THE OVERVIEW OF AUDIT, ASSURANCE AND OTHER SERVICES
(PSA 120, 200, 220, PSAE, PSRE, PSRS)
ROLE OF AUDITING
●
●
●
●
●
●
Owner provides capital and hires manager to manage it
Manager is accountable to owner/ provides financial reports
There will be possible conflict of interest/lead to information risk
Manager hires auditor to report on the mgt’s fin. Report. The mgt pays auditor to reduce information risk / reduce cost of
capital
The auditor gathers evidence to evaluate fin reports of the mgt.
Auditor issues audit report, adding credibility to the mgt’s reports/ reduce owner’s information risk
THE CONCEPT OF ASSURANCE
●
●
To give assurance to something means giving confidence or believability to it so that other people could use it and “add value”
to whatever purpose the decision maker intends to use it
The concept of assurance is related to two other concepts, that is, attestation and auditing
THE SPECTRUM OF ASSURANCE, ATTESTATION, AND AUDITING
Assurance services are independent professional services that improve the quality of information, or its context, for decision makers
Practitioners (the technical term used for CPAs and professionals who provide assurance services) vouch for the genuineness of the
information and attach their credibility to it. The result is information that is more useful, believable, and reliable
Note that in the definition, assurance services are described as independent professional services
This phrase in the definition emphasizes the concept that practitioners have to possess the characteristic of independence
which is one of the most important ethical considerations and professional concepts that govern the entire study of auditing and
assurance.
Independence, in the auditing parlance, generally refers to a freedom from conflicts of interest that might impair one’s objectivity and
integrity in the conduct of services allowed by the profession. It is the characteristic of independence that instills public confidence in
the practitioners and the services that they render.
Attestation services occur when a practitioner is engaged to issue or does issue a report on a subject matter, or an assertion about a
subject matter that is the responsibility of another party.
The issuance of a report is said to be the manifestation of a practitioner’s attest function wherein he attaches his credibility and
integrity as to the genuineness of the information in an assurance service The practitioner reports about the reasonableness of a
subject matter often termed as an assertion which are representations being made by a responsible party. The attest function
formalizes the reporting responsibility that is inherent in an assurance service.
Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic
actions and events to ascertain the degree of correspondence between those assertions and established criteria and
communicating the results to interested users”
OBJECTIVE OF ASSURANCE ENGAGEMENT
The objective of ASSURANCE ENGAGEMENT is for a professional accountant to
a. Evaluate or measure a subject matter that is the responsibility of another party against identified suitable criteria, and
b. Expresses a conclusion that provides the intended user with a level of assurance about that subject matter.
An assurance engagement should exhibit ALL of the following:
a. A three party relationship involving:
i.
A professional accountant/CPA
ii.
A responsible party
iii.
An intended user
b. A subject matter
c. Suitable criteria
d. Sufficient appropriate evidence
e. A written assurance report
BASIC CONCEPTS
●
●
●
●
●
●
●
●
Assurance services comprise the broadest scope of services in the spectrum.
Assurance services encompass both attestation and auditing.
Attestation, on the other hand, encompasses auditing which is the most basic type of service in the spectrum
Assurance services are the broadest type of services in the spectrum.
Assurance services encompass both attestation and audit. Therefore, we can conclude that all attestation services are
assurance services and that audits are also assurance services. However, not all assurance services are attestation services
and, in the same manner, not all assurance services are audits.
Attestation encompasses audit. Therefore, we can conclude that all audits are attestation services; however, not all
attestation services are audits.
Audits are the simplest type of assurance services. From the spectrum, we can conclude that an audit is an assurance service
(since it improves the quality of information and lends credibility to it) and that it is also an attestation service (its attest
function being manifested in the issuance of an audit report which is the main output of the audit process)
Assurance services encompass attestation services. The main difference between assurance services and attestation services
lie in the SCOPE OF THE SERVICES to be provided.
ASSURANCE ENGAGEMENTS
“Assurance engagement” means an engagement in which a practitioner expresses a conclusion designed to enhance the degree of
confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject
matter against criteria
Assurance, in the context of the Framework, refers to the auditor’s satisfaction as to the reliability of an assertion being made by one
party for use by another party
CLASSIFICATIONS OF ASSURANCE ENGAGEMENTS
ASSERTION-BASED VS. DIRECT REPORTING ENGAGEMENTS
Assertion-based engagements
● These are assurance engagements on a subject matter that has written assertions or representations.
● The evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter
information is in the form of an assertion by the responsible party that is made available to the intended users.
● Audits and reviews of financial statements fall under this category.
Direct reporting engagements
● These are assurance engagements on a subject matter regardless of whether or not a written assertion was made on it.
● The practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation
from the responsible party that has performed the evaluation or measurement that is not available to the intended users.
● The subject matter information is provided to the intended users in the assurance report
REASONABLE ASSURANCE VS. LIMITED ASSURANCE ENGAGEMENTS
Reasonable Assurance Engagements
● The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level
in the circumstances of the engagement as the basis for a positive form of expression of the practitioner’s conclusion.
● These engagements make use of a broad range and scope of procedures to substantiate the reasonableness and genuineness
of information.
● In a reasonable assurance engagement, the practitioner expresses the conclusion in the positive form, for example: “In our
opinion internal control is effective, in all material respects, based on XYZ criteria.” This form of expression conveys
“reasonable assurance.”
● Having performed evidence-gathering procedures of a nature, timing and extent that were reasonable given the
characteristics of the subject matter and other relevant engagement circumstances described in the assurance report, the
practitioner has obtained sufficient appropriate evidence to reduce assurance engagement risk to an acceptably low level.
● Audits of financial statements is an example of a reasonable assurance engagement.
Limited Assurance Engagements
● On the other hand, the objective of a limited assurance engagement is a reduction in assurance engagement risk to a level
that is acceptable in the circumstances of the engagement, but where that risk is greater than for a reasonable assurance
engagement, as the basis for a negative form of expression of the practitioner’s conclusion.
● These engagements make use of only a limited scope of procedures that are deliberately limited relative to a reasonable
assurance engagement.
● Engagement risk is said to be greater in a limited assurance engagement rather than in a reasonable assurance engagement
primarily because of the limited scope of procedures that are utilized in a limited assurance engagement.
● In a limited assurance engagement, the practitioner expresses the conclusion in the negative form, for example, “Based on
our work described in this report, nothing has come to our attention that causes us to believe that internal control is not
effective, in all material respects, based on XYZ criteria.” This form of expression conveys a level of “limited assurance” that
is proportional to the level of the practitioner’s evidence-gathering procedures given the characteristics of the subject matter
and other engagement circumstances described in the assurance report.
● A review of financial statements is an example of a limited assurance engagement.
EXAMPLES OF ASSURANCE ENGAGEMENTS
AUDITS (PSA 120, par. 7; 11-13)
The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with an identified financial reporting framework. Audits
provide reasonable assurance, or a high, but not absolute, level of assurance that the information subject to audit is free of
material misstatement.
The phrase used to express the auditor’s objective is “present fairly, in all material respects”.
In forming the audit opinion, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on
which to base the opinion
REVIEWS (PSA 120, par. 14-16)
The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the auditor's attention that causes
the auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an identified
financial reporting framework.
Reviews provide a moderate level of assurance.
A review comprises inquiry and analytical procedures. While a review involves the application of audit skills and techniques
and the gathering of evidence, it does not ordinarily involve
(1) an assessment of accounting and internal control systems,
(2) tests of records and of responses to inquiries by obtaining corroborating evidence through inspection,
observation, confirmation, and computation, which are procedures ordinarily performed during an audit.
The level of assurance provided in a review report is correspondingly less than that given in an audit report.
AGREED-UPON PROCEDURES (PSA 120, par. 17)
In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those procedures of an audit nature
to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings.
The recipients of the report must form their own conclusions from the report by the auditor.
The report is restricted to those parties that have agreed to the procedures to be performed since others, unaware of the
reasons for the procedures, may misinterpret the results.
COMPILATION (PSA 120, par. 18)
In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to
collect, classify and summarize financial information. This ordinarily entails reducing detailed data to a manageable and
understandable form without a requirement to test the assertions underlying that information.
The procedures employed are not designed and do not enable the accountant to express any assurance on the financial
information. However, users of the compiled financial information derive some benefit as a result of the accountant's
involvement because the service has been performed with due professional skill and care.
Preparation of tax returns, with no opinion expressed.
Management consulting, which are two-party contracts in which a consultant recommends uses for information
ENGAGEMENT ACCEPTANCE
As provided by the Framework, a practitioner accepts an assurance engagement only where the practitioner’s preliminary knowledge
of the engagement circumstances indicate that:
● Relevant ethical requirements, such as independence and professional competence will be satisfied; and
● The engagement exhibits all of the following characteristics:
○ The subject matter is appropriate;
○
○
○
○
The criteria to be used are suitable and are available to the intended users;
The practitioner has access to sufficient appropriate evidence to support the practitioner’s conclusion;
The practitioner’s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited
assurance engagement, is to be contained in a written report; and
The practitioner is satisfied that there is a rational purpose for the engagement
INDEPENDENCE: FACT VERSUS APPEARANCE
There are two kinds of independence that concern the practitioner on a personal level: independence in mind (also called
independence in fact) and independence in appearance.
Independence in fact is a state of mind – an attitude of impartiality. It is the practitioner’s way of saying that in himself he
knows that he is independent, e.g. free from any conflict of interest with the client. However, because a practitioner’s “state of mind”
cannot be observed in quite the same way that a behavior can actually be observed, the profession has relied on independence in
appearance which exemplifies the manifestation that practitioners remain free of any overt interest in a client that would damage the
appearance of independence.
FIRM-WIDE VERSUS TEAM-WIDE INDEPENDENCE
In previous practice, the profession has followed the concept of firm-wide independence that operates in this manner: if a
member of an engagement team (the team tasked to provide the assurance service for a client, headed by a lead engagement partner
and his members) is found to be in conflict of interest with the client, the entire firm is prohibited from entering into the engagement.
However, in current practice, the profession is now following the concept of team-wide independence, operating under the
concept that if a member of an engagement team is found to be in conflict of interest with a client, that team or that member of the
team is replaced with another team or team member with the firm still being allowed to conduct the engagement.
CHANGES FROM ONE ENGAGEMENT TO ANOTHER
Having accepted an assurance engagement, a practitioner may not change that engagement to a non-assurance engagement,
or from a reasonable assurance engagement to a limited assurance engagement without reasonable justification.
A change in circumstances that affects the intended users’ requirements, or a misunderstanding concerning the nature of the
engagement, ordinarily will justify a request for a change in the engagement. If such a change is made, the practitioner does not
disregard evidence that was obtained prior to the change.
*Elaborated in PSA 210 “Agreeing the Terms of Audit Engagements”
ELEMENTS OF AN ASSURANCE ENGAGEMENT
1. THREE-PARTY RELATIONSHIP
Assurance engagements are three-party contracts composed of a practitioner, a responsible party, and intended users.
Non-assurance engagements only involve two parties.
The term practitioner as used in the Framework is broader than the term “auditor” as used in the Philippine
Standards on Auditing (PSAs), which relates only to practitioners performing audit or review engagements. Practitioners are
the professionals requested to perform assurance engagements on a variety and a wide range of subject matters.
The responsible party is the person (or persons) who is responsible for the subject matter or subject matter
information of the assurance engagement.
In a direct reporting engagement, the responsible party is responsible for the subject matter; in an assertion-based
engagement, the responsible party may be responsible for the subject matter information (assertion) and may be responsible
for the subject matter.
The responsible party ordinarily provides the practitioner with a written representation that evaluates or measures
the subject matter against the identified criteria, whether or not it is to be made available as an assertion to the intended
users.
The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report.
The responsible party can be one of the intended users, but not the only one.
In the same manner, the responsible party and the intended users may be from different entities or the same entity.
Of the three parties involved in an assurance engagement, the intended users are generally given emphasis as to
how an engagement will qualify as an assurance engagement.
The engagement users are the ones for whom the practitioner’s attest function is primarily directed aside from
reporting also to the responsible party which may also be considered as an intended user. This is how CPAs gain public
confidence in the profession and the industry.
Consulting services, as an example of a non-assurance engagement, only involves two parties: the practitioner and
the responsible party.
The practitioner only recommends uses for information which the responsible party may or may not wish to follow.
2. SUBJECT MATTER
The Framework provides that the subject matter of an assurance engagement should be appropriate, which means
that it must be in line and apt for the assurance engagement to be provided.
Furthermore, for a subject matter to be appropriate, it should be:
● Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and
● Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to
support a reasonable assurance or limited assurance conclusion, as appropriate.
The subject matter, and subject matter information, of an assurance engagement can take many forms, such as:
● Financial performance or conditions
● Non-financial performance or conditions
● Physical characteristics
● Systems and processes
● Behavior
3. CRITERIA
The Framework defines criteria as “the benchmarks used to evaluate or measure the subject matter including, where
relevant, benchmarks for presentation and disclosure.”
These are the frame of reference within which the subject matter of the assurance engagement is tested for its
degree of correspondence and reasonableness.
Criteria can be:
● Formal, for example in the preparation of financial statements, the criteria may be Philippine Financial Reporting
Standards; when reporting on internal control, the criteria may be an established internal control framework or
individual control objectives specifically designed for the engagement; and when reporting on compliance, the
criteria may be the applicable law, regulation or contract; or
● Less formal, for example an internally developed code of conduct or an agreed level of performance (such as the
number of times a particular committee is expected to meet in a year).
● Established, for example those embodied in laws or regulations, or issued by authorized or recognized bodies of
experts that follow a transparent due process; or
● Specifically developed, for example those designed for the purpose of the engagement.
It is important to note that the Framework provides that the criteria to be used for an assurance engagement should
be suitable, that is capable of reasonably consistent evaluation or measurement of a subject matter within the context of
professional judgment.
Without the frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding. Furthermore, suitable criteria are said to be context sensitive, that is, relevant to the engagement
circumstances.
A given set of criteria is said to be suitable if it exhibits the following characteristics:
● Relevance
● Completeness
● Reliability
● Neutrality
● Understandability
It should be noted that the practitioner assesses the suitability of criteria for a particular engagement and the relative
importance of each characteristic based on his professional judgment.
4. SUFFICIENT APPROPRIATE EVIDENCE
The bulk of the work of a practitioner in an assurance engagement (more specifically, an auditor in the conduct of
an audit of financial statements) lies in obtaining and evaluating evidence.
The evidence-gathering process constitutes the “dirty work” of a practitioner in that his generalization or conclusion
about the reasonableness of the information provided by the responsible party will be based on the evidence that the
practitioner has obtained and evaluated.
A practitioner cannot provide an expression of assurance without obtaining and evaluating evidence.
As provided by the Framework, evidence should possess two qualities in an assurance engagement: sufficiency and
appropriateness. When these two qualities are present, the evidence is considered to be competent evidence.
● Sufficiency is the measure of the quantity of evidence.
● Appropriateness is the measure of the quality of evidence, that is, its relevance and reliability.
In the conduct of an assurance engagement (let’s say, an audit for example), the practitioner is not required to gather
all evidence that could be gathered; the practitioner only gathers evidence that he deems relevant and useful for the
particular engagement.
The quantity of evidence needed is affected by the risk of the subject matter information being materially misstated
(the greater the risk, the more evidence is likely to be required) and also by the quality of such evidence (the higher the
quality, the less may be required).
Accordingly, the sufficiency and appropriateness of evidence are interrelated.
However, it should be noted that merely obtaining more evidence may not compensate for its poor quality.
The reliability of evidence supporting its appropriateness is influenced by its source and by its nature, and is
dependent on the individual circumstances under which it is obtained.
GENERALIZATIONS ABOUT THE RELIABILITY OF EVIDENCE
●
●
●
●
●
Evidence is more reliable when it is obtained from independent sources outside the entity.
Evidence that is generated internally is more reliable when the related controls are effective.
Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more
reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control).
Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for
example, a contemporaneously written record of a meeting is more reliable than a subsequent oral representation
of what was discussed).
Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles.
PERSUASIVENESS OF AVAILABLE EVIDENCE
Aside from considering sufficiency and appropriateness as characteristics, evidence is also said to be competent
when it is persuasive.
Persuasiveness of evidence, in the audit parlance, means that the evidence is capable of enabling the practitioner or
auditor to make a decision regarding the reasonableness of the information in the assertions being represented by the
responsible party, that would potentially affect the practitioner’s opinion to be included in the assurance report.
Following the concept of reliability of evidence as influenced by its source and by its nature as illustrated by the
generalization on the reliability of evidence, the following conclusions relating to persuasiveness of evidence may be
derived:
● the most persuasive type of evidence are those that are purely externally-generated
● the least persuasive type of evidence are those that are purely internally-generated
However, it should be noted that the persuasiveness of evidence is still a matter of the practitioner’s professional
judgment.
COST-BENEFIT RELATIONSHIP
Another important concept which the practitioner has to take into consideration when gathering and evaluating
evidence is the cost-benefit relationship. This concept simply states that “the benefits to be derived from obtaining the
particular type of evidence should exceed the cost of obtaining it”.
The practitioner considers the relationship between the cost of obtaining evidence and the usefulness of the
information obtained. However, the matter of difficulty or expense involved is not in itself a valid basis for omitting an
evidence gathering procedure for which there is no alternative.
This does not mean that simply because a particular evidence-gathering procedure is costly the practitioner should
no longer conduct the procedure and obtain the evidence that it could potentially give. No matter how costly an evidence
gathering procedure is, as long as the pracƟƟoner believes that the evidence to be derived from it would be significantly
beneficial and provide persuasive evidence to the engagement, then it is justifiable to obtain that evidence.
The practitioner should use professional judgment and exercise professional skepticism in evaluating the quantity
and quality of evidence, and thus its sufficiency and appropriateness, to support the assurance report.
5. WRITTEN ASSURANCE REPORT
This is the main output of an assurance engagement.
Note that the Framework requires that the assurance report should be written as this is the manifestation of the
practitioner’s attest function or the process of communicating the results to the intended users.
Furthermore, the Framework provides that the report should be in a form appropriate to either a reasonable
assurance engagement (e.g., audit report) or a limited assurance engagement (e.g., review report).
PROFESSIONAL SKEPTICISM
The Framework states that “the practitioner plans and performs an assurance engagement with an attitude of professional
skepticism to obtain sufficient appropriate evidence about whether the subject matter information is free of material misstatement.
Professional skepticism means that the practitioner recognizes that “circumstances may exist that cause the subject matter
information to be materially misstated.”
It means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is
alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party.
An attitude of professional skepticism is necessary throughout the engagement process for the practitioner to reduce the risk
of overlooking suspicious circumstances of over generalizing when drawing conclusions from observations, and of using faulty
assumptions in determining the nature, timing and extent of evidence gathering procedures and evaluating the results thereof
Professional skepticism does not mean always being dubious of fraudulent evidence or information or that the client always
hides something that they do not want the practitioners to know. Professional skepticism mainly denotes that the practitioner neither
considers information presented to be absolutely false nor assumes that management exhibits unquestioned honesty. The most
theoretical concept of professional skepticism is not finding errors in the information provided by the responsible party or assuming
that the information provided is incorrect, but rather assuming that the information provided is reasonable and genuine and obtaining
and evaluating evidence to prove that indeed the information is reasonable and genuine.
Only when the practitioner encounters evidence that contradicts such information provided will he consider that the
information is false or inaccurate.
AUTHENTICATION OF DOCUMENTATION
An assurance engagement rarely involves the authentication of documentation, nor is the practitioner trained as or expected
to be an expert in such authentication.
However, the practitioner considers the reliability of the information to be used as evidence, for example photocopies,
facsimiles, filmed, digitized or other electronic documents, including consideration of controls over their preparation and maintenance
where relevant.
THE CONCEPT OF REASONABLE ASSURANCE
Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one party for use by
another party. Audits and reviews only provide reasonable and moderate levels of assurance, respectively. It is never possible for any
assurance engagement to provide an absolute level of assurance since this tantamount to 100% guarantee that the subject matter is
entirely free of material misstatements which realistically cannot happen.
As provided in the Framework, reasonable assurance is less than absolute assurance. Reducing assurance engagement risk to
zero is very rarely attainable or cost beneficial as a result of factors such as the following:
● The use of selective testing
● The inherent limitations of internal control
● The fact that much of the evidence available to the practitioner is persuasive rather than conclusive
● The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence
In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria
The concept of reasonable assurance is also related to the cost-benefit relationship that states that “the benefits to be derived
from obtaining the particular type of evidence should exceed the cost of obtaining it”.
“Reasonable assurance” is a concept relating to accumulating evidence necessary for the practitioner to conclude in relation
to the subject matter information taken as a whole. To be in a position to express a conclusion in the positive form required in a
reasonable assurance engagement, it is necessary for the practitioner to obtain sufficient appropriate evidence as part of an iterative,
systematic engagement process.
AUDITING SERVICES
THE DEMAND FOR FINANCIAL STATEMENT AUDITS
1.
An audit provides written assurance from an independent party that assertions embodied in a set of financial statements are
reliable
● External parties who need financial statement audits include
○ Investors
○ Employees and labor unions
○ Regulatory and taxing authorities
● Internal parties include
○ Management
○ Financial officers
○ Sales executives
2.
None of the parties who demand an audit are in a position to obtain information about a company except from company
management.
●
Management often has an incentive to misstate the financial statements for its own interest
3.
Financial statements are audited by auditors
● Financial statements are the representations of and responsibility of management
● Auditors express an opinion regarding fair presentation
4.
The client in the audit of a public company is not management
● The client is the Board of Directors, as representative of the shareholders (owners)
5.
An audit is a systematic process
● Involves both an investigation and a report. Investigation is the gathering and evaluation of evidence. Reporting is
the conveyance of the auditor’s opinion regarding fair presentation
DEFINITION OF AUDITING
AUDITING
is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and
events to ascertain the degree of correspondence between those assertions and established criteria and communicating the
results to the interested users. (AMERICAN ACCOUNTANTS ASSOCIATION)
●
●
●
●
●
●
●
●
SYSTEMATIC PROCESS – audits are organized and structured activities
OBJECTIVELY – free from bias
OBTAINING & EVALUATING EVIDENCE – allows the auditor to determine the support for the
representations provided by the client’s management.
ASSERTIONS ABOUT ECONOMIC ACTIONS & EVENTS – describes the subject matter of the audit
DEGREE OF CORRESPONDENCE & ESTABLISHED CRITERIA – the closeness of assertion to the criteria promulgated
by the IASB
COMMUNICATING RESULTS TO INTERESTED USERS – written report (AUDIT REPORT) about whether the
FS is fairly presented in all material respects in accordance with the identified financial reporting framework for all interested users.
An audit is an assurance engagement. It has all of the five elements of Assurance Engagement.
OBJECTIVE OF AUDIT
The OBJECTIVE OF AUDIT is to enable the auditor to express an opinion whether the financial statements are prepared, in all material
respects, in accordance with an identified financial reporting framework. While the auditor is responsible for forming and expressing
an opinion on the financial statements, the responsibility for preparing and presenting the financial statements is that of the
management of the company.
INFORMATION RISK - is the risk that unreliable information will be provided to decision makers. Factors that contribute to information
risk are:
a.
Remoteness of information users from information providers
Decision makers, almost always, do not get first hand knowledge about the business enterprise with which they do
business for the reasons that in many cases,
1. owners are divorced from management,
2. directors are not involved in day-to-day operations or decisions,
3. business may be dispersed among numerous geographic locations and complex corporate structure.
b.
Potential bias and motives of information provider
● A conflict of interest may be assumed to exist between management and owners regarding the financial statements.
● Management usually desires to present the results of its stewardship in the most favorable light.
● Information may possibly be biased in favor of the provider when his goals are inconsistent with the decision maker.
● This could be attributed to either an international emphasis designed to influence users in a certain manner or maybe
an honest optimism about future events.
c.
Voluminous data
● As businesses grow, possibly millions of exchange transactions are processed daily via manual or sophisticated
computerized systems.
● This increases therefore the likelihood that improperly recorded information may be included or buried in the
records.
d.
Complex exchange transactions
● New and changing business relationships may lead to innovative accounting and reporting problems.
● Transactions are so complex and hence more difficult to record properly. Also, transactions not quantifiable will
require increased disclosures.
How Information Risk May Be Reduced?
a. Allow users to verify information
The user may go to the business establishment to examine records and obtain information about the reliability of the
statement.
b. User shares information risk with management
It is important to emphasize the fact that management has the primary responsibility of providing reliable information to
users. If users rely on inaccurate financial statements and as a consequence incurs a financial loss, a lawsuit may be brought
against management to recover part of such loss.
c. Have the financial statements audited
To obtain reliable information, the user can have an independent audit performed. The audited information is then used in
the decision making process on the assumption that is reasonably complete, accurate, and unbiased. As an expert in the
application of GAAP, the independent auditor further enhances the quality of financial reporting.
THEORETICAL FRAMEWORK OF AUDITING
●
●
●
●
●
●
●
Audit function operates on the assumption that all financial data are VERIFIABLE.
The auditor should always maintain INDEPENDENCE with respect to the financial statements under audit.
There should be NO LONG-TERM CONFLICT between the auditor and the client management.
EFFECTIVE ACCOUNTING AND INTERNAL CONTROL SYSTEMS reduces the possibility of errors and fraud affecting the financial
statements.
Consistent application of GAAP or financial reporting standards results in FAIR PRESENTATION OF FINANCIAL STATEMENTS.
What was held true in the past will continue to hold true in the future in the absence of known conditions to the contrary.
An audit BENEFITS THE PUBLIC.
OTHER TYPES OF AUDITS
Types of audits according to the nature of the assertions being audited:
a.
FINANCIAL STATEMENT AUDIT
● Examination of financial statements to determine whether they are stated in accordance with specified criteria.
b.
OPERATIONAL AUDITS
● Examination of all or part of an organization for the purpose of determining the effectiveness and/or efficiency of
its operations.
● Assess effectiveness and efficiency
● Focus on information systems and operating procedures
● Scope can be entity’s entire operation, or selected procedures
c.
COMPLIANCE AUDITS
● Performed to evaluate the adherence to specific procedures and rules set down by some higher authority.
● Most often performed in governmental agencies
○ Similar to a financial statement audit
○ Can be designed to
■ Determine whether an entity’s financial statements are fairly presented in accordance with GAAP
■ Determine whether the entity is in compliance with applicable laws and regulations
■ Can be conducted by either independent auditors or governmental auditors
Types of audits according to the type of auditor:
d.
EXTERNAL OR INDEPENDENT FINANCIAL STATEMENT AUDIT
examinations of financial statements to determine whether they are stated in accordance with specified criteria.
e.
INTERNAL AUDIT
an independent appraisal activity established within an entity as a service to the entity. Its objective is to assist all
members of the management in the effective discharge of their responsibilities by furnishing them with analyses,
appraisals, recommendations and pertinent comments concerning the activities reviewed.
f.
GOVERNMENT AUDIT
involves the determination of whether government funds are being handled properly and in compliance with existing
laws; and whether programs are being conducted efficiently and economically.
REVIEWS
●
●
●
The objective of a review of financial statements is to enable an auditor to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the auditor's attention that causes
the auditor to believe that the financial statements are not prepared, in all material respects, in accordance with an identified
financial reporting framework.
A review comprises inquiry and analytical procedures which are designed to review the reliability of an assertion that is the
responsibility of one party for use by another party.
While a review involves the application of audit skills and techniques and the gathering of evidence, it does not ordinarily
involve an assessment of accounting and internal control systems, tests of records and of responses to inquiries by obtaining
corroborating evidence through inspection, observation, confirmation and computation, which are procedures ordinarily
performed during an audit.
●
Although the auditor attempts to become aware of all significant matters, the procedures of a review make the achievement
of this objective less likely than in an audit engagement, thus the level of assurance provided in a review report is
correspondingly less than that given in an audit report.
AGREED-UPON PROCEDURES
● In an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those procedures of an audit nature
to which the auditor and the entity and any appropriate third parties have agreed and to report on factual findings.
● The recipients of the report must form their own conclusions from the report by the auditor.
● The report is restricted to those parties that have agreed to the procedures to be performed since others,unaware of the
reasons for the procedures, may misinterpret the results.
COMPILATION
● In a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to
collect, classify and summarize financial information.
● This ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the
assertions underlying that information.
● The procedures employed are not designed and do not enable the accountant to express any assurance on the financial
information. However, users of the compiled financial information derive some benefit as a result of the accountant's
involvement because the service has been performed with due professional skill and care.
ASSURANCE ENGAGEMENT RISK
The primary reason why assurance engagements cannot provide absolute assurance (only reasonable or moderate assurance) is
primarily because of the concept of assurance engagement risk.
The framework defines assurance engagement risk as the risk that the practitioner expresses an inappropriate conclusion when the
subject matter information is materially misstated.
This is the risk that the practitioner might conclude that the subject matter of an assurance engagement is reasonable and genuine
when in fact it is not.
In a reasonable assurance engagement (audit), the practitioner reduces assurance engagement risk to an acceptably low level in the
circumstances of the engagement to obtain reasonable assurance as the basis for a positive form of expression of the practitioner’s
conclusion.
The level of assurance engagement risk is higher in a limited assurance engagement (review engagement) than in a reasonable
assurance engagement because of the different nature, timing or extent of evidence gathering procedures.
Note that a review engagement only utilizes a limited scope of procedures as compared to an audit.
However in a limited assurance engagement, the combination of the nature, timing and extent of evidence gathering procedures is at
least sufficient for the practitioner to obtain a meaningful level of assurance as the basis for a negative form of expression.
In general, assurance engagement risk can be represented by the following components, although not all of these components will
necessarily be present or significant for all assurance engagements:
a.
The risk that the subject matter information is materially misstated, which in turn consists of:
● Inherent risk: the susceptibility of the subject matter information to a material misstatement, assuming that there
are no related controls; and
●
b.
Control risk: the risk that a material misstatement that could occur will not be prevented, or detected and corrected,
on a timely basis by related internal controls. When control risk is relevant to the subject matter, some control risk
will always exist because of the inherent limitations of the design and operation of internal control; and
Detection risk: the risk that the practitioner will not detect a material misstatement that exists