predecessor auditor Modification in auditor‘s report on the prior period remain unresolved The auditor shall modify the auditor‘s opinion on the current period‘s FSs. Misstatement in prior period FSs If the auditor obtains audit evidence that a material misstatement exists in the prior period FSs on which an unmodified opinion has been previously issued, and the corresponding figures have not been properly restated, the auditor shall express a qualified opinion or an adverse opinion in the auditor‘s report on the current period FSs. When the prior period FSs that are misstated have not been amended and an auditor‘s report has not been reissued, but the corresponding figures have been properly restated or appropriate disclosures have been made in the current period FSs, the auditor‘s report may include an Emphasis of Matter paragraph. Prior period FSs not audited The auditor shall state in an Other Matter paragraph in the auditor‘s report that the corresponding figures are unaudited. Prior period FSs audited by a predecessor auditor The auditor shall state (if nor prohibited by law to do so) in an Other Matter paragraph in the auditor‘s report: a) That the FSs of the prior period were audited by the predecessor auditor; b) The type of opinion expressed and, if the opinion was modified, the reasons therefore; and c) The date of that report. Comparative financial statements The auditor‘s opinion shall refer to each period for which FSs are presented on which an audit opinion is expressed. Opinion on Prior Period FSs Different from Previous Opinion The opinion expressed on the prior period FSs may be different from the opinion previously expressed if the auditor becomes aware of circumstances or events that materially affect the FSs of a prior period during the course of the audit of the current period. The auditor shall disclose the substantive reasons for the different opinion in an Other Matter paragraph. Prior Period FSs Audited by a Predecessor Auditor In addition to expressing an opinion on the current period‘s FSs, the auditor shall state in an Other Matter paragraph: a) that the FSs of the prior period were audited by a predecessor auditor; b) the type of opinion expressed and, if the opinion was modified, the reasons therefore; and c) the date of that report, unless the predecessor auditor‘s report on the prior period‘s FSs is reissued with the FSs. AUDITING THEORY REVIEW NOTES Prior Period Financial Statements Not Audited If the prior period FSs were not audited, the auditor shall state in an Other Matter paragraph that the comparative FSs are unaudited. Other Information in Documents Containing Audited Financial Statements Other information refers to financial and non-financial information (other than the FSs and the auditor‘s report thereon) which is included, either by law, regulation or custom, in a document containing audited FSs and the auditor‘s report thereon. Other information may comprise, for example: A report by management or TCWG on operations. Financial summaries or highlights. Employment data. Planned capital expenditures. Financial ratios. Names of officers and directors. Selected quarterly data. ―Documents containing audited FSs‖ refers to annual reports (or similar documents), that are issued to owners (or similar stakeholders), containing audited FSs and the auditor‘s report, as well as other documents containing audited FSs, such as those used in securities offerings. The auditor‘s opinion does not cover other information and the auditor has no specific responsibility for determining whether or not other information is properly stated. However, the auditor reads the other information because the credibility of the audited FSs and the auditor‘s report may be undermined by material inconsistencies between the audited FSs and other information. Material Inconsistencies If, on reading the other information, the auditor identifies a material inconsistency, the auditor shall determine whether the audited FSs or the other information needs to be revised. Material Inconsistencies Identified in Other Information Obtained Prior to the Date of the Auditor‘s Report If revision of the audited FSs is necessary and management refuses to make the revision, the auditor shall modify the opinion in the auditor‘s report. If revision of the other information is necessary and management refuses to make the revision, the auditor shall communicate this matter to TCWG; and a) Include in the auditor‘s report an Other Matter paragraph describing the material inconsistency. b) Withhold the auditor‘s report. c) Withdraw from the engagement, if possible. d) Seek advice from the auditor‘s legal counsel. Material Inconsistencies Identified in Other Information Obtained Subsequent to the Date of the Auditor‘s Report If revision of the audited FSs is necessary, the auditor shall follow the relevant requirements in ―Subsequent Events‖. If revision of the other information is necessary and management agrees to make the revision, the auditor shall carry out the procedures necessary under the circumstances, which may include reviewing the steps taken by management to ensure that individuals in receipt of the previously issued FSs, the auditor‘s report thereon, and the other information are informed of the revision. If revision of the other information is necessary, but management refuses to make the revision, the auditor shall notify TCWG of the auditor‘s concern regarding the other information and take any further appropriate action, which may include obtaining advice from the auditor‘s legal counsel. Material Misstatements of Fact If, on reading the other information for the purpose of identifying material inconsistencies, the auditor becomes aware of an apparent material misstatement of fact, the auditor shall discuss the matter with management. Misstatement of fact occurs when other information that is unrelated to matters appearing in AUDITING THEORY REVIEW NOTES the audited FSs that is incorrectly stated or presented. A material misstatement of fact may undermine the credibility of the document containing audited FSs. If the auditor concludes that there is a material misstatement of fact in the other information which management refuses to correct, the auditor shall notify TCWG of the auditor‘s concern and take any further appropriate action, which may include obtaining advice from the auditor‘s legal counsel. Audit of Financial Statements Prepared in Accordance with Special Purpose Framework Introduction Special purpose FSs are FSs prepared in accordance with a special purpose framework designed to meet the financial information needs of specific users. Examples of special purpose frameworks are: A tax basis of accounting for a set of FSs that accompany an entity‘s tax return; The cash receipts and disbursements basis of accounting for cash flow information that an entity may be requested to prepare for creditors; The financial reporting provisions established by a regulator to meet the requirements of that regulator such as SEC, BSP or IC; or The financial reporting provisions of a contract, such as a bond indenture, or a project grant. The financial reporting framework (FRF) must be acceptable. The financial information needs of the intended users are a key factor in determining the acceptability of the FRF and is a matter of professional judgment. The auditor shall comply with (a) relevant ethical requirements, including independence and (b) all PSAs relevant to the audit. Forming an Opinion and Reporting Considerations Description of the applicable financial reporting framework: a) The auditor‘s report shall also describe the purpose for which the FSs are prepared and, if necessary, the intended users, or refer to a note in the special purpose FSs that contains that information; and b) If management has a choice of financial reporting frameworks in the preparation of such FSs, the explanation of management‘s responsibility for the FSs shall also make reference to its responsibility for determining that the applicable financial reporting framework is acceptable in the circumstances. The auditor‘s report shall include an Emphasis of Matter paragraph alerting users of the auditor‘s report that the FSs are prepared in accordance with a special purpose framework and that, as a result, the FSs may not be suitable for another purpose. In addition to the above, the auditor may consider it appropriate to indicate that the auditor‘s report is intended solely for the specific users. INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee] We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory information. The financial statements have been prepared by management of ABC Company based on the financial reporting provisions of Section Z of the contract dated January 1, 20X1 between ABC Company and DEF Company (―the contract‖). Management‘s Responsibility for the Financial Statements Management is responsible for the preparation of these financial statements in accordance with the financial reporting provisions of Section Z of the contract; this includes the design, implementation and maintenance of internal control relevant to the preparation of financial statements that are free from material misstatement, whether due to fraud or error. Auditor‘s Responsibility Our responsibility is to express an opinion on these financial statements based on our audit. We conducted our audit in accordance with Philippine Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statements are free from material misstatement. AUDITING THEORY REVIEW NOTES An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on the auditor‘s judgment, including the assessment of the risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity‘s preparation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity‘s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by management, as well as evaluating the overall presentation of the financial statements. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statements of ABC Company for the year ended December 31, 20X1 are prepared, in all material respects, in accordance with the financial reporting provisions of Section Z of the contract. Basis of Accounting and Restriction on Distribution and Use Without modifying our opinion, we draw attention to Note X to the financial statements, which describes the basis of accounting. The financial statements are prepared to assist ABC Company to comply with the financial reporting provisions of the contract referred to above. As a result, the financial statements may not be suitable for another purpose. Our report is intended solely for ABC Company and DEF Company and should not be distributed to or used by parties other than ABC Company or DEF Company. [Auditor‘s signature] [Date of the auditor‘s report] [Auditor‘s address] Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial Statement Introduction ―Element of a financial statement‖ or ―element‖ means an ―element, account or item of a financial statement.‖ Examples of Specific Elements, Accounts or Items of a Financial Statement Accounts receivable, allowance for doubtful accounts receivable, inventory, including related notes. A schedule of externally managed assets and income of a private pension plan, including related notes. A schedule of disbursements in relation to a lease property, including explanatory notes. A schedule of profit participation or employee bonuses, including explanatory notes. Considerations When Accepting the Engagement The auditor shall comply with relevant ethical requirements, including independence and all PSAs relevant to the audit. If the auditor is not also engaged to audit the entity‘s complete set of financial statements, the auditor shall determine whether the audit of a single financial statement or of a specific element of those financial statements in accordance with PSAs is practicable. Form of opinion The auditor‘s decision as to the expected form of opinion is a matter of professional judgment. It may be affected by whether use of the phrase ―presents fairly, in all material respects‖ in the auditor‘s opinion on a single financial statement or on a specific element of a financial statement prepared in accordance with a fair presentation framework is generally accepted in the particular jurisdiction. Forming an Opinion and Reporting Considerations If the auditor undertakes an engagement to report on a single financial statement or on a specific element of a financial statement in conjunction with an engagement to audit the entity‘s complete set of financial statements, the auditor shall express a separate opinion for each engagement. AUDITING THEORY REVIEW NOTES If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the entity‘s complete set of financial statements as a whole, PSA 705 does not permit the auditor to include in the same auditor‘s report an unmodified opinion on a single financial statement that forms part of those financial statements or on a specific element that forms part of those financial statements. This is because such an unmodified opinion would contradict the adverse opinion or disclaimer of opinion on the entity‘s complete set of financial statements as a whole. If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the entity‘s complete set of financial statements as a whole but, in the context of a separate audit of a specific element that is included in those financial statements, the auditor nevertheless considers it appropriate to express an unmodified opinion on that element, the auditor shall only do so if: a) The auditor is not prohibited by law or regulation from doing so; b) That opinion is expressed in an auditor‘s report that is not published together with the auditor‘s report containing the adverse opinion or disclaimer of opinion; and c) The specific element does not constitute a major portion of the entity‘s complete set of financial statements. INDEPENDENT AUDITOR’S REPORT [Appropriate Addressee] We have audited the accompanying balance sheet of ABC Company as at December 31, 20X1 and a summary of significant accounting policies and other explanatory information (together ―the financial statement‖). Management‘s Responsibility for the Financial Statement Management is responsible for the preparation and fair presentation of this financial statement in accordance with those requirements of the Financial Reporting Framework in Jurisdiction X relevant to preparing such a financial statement, and for such internal control as management determines is necessary to enable the preparation of the financial statement that is free from material misstatement, whether due to fraud or error. Auditor‘s Responsibility Our responsibility is to express an opinion on the financial statement based on our audit. We conducted our audit in accordance with Philippine Standards on Auditing. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the financial statement is free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statement. The procedures selected depend on the auditor‘s judgment, including the assessment of the risks of material misstatement of the financial statement, whether due to fraud or error. In making those risk assessments, the auditor considers internal control relevant to the entity‘s preparation and fair presentation of the financial statement in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity‘s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates, if any, made by management, as well as evaluating the overall presentation of the financial statement. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Opinion In our opinion, the financial statement presents fairly, in all material respects, the financial position of ABC Company as at December 31, 20X1 in accordance with those requirements of the Financial Reporting Framework in Jurisdiction X relevant to preparing such a financial statement. [Auditor‘s signature] [Date of the auditor‘s report] [Auditor‘s address] AUDITING THEORY REVIEW NOTES Engagements to Report on Summary Financial Statements Introduction Summary FSs refer to historical financial information that is derived from FSs but that contains less detail than the FSs, while still providing a structured representation consistent with that provided by the FSs of the entity‘s economic resources or obligations at a point in time or the changes therein for a period of time. Engagement Acceptance The auditor shall accept an engagement to report on summary FSs only when the auditor has been engaged to conduct an audit of the FSs from which the summary FSs are derived. Form of Opinion When the auditor has concluded that an unmodified opinion on the summary FSs is appropriate, the auditor‘s opinion shall use one of the following phrases: a) The summary FSs are consistent, in all material respects, with the audited FSs, in accordance with [the applied criteria]; or b) The summary FSs are a fair summary of the audited FSs, in accordance with [the applied criteria]. When the auditor‘s report on the audited FSs contains a qualified opinion, an Emphasis of Matter paragraph, or an Other Matter paragraph, but the auditor is satisfied that the summary FSs are consistent, in all material respects, with or are a fair summary of the audited FSs, in accordance with the applied criteria, the auditor‘s report on the summary FSs shall: a) State that the auditor‘s report on the audited FSs contains a qualified opinion, an Emphasis of Matter paragraph, or an Other Matter paragraph; and b) Describe: i. The basis for the qualified opinion on the audited FSs, and that qualified opinion; or the Emphasis of Matter or the Other Matter paragraph in the auditor‘s report on the audited FSs; and ii. The effect thereof on the summary FSs, if any. When the auditor‘s report on the audited FSs contains an adverse opinion or a disclaimer of opinion, the auditor‘s report on the summary FSs shall a) State that the auditor‘s report on the audited FSs contains an adverse opinion or disclaimer of opinion; b) Describe the basis for that adverse opinion or disclaimer of opinion; and c) State that, as a result of the adverse opinion or disclaimer of opinion, it is inappropriate to express an opinion on the summary FSs. If the summary FSs are not consistent, in all material respects, with or are not a fair summary of the audited FSs, the auditor shall express an adverse opinion on the summary FSs. The Date of the Auditor‘s Report The auditor shall date the auditor‘s report no earlier than: a) The date on which the auditor has obtained sufficient appropriate evidence on which to base the opinion, including evidence that the summary FSs have been prepared and those with the recognized authority have asserted that they have taken responsibility for them; and b) The date of the auditor‘s report on the audited FSs. Restriction on Distribution or Use or Alerting Readers to the Basis of Accounting When distribution or use of the auditor‘s report on the audited FSs is restricted, or the auditor‘s report on the audited FSs alerts readers that the audited financial statements are prepared in accordance with a special purpose framework, the auditor shall include a similar restriction or alert in the auditor‘s report on the summary FSs. REPORT OF THE INDEPENDENT AUDITOR ON THE SUMMARY FINANCIAL STATEMENTS [Appropriate Addressee] The accompanying summary financial statements, which comprise the summary balance sheet as at December 31, 20X1, the summary income statement, summary statement of changes in equity and summary cash flow statement for the year then ended, and related notes, are derived from the audited financial statements of ABC Company for the year ended December 31, 20X1. We expressed an unmodified audit opinion on those financial statements in our report dated February 15, 20X2. Those financial statements, and AUDITING THEORY REVIEW NOTES the summary financial statements, do not reflect the effects of events that occurred subsequent to the date of our report on those financial statements. The summary financial statements do not contain all the disclosures required by [describe financial reporting framework applied in the preparation of the audited financial statements of ABC Company]. Reading the summary financial statements, therefore, is not a substitute for reading the audited financial statements of ABC Company. Management‘s Responsibility for the Summary Financial Statements Management is responsible for the preparation of a summary of the audited financial statements in accordance with [describe established criteria]. Auditor‘s Responsibility Our responsibility is to express an opinion on the summary financial statements based on our procedures, which were conducted in accordance with Philippine Standard on Auditing (PSA) 810, ―Engagements to Report on Summary Financial Statements.‖ Opinion In our opinion, the summary financial statements derived from the audited financial statements of ABC Company for the year ended December 31, 20X1 are consistent, in all material respects, with (or a fair summary of) those financial statements, in accordance with [describe established criteria]. [Auditor‘s signature] [Date of the auditor‘s report] [Auditor‘s address] REVIEW, OTHER ASSURANCE SERVICES, AND RELATED SERVICES Review Engagements The objective of a review of FSs is to enable a practitioner to state whether, on the basis of procedures which do not provide all the evidence that would be required in an audit, anything has come to the practitioner‘s attention that causes the practitioner to believe that the FSs are not prepared, in all material respects, in accordance with the applicable financial reporting framework (negative assurance). A review engagement provides a moderate level of assurance. The practitioner should comply with the Code of Ethics general principles, such as: a) Independence; b) Integrity; c) Objectivity; d) Professional competence and due care; e) Confidentiality; f) Professional behavior; and g) Technical standards. The practitioner should conduct a review in accordance with PSRE 2400. The practitioner should plan and perform the review with an attitude of professional skepticism. Terms of engagement The practitioner and the client should agree on the terms of the engagement. Planning The practitioner should plan the work so that an effective engagement will be performed. In planning a review of financial statements, the practitioner should obtain or update the knowledge of the business. Documentation AUDITING THEORY REVIEW NOTES The practitioner should document matters which are important in providing evidence to support the review report, and evidence. Procedures and Evidence The practitioner should apply judgment in determining the specific nature, timing and extent of review procedures, which are primarily through inquiry and analytical procedures to obtain sufficient appropriate evidence and to be able to draw conclusions. The practitioner should apply the same materiality considerations as would be applied if an audit opinion on the FSs were being given. The practitioner should inquire about events subsequent to the date of the FSs that may require adjustment of or disclosure in the FSs. The practitioner does not have any responsibility to perform procedures to identify events occurring after the date of the review report. If the practitioner has reason to believe that the information subject to review may be materially misstated, the practitioner should carry out additional or more extensive procedures as are necessary to be able to express negative assurance or to confirm that a modified report is required. Conclusions and Reporting The review report should contain a clear written expression of negative assurance. The report on a review of FSs should contain the following basic elements, ordinarily in the following layout: a) Title; b) Addressee; c) Opening or introductory paragraph i d) Scope paragraph e) Statement of negative assurance; f) Date of the report; g) Practitioner‘s address; and h) Practitioner‘s signature. The review report should: a) State that nothing has come to the practitioner‘s attention based on the review that causes the practitioner to believe the FSs are not presented fairly, in all material respects, in accordance with the applicable financial reporting framework; or b) If matters have come to the practitioner‘s attention, describe those matters that impair a fair presentation, in all material respects, in accordance with the applicable financial reporting framework, including, unless impracticable, a quantification of the possible effect(s) on the FSs, and either: i. Express a qualification of the negative assurance provided; or ii. When the effect of the matter is so material and pervasive, give an adverse opinion; or c) If there has been a material scope limitation, describe the limitation and either: i. Express a qualification of the negative assurance; or ii. When the possible effect of the limitation is so significant and pervasive that the practitioner concludes that no level of assurance can be provided, not provide any assurance. The practitioner should date the review report as of the date the review is completed. SAMPLE UNQUALIFIED REVIEW REPORT REVIEW REPORT TO ..... We have reviewed the accompanying financial statements of ABC Company, which comprise the statement of financial position as at December 31, 19XX, and the statement of comprehensive income, statement of changes in equity and statement of cash flows for the year then ended. These financial statements are the responsibility of the Company‘s management. Our responsibility is to issue a report on these financial statements based on our review. We conducted our review in accordance with the Philippine Standard on Review Engagements 2400. This Standard requires that we plan and perform the review to obtain moderate assurance as to whether the financial statements are free of material misstatement. A review is limited primarily to inquiries of company personnel and analytical procedures applied to financial data and thus provides less assurance than an audit. We have not performed an audit and, accordingly, we do not express an audit opinion. AUDITING THEORY REVIEW NOTES Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial statements are not presented fairly, in all material respects, in accordance with Philippine Financial Reporting Standards (or Philippine Financial Reporting Standard for Small and Medium-sized Entities). PRACTITIONER Date Address Examination of Prospective Financial Information Introduction ―Prospective financial information‖ means financial information based on assumptions about events that may occur in the future and possible actions by an entity. It is highly subjective in nature and its preparation requires the exercise of considerable judgment. Prospective financial information can be in the form of: a forecast, a projection or a combination of both, for example, a one year forecast plus a five year projection. A ―forecast‖ means prospective financial information prepared on the basis of assumptions as to future events which management expects to take place and the actions management expects to take as of the date the information is prepared (best-estimate assumptions). A ―projection‖ means prospective financial information prepared on the basis of: a) Hypothetical assumptions about future events and management actions which are not necessarily expected to take place, such as when some entities are in a start-up phase or are considering a major change in the nature of operations; or b) A mixture of best-estimate and hypothetical assumptions. Such information illustrates the possible consequences as of the date the information is prepared if the events and actions were to occur (a ―what-if‖ scenario). Management is responsible for the preparation and presentation of the prospective financial information, including the identification and disclosure of the assumptions on which it is based. The auditor may be asked to examine and report on the prospective financial information to enhance its credibility whether it is intended for use by third parties or for internal purposes. The Auditor‘s Assurance When reporting on the reasonableness of management‘s assumptions the auditor provides only a moderate level of assurance. However, when in the auditor‘s judgment an appropriate level of satisfaction has been obtained, the auditor is not precluded from expressing positive assurance regarding the assumptions. Acceptance of Engagement Before accepting an engagement to examine prospective financial information, the auditor would consider, amongst other things: The intended use of the information; Whether the information will be for general or limited distribution; The nature of the assumptions, that is, whether they are best-estimate or hypothetical assumptions; The elements to be included in the information; and The period covered by the information. The auditor should not accept, or should withdraw from, an engagement when the assumptions are clearly unrealistic or when the auditor believes that the prospective financial information will be inappropriate for its intended use. The auditor and the client should agree on the terms of the engagement. Knowledge of the Business The auditor should obtain a sufficient level of knowledge of the business to be able to evaluate whether all significant assumptions required for the preparation of the prospective financial information have been identified. Period Covered AUDITING THEORY REVIEW NOTES The auditor should consider the period of time covered by the prospective financial information. Since assumptions become more speculative as the length of the period covered increases, as that period lengthens, the ability of management to make best-estimate assumptions decreases. Examination Procedures When determining the nature, timing and extent of examination procedures, the auditor‘s considerations should include: a) The likelihood of material misstatement; b) The knowledge obtained during any previous engagements; c) Management‘s competence regarding the preparation of prospective financial information; d) The extent to which the prospective financial information is affected by the management‘s judgment; and e) The adequacy and reliability of the underlying data. Report on Examination of Prospective Financial Information When the auditor believes that the presentation and disclosure of the prospective financial information is not adequate, the auditor should express a qualified or adverse opinion in the report on the prospective financial information, or withdraw from the engagement as appropriate. An example would be where financial information fails to disclose adequately the consequences of any assumptions which are highly sensitive. When the examination is affected by conditions that preclude application of one or more procedures considered necessary in the circumstances, the auditor should either withdraw from the engagement or disclaim the opinion and describe the scope limitation in the report on the prospective financial information. The following is an example of an extract from an unmodified report on a forecast: We have examined the forecast in accordance with Philippine Standard on Assurance Engagements. Management is responsible for the forecast including the assumptions set out in Note X on which it is based. Based on our examination of the evidence supporting the assumptions, nothing has come to our attention which causes us to believe that these assumptions do not provide a reasonable basis for the forecast. Further, in our opinion the forecast is properly prepared on the basis of the assumptions and is presented in accordance with Philippine Financial Reporting Standards. Actual results are likely to be different from the forecast since anticipated events frequently do not occur as expected and the variation may be material. The following is an example of an extract from an unmodified report on a projection: We have examined the projection in accordance Philippine Standard on Assurance Engagements. Management is responsible for the projection including the assumptions set out in Note X on which it is based. This projection has been prepared for (describe purpose). As the entity is in a start-up phase the projection has been prepared using a set of assumptions that include hypothetical assumptions about future events and management‘s actions that are not necessarily expected to occur. Consequently, readers are cautioned that this projection may not be appropriate for purposes other than that described above. Based on our examination of the evidence supporting the assumptions, nothing has come to our attention which causes us to believe that these assumptions do not provide a reasonable basis for the projection, assuming that (state or refer to the hypothetical assumptions). Further, in our opinion the projection is properly prepared on the basis of the assumptions and is presented in accordance with Philippine Financial Reporting Standards. Even if the events anticipated under the hypothetical assumptions described above occur, actual results are still likely to be different from the projection since other anticipated events frequently do not occur as expected and the variation may be material. AUDITING THEORY REVIEW NOTES Agreed-upon Procedures Engagements Introduction The objective of an agreed-upon procedures engagement is for the auditor to carry out procedures of an audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings. An engagement to perform agreed-upon procedures may involve the auditor in performing certain procedures concerning individual items of financial data (for example, accounts payable, accounts receivable, purchases from related parties and sales and profits of a segment of an entity), a financial statement (for example, a balance sheet) or even a complete set of financial statements. As the auditor simply provides a report of the factual findings of agreed-upon procedures, no assurance is expressed. Instead, users of the report assess for themselves the procedures and findings reported by the auditor and draw their own conclusions from the auditor‘s work. The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the reasons for the procedures, may misinterpret the results. General Principles of an Agreed-Upon Procedures Engagement The auditor should comply with the Code of Ethics general principles, such as: a. Integrity; b. Objectivity; c. Professional competence and due care; d. Confidentiality; e. Professional behavior; and f. Technical standards. The auditor should conduct an agreed-upon procedures engagement in accordance with this PSRS and the terms of the engagement. Defining the Terms of the Engagement Matters that would be included in the engagement letter include the following: A listing of the procedures to be performed as agreed upon between the parties. A statement that the distribution of the report of factual findings would be restricted to the specified parties who have agreed to the procedures to be performed. Planning The auditor should plan the work so that an effective engagement will be performed. Documentation The auditor should document matters which are important in providing evidence to support the report of factual findings, and evidence that the engagement was carried out in accordance with this PSRS and the terms of the engagement. Procedures and Evidence The auditor should carry out the procedures agreed upon and use the evidence obtained as the basis for the report of factual findings. The procedures applied in an engagement to perform agreed-upon procedures may include the following: Inquiry and analysis. Recomputation, comparison and other clerical accuracy checks. Observation. Inspection. Obtaining confirmations. Reporting The report on an agreed-upon procedures engagement needs to describe the purpose and the agreed-upon procedures of the engagement in sufficient detail to enable the reader to understand the nature and the extent of the work performed. AUDITING THEORY REVIEW NOTES Illustration of a Report of Factual Findings in Connection with Accounts Payable REPORT OF FACTUAL FINDINGS To (those who engaged the auditor) We have performed the procedures agreed with you and enumerated below with respect to the accounts payable of ABC Company as at (date), set forth in the accompanying schedules (not shown in this example). Our engagement was undertaken in accordance with the Philippine Standard on Related Services. The procedures were performed solely to assist you in evaluating the validity of the accounts payable and are summarized as follows: 1. We obtained and checked the addition of the trial balance of accounts payable as at (date) prepared by ABC Company, and we compared the total to the balance in the related general ledger account. 2. We compared the attached list (not shown in this example) of major suppliers and the amounts owing at (date) to the related names and amounts in the trial balance. 3. We obtained suppliers‘ statements or requested suppliers to confirm balances owing at (date). 4. We compared such statements or confirmations to the amounts referred to in 2. For amounts which did not agree, we obtained reconciliations from ABC Company. For reconciliations obtained, we identified and listed outstanding invoices, credit notes and outstanding checks, each of which was greater than Pxxx. We located and examined such invoices and credit notes subsequently received and checks subsequently paid and we ascertained that they should in fact have been listed as outstanding on the reconciliations. We a) b) c) d) report our findings below: With respect to item 1 we found the addition to be correct and the total amount to be in agreement. With respect to item 2 we found the amounts compared to be in agreement. With respect to item 3 we found there were suppliers‘ statements for all such suppliers. With respect to item 4 we found the amounts agreed, or with respect to amounts which did not agree, we found ABC Company had prepared reconciliations and that the credit notes, invoices and outstanding checks over Pxxx were appropriately listed as reconciling items with the following exceptions: (Detail the exceptions) Because the above procedures do not constitute either an audit or a review made in accordance with Philippine Standards on Auditing, we do not express any assurance on the accounts payable as of (date). Had we performed additional procedures or had we performed an audit or review of the financial statements in accordance with Philippine Standards on Auditing, other matters might have come to our attention that would have been reported to you. Our report is solely for the purpose set forth in the first paragraph of this report and for your information and is not to be used for any other purpose or to be distributed to any other parties. This report relates only to the accounts and items specified above and does not extend to any financial statements of ABC Company, taken as a whole. AUDITOR Date Address Compilation Engagements Introduction A compilation engagement would ordinarily include the preparation of financial statements (which may or may not be a complete set of financial statements) but may also include the collection, classification and summarization of other financial information. The objective of a compilation engagement is for the accountant to use accounting expertise, as opposed to auditing expertise, to collect, classify and summarize financial information. This ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the assertions underlying that information. The procedures employed are not designed and do not enable the accountant to express any assurance on the financial information. However, users of the compiled financial information derive some benefit as a result of the accountant's involvement because the service has been performed with professional competence and due care. AUDITING THEORY REVIEW NOTES General Principles of a Compilation Engagement The accountant should comply with the Code of Professional Ethics general principles, such as: a) integrity; b) objectivity; c) professional competence and due care; d) confidentiality; e) professional behavior; and f) technical standards. Defining the Terms of the Engagement An engagement letter confirms the accountant's acceptance of the appointment and helps avoid misunderstanding regarding such matters as the objectives and scope of the engagement, the extent of the accountant's responsibilities and the form of reports to be issued. Planning The accountant should plan the work so that an effective engagement will be performed. Documentation The accountant should document matters which are important in providing evidence that the engagement was carried out in accordance with this PSA and the terms of the engagement. Procedures The accountant requires a general understanding of the nature of the entity's business transactions, the form of its accounting records and the accounting basis on which the financial information is to be presented through experience with the entity or inquiry of the entity's personnel. If the accountant becomes aware that information supplied by management is incorrect, incomplete, or otherwise unsatisfactory, the accountant should consider performing the above procedures and request management to provide additional information or if the accountant becomes aware of material misstatements, the accountant should try to agree appropriate amendments with the entity. If such additional information or amendments are not made and the financial information is considered to be misleading, the accountant should withdraw from the engagement. Responsibility of Management The accountant should obtain an acknowledgment from management of its responsibility for the appropriate presentation of the financial information and of its approval of the financial information. Reporting on a Compilation Engagement The financial information compiled by the accountant should contain a reference such as "Unaudited," "Compiled without Audit or Review" or "Refer to Compilation Report" on each page of the financial information or on the front of the complete set of financial statements. EXAMPLE OF A REPORT ON AN ENGAGEMENT TO COMPILE FINANCIAL STATEMENTS COMPILATION REPORT TO ..... On the basis of information provided by management we have compiled, in accordance with the Philippine Standard on Related Services, the balance sheet of ABC Company as of December 31, 19XX and statements of income, changes in equity and cash flows for the year then ended. Management is responsible for these financial statements. We have not audited or reviewed these financial statements and accordingly express no assurance thereon. Accountant Date Address AUDITING THEORY REVIEW NOTES AUDITING IN A CIS (IT) ENVIRONMENT 1. A CIS environment exists when a computer of any type or size is involved in the processing by the entity of financial information of significance to the audit, whether the computer is operated by the entity or by a third party 2. The overall objective and scope of an audit does not change in a CIS environment 3. A CIS environment may affect: a. The procedures followed in obtaining a sufficient understanding of the accounting and internal control systems b. The consideration of the inherent and control risk c. The design and performance of tests of controls and substantive procedures 4. The auditor should have sufficient knowledge of the CIS to plan, direct, and review the work performed 5. If specialized skills are needed, the auditor would seek the assistance of a professional possessing such skills, who may be either on the auditor‘s staff or an outside professionals 6. In planning the portions of the audit which may be affected by the client‘s CIS environment, the auditor should obtain an understanding of the significance and complexity of the CIS activities and the availability of data for use in the audit 7. When the CIS are significant, the auditor should also obtain an understanding of the CIS environment and whether it may influence the assessment of inherent and control risks 8. The auditor should consider the CIS environment in designing audit procedures to reduce audit risk to an acceptably low level. The auditor can use either manual audit procedures, computer-assisted audit techniques, or a combination of both to obtain sufficient evidential matter RISK ASSESSMENTS AND INTERNAL CONTROL: CIS CHARACTERISTICS AND CONSIDERATION Organizational Structure Characteristics of a CIS organizational structure includes: a. Concentration of functions and knowledge Although most systems employing CIS methods will include certain manual operations, generally the number of persons involved in the processing of financial information is significantly reduced. b. Concentration of programs and data Transaction and master file data are often concentrated, usually in machine-readable form, either in one computer installation located centrally or in a number of installations distributed throughout the entity. Nature of Processing The use of computers may result in the design of systems that provide less visible evidence than those using manual procedures. In addition, these systems may be accessible by a larger number of persons. System characteristics that may result from the nature of CIS processing include: a. Absence of input documents Data may be entered directly into the computer system without supporting document In some on-line transaction systems, written evidence of individual data entry authorization (e.g., approval for order entry) may be replaced by other procedures, such as authorization controls contained in computer programs (e.g., credit limit approval) b. Lack of visible audit trail The transaction trail may be partly in machine-readable form and may exist only for a limited period of time (e.g., audit logs may be set to overwrite themselves after a period of time or when the allocated disk space is consumed) c. Lack of visible output Certain transactions or results of processing may not be printed or only summary data may be printed d. Ease of access to data and computer programs Data and computer programs may be assessed and altered at the computer or through the use of computer equipment at remote locations. Therefore, in the absence of appropriate controls, there is an increased potential for unauthorized access to, and alteration of, data and programs by persons inside or outside the entity Design and procedural aspects The development of CIS will generally result n design and procedural characteristics that are different from those found in manual systems. These different design and procedural aspects of CIS include: a. Consistency of performance AUDITING THEORY REVIEW NOTES CIS perform functions exactly as programmed and are potentially more reliable than annual systems, provided that all transactions types and conditions that could occur are anticipated and incorporated into the system. On the other hand, a computer program that is not correctly programmed and tested may consistently process transactions or other data erroneously b. Programmed control procedures The nature of computer processing allows the design of internal control procedures in computer programs c. Single transaction update of multiple or data base computer files A single input t the accounting system may automatically update all records associated with the transaction d. Systems generated transactions Certain transactions may be initiated by the CIS itself without the need for an input document e. Vulnerability of data and program storage media Large volumes of data and the computer programs used to process such data may be stored on portable or fixed storage media, such as magnetic disks and tapes. These media are vulnerable to theft, loss, or intentional or accidental destruction. INTERNAL CONTROLS IN A CIS ENVIRONMENT GENERAL CIS CONTROLS – to establish a framework of overall control over the CIS activities and to provide a reasonable level of assurance that the overall objectives of internal control are achieved General CIS controls may include: a. Organization and management controls – designed to define the strategic direction and establish an organizational framework over CIS activities, including: Strategic information technology plan CIS policies and procedures Segregation of incompatible functions Monitoring of CIS activities performed by third party consultants b. Development and maintenance controls – designed to provide reasonable assurance that systems are developed or acquired, implemented and maintained in an authorized and efficient manner. They also typically are designed to establish control over: Project initiation, requirements definition, systems design, testing, data conversion, go-live decision, migration to production environment, documentation of new or revised systems, and user training Acquisition and implementation of off-the-shelf packages Request for changes to the existing systems Acquisition, implementation, and maintenance of system software c. Delivery and support controls – designed to control the delivery of CIS services and include: Establishment of service level agreements against which CIS services are measured Performance and capacity management controls Disaster recovery/contingency planning, training, and file backup Computer operations controls Systems security Physical and environment controls d. Monitoring controls – designed to ensure that CIS controls are working effectively as planned. These include: Monitoring of key CIS performance indicators Internal external CIS audits CIS APPLICATION CONTROLS – to establish specific control procedures over the application systems in order to provide reasonable assurance that all transactions are authorized, recorded and are processed completely, accurately and on a timely basis. CIS application controls include: a. Controls over Input – designed to provide reasonable assurance that: Transactions are properly authorized before being processed by the computer Transactions are accurately converted into machine readable form and recorded in the computer data files Transactions are not lost, added, duplicated or improperly changed Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely basis. b. Controls over processing and computer data files – designed to provide reasonable assurance that: Transactions, including system generated transactions, re properly processed by the computer Transactions are not lost, added, duplicated or improperly changed Processing errors (i.e., rejected data and incorrect transactions) are identified and corrected on a timely basis AUDITING THEORY REVIEW NOTES c. Controls over output – designed to provide reasonable assurance that: Results of processing are accurate Access to output is restricted to authorized personnel on a timely basis Output is provided to appropriate authorized personnel on a timely basis Review of general CIS controls General CIS controls that relate to some or all applications are typically interdependent controls in that their operation is often essential to the effectiveness of CIS application controls. Accordingly, it may be more efficient to review the design of the general controls before reviewing the application controls. Review of CIS application controls CIS application controls which the auditor may wish to test include: a. Manual controls exercised by the user b. Controls over system output c. Programmed control procedures CIS ENVIRONMENTS – STAND-ALONE PERSONAL COMPUTERS 1. A personal computer (PC) can be used in various configurations. These include: a. A stand-alone workstation operated by a single user or a number of users at different times; b. A workstation which part of a Local Area Network (LAN) of PCs; and c. A workstation connected to a server 2. In a stand-alone PC environment, it may not be practicable or cost-effective for management to implement sufficient controls to reduce the risks of undetected error to a minimum level 3. After obtaining the understanding of the accounting system and control environment, the auditor may find it more cost-effective not to make a further review of general controls or application controls, but concentrate audit efforts on substantive procedures. CIS ENVIRONMENTS – ON-LINE COMPUTER SYSTEMS 1. On-line computer systems are computer systems that enable users to access data and programs directly through terminal devices 2. On-line systems allow users to directly initiate various functions such as: a. Entering transactions b. Making inquiries c. Requesting reports d. Updating master files e. Electronic commerce activities 3. Types of terminals used in on-line systems: A. General purpose terminals 1. Basic keyboard and screen 2. Intelligent terminal 3. PCs B. Special purpose terminals 1. Point-of-sale devices 2. Automated teller machines (ATM) 2. Types of on-line computer systems: a. On-line/ real time processing Individual transactions are entered at terminal devices, validated, and used to update related computer files immediately. b. On-line/batch processing Individual transactions are entered at a terminal device, subjected to certain validation checks, and added to a transaction file that contains other transactions entered during the period. Later, during a subsequent processing cycle, the transaction file may be validated further and then used to update relevant master file. c. On-line/Memo update (and subsequent Processing) Combines in-line/ real time and on-line/ batch processing Individual transactions immediately update a memo file containing information that has been extracted from the most recent version of the master file. Inquiries are made from this memo file These same transactions are added to a transaction file for subsequent validation and updating of the master file on a batch basis d. On-line/ inquiry Restricts users at terminal devices to making inquiries of master file Master files are updated by other systems, usually on a batch basis e. On-line downloading/ uploading processing AUDITING THEORY REVIEW NOTES On-line downloading refers to the transfer of data from a master file to an intelligent terminal device for further processing by a user NETWORK ENVIRONMENT 1. A network environment is a communication system that enables computer users to share computer equipment, application software, data, and voice and video transmissions 2. A file server is a computer with an operating system that allows multiple users in a network to access software applications and data files 3. Basic types of networks a. Local area network (LAN) b. Wide area network (WAN) c. metropolitan area network (MAN) CIS ENVIRONMENTS – DATABASE SYSTEMS 1. DATABASE – a collection of data that is shared and used by many different users for different purposes 2. Two components of database systems: a. Database b. Database management system (DBMS) – software that creates, maintains, and operates the database 3. Characteristics of database systems: a. Data sharing b. Data independence TERMS USED IN CIS ENVIRONMENTS HARDWARE 1. COMPUTER HARDWARE – consists of the configuration of physical electronic equipment 2. CONSOLE – a special CRT (Cathode Ray Tube) used for communication between the operator and the computer. 3. PERIPHERAL EQUIPMENT – all non-CPU hardware that may be placed under the control of the processor. This consists of input, storage, output, and communication devices 4. CONTROLLERS – units designed to operate (control) specific input/output devices 5. CHANNELS – units designed to handle the transfer of data into or out of primary storage (memory) 6. BUFFER MEMORY (BUFFER) – temporary storage unit used to hold data during input/output operations 7. OFF-LINE – peripheral equipment not in direct communication with the CPU 8. ON-LINE – peripheral equipment in direct communication with, and under the control of the CPU 9. INPUT DEVICES – provides a means of transferring data into CPU storage a. Magnetic tape reader – capable of sensing information recorded as magnetized spots on magnetic tape. It is also used as an output device and storage medium. b. Magnetic ink character reader( MICR) – reads characters by scanning temporarily magnetized characters using magnetic ink c. Optical character recognition (OCR) – reads characters directly from documents based on their shapes and positions on the source document d. Cathode ray tube (CRT) – a typewriter-like device that decodes keystrokes into electronic impulses e. Key-to-tape and Key-to-disk – systems in which input data can be entered directly onto magnetic tape, magnetic disk, or floppy disk through CRT 10. STORAGE DEVICES – devices which store data that can be subsequently used by the CPU a. Random access – data can be accessed directly regardless of how it is physically stored (e.g., magnetic disk) b. Sequential access – data must be processed in the order in which it is physically stored (e.g., magnetic tape) 11. OUTPUT DEVICES – produce readable data or machine-readable data when further processing is required. Examples are CRT, printer, and CRT COM (Computer output to Micro film) 12. TERMINALS – CRT devices or microcomputers used for input/output (communication) with the CPU 13. POINT-OF-SALE DEVICES – a terminal connected to a computer. It takes the place of a cash register or similar devices which allows instant recording and is capable of keeping perpetual inventory 14. MODEM – a device for interfacing communications equipment within communication networks Software consists of computer programs which instruct the computer hardware to perform the desired processing. Types of computer programs AUDITING THEORY REVIEW NOTES 1. OPERATING SYSTEM – controls the functioning of the CPU and its peripheral equipment. Several different operating systems allow a single configuration of hardware to function in the following modes: a. MULTIPROGRAMMING – the operating system processes a program until an input/output operation is required. Since input or output can be handled by peripheral devices, such as channels and controllers, the CPU can begin executing another program‘s instructions. Several programs appear to be concurrently processing b. MULTIPROCESSING – multiple CPUs process data while sharing peripheral devices, allowing two or more programs to be process simultaneously c. VIRTUAL STORAGE – the operating system separates user programs into segment pages automatically. It appears as though there is unlimited memory available for programs, even though the program is still confined to a physical segment of memory. 2. UTILITY PROGRAM – performs a commonly required process, such as storing and merging 3. APPLICATION PROGRAM – performs the desired processing tasks (e.g., payroll preparation) 4. SOURCE PROGRAM – written by a programmer in a source language (e.g., COBOL) that will be converted into an object program 5. OBJECT PROGRAM – converted source program that was changed using a complier to create a set of machine-readable instructions 6. COMPILER – converts a source program to a machine language object program 7. INTERPRETER – converts each source code instruction to object code each time it is executed 8. DATABASE MANAGEMENT SYSTEM (DBMS) – a software package for the purpose of creating, accessing, and maintaining a database 9. TELECOMMUNICATIONS MONITOR PROGRAM – provides edit capabilities and file maintenance to users, monitors on-line terminals, and handles input to application programs ELECTRONIC DATA INTERCHANGE (EDI) – the electronic exchange of transactions, from one entity‘s computer to another entity‘s computer through an electronic communications network. In electronic fund transfer (EFT) Systems, for example, electronic transactions replace checks as a mean of payment. EDI controls include: a. Authentication – controls must exist over the origin, proper submission, and proper delivery of EDI communications to ensure that the EDI messages are accurately sent and received to and from authorized customers and suppliers. b. Encryption – involves conversion of plain text data to cipher text data to make EDI messages unreadable to unauthorized persons c. VAN controls – a value added network (VAN) is a computer service organization that provides network, storage, and forwarding (mailbox) services for EDI messages AUDIT APPROACHES 1. Auditing around the computer – the auditor ignores or bypasses the computer processing function of an entity‘s EDP system 2. Auditing with the computer – the computer is used as an audit tool 3. Auditing through the computer – the auditor enters the client‘s system and examines directly the computer and its system and application software COMPUTER ASSISTED AUDIT TECHNIQUES FOR TESTS OF CONTROLS I. Program analysis – techniques that allow the auditor to gain an understanding of the client‘s program 1. Code review – involves actual analysis of the logic of the program‘s processing routines 2. Comparison programs – programs that allow the auditor to compare computerized files 3. Flowcharting software – used to produce a flowchart of a program‘s logic and may be used both in mainframe and microcomputer environments 4. Program tracing and mapping – program tracing is a technique in which instruction executed is listed along with control information affecting that instruction. Program mapping identifies sections of code which may be potential source of abuse 5. Snapshot – this technique ―takes a picture‖ of the status of program execution, intermediate results, or transaction data at specified processing points I the program processing II. Program testing – involves the use of auditor-controlled actual or simulated data 1. Historical audit techniques – test the audit computer controls at a point in time a. Test data A set of dummy transactions specifically designed to test the control activities that management claims to have incorporated into the processing programs Shifts control over processing to the auditor by using the client‘s software to process auditor-prepared test data that includes both valid and invalid conditions AUDITING THEORY REVIEW NOTES III. It embedded controls are functioning properly, the client‘s software should detect all the exceptions planted in the auditor‘s test data Ineffective if the client does not use the software tested b. Base case system evaluation (BCSE) Develops test data that purports to test every possible condition that an auditor expects a client‘s software will confront Provides an auditor with much more assurance than test data alone, but expensive to develop and therefore cost-effective only in large computer systems c. Integrated test facility (ITF) d. A variation of test of data whereby simulated data and actual data are run simultaneously with the client‘s program and computer results are compared with auditor‘s predetermined results It provides assurance that the software tested is actually used to prepare financial reports e. Parallel simulation It involves of processing client‘s live (actual) data utilizing an auditor‘s generalized audit software If an entity‘s control have been operating efficiently, the client‘s software should generate the same exceptions as the auditor‘s software It should be performed on a surprise basis, I possible f. Controlled reprocessing A variation of parallel simulation, it involves processing of actual client data through a copy of the client‘s application program 2. Continuous audit techniques – test the audit computer controls throughout a period. a. Audit modules – programmed audit routines incorporated into an application program that are designed to perform an audit function such as a calculation, or logging activity b. Systems control audit review files (SCARFs) – log that collect transaction information for subsequent review and analysis by the auditor c. Audit hooks – ―exists‖ in an entity‘s computer program that allows an auditor to insert commands for audit processing d. Transaction tagging – a transaction record is tagged and then traced through critical control points in the information system e. Extended records – this technique attaches additional audit data which would not otherwise be saved to regular historic records and thereby helps to provide a more complete audit trail Review of operating system and other system software 1. JOB ACCOUNTING DATA/ OPERATING SYSTEM LOGS – these logs that track particular functions, include reports of the resources use by the computer system. The auditor may be able to use them to review the work processed, to determined whether unauthorized applications were processed and to determine that authorized applications were processed properly 2. LIBRARY MANAGEMENT SOFTWARE – this logs changes in programs, program modules, job control language, and other processing activities 3. ACCESS CONTROL AND SECURITY SOFTWARE – this restricts access to computers to authorized personnel through techniques such as only allowing certain users with ―readonly‖ access or through use of an encryption COMPUTERIZED AUDIT TOOLS 1. AUDIT SOFTWARE – computer programs used to process data of audit significance from the client‘s accounting system a. Package programs (generalized audit software) 1. Reading computer files 2. Selecting samples 3. Performing calculations 4. Creating data files 5. Printing reports in an auditor-specified format b. Purpose written programs (special purpose or custom designed programs) c. Utility programs – they are generally not designed for audit purposes 2. Electronic spreadsheets – contain a variety of predefined mathematical operations and functions that can be applied to data entered into the cells of a spreadsheet 3. Automated work paper software – designed to generate a trial balance, lead schedules, and other reports useful for the audit. The schedules and reports can be created once the auditor has either manually entered or electronically imported through using the client‘s account balance information into the system 4. Text retrieval software – allow user to view any text that ia available in an electronic format. The software program allows the user to browse through text files much as a user would browse through books. AUDITING THEORY REVIEW NOTES 5. Database management systems 6. Public databases 7. Word processing software Factors to consider in using CAAT 1. Degree of technical competence in CIS 2. Availability of CAAT and appropriate computer facilities 3. Impracticability of manual tests 4. Effectiveness and efficiency 5. Timing of tests Controlling the CAAT application Procedures to control the use of AUDIT SOFTWARE may include: 1. 2. 3. 4. 5. 6. 7. Participating in the design and testing of computer programs Checking the coding of the program Requesting the client‘s CIS personnel to review the operating system instructions Running the audit software on small test files before running them on main data files Ensuring that the correct files were used Obtaining evidence that the audit software functioned as planned Establishing appropriate security measures to safeguard against manipulations of the entity‘s data files Procedures to control the use of TEST DATA may include: 1. 2. 3. 4. 5. Controlling the sequence of submission of test data where it spans several processing cycles Performing test runs Predicting the results of test data Confirming that the current version of the program was used Obtaining reasonable assurance that the programs used to process the test data were used by the entity throughout the applicable audit period
