Review Notes

AUDITING THEORY REVIEW NOTES
FUNDAMENTALS OF ASSURANCE ENGAGEMENTS1
Assurance Services/Engagements:
● Assurance services – independent professional services in which a practitioner issues a written
communication that expresses a conclusion designed to enhance the degree of confidence of the
intended users other than the responsible party about the outcome of the evaluation or measurement
of a subject matter against criteria
● Assurance engagement – an engagement in which a practitioner expresses a conclusion designed
to enhance the degree of confidence of the intended users other than the responsible party about the
outcome of the evaluation or measurement of a subject matter against criteria
● Assurance services improve the quality of information for decision-making.

● Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being
made by one party for use by another party; it is the degree of certainty the practitioner has
attained and wishes to convey to intended users
● Independence is required whenever a professional accountant performs assurance services.
Objective of an Assurance Engagement, In General:

Assurance engagements performed by professional accountants are intended to enhance the credibility of
information about the outcome of the evaluation or measurement of a subject matter against criteria, thereby
improving the likelihood that the information will meet the needs of an intended user. Assurance
engagements enhance the degree of confidence of the intended user because the quality of information for
decision making is improved.
Objective of Assurance Engagements:

According to the Philippine Framework for Assurance Engagements, an assurance engagement is
conducted:
a. To provide a high level of assurance that the subject matter conforms in all material respects with
identified suitable criteria; or
b. To provide a moderate level of assurance that the subject matter is plausible in the
circumstances.
Types of Assurance Engagements and their Objectives:

1. Reasonable assurance engagements – engagements that provide high, but not absolute, level of
assurance
● Also called high-level engagements
● The objective of a reasonable assurance engagement is a reduction in assurance engagement
risk to an acceptably low level as the basis for a positive form of expression of the practitioner’s
conclusion.
● Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably

low level (close to zero).
● For assurance engagements regarding historical financial information in particular, reasonable
assurance engagements are called audit engagements. An audit engagement is an
assurance engagement to provide a high level of assurance that the financial statements are
free of material misstatement. This high level of assurance is expressed positively in the audit
report as “reasonable assurance”.
● Absolute assurance is not attainable:
In assurance engagements, absolute assurance is generally not attainable because of such
factors as:
→ Use of judgment
→ Use of testing
→ Inherent limitations of internal control
→ Most evidence available to the practitioner is persuasive rather than conclusive
→ In some cases, the characteristics of the subject matter
2. Limited assurance engagements – engagements that provide only a “moderate” or “limited” level
of assurance
1
NOTES FROM SIR RED SIRUG HANDOUTS ON AUDITING THEORY
1
● The objective of a limited assurance engagement is a reduction in assurance engagement risk to

an acceptable level as the basis for a negative form of expression of the practitioner’s conclusion.
Thus, the risk in limited assurance engagement is greater than for a reasonable assurance
engagement.
● Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable

level.
● For assurance engagements regarding historical financial information in particular, limited
assurance engagements are called review engagements.
Assurance Engagement Risk:

● Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion
when the subject matter information is materially misstated.
● Components of assurance engagement risk:
1. Risk of material misstatement – the risk that the subject matter is materially misstated
a. Inherent risk – the susceptibility of the subject matter information to a material
misstatement, assuming that there are no related controls
b. Control risk – the risk that a material misstatement that could occur will not be prevented,
or detected and corrected, on a timely basis by related internal controls
2. Detection risk – the risk that the practitioner will not detect a material misstatement that exists
Assertion-based and Direct Reporting Engagements:

1. Assertion based engagements – evaluation or measurement of the subject matter is performed
by the responsible party, and the subject matter information is in the form of an assertion by the
responsible party that is made available to the interested users
● Assertion-based engagements are also known as attestation engagements
● Examples of assertion-based engagements:
a. Audit engagements
b. Review engagements
In an assertion-based engagement, the practitioner’s conclusion can be worded in terms of

the responsible party’s assertion. For example:
“In our opinion the responsible party’s assertion that internal control is effective, in all
material respects, based on XYZ criteria, is fairly stated”
2. Direct reporting engagements – the practitioner either directly performs the evaluation or
measurement of the subject matter, or obtains a representation from the responsible party that has
performed the evaluation or measurement that is not available to the intended users
In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of

the subject matter and the criteria. For example:
“In our opinion internal control is effective, in all material respects, based on XYZ
criteria”
Range of Assurance Engagements:

a. Engagements to report on a broad range of subject matters covering financial and non-financial
information
b. Attest and direct reporting engagements
c. Engagements to report internally and externally, and
d. Engagements in the private and public sector
Examples of Assurance Engagements:

1. Audits of financial statements
2. Examination of prospective financial statements
3. Reporting on compliance with laws, rules and regulations
4. Other assurance services:
a. CPA risk advisory
b. Business performance measurement services
c. Health care performance measurement services
d. Elder Care Plus
e. Risk Assessment Services
f. CPA Web Trust Service
2
g. Information Systems Reliability
Requirements before a practitioner can accept an assurance engagement:

Only where the practitioner’s knowledge of the engagement circumstances indicates that:
1. Relevant ethical requirements, such as independence and professional competence will be satisfied;
and
2. The assurance engagement exhibits all of the following characteristics:
a. The subject matter is appropriate
b. The criteria to be used are suitable and are available to the intended users
c. The practitioner has access to sufficient appropriate evidence to support the practitioner’s
conclusion;
d. The practitioner’s conclusion, in the form appropriate to either a reasonable assurance
engagement or a limited assurance engagement, is to be contained in a written report, and
e. The practitioner is satisfied that there is a rational purpose for the engagement.
Elements of Assurance Engagements:

Not all engagements performed by practitioners are assurance engagements. An assurance engagement
must have the following elements:
1. Three party relationship (involving a practitioner, a responsible party and intended users)
2. Appropriate subject matter
3. Suitable criteria
4. Sufficient appropriate evidence
5. Written assurance report in the form appropriate to a reasonable assurance engagement or a limited
assurance engagement
Three Party Relationship:

a. Practitioner – CPA in public practice who performs the assurance engagement
The term practitioner is broader than the term “auditor” as used in professional standards, which
only refers to practitioner performing audit or review engagements with respect to historical
financial information.
b. Responsible party – person/s who is responsible for the subject matter or the assertion (subject
matter information)
For example, an entity’s management is responsible for the preparation and presentation of financial
statements or the establishment and implementation of internal control.
c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the
assurance report; they are the users to whom the practitioner usually addresses the report
Responsible party and intended user:

● The responsible party and the intended users may be from different entities or the same
entity.
● The practitioner may be engaged by the responsible party or the intended user.
● The responsible party can be one of the intended users, but not the only one.
● Whenever practical, the assurance report is addressed to all the intended users, but in
some cases there may be other intended users. In cases where the CPA may not be able
to identify all intended users, intended users may be limited to major stockholders with
significant and common interests.
● In some circumstances, the intended user may be established by law.
● The responsible party may also be one of the intended users.
● The intended user may be established by agreement between the practitioner and
responsible party or those engaging or employing the practitioner.
Appropriate Subject Matter:

Subject matter refers to the information to be evaluated or measured against the criteria. Subject
matter information means the outcome of the evaluation or measurement of a subject matter.
Subject matter in an audit of financial statements:

● Subject matter includes the financial position, financial performance and cash flows of the
entity
3
● Subject matter information is the set of financial statements

● Responsible party is the client/entity management
Requirements for subject matter to be considered appropriate:

a. Identifiable
b. Capable of consistent evaluation and measurement against suitable criteria
c. In the form that can be subjected to procedures for gathering evidence to support that
evaluation or measurement
Forms of subject matter of an assurance engagement:

1. Financial performance or conditions (for example, historical or prospective financial position,
financial performance and cash flows) for which the subject matter information may be the
recognition, measurement, presentation and disclosure represented in the financial statements
2. Non-financial performance or conditions (for example, performance indicators of an entity)
for which the subject matter information may be key indicators of efficiency and effectiveness
3. Physical characteristics (for example, capacity of a facility) for which the subject matter
information may be a specifications document
4. Systems and processes (for example, entity’s internal control or IT system) for which the
subject matter information may be an assertion about effectiveness
5. Behavior (for example, corporate governance, compliance with regulation, human resource
practices) for which the subject matter information may be a statement of compliance or a
statement of effectiveness
Suitable Criteria:
Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an
assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without
frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and
misunderstanding.
Five characteristics of suitable criteria:

a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the
intended users
b. Completeness – criteria are sufficiently complete when relevant factors that could affect the
conclusions in the context of the engagement circumstances are not omitted. Complete criteria
include, where relevant, benchmarks for presentation and disclosure.
c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the
subject matter when used in similar circumstances by similarly qualified practitioners
d. Neutrality – neutral criteria contribute to conclusions that are free from bias
e. Understandability – understandable criteria contribute to conclusions that are clear,
comprehensive, and not subject to significantly different interpretations
Two types of criteria:

1. Established criteria – are those criteria that are embodied in laws or regulations or issued by
authorized or recognized bodies of experts that follow a transparent due process Examples:
2. Specifically developed criteria – those criteria specifically designed for the purpose of the
engagement
Whether criteria are established or specifically developed affects the work that the practitioner
carries out to assess their suitability for a particular engagement.
Examples of suitable criteria:

● Applicable financial reporting framework which is the Philippine Financial Reporting
Standards (PFRS) – in case of audit of financial statements
● Applicable law or regulation or contract – in case of compliance audit
● Established internal control framework or stated internal control criteria – in case of
report on internal control
Availability of criteria to intended users:

Criteria need to be made available to the intended users in one or more of the following ways:
a. Publicly
b. Through inclusion in a clear manner in the presentation of the subject matter information
c. Through inclusion in a clear manner in the assurance report
4
d. By general understanding, for example, the criterion for measuring time in hours and
minutes
Sufficient Appropriate Evidence:

The practitioner shall plan and perform the engagement with an attitude of professional skepticism to
obtain sufficient appropriate evidence that the assertions are free of material misstatements.
● Professional skepticism – an attitude that includes a questioning mind, being alert to

conditions which may indicate possible misstatement due to error or fraud, and a critical
assessment of evidence
● Evidence – refers to the information obtained by the practitioner in arriving at the conclusions on
which the conclusion is based
● Sufficiency – refers to the measure of the quantity of evidence
● Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and its
reliability
Written Assurance Report:

A written assurance report should be in the form appropriate to a reasonable assurance engagement
or a limited assurance engagement.
The practitioner should provide a written report containing a conclusion that conveys the assurance
obtained about the subject matter information. In addition, the practitioner considers other reporting
responsibilities, including communicating with those charged with governance when it is appropriate to do so.
Levels of assurance provided in the written report:
Type or level Form of conclusions Example

of assurance
Reasonable Positive form of expression “In our opinion internal control is effective, in
assurance of the practitioner’s all material respects, based on XYZ criteria.”
conclusion
Limited Negative form of “Based on our work described in this report,
assurance expression of the nothing has come to our attention that causes us to
practitioner’s conclusion believe that internal control is not effective, in all
material respects, based on XYZ criteria.”
Attestation Services:
An attestation service is a type of assurance service in which a practitioner is engaged to issue a
written communication that expresses a conclusion about the reliability of a written assertion that is the
responsibility of another party. Attestation generally refers to an expert's written communication of a
conclusion about the reliability of someone else's assertions.
The subject matter of attestation services include:

● Financial and non-financial in nature
● Future-oriented financial information (such as the examination of prospective financial information)
● Management's discussion and analysis
● Effectiveness of internal control
● Compliance with statutory, regulatory, and contractual obligations
Relationships among Auditing, Attestation, and Assurance Services:

a. Similarity: These services are often used interchangeably because they encompass the same
decision-process
b. Main difference/distinction: Scope of services
● “Assurance services” is broader in scope and in concept than either auditing or attestation. It
encompasses both audit and attestation services. Otherwise stated, attestation and audit
services are subsets of assurance services.
● “Attestation services” is broader than audit because attest function is beyond historical FS.
Attestation services cover even non-GAAP FS.
● Auditing, particularly FS audit, is a type of assurance and attestation service that involves
examination of historical FS prepared in accordance with GAAP.
Non-assurance Engagements:
5
Not all engagements are assurance engagements. Other engagements performed by practitioners that
do not meet the definition of assurance engagement are classified as non-assurance engagements or
services. Non-assurance engagements are those that do not result in the practitioner’s expression of a
conclusion that provides a level of assurance, whether negative assurance or other form of assurance. The
practitioner does not convey to the intended users any assurance as to the reliability of an assertion.
The practitioner’s primary purpose for performing non-assurance services is to provide advice and
technical assistance that will enable a client to conduct its business more effectively.
Examples of non-assurance engagements:

1. Related services, such as:
a. Agreed-upon procedures engagements, and
b. Compilations of financial or other information engagements
2. Tax services (such as the preparation of tax returns where no conclusion conveying assurance is
expressed)
3. Consulting (or advisory) engagements, such as management and tax consulting
Agreed-upon Procedures Engagements:

● Objective of agreed-upon procedures engagements: For the auditor to carry out procedures of
an audit nature as agreed by the auditor and the entity and any appropriate third parties and to
report on factual findings
● No assurance is expressed in the report: The users/recipients of the report assess for
themselves the procedures and findings reported by the auditor and form their own conclusions from
the report by the auditor.
● Distribution of report is restricted: The report on agreed upon procedures engagement is
restricted to those parties that have agreed to the procedures to be performed since others who are
unaware of the reasons for the procedures may misinterpret the results.
● According to PSRS 4400, the report on an agreed-upon procedures engagement needs to describe
the purpose and the agreed-upon procedures of the engagement in sufficient detail to enable the
users of the report to understand the nature and extent of the work performed.
Compilation of Financial or Other Information Engagements:

● Objective of compilation engagements: For the accountants to use accounting expertise, as
opposed to auditing expertise, to collect, classify and summarize financial information. Compilation
engagements ordinarily include preparation of financial statements.
● No test of assertions: A compilation engagement ordinarily entails reducing detailed data to a
manageable and understandable form without a requirement to test the assertions underlying that
information.
● No assurance is expressed in the report: The procedures employed are not designed to enable
the accountant to express any assurance on the financial information.
● Benefit to users: Users of the compiled financial information derive some benefit as a result of the
accountant's involvement because the service has been performed with professional competence and
due care.
Tax Services:
1. Tax compliance – includes the preparation of tax returns (for individuals, corporations, estates and
trusts, and other entities) and acting as client’s representative to tax authorities or in tax litigations
2. Tax planning – includes the determination of the tax consequences of planned or potential
transactions (legally minimizing client’s tax liability) followed by making suggestions on the most
desirable course of action
Management Consulting:
Management advisory (consulting) services – refers to the function of providing professional
advisory (consulting) services, the primary purpose of which is to improve client’s use of its capabilities and
resources to achieve the objectives of the organization. Advisory (consulting) services are professional
services that provide advice and assistance to clients by improving their condition directly. Advice or
assistance to clients may cover the entity’s organization, operations, risk management, systems design and
implementation, process personnel, corporate finances, or other activities.
A pervasive characteristic of a CPA’s role in a consulting services engagement is that of being an

objective advisor on the use of information.
Assurance Services vs. Consulting Services:
6
Although assurance services and consulting services have basic similarities in terms of knowledge
employed and exercise of skills, they can be distinguished as follows:
Points of distinction Assurance services Consulting services

Primary purpose To improve quality or context of To recommend uses for information
information by enhancing its for better outcomes
credibility
Number of parties 3 parties 2 parties: the CPA and the client
Focus Decision makers and information
they used for optimum decisions Outcomes
Output’s objective Intended to improve decision Designed to improve client’s
maker’s condition only indirectly condition directly through findings,
through the use of high-quality conclusions and recommendations
information
Competing interests May exist between management No competing interests
and users of financial statements
Form of communication Written report Either written or oral communication
with the client
Comparative Examples of Assurance and Non-Assurance Services:
Categories of Services / Engagements

Assurance Services Non-Assurance Services
Audit Review Other assurance
1. Audit of FS 1. Review of FS 1. Examination of 1. Agreed-upon procedures
prospective FS 2. Compilation of financial or other
2. Audit of internal 2. Review of interim information
control over financial 2. CPA risk 3. Preparation of tax returns when
financial reporting information advisory no conclusion is expressed
4. Consulting or advisory services:
● Tax consulting
● Management consulting
● Other advisory services
Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation

The basic distinction between audit, review and related services is the level of assurance provided by the
auditor in the engagement.
Assurance refers to the practitioner’s satisfaction as to the reliability of an assertion being made by one
party for use by another party. The level of assurance is the degree of the practitioner’s satisfaction or
degree of certainty the practitioner has attained and wishes to convey to intended users. Such level or
degree of assurance depends on the procedures performed and the evidence collected by the practitioner.
Engagements and level of assurance:

1. Audit: The auditor provides a reasonable (high, but not absolute) level of assurance that the
information subject to audit is free of material misstatement. This is expressed positively in the audit
report as reasonable assurance.
2. Reviews: The auditor provides a moderate/limited level of assurance that the information subject to
review is free of material misstatement. This is expressed in the form of negative assurance.
3. Agreed-upon procedures: No assurance is expressed. The auditor simply provides a report of the
factual findings. Users of the report assess for themselves the procedures and findings reported by
the auditor and draw their own conclusions from the auditor's work.
4. Compilation: Although the users of the compiled information derive some benefit from the
accountant's involvement, no assurance is expressed in the report.
Distinctions between Typical Assurance and Non-Assurance Services:
Non-Assurance Services
Point of Assurance Services (Related Services)
distinction Audit Review Agreed-upon Compilation
procedures
7
Objective To express To report whether To perform audit To assist the client in

opinion on anything has come to procedures agreed financial statements
fairness of the auditor’s on with the client preparation by using
financial attention that causes and any appropriate accounting expertise
statement him to believe that third parties as opposed to auditing
the financial identified in the expertise
statements are not report
fair
Characteristics Audit opinion Substantially less in ● Recipients of ● Accounting
enhances the scope of procedures the report must expertise, rather
credibility of than audit form their own than auditing, is
financial conclusions used
statements from the report ● Users derive some
● Report is benefit because
restricted to the service has
contracting been performed
parties with due
professional skill
and care
Evidence Risk assessment, Limited to: Reading of the FS for

gathering Tests of controls ● Inquiry; and As agreed obvious misstatements
procedures and Substantive ● Analytical
tests procedures
(The auditor obtains
an understanding of
the entity and its
environment,
including internal
control, but no
evaluation of internal
control is conducted.)
Level of Reasonable
assurance assurance Moderate (limited) No assurance No assurance
provided by (High, but not assurance
the CPA absolute,
assurance)
Report Audit Report Review Report Factual findings of Compilation Report
provided containing containing procedures which identify
positive negative assurance information compiled
assurance on on assertion
assertion
Skills used by Audit skills Audit skills Audit skills Accounting skills
the auditor
Pronouncements on Assurance Engagements:

The following are the forms of pronouncements of the Auditing and Assurance Standards Council (AASC):
AASC Engagement Standards Applications Related Practice
Statements
a. Philippine Standards on Auditing FS audit engagements Philippine Auditing Practice
(PSAs) Statements (PAPSs)
b. Philippine Standards on Review Review engagements Philippine Review
Engagements (PSREs) Engagement Practice
Statements (PREPSs)
c. Philippine Standards on Assurance Other assurance Philippine Assurance
Engagements (PSAEs) engagements dealing Engagement Practice
with subject matters other Statements (PAEPSs)
than historical financial
information
d. Philippine Standards on Related Related services Philippine Related Services
Services (PSRSs) Practice Statements
(PRSPSs)
8
Other pronouncements:
e. Philippine Standards on Quality Control (PSQCs) – to be applied for all services that fall under the
AASC’s engagement standards, namely, audit, review, other assurance, and related services
f. Philippine Framework for Assurance Engagements – to be applied for assurance engagements
PSAs, PSREs, PSAEs, and PSRSs are collectively referred to as the AASC's Engagement Standards.
The AASC issues Practice Statements to provide interpretive guidance and practical assistance to
practitioners in implementing the Engagement Standards and to promote good practice.
Philippine Framework for Assurance Engagements:

The Framework:
● Defines and describes the elements and objectives of an assurance engagement.
● Identifies engagements to which assurance engagement standards (PSAs, PSREs, and PSAEs) apply
● Provides frame of reference for:
a. Practitioners who perform assurance engagements (such as audit and review engagements)
b. Others involved with assurance engagements (such as the intended users and the responsible
party), and
c. The International Auditing and Assurance Standards Board (IAASB) in its development of
assurance engagement standards which will be adopted by the AASC for application in the
Philippines.
● Distinguishes assurance engagements and non-assurance engagements (non-assurance
engagements are not covered by the Framework).
● Sets out characteristics that must be exhibited before a practitioner can accept an assurance
engagement.
In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who perform assurance
engagements are governed by:
● The Code of Ethics for Professional Accountants in the Philippines
● The Philippine Standards on Quality Control (PSQCs)
The Framework does not itself establish standards or provide procedural requirements for the
performance of assurance engagements.
Reports on Non-Assurance Engagements:

a. Should not use the words “assurance”, “audit” or “review”
b. Should not imply compliance with assurance engagement standards (PSAs, PSREs or PSAEs)
c. Should not include a statement that may be misinterpreted as assurance engagements
Practitioner’s association with the subject matter: A practitioner is associated with financial
information when:
a. The practitioner reports on information about that subject matter, that is, the practitioner attaches a
report to that financial information; or
b. The practitioner consents to the use of the his name in a professional connection with that subject
matter
If the practitioner is not associated in this manner, third parties can assume no responsibility of the
practitioner.
Remedies in case of inappropriate use of the practitioner’s name by other party:

If the practitioner learns that a party is inappropriately using the practitioner’s name in association with a
subject matter, the practitioner should:
● Require the other party (i.e., management) to cease associating the practitioner with the subject
matter
● Consider what other steps may be needed, such as informing any known third party users of the
inappropriate use of the practitioner’s name
● Seek legal advice
INTRODUCTION TO AUDITING
9
Auditing, Defined:
Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions
about economic actions and events to ascertain the degree of correspondence between those assertions and
established criteria and communicating the results to the interested users.”
Two processes of auditing:

a. Investigative process – involves the systematic gathering and evaluation of evidence as a basis for
determining whether assertions made by responsible person correspond with the established criteria
b. Reporting process – involves communicating the audit opinion to interested users
Important Concepts:
1. Systematic process – auditing involves structured/logical series of sequential steps or
procedures known as the audit process
2. Objectively obtaining and evaluating evidence – auditing involves gathering and

evaluating sufficient appropriate audit evidence that will support the auditor’s opinion
● Objectivity refers to the combination of impartiality, intellectual honesty and freedom
from conflicts of interest.
● Audi evidence is the information obtained by the auditor in arriving at the conclusions
on which the audit opinion is based.
3. Assertions about economic actions and events – assertions are the subject matter of
auditing
● In the context of audit of financial statements, assertions are representations of
management, explicit or otherwise, that are embodied in the financial statements.
Assertions include the accounts, balances/amounts and disclosures appearing on the face
of the financial statements (and in the notes to financial statements) and which the
management claims to be free of misstatements.
● Audit evidence gathered and evaluated by the auditor may support or contradict the
assertions of management.
4. Established criteria – the standards or benchmarks that are needed to judge the validity of
the assertions on the financial statements
● In the context of audit of financial statements, the established criteria are the applicable
financial reporting framework (for example, the PFRS).
5. Ascertain the degree of correspondence between assertions and established

criteria – The auditor’s objective is to determine whether the assertions conform with
established criteria, that is, whether the financial statements are prepared, in all material
respects, in accordance with the applicable financial reporting framework (such as the PFRS).
6. Communicating the results to the interested users – The ultimate objective of audit is
the communication of audit findings/opinion on the fairness of the financial statements to
interested users.
● Communicating results is achieved through issuance of a written audit report which
contains the audit opinion (or disclaimer of opinion).
● Interested users are the wide variety of financial statements users who rely on the
auditor’s opinion such as the stockholders, creditors, potential investors and creditors,
management, government agencies, and the public (in general).
FS audit is an Assurance Engagement:

Financial statements audit engagement is an assurance engagement because it provides a reasonable
(high but not absolute) level of assurance that the subject matter conforms in all material respects with
identified suitable criteria. It has the elements of an assurance engagement as follows:
1. Three Party Relationship:
a. Practitioner: Independent or External auditor
b. Responsible party: Client’s management
c. Intended users: Users of financial statements
2. Subject matter: Assertions/Financial statements of the client company
3. Criteria: Applicable financial reporting framework / GAAP in the Philippines (PFRS)
4. Sufficient appropriate evidence: Auditor obtains sufficient appropriate audit evidence as a basis for
10
audit conclusion/opinion
5. Written Assurance Report: Independent auditor’s report contains the audit conclusion/opinion
Need for Independent Audit of Financial Statements:

The primary economic reason for an audit of financial statements is the demand by external users for
reliable or fairly stated financial statements that they will use in making economic decisions. Thus, the
market for auditing services is driven by demand by external financial statements users.
An audit can help reduce information risk, that is, the risk that the financial statements that will be
used for decision-making are materially misleading, unreliable or inaccurate.
Four conditions/reasons that gave rise to a demand for independent audit of financial statements:
a. Potential conflict of interest between users and preparers of the financial
information can result in biased information – Client management may not be objective
in financial reporting. It may provide impressive but biased, unrealistic, or misleading financial
statements to obtain benefits that it seeks. On the other hand, financial statement users
need unbiased, realistic, or reliable financial statements.
b. Remoteness of users – Users do not have access to entity’s records to personally verify the
reliability of the financial information.
c. Complexity of subject matter requires expertise – Expertise is often required for
information preparation and verification. Users of financial statements are not equipped with
the necessary skills, competence, and knowledge of complexities of accounting and auditing
to determine whether the financial statements are reliable.
d. Consequence for decision making – Financial statements are used for important decisions
that involve significant amount of money. If a decision is based on misleading financial
information, it could have substantial financial or economic consequences on decision makers.
Another condition that gave rise to demand for audit of financial statements is the
stewardship or agency theory which means that management wants the credibility an
audit adds to the financial statement to enhance stewardship of the financial statement and to
lessen the owner’s mistrust of the management.
Elements of Theoretical Framework of Auditing:
Auditing concepts and standards are based on the following postulates and assumptions which form part
of the elements of theoretical framework of auditing:
1. An audit benefits the public. – the primary beneficiary of reliable financial statements are the
wide variety of users (intended users)
2. Financial data and statements to be audited are verifiable. – if financial statements are not
verifiable, there can be no audit
● Financial statements or data are verifiable if two or more qualified individuals, working
independently, each reach essentially similar conclusions.
3. The auditor should always maintain independence with respect to the client whose
financial statements are subject to audit. – audit opinion and the audit report would be of little
or no value if auditor is not independent
4. Effective internal control system reduces the possibility of errors and fraud affecting the
financial statements. – Internal control affects the reliability of the financial statements. The
stronger the internal control is, the lesser the possibility of errors and fraud, and consequently, the
more reliance on internal control can be placed or assurance that it can generate reliable accounting
data and financial statements.
5. There should be no long-term conflict between the auditor and the client management. –
Short-term conflicts may exist between the management who prepare the data and auditors who
examine the data but such conflicts must be resolve since both must be interested in fairness of the
financial statements.
6. Consistent application of GAAP results in fair presentation of FS. – The criterion in financial
statement audit is an identified or applicable financial reporting framework, which is usually the PFRS.
7. What was held true in the past will continue to hold true in the future in the absence of
known conditions to the contrary. – Experience and knowledge accumulated from auditing a
client in prior years can be used to determine the appropriate audit procedures that need to be
performed.
11
Examples of Instances Requiring Independent Financial Statements Audit:

● Application for a bank loan
● Establishing credit worthiness for purchase of merchandise, equipment, or other assets
● Reporting financial position, operating results, and cash flows to absentee owners (stockholders or
partners)
● SEC requirements:
➢ Issuance of securities by a corporation
➢ Annual FS by a corporation with securities listed on a stock exchange or traded over the counter
● Sale of a business (such as merger) requires due diligence audit
● Termination of a partnership
● Preparation of income tax returns
● Establishing losses from fire, theft and burglary
● Bankruptcy and insolvency cases
Audit of Financial Statements:

Audit of financial statements is the objective examination of financial statements to enable the
auditor to express an opinion on whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework.
Synonyms:
Audit of financial statements is sometimes called:
● Independent audit because in an audit of financial statements the auditor is independent
of the client subject to audit.
● External audit because it is performed by an external auditor who is not an employee of
the client subject to audit.
● Financial audit
Various descriptions:
Independent auditing has been described in a variety of ways, as follows:
● It involves objective examination of and reporting on financial statements prepared by
management
● It is a discipline which attests to the results of accounting and other functional operations
and data.
● It lends credibility to the financial statements.
● It provides increased assurance to users as to the fairness of the financial statements.
● Its essence is to determine whether the client’s financial statements are fairly stated.
● It enhances the degree of confidence of interested users in the financial statements.
● It provides reasonable assurance that the financial statements fairly reflect the economic
substance of the transactions and events reflected in those statements.
Purpose of an Audit of Financial Statements:

The purpose of an audit is to enhance the degree of confidence of intended users in the financial
statements. Such purpose is achieved by the expression of an opinion by the auditor on whether the
financial statements are prepared, in all material respects, in accordance with an applicable financial reporting
framework.
Overall Objectives of the Independent Auditor:

a. To obtain reasonable assurance about whether the financial statements as a whole are free from
material misstatement, whether due to fraud or error.
● Reasonable assurance means high, but not absolute, level of assurance

● Reasonable assurance is the basis for the auditor’s opinion. Reasonable assurance is
achieved when the auditor has obtained sufficient appropriate audit evidence to reduce audit
risk to an acceptably low level.
b. To report on the financial statements and to communicate such report in accordance with the
auditor’s findings.
Auditor’s opinion and reasonable assurance:

The auditor's opinion, as expressed in the auditor’s report, enhances the credibility of the
financial statements by providing a reasonable assurance that the financial statements are fairly
presented or free from material misstatement.
12
Audit opinion is based on whether reasonable assurance is obtained:

1. When reasonable assurance is obtained: Auditor shall express an unqualified opinion
2. When reasonable assurance cannot be obtained: The auditor is required to:
a. Express a qualified opinion in the auditor’s report
b. If qualified opinion is insufficient in the circumstances:
● Disclaim an opinion or
● Withdraw from the engagement, where withdrawal is legally permitted
Audit Opinion and Audit Report:

Audit opinion:
● In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to
draw conclusions on which to base that opinion. The auditor’s opinion is on the fairness of the
audited financial statements.
● The auditor's opinion helps establish the credibility of the financial statements.
Auditor’s report:
● the primary product of an audit engagement
● the end product of the audit process
● a written report that contains auditor’s opinion about the fairness of the FS
● the medium through which the auditor communicates the results of his or her work
Example of Standard Independent Auditor’s Report (pls. refer to PSA 700; pls. memorize)
Importance of audit opinion/audit report:

● It lends credibility to the FS.
● It provides increased assurance (reasonable assurance) to users as to the fairness of the FS.
An FS audit is:
● NOT a certification or guarantee as to accuracy or fairness of the FS.
● NOT an assurance as to future viability of the entity.
● NOT an assurance as to efficiency or effectiveness of the client’s business operations.
● NOT attestation as to the financial strength of an entity, the wisdom of its management
decisions, or the risk of doing business with it.
Scope of an Audit of Financial Statements:

● The auditor’s opinion on the financial statements deals with whether the financial statements are
prepared, in all material respects, in accordance with the applicable financial reporting framework.
● The auditor’s opinion or the audit of financial statements is:
→ NOT an assurance as to future viability of the entity.
→ NOT an assurance as to efficiency or effectiveness with which client’s management has
conducted the affairs of the entity.
→ NOT attestation as to the financial strength of an entity, the wisdom of its management
decisions, or the risk of doing business with it.
→ NOT a certification or guarantee as to accuracy or fairness of the financial statements.
● When an applicable law or regulation requires an auditor to provide opinions on other specific
matters (such as the effectiveness of internal control, or the consistency of a separate management
report with the financial statements) the auditor would be required to undertake further work if he
had additional responsibilities to provide such opinions.
Financial Statements:
● Financial statements are a structured representation of historical financial information (including
related notes which comprise a summary of significant accounting policies and other explanatory
information), intended to communicate an entity’s economic resources or obligations at a point in
time or the changes therein for a period of time in accordance with a financial reporting framework.
● The term “financial statements” ordinarily refers to a complete set of financial statements, but can
also refer to a single financial statement.
End Products of Audit Engagement:
13
a. Independent auditor’s report – the primary product of audit engagement

b. Certain other communication and reports – other communication and reporting responsibilities to
users, management, those charged with governance, or parties outside the entity, in relation to
matters arising from the audit (as may be required by the PSAs or by applicable laws or regulations)
Examples:
● Communication with those charged with governance
● Auditor’s responsibilities relating to fraud in an audit of financial statements
Management Responsibility for the Financial Statements:

An audit in accordance with PSAs is conducted on the premise that management and, where appropriate,
those charged with governance have acknowledged and understand that they have responsibility over the
Management responsibility over the financial statements includes:

1. Responsibility for the preparation and presentation of the financial statements in accordance with the
applicable financial reporting framework which includes:
a. Identification of applicable financial reporting framework, in the context of any relevant laws or
regulations
b. Preparing the financial statements in accordance with that framework
c. Adequate description of that framework in the financial statements
d. Making reasonable accounting estimates
e. Selecting and applying appropriate accounting policies
2. Responsibility for designing, implementing and maintaining internal control that is relevant or
necessary to enable the preparation of financial statements that are free from material misstatement,
whether due to fraud or error, and
3. Responsibility to provide the auditor with:
a. All information (such as records, documentation and other matters) that are relevant to the
preparation and presentation of the financial statements
b. Any additional information that the auditor may request from management for the purpose of the
audit; and
c. Unrestricted access to persons within the entity from whom the auditor determines it necessary
to obtain audit evidence.
Auditor’s responsibility vs. client management’s responsibility:

● The client management, with oversight from those charged with governance, has the
responsibility for the preparation and presentation of the financial statements in accordance
with the applicable financial reporting framework. In other words, the management is
primarily responsible for the fairness of the financial statements.
● The auditor’s responsibility for the financial statements is confined to the expression of
opinion on them. The audit of the financial statements does not relieve management or
those charged with governance of their responsibilities over the financial statements because
the auditor merely audits the financial statements.
● However, an auditor may make suggestions on the form and content of financial statements
or may draft statement.
Applicable Financial Reporting Framework:
Applicable financial reporting framework means the financial reporting framework adopted by
management (and, where appropriate, those charged with governance) in the preparation of the financial
statements that is acceptable in view of the nature of the entity and the objective of the financial statements,
or that is required by law or regulation.
The applicable financial reporting framework often encompasses financial reporting standards established
by:
● An authorized or recognized standards setting organization (such as PFRSC)
● Legislative or regulatory requirements
Other sources of applicable financial reporting framework:

● The legal and ethical environment (including statutes, regulations, court decisions, and professional
ethical obligations in relation to accounting matters)
● Published accounting interpretations of varying authority issued by standards setting, professional or
regulatory organizations
● Published views of varying authority on emerging accounting issues issued by standards setting,
14
professional or regulatory organizations

● General and industry practices widely recognized and prevalent; and
● Accounting literature
Where conflicts exist between the financial reporting framework and the sources from which direction
on its application may be obtained, or among the sources that encompass the financial reporting
framework, the source with the highest authority prevails.
Financial reporting frameworks encompass primarily the financial reporting standards established by an
organization that is authorized or recognized to promulgate standards to be used by entities for preparing
general purpose financial statements are often designed to achieve fair presentation, for example,
International Financial Reporting Standards (PFRSs).
Basic Distinction between Auditing and Accounting:
● Auditing involves verification of FS and its fairness of presentation while accounting involves
preparation and presentation of FS
● Accounting precedes auditing because without FS there could be no FS audit.
● Auditing begins when accounting ends.
● The end product of the accounting process is a set of FS while the end product of the audit process is
an auditor’s report.
● An auditor must be proficient/expert in accounting (since the auditor will use GAAP in evaluating the
fairness of the FS) as well as in auditing (specifically in accumulation and interpretation of audit
evidence); an accountant need not be proficient in auditing
● Separate disciplines: Auditing is a separate discipline or field of study
● With different frameworks/foundations:
➢ Accounting – Framework for Preparation of FS
➢ Auditing – a) Philippine Framework for Assurance Engagements, and b) Framework of Philippine
Standards on Auditing
● Auditing – governed by GAAS; Accounting – governed by GAAP/PFRS
● Dissimilar bodies of knowledge (accounting – GAAP; auditing – GAAS)
Requirements Relating to an Audit of Financial Statements:
1. Relevant ethical requirements – The auditor shall comply with relevant ethical requirements,
including those pertaining to independence, relating to financial statement audit engagements.
Relevant ethical requirements ordinarily comprise:

a. Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics)
promulgated by the Board of Accountancy
Compliance with the Code of Ethics is necessary in order to ensure the highest quality of
performance and to maintain public confidence in the profession and in the context of audit of
financial statements, maintain public confidence in the auditor’s work.
(1) Part A of the Code of Ethics – establishes the fundamental principles of professional ethics
relevant to the auditor when conducting an audit of financial statements and provides a
conceptual framework for applying those principles
The fundamental principles of professional ethics are:
a) Integrity
b) Objectivity
c) Professional competence and due care
d) Confidentiality, and
e) Professional behavior
(2) Part B of the Code of Ethics – illustrates how the conceptual framework is to be applied in
specific situations
(3) Independence
● It is in the public interest that the auditor be independent of the entity subject to the
audit.
● The auditor’s independence from the entity safeguards the auditor’s ability to form an
audit opinion without being affected by influences that might compromise that opinion.
● Independence enhances the auditor’s ability to act with integrity, to be objective and
15
to maintain an attitude of professional skepticism.

Independence requirements comprise of both:
a) Independence of mind
b) Independence in appearance
b. National requirements that are more restrictive
c. Philippine Standard on Quality Control (PSQC) – require the CPA firm to establish and
maintain its system of quality control designed to provide it with reasonable assurance that the
firm and its personnel comply with relevant ethical requirements, including those pertaining to
independence
2. Professional scepticism – The auditor shall plan and perform an audit with professional scepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.
Professional skepticism is an attitude that includes a questioning mind, a critical assessment of

validity of audit evidence, and being alert to conditions which may indicate possible misstatement due
to error or fraud.
Professional skepticism is necessary to the critical assessment of audit evidence.

This includes:
a. Questioning contradictory audit evidence
b. Considering the reliability of documents and responses to inquiries and other information
obtained from management and those charged with governance
c. Considering the sufficiency and appropriateness of audit evidence obtained in the light of the
circumstances (for example, in the case where fraud risk factors exist and a single document, of
a nature that is susceptible to fraud, is the sole supporting evidence for a material financial
statement amount)
Professional skepticism includes being alert to:

● Audit evidence that contradicts other audit evidence obtained.
● Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence.
● Conditions that may indicate possible fraud.
● Circumstances that suggest the need for audit procedures in addition to those required by
the PSAs.
The auditor may accept records and documents as genuine unless the auditor has reason to
believe the contrary. In cases of doubt about the reliability of information or indications of
possible fraud, the PSAs require that the auditor investigate further and determine what
modifications or additions to audit procedures are necessary to resolve the matter.
Maintaining professional skepticism throughout the audit is necessary to reduce the risks of:
● Overlooking unusual circumstances.
● Over generalizing when drawing conclusions from audit observations.
● Using inappropriate assumptions in determining the nature, timing and extent of the audit
procedures and evaluating the results thereof.
The auditor cannot be expected to disregard past experience of the honesty and integrity of the
entity’s management and those charged with governance. Nevertheless, a belief that they are
honest and have integrity does not relieve the auditor of the need to maintain professional
skepticism in conducting the audit.
3. Professional judgement – The auditor shall exercise professional judgment in planning and
performing an audit of financial statements.
Professional judgment is essential to the proper conduct of an audit. This is because interpretation of
relevant ethical requirements and the PSAs and the informed decisions required throughout the audit
cannot be made without the application of relevant knowledge and experience to the facts and
circumstances.
Professional judgment is necessary on decisions about:
16
● Materiality
● Audit risk
● Nature, timing and extent of audit procedures used to meet the requirements of the PSAs
and gather audit evidence
● Evaluating whether sufficient appropriate audit evidence has been obtained
● Evaluation of management’s judgments in applying the entity’s applicable financial
reporting framework.
● Drawing of conclusions based on the audit evidence obtained (for example, assessing the
reasonableness of the estimates made by management in preparing the financial
statements)
The distinguishing feature of the professional judgment expected of an auditor is that it is

exercised by an auditor whose training, knowledge and experience have assisted in developing
the necessary competencies to achieve reasonable judgments.
The exercise of professional judgment in any particular case is based on the facts and
circumstances that are known by the auditor. Consultation on difficult or contentious matters
during the course of the audit, both within the engagement team and between the engagement
team and others at the appropriate level within or outside the firm assist the auditor in making
informed and reasonable judgments.
Professional judgment can be evaluated based on whether the judgment reached reflects a
competent application of auditing and accounting principles and is appropriate in the light of, and
consistent with, the facts and circumstances that were known to the auditor up to the date of the
auditor’s report.
Professional judgment needs to be exercised throughout the audit. It also needs to be

appropriately documented. In this regard, the auditor is required to prepare audit documentation
sufficient to enable an experienced auditor, having no previous connection with the audit, to
understand the significant professional judgments made in reaching conclusions on significant
matters arising during the audit. Professional judgment is not to be used as the justification for
decisions that are not otherwise supported by the facts and circumstances of the engagement or
sufficient appropriate audit evidence.
4. Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable
assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an
acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base
the auditor’s opinion.
a. Sufficiency and appropriateness of audit evidence
Audit evidence includes information used by the auditor in arriving at the conclusions on
which the auditor’s opinion is based. Audit evidence includes both:
● Information contained in the accounting records underlying the financial statements and
● Other information
Sufficiency is the measure of the quantity of audit evidence. Sufficiency is influenced or

affected by:
(1) The auditor’s assessment of the risks of misstatement (the higher the assessed risks, the
more audit evidence is likely to be required) and
(2) The quality of such audit evidence (the higher the quality, the less may be required)
Appropriateness is the measure of the quality of audit evidence; that is, its relevance and
its reliability in providing support for the conclusions on which the auditor’s opinion is based. The
reliability of evidence is influenced by its source and by its nature, and is dependent on the
individual circumstances under which it is obtained.
Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an
acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to
base the auditor’s opinion, is a matter of professional judgment.
Note:
• Audit evidence is necessary to support the auditor’s opinion and report.
17
• It is cumulative in nature and is primarily obtained from audit procedures performed

during the course of the audit.
• Audit evidence comprises both information that supports and corroborates
management’s assertions, and any information that contradicts such assertions.
• Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and
evaluating audit evidence.
• The sufficiency and appropriateness of audit evidence are interrelated.
• Obtaining more audit evidence, however, may not compensate for its poor quality.
Sources of audit evidence:

a. Primarily obtained from audit procedures performed during the course of the audit
b. May be obtained from other sources such as:
• Previous audits (provided the auditor has determined whether changes have
occurred since the previous audit that may affect its relevance to the current
audit) or
• A firm’s quality control procedures for client acceptance and continuance
• The entity’s accounting records
• An expert employed or engaged by the entity
• In some cases, the absence of information (for example, management’s refusal
to provide a requested representation) is used by the auditor, and therefore, also
constitutes audit evidence.
b. Audit risk
Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial
statements are materially misstated. Audit risk is a function of the risks of material misstatement
and detection risk.
Audit risk does not include the risk that the auditor might express an opinion that the financial
statements are materially misstated when they are not. Audit risk is a technical term related
to the process of auditing; it does not refer to the auditor’s business risks such as loss from
litigation, adverse publicity, or other events arising in connection with the audit of financial
statements.
Risk of material misstatements is the risk that the financial statements are materially
misstated prior to audit. Risk of material misstatement may exist at two levels:
1. Overall financial statement level – refer to risks of material misstatement that relate
pervasively to the financial statements as a whole and potentially affect many assertions
2. Assertion level – refer to risks of material misstatement that relate to classes of
transactions, account balances, and disclosures
Risk of material misstatement at the assertion level has two components:

(a) Inherent risk – the susceptibility of an assertion about a class of transaction, account
balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, before consideration of any related controls
(b) Control risk – the risk that a misstatement that could occur in an assertion about a
class of transaction, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control
Control risk is a function of the effectiveness of the design, implementation and

maintenance of internal control by management to address identified risks that
threaten the achievement of the entity’s objectives relevant to preparation of the
entity’s financial statements. However, internal control, no matter how well designed
and operated, can only reduce, but not eliminate, risks of material misstatement in
the financial statements, because of the inherent limitations of internal control.
Accordingly, some control risk will always exist.
Risks of material misstatement at assertion level (inherent risk and control risk) are the
entity’s risks; they exist independently of the audit of the financial statements. Such risks are
assessed in order to determine the nature, timing and extent of further audit procedures
necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor
18
to express an opinion on the financial statements at an acceptably low level of audit risk. The
assessment of risks is a matter of professional judgment, rather than a matter capable of
precise measurement.
Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to
an acceptably low level will not detect a misstatement that exists and that could be material,
either individually or when aggregated with other misstatements.
Detection risk relates to the nature, timing and extent of the auditor’s procedures that are
determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a
function of the effectiveness of an audit procedure and of its application by the auditor.
For a given level of audit risk, the acceptable level of detection risk bears an inverse
relationship to the assessed risks of material misstatement at the assertion level. For example,
the greater the risks of material misstatement the auditor believes exists, the less the
detection risk that can be accepted and, accordingly, the more persuasive the audit evidence
required by the auditor.
The following matters assist to enhance the effectiveness of an audit procedure and of its
application and reduce the possibility that an auditor might select an inappropriate audit
procedure, misapply an appropriate audit procedure, or misinterpret the audit results:
• Adequate planning
• Proper assignment of personnel to the engagement team
• The application of professional scepticism, and
• Supervision and review of the audit work performed
Detection risk, however, can only be reduced, not eliminated, because of the inherent
limitations of an audit. Accordingly, some detection risk will always exist.
5. The auditor shall conduct an audit in accordance with PSAs

● PSAs contain basic audit principles and essential procedures together with related guidance in
the form of explanatory and other material which the auditor should follow
An audit in accordance with PSAs includes:

a. Compliance with PSAs relevant to the audit
1) Compliance with all PSAs relevant to the audit (a PSA is relevant to the audit when the PSA is
in effect and the circumstances addressed by the PSA exist)
Complying with relevant requirements means the auditor shall comply with each
requirement of a PSA unless, in the circumstances of the audit:
a. The entire PSA is not relevant (for example, if an entity does not have an internal
audit function, nothing in PSA 610 is relevant)
b. The requirement is not relevant because it is conditional (implicit or explicit) and
the condition does not exist.
Examples of conditional requirements:
• The requirement to modify the auditor’s opinion if there is a limitation of scope
represents an explicit conditional requirement.
• The requirement to communicate significant deficiencies in internal control
identified during the audit to those charged with governance, which depends
on the existence of such identified significant deficiencies; and
• The requirement to obtain sufficient appropriate audit evidence regarding the
presentation and disclosure of segment information in accordance with the
applicable financial reporting framework, which depends on that framework
requiring or permitting
2) Having an understanding of the entire text of a PSA (including its application and other
explanatory material) to understand its objectives and to apply its requirements properly
3) Prohibition from the auditor from representing compliance with PSAs in the auditor’s report
when he has not complied with the requirements of PSAs relevant to the audit
b. The use of the objectives stated in relevant PSAs in planning and performing the audit to achieve
the overall objectives of the auditor.
● In using the objectives, the auditor is required to have regard to the interrelationships among
19
the PSAs. This is because the PSAs deal in some cases with general responsibilities and in
others with the application of those responsibilities to specific topics.
The auditor is required to use the objectives to evaluate whether sufficient appropriate
audit evidence has been obtained in the context of the overall objectives of the auditor. If
as a result the auditor concludes that the audit evidence is not sufficient and appropriate,
then the auditor may follow one or more of the following approaches:
• Evaluate whether further relevant audit evidence has been, or will be, obtained as a
result of complying with other PSAs;
• Extend the work performed in applying one or more requirements; or
• Perform other procedures judged by the auditor to be necessary in the
circumstances.
c. In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs).
PAPSs provide interpretative guidance and practical assistance to auditors in implementing the
PSAs and to promote good practice in the accountancy profession.
Contents/Structure of the PSAs

a. Objectives – each PSA contains one or more objectives which provide a link between the
requirements and the overall objectives of the auditor
The objectives in individual PSAs serve to focus the auditor on the desired outcome of the PSA.
b. Requirements (requirements are expressed in the PSAs using “shall”) – the requirements of the PSAs
are designed to enable the auditor to achieve the objectives specified in the PSAs, and thereby the
overall objectives of the auditor
c. Related guidance in the form of application and other explanatory material that are designed to
support the auditor in obtaining reasonable assurance
Application and other explanatory material:

● It provides further explanation of the requirements of a PSA and guidance for carrying them out
● It may explain more precisely what a requirement means or is intended to cover
● It may include examples of procedures that may be appropriate in the circumstances.
● While such guidance does not in itself impose a requirement, it is relevant to the proper
application of the requirements of an PSA.
● It may also provide background information on matters addressed in a PSA.
● It may include appendices which form part of the application and other explanatory material.
● When appropriate, it may include additional considerations specific to audits of smaller entities
and public sector entities.
PSAs may also contain:

● Introductory material – provides context relevant to a proper understanding of the PSA
Introductory material may include, as needed, such matters as explanation of:
a. The purpose and scope of the PSA (including how the PSA relates to other PSAs)
b. The subject matter of the PSA
c. The respective responsibilities of the auditor and others in relation to the subject matter of the
PSA
d. The context in which the PSA is set
● Definitions – a description of the meanings attributed to certain terms for purposes of the PSAs
→ Assist in the consistent application and interpretation of the PSAs
→ Not intended to override definitions that may be established for other purposes, whether in law,
regulation or otherwise
The Glossary of Terms relating to PSAs contains a complete listing of terms defined in the PSAs.
It also includes descriptions of other terms found in PSAs to assist in common and consistent
interpretation and translation.
Nature of the PSAs

The PSAs, taken together, provide the standards for the auditor’s work in fulfilling the overall
objectives of the auditor. The PSAs deal with the general responsibilities of the auditor, as
well as the auditor’s further considerations relevant to the application of those responsibilities
to specific topics.
20
The scope, effective date and any specific limitation of the applicability of a specific PSA is
made clear in the PSA. Unless otherwise stated in the PSA, the auditor is permitted to apply a
PSA before the effective date specified therein.
In performing an audit, the auditor may be required to comply with legal or regulatory
requirements in addition to the PSAs. The PSAs do not override law or regulation that governs
an audit of financial statements. In the event that such law or regulation differs from the
PSAs, an audit conducted only in accordance with law or regulation will not automatically
comply with PSAs.
Departure from a relevant requirement in a PSA:

In exceptional circumstances wherein the auditor may judge it necessary to depart from a relevant
requirement in a PSA, the auditor shall perform alternative audit procedures to achieve the aim of that
requirement.
The need for the auditor to depart from a relevant requirement is expected to arise only where the
requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that
procedure would be ineffective in achieving the aim of the requirement.
The PSAs do not call for compliance with a requirement that is not relevant in the circumstances of the
audit.
b. As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about
whether the financial statements as a whole are free from material misstatement, whether due to
fraud or error. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit
evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw
reasonable conclusions on which to base the auditor’s opinion.
Considerations Specific to Smaller Entities
For purposes of specifying additional considerations to audits of smaller entities, a “smaller entity” refers to
an entity which typically possesses qualitative characteristics such as:
1. Concentration of ownership and management in a small number of individuals (often a single
individual – either a natural person or another enterprise that owns the entity provided the owner
exhibits the relevant qualitative characteristics); and
2. One or more of the following:
a. Straightforward or uncomplicated transactions;
b. Simple record-keeping;
c. Few lines of business and few products within business lines;
d. Few internal controls;
e. Few levels of management with responsibility for a broad range of controls; or
f. Few personnel, many having a wide range of duties.
These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller
entities do not necessarily display all of these characteristics.
The PSAs refer to the proprietor of a smaller entity who is involved in running the entity on a day-to-day
basis as the “owner-manager.”
General Principles of Financial Statement Audit
1. The auditor should plan and perform the audit with an attitude of professional skepticism
recognizing that circumstances may exist that may cause the FS to be materially misstated.
Because of the possibility that the FS may be materially misstated, the auditor should conduct
the audit with an attitude of professional skepticism. For example, the auditor would ordinarily
expect to find evidence to support management representations and not assume they are necessarily
correct.
21
Attitude of professional skepticism: means the practitioner makes a critical assessment, with a
questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or
brings into question the reliability of documents or representations by the responsible party. In
planning and performing the audit, the auditor neither assumes that the management is honest nor
assumes unquestioned honesty.
Concept of Reasonable Assurance:
Although an independent FS audit in accordance with PSAs lends credibility to the FS, such audit is
designed to provide only reasonable assurance, rather than absolute assurance, that the FS taken as a whole
are free from material misstatement, whether due to fraud or error. In other words, the level of assurance
provided by an audit of detecting a material misstatement is referred to as reasonable assurance.
Reasonable assurance means high, but not absolute, assurance.
Reasonable assurance refers to the gathering of the audit evidence necessary for the auditor to conclude
that there are no material misstatements in the FS, taken as a whole. This concept recognizes the existence
of audit risk.
Notes on reasonable assurance:

● Reasonable assurance relates to the conclusion of the auditor that there are no material
misstatements in the FS taken as a whole.
● Reasonable assurance is achieved when the auditor has reduced audit risk to an acceptably low level
by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be
able to draw reasonable conclusions on which to base an audit opinion.
● Reasonable assurance relates to the whole audit process.
● Absolute assurance in audit of FS is not attainable. Accordingly, the audit opinion is not a guarantee
or certification that the financial statements are free from material misstatements.
When reasonable assurance cannot be obtained and a qualified opinion cannot be expressed, the
auditor should:
● Disclaim an opinion, or
● Withdraw from the engagement (if legally permitted)
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance about whether
the financial statements as a whole are free from material misstatement, whether
The level of assurance provided by an audit of detecting a material misstatement is referred to as

Reasonable assurance.
Inherent Limitations of an Audit

A45. The auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain
absolute assurance that the financial statements are free from material misstatement due to fraud or error.
This is because there are inherent limitations of an audit, which result in most of the audit evidence on which
the auditor draws conclusions and bases the auditor’s opinion being persuasive rather than conclusive. The
inherent limitations of an audit arise from:
a. The nature of financial reporting –
• The preparation of financial statements involves judgment by management in applying the
requirements of the entity’s applicable financial reporting framework to the facts and
circumstances of the entity.
• Many financial statement items involve subjective decisions or assessments or a degree of
uncertainty, and there may be a range of acceptable interpretations or judgments that may be
made
• Consequently, some financial statement items are subject to an inherent level of variability which
cannot be eliminated by the application of additional auditing procedures. For example, this is
often the case with respect to certain accounting estimates. Nevertheless, the PSAs require the
auditor to give specific consideration to whether accounting estimates are reasonable in the
context of the applicable financial reporting framework and related disclosures, and to the
qualitative aspects of the entity’s accounting practices, including indicators of possible bias in
management’s judgments.
b. The nature of audit procedures – there are practical and legal limitations on the auditor’s ability to
obtain audit evidence
22
For example:
• There is the possibility that management or others may not provide, intentionally or
unintentionally, the complete information that is relevant to the preparation of the financial
statements or that has been requested by the auditor. Accordingly, the auditor cannot be certain
of the completeness of information, even though the auditor has performed audit procedures to
obtain assurance that all relevant information has been obtained.
• Fraud may involve sophisticated and carefully organized schemes designed to conceal it.
Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an
intentional misstatement that involves, for example, collusion to falsify documentation which may
cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither
trained as nor expected to be an expert in the authentication of documents.
• An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not
given specific legal powers, such as the power of search, which may be necessary for such an
investigation.
• The need for the audit to be conducted within a reasonable period of time and at a reasonable cost.
Timeliness of Financial Reporting and the Balance between Benefit and Cost
A48. The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit
procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive.
Appropriate planning assists in making sufficient time and resources available for the conduct of the audit.
Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and
there is a balance to be struck between the reliability of information and its cost. This is recognized in certain
financial reporting frameworks (see, for example, the IASB’s “Framework for the Preparation and
Presentation of Financial Statements”). Therefore, there is an expectation by users of financial statements
that the auditor will form an opinion on the financial statements within a reasonable period of time and at a
reasonable cost, recognizing that it is impracticable to address all information that may exist or to pursue
every matter exhaustively on the assumption that information is in error or fraudulent until proved otherwise.
A49. Consequently, it is necessary for the auditor to:

• Plan the audit so that it will be performed in an effective manner;
• Direct audit effort to areas most expected to contain risks of material misstatement, whether due
to fraud or error, with correspondingly less effort directed at other areas; and
• Use testing and other means of examining populations for misstatements.
A50. In light of the approaches described in paragraph A49, the ISAs contain requirements for the planning
and performance of the audit and require the auditor, among other things, to:
AUDITING
• Have a basis for the identification and assessment of risks of material misstatement at the
financial statement and assertion levels by performing risk assessment procedures and related
activities;21 and
• Use testing and other means of examining populations in a manner that provides a reasonable
basis for the auditor to draw conclusions about the population.
Other Matters that Affect the Inherent Limitations of an Audit
A51. In the case of certain assertions or subject matters, the potential effects of the inherent limitations on
the auditor’s ability to detect material misstatements are particularly significant. Such assertions or subject
matters include:
• Fraud, particularly fraud involving senior management or collusion. See ISA 240 for further
discussion.
• The existence and completeness of related party relationships and transactions. See ISA 55023
for further discussion.
• The occurrence of non-compliance with laws and regulations. See ISA 250.24 for further
discussion.
• Future events or conditions that may cause an entity to cease to continue as a going concern.
See ISA 570.25 for further discussion.
Relevant ISAs identify specific audit procedures to assist in mitigating the effect of the inherent limitations.
23
A52. Because of the inherent limitations of an audit, there is an unavoidable risk that some material
misstatements of the financial statements may not be detected, even though the audit is properly planned
and performed in accordance with ISAs. Accordingly, the subsequent discovery of a material misstatement of
the financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit
in accordance with ISAs. However, the inherent limitations of an audit are not a justification for the auditor to
be satisfied with less than persuasive audit evidence. Whether the auditor has performed an audit in
accordance with ISAs is determined by the audit procedures performed in the circumstances, the sufficiency
and appropriateness of the audit evidence obtained as a result thereof and the suitability of the auditor’s
report based on an evaluation of that evidence in light of the overall objectives of the auditor.
Limitations of Financial Statements Audit: (Reasons why absolute assurance in auditing is not
attainable or why reducing audit risk to zero is not attainable)
Absolute assurance in auditing is not attainable because of inherent limitations in an audit that affect the
auditor’s ability to detect material misstatements. These limitations result from factors such as:
1. Need for auditor’s judgment
The auditor’s work requires exercise of professional judgment such in the following matters:
● Identifying and addressing risk factors
● Deciding what evidence to gather
● Making decisions about materiality and audit risk
● Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent
of audit procedures)
● Evaluating management’s judgments in applying the entity’s applicable financial reporting
framework.
● Assessing the sufficiency and appropriateness of audit evidence
● Drawing of conclusions based on the evidence gathered
● Forming an opinion (the phrase “in our opinion” in the auditor’s report is intended to inform that
auditors based their conclusions on professional judgment)
2. Use of testing / sampling risk – An audit is conducted on a test basis or by examining only
sample of less than 100% of a population. This may introduce some risk that a misstatement will not
be detected.
3. Reliance on management representation – Some audit evidence must be obtained by obtaining

oral or written representations from management because many FS assertions cannot be audited.
4. Inherent limitations of accounting and internal control – Although the auditor performs audit
procedures to detect material misstatements, such procedures may not be effective in detecting
misstatements resulting from the possibility of:
● management override of controls
● circumvention of internal control
● collusion among employees
5. Nature of audit evidence available – This is the fact that most of the evidence available to the
auditor is persuasive, rather than conclusive, in nature.
6. Undetected fraud – Fraud is specifically designed not to be detected. Thus, there is always the
possibility that fraud will not be detected.
7. Availability of audit evidence – Insufficient support may be available for drawing absolute
conclusions on specific assertions such as fair value estimates.
8. Other limitations may affect the persuasiveness of audit evidence available to draw
conclusions on particular assertions (for example, transactions between related parties).
Not a limitation of audit: Physical limitations of auditors due to fatigue and stress.
Concept of Materiality and Audit Risk
24
1. Materiality: the magnitude of misstatement or omission; the ability to influence the economic
decision of reasonable FS user
The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the
FS are fair or are presented fairly, in all material respects, in accordance with the applicable financial
When is a misstatement or omission material? It is material if it could influence the economic

decision of FS users. If it is probable that the judgment of a reasonable person would have been
changed or influenced by the omission or misstatement of information, then that information is
material.
Meaning of the term "present fairly, in all material respects": The auditor considers only those
matters that are significant to the FS users; the phrase refers to the auditors expression of opinion
2. Audit Risk: the risk that audit opinion is inappropriate

● specifically, it is the risk that the auditor expresses an inappropriate (unqualified) audit opinion
when the FS are materially misstated
● concept of reasonable assurance acknowledges the existence of audit risk
General Types of Audit:

1. According to objectives or nature of assertion
a. Financial statement audit – an audit conducted to determine whether the financial statements
of an entity are fairly presented in accordance with an identified financial reporting framework (or
PFRS)
● An of financial statements is the type of audit most frequently performed by CPAs (due to
the widespread use of audited financial statements) on a fee basis and for more than one
client.
● Financial audit is also called:
➢ External audit – because it is performed by external auditors, whether individual CPAs or
CPA firms, who are not employees of the client
➢ Independent audit – because the auditor is independent of the client subject to audit
➢ Financial audit
b. Compliance audit: a review of an entity’s degree of compliance with applicable laws and
rules/regulations or contracts; usually performed by government auditors
Examples: Examination conducted by:
i) BIR examiners: compliance of taxpayers with tax law, rules or regulations
ii) BSP examiners: compliance of banks with banking laws, rules or regulations
iii) COA auditors: compliance of government transactions/expenditures with the requirements
of applicable laws, rules or regulations
c. Operational audit involves a systematic review and evaluation of the specific operating units
(or procedures, methods or activities) of an organization in relation to specified objectives for the
purpose of measuring/assessing its performance in terms of efficiency and effectiveness of
operations, identifying opportunities for improvement and making recommendations to improve
performance (such as introduction of controls to reduce waste).
● Also called performance audit or management audit
● Example: Evaluation of a company’s computerized accounting system
● Usually performed by internal auditors
● Efficiency relates to use of its resources, while effectiveness relates to accomplishing
objectives.
Internal auditor's responsibilities in operational audits:

In operational audits, the company's management is responsible for setting operating
standards. The internal auditor's responsibilities are to determine that:
a. Management has established such standards.
b. The standards are being met.
c. Deviations from established standards are being identified and corrected.
25
d. Corrective action has been taken.
Objective of operational auditing:

a. To assess performance in terms of efficiency and effectiveness of operations
(1) Effectiveness – To verify fulfillments of plans and sound business requirements
(2) Efficiency – To determine whether the entity is managing or utilizing its resources
economically and efficiently
b. To identify areas for improvement
c. To develop recommendations to improve performance (example of such as introduction of
controls to reduce waste)
Operational audit includes:

● Program or effectiveness audit: an audit to determine whether the entity has been
effective in achieving the desired results or benefits of the program or activity
● Economy audit: an audit to determine whether company objectives or goals are met at a
cost commensurate with the task
● Efficiency audit: whether company objectives or goals are met at the least or minimal
costs
Major differences between financial and operational auditing:

● The financial audit is oriented to the past whereas an operational audit concerns
performance for the future.
● The financial audit report is distributed to many readers whereas the operational audit
report goes to a few managers.
● Financial audits are limited to matters that directly affect the financial statements
whereas operational audits cover any aspect of efficiency and effectiveness.
2. According to types of auditor or their affiliation with the entity being examined:
a. External / Independent audit: performed by practitioners or independent CPAs who offer

their professional services for a fee to various clients on a contractual basis
● Independent or external auditors are not employees of the client
● External audit complements internal audit
b. Internal audit: audit performed by entity’s own employees known as internal auditors;
internal auditors investigate and apprise the effectiveness and efficiency of operations and
internal controls of the firm
Internal auditing is defined as "an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations. It helps an organization accomplish its objectives by bringing
a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control,
and governance processes."
Internal auditing includes the audit of:

● Financial and operating information;
● Compliance with policies, plans, procedures, laws, regulations, and contracts;
● The means of safeguarding assets and verifying their existence;
● The economy and efficiency with which resources are employed; and
● Operations or programs to ascertain whether results are consistent with established objectives and
goals and whether they are being carried out as prescribed.
Internal auditing is an appraisal control that measures and evaluates other controls. The increased complexity
and sophistication of business operations have required management to rely on this appraisal control.
Internal auditors review the adequacy of the company's internal control system primarily to ascertain whether
the system provides reasonable assurance that the company's objectives and goals will be achieved efficiently
and economically. Efficient performance implies the use of minimal resources to meet the company's
objectives and goals. Economical performance is the accomplishment of objectives and goals at a cost
commensurate with the task.
Internal auditors assist in the prevention of fraud by examining and evaluating the system of internal control.
26
Internal auditors are required to review the means employed by the company to safeguard its assets from
various types of losses such as those resulting from fire, theft, unscrupulous or illegal activities, and exposure
to the elements.
i) Internal auditing: An independent appraisal function or control or activity established

within an entity to examine and evaluate its activities or other controls as a service to the
entity. It is an independent, objective assurance and consulting activity designed to add
value and improve an organization’s operations. It helps an organization to accomplish its
objectives by bringing a systematic disciplined approach to evaluate and improve the
effectiveness of risk management, control, and governance processes.
ii) Overall objective of internal auditing: to assist the members of the organization,
particularly management and board of directors, in the effective discharge of their
responsibilities; in short, to provide assistance to management or board of directors (it serves
the needs of management).
● Internal auditors usually perform operational audits

● Internal auditors usually focus on improving the efficiency and effectiveness of their
employer, unlike external auditors (public accounting firms) whose focus is the fairness of
the FS of their clients.
c. Government auditing: audit performed by government employees whose main concern is to

determine whether persons or entities comply with government laws, rules and regulations
Scope of government audit: may extend beyond FS audit to include:

i) FS audit
ii) Performance audit (includes (a) program results (effectiveness) audit and (b) economy and
efficiency audit)
iii) Compliance audit
A governmental audit is typically designed to determine whether the auditee has complied with applicable
laws and regulations.
The types of audits conducted by the Commission on Audit (COA) are financial audit and performance audit.
Performance audits include economy, efficiency, and program audits. Included in the scope of financial and
performance audits is determining whether the entity has complied with applicable laws and regulations.
Government auditors are required to prepare a written report on the entity's internal control and assessment
of control risk made as part of a financial statement audit. The auditor's report should include the following:
1. The scope of the auditor's work in obtaining an understanding of the entity's internal control and in
his/her assessment of control risk.
2. The entity's significant controls including those that are established to ensure compliance with laws
and regulations that have a material impact on the financial
statements.
3. The conditions, including the identification of material weaknesses, identified as a result of the
auditor's work.
The Government Auditing Standards require auditors to prepare a written report on the entity's internal
control. This report should include the conditions, including the identification of material weaknesses,
discovered as a result of the auditor's work. However, the report should not give any form of assurance on
the design and effectiveness of the entity's internal control.
Government auditors are required to obtain an understanding of the possible financial statement effects of
laws and regulations having direct and material effects on amounts reported. Also, they are required to make
an assessment whether management has identified such laws that might have such effects.
The audit of a government program involves obtaining information about the costs, outputs, benefits, and
27
effects of the program. Auditors attempt to measure the accomplishments and relative success of the
program based on the actual intent of the legislation that established the program.
Types of Auditors:
1. Independent auditors or external auditors – are CPA firms and individual practitioners who
perform audit services on contractual basis for more than one client
● Independent auditor – because the auditor is independent with respect to the client whose FS
are being audited; External auditor – the auditor is an outsider (not an employee of the client)
● Practitioners perform operational audits and compliance audits as part of consultancy services
2. Internal auditors – they are employed by the entity thus they are not independent. However, to
operate effectively, an internal auditor must be independent of the line functions of the entity.
Internal auditors perform operational and compliance audits.
3. Government auditors – employed in government agencies
● BIR examiners perform compliance audits
● BSP examiners perform compliance and operational audits
● COA auditors perform compliance and operational audits
The relationship between an external auditor and an internal auditor is that both of them use
basically an identical approach; however, there are differences in the application of auditing techniques.
The audit committee is composed of outside directors who are independent of management. The primary
purpose is to assure that the directors are exercising due care and external and internal auditors are
independent of management.
The following are some of the audit committee's functions:

● Select the external auditors.
● Review the external auditor's overall audit plan.
● Evaluate the results of external and internal audits.
● Review the internal auditing work schedule, budget, etc.
● Meet regularly with the internal auditing director.
● The above functions should increase public confidence on the fair presentation of the company's
Acceptability of the Financial Reporting Framework
The auditor should determine whether the financial reporting framework adopted by management in
preparing the FS is acceptable. An acceptable financial reporting framework is what is referred to as the
“applicable financial reporting framework.” The auditor determines whether the financial reporting
framework adopted by management is acceptable in view of the nature of the entity (for example, whether it
is a business enterprise, a public sector entity or a not for profit organization) and the objective of the FS.
In FS audit, financial reporting frameworks that are acceptable as valid criteria include:
1. Philippine Financial Reporting Standards (PFRSs)
2. Philippine Accounting Standards (PASs)
3. International Accounting Standards (IASs)
4. Other authoritative basis
Financial statements need to be prepared in accordance with one, or a combination of the above-cited
financial reporting framework.
Distinction: Types of audit according to objectives or nature of assertion/data
Point of distinction FS Audit Compliance audit Operational audit

Primary objective To enable the auditor to express To determine To assess entity’s
an opinion on the fairness of the degree of performance (in terms
FS compliance of efficiency and
effectiveness)
Subject matter Assertion that the FS are Assertion that the Assertion that the
(Assertion) presented in accordance with organization has organization’s
identified financial reporting complied with laws, activities/operations
framework (GAAP) regulations and are conducted
specific procedures effectively and
28
efficiently in relation to
specified objectives
Established GAAP – Identified financial Applicable laws, Objectives (as set by
criteria reporting framework (as by regulations and the board of directors)
standard setting bodies) specific procedures
(as set by
authoritative
bodies)
Sufficient Audit findings whether the FS are Findings on degree Findings on assessment
appropriate in accordance with Identified of compliance of performance /
evidence / financial reporting framework operations
outcome (GAAP)
Communication of Auditor’s report containing an Reports on the Recommendations or
results to intended opinion whether the FS are fairly degree of suggestions on how to
users presented in accordance with compliance with improve operations
identified financial reporting applicable laws,
framework (GAAP) regulations or
specific procedures
Users of audit Different groups for different Authoritative bodies Management of the
report purposes; wide variety of users that sets down the entity
(both internal and external users) regulations, rules
and procedures
Type of auditor Independent / external auditors Government Internal auditors
performing the – practitioners auditors
audit
PUBLIC ACCOUNTING PROFESSION
Characteristics/Attributes of a Profession:
a. Mastery of a particular intellectual skill, acquired by training and education;
b. Adherence by its members to a common code of values and conduct established by its administering
body, including maintaining an outlook which is essentially objective; and
c. Acceptance of a duty to society as a whole (usually in return for restrictions in use of a title or in the
granting of a qualification)
Accountancy meets all characteristics of a profession as follows:

a. To be a member of the accounting profession, one must first obtain a BSA degree, pass a difficult
CPA board exam and continue learning through meaningful working experience and continuing
professional education.
b. In acting in the public interest a professional accountants observe and comply with the ethical
requirements of the Code of Ethics for professional accountants in the Philippines .
c. A distinguishing mark of the accountancy profession is its acceptance of the responsibility to act in
public interest. Therefore, a professional accountant’s responsibility is not exclusively to satisfy the
needs of an individual client or employer.
The Code of Ethics for CPAs in the Philippines – the document that contains the norms and
principles governing the practice of the accountancy profession in the highest standards of ethical
conduct
Objectives of the Accountancy Profession:

1. To work to the highest standards of professionalism
2. To attain the highest levels of performance, and
3. To meet the public interest requirement
Public interest – the collective well-being of the public the CPA serves
● Public interest imposes responsibility on the accountancy profession and on its members
● Public – community of people and institutions who rely on the objectivity and integrity of
CPAs; consists of clients, credit grantors, governments, employers, employees, investors, the
business and financial community, and others who make such reliance
29
Important Role of CPAs in Society: The public rely on CPAs for:

a. Sound financial accounting and reporting
b. Effective financial management and
c. Competent advice on a variety of business and taxation matters
CPA – a person who holds a valid Certificate of Registration and a Professional Identification card issued by
the PRC/BOA to those who satisfactorily complied with all the legal and procedural requirements for such
issuance, including in appropriate cases, having passed the CPA licensure examination
● Also referred to as professional accountant
● A member of the accountancy profession in the Philippines
Regulation of the Accounting Profession:

1. Public Regulation – RA 9298 otherwise known as “The Philippine Accountancy Act of 2004”
(including its Implementing Rules and Regulations)
2. Regulation by the Profession – through the implementation of the Code of Ethics for professional
accountants / CPAs in the Philippines
3. Regulation within the Firm – through implementation of a system of quality control
Organizations that Affect Public Accounting:
1. Regulatory Government Agencies:
a. Professional Regulation Commission (PRC) – the government agency that administers,

implements and enforces the regulatory policies of the Philippine Government with respect to the
regulation and licensing of the various professions (such as the accountancy profession) under its
jurisdiction
● the professional regulation commission of the Philippines created under RA No. 8981
● The PRC derives its authority from the PRC Modernization Act of 2000.
● The PRC is the government agency that has overall jurisdiction over the regulatory boards
(such as the Board of Accountancy) in the Philippines.
b. Professional Regulatory Board of Accountancy (BOA) – the government agency empowered to

administer/enforce the Philippine Accountancy Act of 2004 (RA 9298)
● BOA is under the administrative supervision of the PRC
Objectives of RA 9298:
● The standardization and regulation of accounting education;
● The examination for registration of CPAs; and
● The supervision, control, and regulation of the practice of accountancy in the Philippines.
Councils/committee formed to assist BOA:

1. Financial Reporting Standards Council (FRSC) – assists BOA in the establishment
and promulgation of GAAP in the Philippines
2. Auditing and Assurance Standards Council (AASC) – created to assist BOA in the
establishment and promulgation of GAAS in the Philippines
3. Education Technical Council (ETC) – assists BOA in continuously upgrading
accounting education in the Philippines
4. Quality Review Committee (QRC) – conducts an oversight into the quality of audits
of financial statements through a review of the quality control measures instituted by an
Individual CPAs, Firm or Partnership of CPAs engaged in the practice of public
accountancy to ascertain his/her/its compliance with prescribe professional, ethical and
technical standards of public practice
Functions of the QRC:
a. Conduct quality review on applicants for registration to practice accountancy and
render a report which shall be attached to the application for registration.
b. Recommend to the BOA the revocation of the Certificate of Registration and the
Professional Identification Card of CPAs who has not observed the quality control
measures and who has not complied with the standards of quality prescribed for the
practice of public accountancy
30
c. In the event that the QRC cannot accomplish the aforesaid functions for any reason
whatsoever, the BOA or its duly authorized representatives may conduct the required
quality review.
5. PRC CPE Council – assists BOA in implementing its CPE program
c. Securities and Exchange Commission (SEC) – the government agency that regulates the
registration and operations of corporations (whether stock or non-stock), partnerships and other
forms of associations in the Philippines
Laws governing the registration:

● Civil Code of the Phils. – for partnerships
● Corporation Code of the Phils. – for corporations
● Securities Regulation Code
Overall objective of the SEC:

● The overall objective of the SEC is to assist in providing investors with reliable information
upon which to make investment decisions.
SEC reportorial requirements:

● The SEC prescribes financial reporting requirements.
● SEC requires companies that plan to issue new securities to the public to submit a
registration statement to the SEC for approval.
● The financial statements to be filed with the SEC shall be accompanied by a Statement of
Management’s Responsibility for Financial Statements.
Composition of SEC: a chairperson and four (4) commissioners appointed by the President of
the Philippines for a term of 7 years
d. Bangko Sentral ng Pilipinas (BSP) – regulates and supervises the banking industry
● The primary objective of the BSP is to maintain price stability conducive to a balanced and
sustainable economic growth. It also aims to promote and preserve monetary stability and the
convertibility of the peso.
Monetary Board – the policy-making body of the BSP
Composition of Monetary Board: composed of 7 members appointed by the President of the

Philippines for a term of 6 years, as follows:
● BSP Governor
● A member of the Cabinet to be designated by the President of the Philippines
● Five (5) members from private sector
e. Commission on Audit (COA) – the government agency examines whether government units
handle their funds in compliance with existing laws and regulations and whether their programs are
being conducted effectively, efficiently and economically
Principal duties of the COA:

a. Examine, audit and settle all accounts pertaining to the revenue or receipts and expenditures or
uses of government funds and property.
b. Act as central accounting office of the government (Keep the general accounts pertaining thereof
and preserve the vouchers pertaining thereof),
c. Define the scope of its audit and examination.
d. Promulgate accounting and auditing rules and regulations including those for the prevention of
irregular, unnecessary, excessive or extravagant expenditures or uses of funds and property.
e. Submit to the President, at the time fixed by law, an annual financial report of the government,
its subdivisions, agencies and instrumentalities, including GOCCs, and recommend measures
necessary to improve their efficiency and effectiveness.
f. Perform such other duties and functions as may be prescribed by law.
● The COA is the highest and final authority in state auditing. Its jurisdiction and responsibility
is defined by the Philippine Constitution (under Article IX – D).
● The COA acts as the sole external auditor of all government departments and agencies,
31
including government-owned or controlled corporations.
● Commission proper – governing body of COA
● Composition: The COA is composed of a Chairman and two (2) Commissioners to be

appointed by the President of the Philippines with the consent of the Commission of
Appointments for a term of 7 years without reappointment
● Qualifications of COA members:

1. Natural-born citizens of the Philippines
2. At least thirty-five years of age at the time of their appointment
3. CPAs with not less than 10 years of auditing experience or members of the Philippine Bar
who have been engaged in the practice of law for at least 10 years, and
4. Not have been candidates for any elective position in the elections immediately
preceding their appointment
● COA Audit: The COA conducts a comprehensive audit that includes financial, compliance,
and management audits.
● At no time shall all Members of the COA belong to the same profession.
f. Insurance Commission (IC) – government agency regulates and supervises the insurance
industry for the promotion of national interest
g. Bureau of Internal Revenue (BIR) – government agency that enforce tax laws; the BIR is
empowered to collect taxes to raise revenues for the use and support of the government
2. Standard-Setting Bodies:
a. Local/Domestic:
(1) Financial Reporting Standards Council (FRSC) – accounting standard-setting body/council
created by the BOA
FRSC Composition/Membership:
Chairman (had been or presently a senior practitioner in any of the scope
of accounting practice) 1
BOA 1
SEC 1
BSP 1
BIR 1
COA 1
A major organization composed of preparers and users of FS 1
Accredited National Professional Organization of CPAs (APO) – PICPA:
Public practice 2
Commerce and industry 2
Academe/Education 2
Government 2 8
Total members 15
(2) Auditing and Assurance Standards Council (AASC) – auditing standard-setting body/council
created by the BOA
AASC Composition/Membership:
Chairman (had been or presently a senior accounting practitioner in public 1
accountancy)
BOA 1
SEC 1
BSP 1
COA 1
Association or organization of CPAs 1
in active public practice of accountancy
Accredited National Professional Organization of CPAs - PICPA:
Public practice 6
32

Academe/Education 1
Government 1 9
Total members 15
● BIR representation. The BIR, although represented in the FRSC, is not represented in
the AASC.
● Appointment. The Chairman and members of the FRSC and AASC shall be appointed by
the PRC upon the recommendation of the BOA in connection with the APO (PICPA).
● Term of office. The Chairman and members of both the FRSC and AASC shall have a
term of 3 years renewable for another term.
● Main function of FRSC and AASC: To assist BOA in carrying out its powers and
functions on monitoring the conditions affecting the practice of accountancy and adoption
of such measures, including promulgation of accounting and auditing standards, rules and
regulations and best practices
b. Foreign/International:
(1) International Federation of Accountants (IFAC) – the recognized global/worldwide
organization for the accountancy profession
The International Federation of Accountants (IFAC) is the worldwide organization for the
accountancy profession. Founded in 1977, its mission is “to serve the public interest, IFAC will
continue to strengthen the worldwide accountancy profession and contribute to the
development of strong international economies by establishing and promoting adherence to
high-quality professional standards, furthering the international convergence of such standards
and speaking out on public interest issues where the profession’s expertise is most relevant.”
IFAC is comprised of 158 members and associates in 123 countries worldwide, representing
approximately 2.5 million accountants in public practice, industry and commerce, the public
sector, and education. No other accountancy body in the world and few other professional
organizations have the broad-based international support that characterizes IFAC.
(2) International Accounting Standards Board (IASB) – the international accounting standard-
setting body
● Foreign counterpart of the FRSC
● Its issuances are called IFRS
● It replaced the International Accounting Standards Committee (IASC)
(3) International Auditing and Assurance Standards Board (IAASB) – international auditing
standard-setting body
● Foreign counterpart of the AASC
● It replaced the International Auditing Practices Committee (IAPC)
Both the IASB and IAASB are under the IFAC.
3. Professional and Sectoral Organizations:
a. Philippine Institute of Certified Public Accountant (PICPA) – the globally-recognized and

integrated national professional organization of CPAs in the Philippines accredited by the BOA and the
PRC
● PICPA is designated as the accredited professional organization (APO) in the Philippines.
● The Mission of PICPA is to enhance the integrity of the accountancy profession, serve the best
interest of its members and other stakeholders, and contribute to the attainment of the
country's national objectives.
● As the APO, PICPA is tasked to meet the following requirements:

a. It is established for the benefit and welfare of the CPAs, the advancement of their
33
profession, and the attainment of other professional ends;

b. Its membership is open to all registered CPAs without discrimination;
c. It's membership shall include CPAs in all sectors;
d. It shall have a creditable plan to enlist into active membership within three (3) years, at
least a majority of the CPAs in the practice of accountancy.
e. It shall have adequate chapters/regions in major areas in the Philippines to effectively
attend to the needs of its members. Its national directors shall be elected in accordance
with the provisions of the Corporation Code.
f. It shall be judicious and prudent in the management of its financial resources.
g. It shall have a full-time career Executive Director who shall implement the policies
promulgated by the PICPA Board of Directors and shall have direct supervision over the
PICPA Secretariat.
h. It is duly registered as a non-stock corporation or association by the SEC.
i. It has paid the prescribed accreditation fee.
● PICPA must renew its accreditation once every three years.
b. Sectoral Organizations
● Serve the needs of CPAs in different scopes of practice
● Provide seminars, programs and workshops that specifically serve the interests of the CPAs in
their respective sectors
● Each sector has its own organization as follows:
(1) Public Practice – Association of CPAs in Public Practice (ACPAPP)
(2) Commerce and Industry – Association of CPAs in Commerce and Industry (ACPACI)
(3) Education/Academe – Association of CPAs in Education (ACPAE)
(4) Government – Government Association of CPAs (GACPA)
ESTABLISHMENT, ORGANIZATION AND MANAGEMENT

OF A PUBLIC ACCOUNTING FIRM
Allowed Forms of Organization for the Practice of Public Accountancy:

a. Single practitioners (individual CPAs) or sole proprietorship, and
b. Partnership of CPAs (general partnerships and limited liability partnerships)
Corporation form of CPA/Audit firm is not allowed in the Philippines.
Allowed Names for the Practice of Accountancy:

1. Individual CPA: Shall use his/her registered name (the name registered with the BOA and the PRC
and as printed on his/her CPA certificate)
For example: Jessie Garcia, CPA
2. Firms: Shall use the duly registered and authorized firm name appearing in the registration
documents issued by the DTI or any other proper government office/s and such firm name shall
include the real name of the sole proprietor as printed in his/her CPA certificate
For example: Denver Roncal and Associates
3. Partnerships:
● In case of registered partnership – shall use the partnership name as indicated in the Articles of
Partnership and certificate of registration issued by the SEC
● In case of unregistered partnership – shall use the partnership name indicated in the Articles of
Partnership
For example: Sycip, Gorres, Velayo & Company
In case of death or withdrawal of all partners, the surviving partner may continue to practice under
the partnership name for a period of not more than 2 years after becoming a sole proprietor.
Prohibition on Use of Name: CPAs shall practice only under a name allowed by law and:
● Shall NOT include any fictitious name
● Shall NOT indicate specialization (such as tax specialist or expert)
● Shall NOT misleading as to the type of organization
Registration for Accreditation with the BOA and PRC:
34
● Registration for accreditation with the BOA and PRC is required for CPAs (individuals, firms and
partnerships, including its partners and staff members) before they can engage in public
accountancy.
● They shall not commence public practice until a valid Certificate of Registration to practice public
accountancy has been issued to such CPA(s). The Certificate of Accreditation attests that the
applicant is duly accredited to practice public accountancy in the Philippines.
● Basic requirements for registration:

a. Application for registration (accomplished in a form prescribed by the BOA, in triplicate, and duly
signed by the applicant CPA)
b. Submission of registration documents such as:
➢ Certificate of registration issued by the SEC together with the certified copy of the current
Articles of Partnership for registered partnerships, or
➢ Certified copy of the Articles of partnership for unregistered partnership, or
➢ Certified copy of the certificate of registration of Firm name with the DTI and other proper
government agencies.
c. A minimum of three (3) years meaningful experience in any of the areas of practice of
accountancy
d. Compliance with the quality review (this is a required condition prior to registration or renewal
any thereof
The BOA created Quality Review Committee (QRC) to conduct quality review on
applicants for registration to practice accountancy and render a report which shall be attached
to the application for registration.
● Validity of registration for accreditation is for a period of 3 years (renewable after 3 years on or
before September 30 on the year of expiry). The registration of applicants approved during any
month of the year shall expire on December 31 on the third year following its approval.
Example: If the application for registration of a CPA firm is approved on July 31, 2004, the
registration shall expire on December 31, 2006 and therefore it shall file for renewal on or before
September 30, 2006 for the three year period beginning January 1, 2007. The next renewal will
be on or before September 30, 2009.
Tax and other Legal Requirements:

a. Payment of privilege tax as a CPA on occupations with the city or municipality where they practice
public accountancy
b. Business permits (from local and national government)
c. Accreditation with other government agencies:
a. SEC – also accredits external auditors
● An external auditor should file with the SEC a representation letter for audit clients whenever
his audit client files its financial statements with the SEC
b. BSP – Rendering/offering of independent audits to banks and other financial institutions under
BSP supervision requires BSP accreditation
c. BIR – also accredits external auditors
Foreign CPAs:
● The practice of accountancy in the Philippines is limited to Filipino CPAs.
● A foreign CPA is not allowed to be as owner, sole proprietor, partner or any staff thereof, unless
he/she is qualified to practice accountancy in the Philippines (unless the foreign CPA qualifies to
practice under Sections 34 and 35 of RA 9298.)
● Under no circumstances shall the correspondent relationship, membership, or business dealings with
foreign CPAs be a scheme for the foreign CPAs to engage in the practice of public accountancy in the
Philippines which under the present laws is limited to Filipino CPAs
Hierarchy/ Ranks/Levels within a CPA Firm:

1. Partners – owners of the CPA/Auditing firm 2. Senior or Senior-in-charge
Duties and responsibilities: Duties and responsibilities:
● Determine operating policies of the firm ● Directly responsible to the manager or the
● Select and hire audit staff partner
● Obtain clients ● Take charge of field work
35
● Establish contracts with clients (sign ● Prepares audit program for a specific
engagement letter) engagement (subject to review by
● Approve billings to clients superiors)
● Assume overall responsibility for each ● Assigns particular phases of audit to staff
engagement auditors
● Plan and review all phases of the audit ● Directly supervises staff auditors
● Approve and sign the report and firm ● Perform more important audit procedures
correspondence (such as audit report and ● Reviews non-financial records such as
other documents articles of incorporation and by-laws
● Discusses with clients or with the partner
or manager problems or questions that
arise in the course of the audit
● Assemble audit working papers
● Prepare income tax returns
● Prepares the original draft of audit report
and audited financial statements (subject
to review and approval by the partner or
manager/supervisor)
3. Managers / Supervisors 4. Junior or staff auditor/assistant
Duties and responsibilities: Duties and responsibilities:
● Act as liaison between partners and other ● Prepare analyses, schedules,
team members reconciliations and reports of findings
● Prepare the overall audit plan ● Verify footings, extensions and postings on
● Discuss with clients items of material accounting records
importance (such as problems that may ● Trace evidence such as examination of
arise in course of the audit) vouchers supporting a disbursement
● Directly supervise senior auditors ● Observe client’s physical count of
● Review working papers inventories
● Draft the report ● Performs other tasks as may be assigned
● Discuss reports and results to clients and
settle accounting problems with the client
● Take charge of training programs
Professional Fees:
1. Amount of fees to be charged to clients: Fees charged should be a fair reflection of the value of the
professional services, taking into account the following:
a. The skill and knowledge required
b. The level of training and experience of the persons necessarily engaged on the work
c. The time necessarily occupied by each person engaged on the work, and
d. The degree of responsibility and urgency that the work entails
● A fee lower than previous fee is acceptable if calculated using the above factors.
● Other factors to be considered are those influenced by legal, social and economic conditions in
the Philippines.
No standard amount of fee: A CPA in public practice may determine or quote whatever fee
deemed appropriate. He may quote a fee lower than another but not too low (or significantly lower)
nor excessive. If fees that are too low:
● It is considered unethical
● There would be a risk of a perception that the quality of work could be impaired
2. Methods of billing clients (billing arrangements): The methods of determining professional fees
are:
a. Per diem basis – the charges are based on the actual time spent at a rate depending on the
experience and expertise of the members of the engagement team
● Also known as actual time charges basis
● It is computed as actual time spent x rate per hour as agreed upon
b. Fixed fee or Flat fee basis – lump-sum fee for the entire engagement. The charges for out-of-
pocket expenses are separate from the audit fee and are to be billed separately
c. Maximum fee basis – a combination of fixed fee and per diem basis. The billing is similar to per
diem basis subject to a maximum limit as agreed between the practitioner and the client
d. Retainer fee basis – the client pays a uniform/fixed monthly charge, plus additional fee annually,
36
payable upon submission of the audit report
Out-of-pocket expenses – reimbursable expenses, in addition to the professional fees, that

are chargeable to the client, such as:
● Traveling expenses
● Supplies
Billing arrangements should be clearly defined, preferably in writing, before the start of the
engagement to help in avoiding misunderstanding with respect to fees.
3. Prohibition against contingent fee: An assurance engagement should not be performed for a fee
that is contingent on the result of the assurance work or on items that are the subject matter of the
assurance engagement.
Contingent fee – a fee calculated on a predetermined basis relating to the outcome or result of a
transaction or the result of the work performed
● Contingent fee is unacceptable billing arrangement because it impairs independence and
objectivity.
Examples of contingent fees:

a. Fee based on % of audited net income
b. Fee based upon % of the acquisition price of another company
c. Fee based on amount of taxes saved
d. Tax preparation where the fee will be based on whether the CPA signs the tax return prepared
e. Fee based on amount of insurance settlement
f. Fee is charged if bank loan is obtained/approved
g. No fee will be charged unless specific finding or result is obtained
Not considered contingent fees:

a. If fixed by a court or other public authority
b. If determined based on the results of judicial or government agency proceedings
c. If authorized by statute
d. If approved by a member body as generally accepted practice for certain professional
services
Some reasons why the above are not considered contingent fees:
● Fees fixed by courts and other public authority, although may be uncertain in nature
at that moment, are not known and cannot be influenced by the auditor and the
client.
● Fees based on determination by taxing authorities are a matter of judicial proceedings
which do not involve third parties.
Marketing Professional Services:

A professional accountant in public practice should not bring the profession into disrepute when
marketing professional services. The professional accountant in public practice should be honest and truthful
and should NOT:
a. NOT make exaggerated claims for services offered, qualifications possessed or experience gained; or
b. NOT make disparaging references to unsubstantiated comparisons to the work of another.
If the professional accountant in public practice is in doubt whether a proposed form of advertising or
marketing is appropriate, the professional accountant in public practice should consult with the
relevant professional body.
Publicity, Solicitation and Advertising:

● Publicity – the communication to the public of facts about a professional accountant which are not
designed for the deliberate promotion of that professional accountant
● Solicitation – the approach to a potential client for the purpose of offering professional services
● Advertising – the communication to the public of information as to the services or skills provided by
professional accountants in public practice with a view to procuring professional business
Rules on Solicitation, Advertising and Referrals:

a. Solicitation of clients – prohibited by the Code of Ethics
b. Advertising (or other form of marketing) – not allowed
37
● Advertising is a form of solicitation

c. Payment or receipt of commission – not allowed
d. Referral – allowed
e. Payment or receipt of referral fee – not allowed
Sources of Clients:
a. Referrals from businessmen, clients (present or previous), financial and government institutions,
other CPAs, and legal and other professional firms
b. Walk-in clients
Death or disability of an Individual CPA, and Dissolution or Liquidation of a Firm or Partnership

of CPAs:
● Such must be reported to the BOA by any designated staff member of the Individual CPA, or by the
sole practitioner of a firm (or his/her designated staff member if the proprietor is unavailable), or by
the managing partner (or any designated partner in case the managing partner in case the managing
partner is unavailable) not later than 30 days from the date of such death, dissolution, or liquidation
● The report must be:
a. In affidavit form – in case of Individual CPA or a Firm
b. A certified copy of dissolution or liquidation papers filed with the SEC – in case of a partnership
● Failure to notify the BOA shall subject the designated individual to penalty.
Fees and Penalties:

● Fee – Fee for initial registration, renewal, or request for reinstatement: P1,000 or to such an amount
as the PRC may prescribe
● Penalties:
➢ Suspension of CPA certificate, certificate of registration (to practice), and professional
identification card. If the violator is criminally liable, such party responsible shall be proceeded
against criminally, independent of any action therein provided.
➢ Subject to the approval of the PRC, the BOA may, for justifiable reasons, lift the sanctions
imposed on violators.
Examples of Violations of the IRR:

a. Engaging in public accounting practice without first registering with the BOA and the PRC
b. Continuing to engage in public accounting practice after the expiration of registration
c. Continuing to engage in public accounting practice after suspension, revocation or withdrawal of
registration
d. Giving any false information, data, statistics, reports or other statement which tend to mislead,
obstruct, or obscure the registration of an Individual CPA, Firm or Partnership of CPAs under the IRR
e. Giving any misrepresentation to the effect that registration was secured when in truth and in fact, it
was not secured
f. Failure or refusal to undergo quality review
g. Failure to comply with the requirements on accomplishment of the application for registration,
including submission of required documents
GENERALLY ACCEPTED AUDITING STANDARDS
Auditing Standards:
● Popularly known as the Generally Accepted Auditing Standards (GAAS)
● The general guidelines that the auditors must follow in conducting the audit.
● The minimum standards of auditor’s performance that must be achieved on each audit engagement
● The guidance for measuring the quality of the auditor’s performance
GAAP vs. GAAS:

● GAAP: the principles for the preparation and presentation of financial statements that are
used by the auditor as criteria in determining the overall fairness of the financial statements;
foundation of accounting
● GAAS: standards/measures/guidance that the auditors must follow when conducting an
audit; foundation of auditing
Auditing Standards vs. Auditing Procedures:
38
a. Definition:
● Auditing standards: the measures of the quality or minimum standard of auditor’s
performance
● Auditing procedures: the means used (or the acts to be performed) by the auditor to
attain the quality or minimum standard of auditor’s performance
b. Basic difference: "auditing procedures" relate to acts to be performed, whereas "auditing
standards" deal with measures of audit quality and the objectives to be achieved in an audit.
c. Relationship: Every independent audit engagement involves both auditing standards and
auditing procedures. From one engagement to another engagement, auditing standards are
applied uniformly but auditing procedures may vary.
THE 10 GENERALLY ACCEPTED AUDITING STANDARDS (GAAS):
GENERAL STANDARDS – standards/criteria which present guidance in the personal qualifications an

auditor must possess to undertake the audit engagement
1. Adequate technical training and proficiency: This standard refers to professional

competence
● Professional competence of the auditor is primarily met by having professional
education/training and practical experience in auditing
● Competence can also be acquired by the auditor through the following:
➢ Continuing professional development
➢ Consulting others if additional technical information is needed
➢ Coaching by more experienced staff
➢ Research to obtain knowledge of client business and industry
● Competence does not include warranting the infallibility of the work performed.
2. Independence: This standard requires that the auditor must be impartial when dealing with the
client or without bias with respect to the client entity. The auditor must be independent in fact and
in appearance.
a. Independence of mind – The state of mind that permits the expression of a conclusion without
being affected by influences that compromise professional judgment, allowing an individual to act
with integrity, and exercise objectivity and professional skepticism; this is also known as
“independence in fact” or “independence in mental attitude.”
b. Independence in appearance – The avoidance of facts and circumstances or situations that
are so significant that would lead a reasonable and informed third party or the public to believe
or conclude that the auditor is not independent. In other words, independence in appearance
requires that activities or relationships that even suggest or imply a possible lack of
independence must be avoided by the auditor.
● Independence is often called the cornerstone of the profession since it is necessary

to add credibility to the auditor’s work.
● Auditor strives to achieve independence in appearance in order to: maintain
public confidence in the profession or to achieve public confidence. The audit opinion
and the audit report would be of little or no value if auditor is not independent
because of absence of public confidence.
● The auditor ultimately decides whether or not he/she is independent.
● Independence in mental attitude cannot be regulated.
● However, to encourage independence in fact and to maintain the appearance of
independence, the auditor can have no direct financial interest in the client. “Direct”
includes the auditor and members of immediate family. “Financial interest” is
ownership of equity shares, other client financial instruments, or any other potential
financial benefit.
● In addition, there can be no material indirect financial interest such as ownership
through a mutual fund.
● To ensure independence, auditor cannot render an opinion on statements of one year
until all fees from the prior year audit have been paid.
● To emphasize independence from management, auditor is usually appointed by audit
committee of the board of directors.
● Independence may be impaired by performing consulting services, especially those
that involve making management decisions.
39
3. Due professional care: This standard requires that an auditor, in fulfilling his duties, should act
diligently and carefully, exercise reasonable prudence, and apply judgment in a conscientious
manner, carefully weighing the relevant factors before reaching a decision.
● Due professional care is often called the "average auditor" concept. The auditor
should do what the average auditor would do and never less, including review of work
performed by assistants and maintaining an attitude of professional skepticism.
● Due professional care does not mean/imply infallibility or exercise of error-free
judgment. The auditor is not and cannot be held responsible for losses because of
errors of pure judgment.
● Exercise of due professional care in the performance of the audit requires:
a. Observance of the standards of field work and reporting
b. Critical review of the audit work performed at every level of supervision
c. Degree of skill commonly possessed by others in the profession
d. Exercise of the same components of professional care as a reasonable auditor
would exercise
e. Exercise of professional skepticism
STANDARDS OF FIELD WORK – the standards / criteria for planning and evidence-gathering
1. Adequate planning and proper supervision:

● Planning involves establishing the overall audit strategy for the engagement and developing
an audit plan. The auditor should also supervise the work of assistants. Supervision is
critical because of assistants’ lack of experience.
● Audit programs are designed to enumerate appropriate action, and all work of staff auditors
should be reviewed by a qualified auditor. Audit program is developed before substantive
testing to ensure that adequate planning has occurred.
2. Sufficient understanding of the entity and its environment, including internal control:
● As part of the planning activities, the auditor is required to obtain sufficient understanding of
the entity and its environment. This means that the auditor should obtain a more detailed
knowledge of the client's business and the environment/industry in which the entity operates.
● A sufficient understanding of internal control is to be obtained to plan the audit. Appropriate
internal controls provide the auditor with confidence that material misstatements will be
prevented or detected on a timely basis.
➢ Strong internal control implies that the auditor will require less evidence.
➢ Weak internal control implies that the auditor will require more evidence.
3. Sufficient appropriate audit evidence:

● The auditor should obtain sufficient appropriate audit evidence by performing audit
procedures to be able to draw reasonable conclusions on which to base the opinion
regarding the financial statements under audit.
● Evidence gathering is sometimes called substantive testing. Any testing that confirms
the ending balance of an account is known as a test of a balance. Evidence gathered
to support an account by looking at the various transactions that have affected it
during the period is called a test of details.
● All specific audit work is performed in order to gather evidence.
● The quantity and quality of evidence to be gathered depends on the judgment of the
auditor.
● The decision as to how much evidence to be accumulated requires professional
judgment; not provided in the PSAs; the rule is, evidence must be sufficient to afford
a reasonable basis for opinion
STANDARDS OF REPORTING – standards on auditor’s expression of audit opinion through a medium

known as the auditor’s report
1. Whether the financial statements are in accordance with GAAP/PFRS: Conformity with
GAAP/PFRS is explicit in the auditor’s report
● Explicit statement means that the auditor should state whether or not the financial
statements subject to audit are prepared in accordance with GAAP/PFRS.
● When an overall opinion cannot be expressed, as where the auditor disclaims an opinion, the
40
reasons therefore should be stated.
2. Consistent application of GAAP/PFRS: Consistency is implicit in the auditor’s report

● If there is no material consistency as to application of GAAP/PFRS, no statement as to
consistency is required in the auditor’s report. However, if a material inconsistency exists,
auditor shall identify such inconsistency in the auditor’s report.
In short:
● If GAAP/PFRS is consistently applied: no express statement as to consistency is
necessary because consistency is implicit in the auditor’s report
● If GAAP/PFRS is not consistently applied: auditor shall identify in the auditor’s
report such inconsistency
3. Adequacy of informative disclosures: Adequacy of disclosure is implicit in the auditor’s

report. If informative disclosure is adequate, no statement as to adequacy of disclosure is
required in the auditor’s report. However, if informative disclosure is inadequate, auditor must
state such inadequacy in the auditor’s report.
● If disclosure is adequate: no statement as to adequacy of disclosure is

necessary because adequacy of disclosure is implicit in the auditor’s report
● If disclosure is inadequate: auditor must state in the audit report such
inadequacy
4. Opinion regarding the financial statements taken as a whole: expression of audit

opinion is explicit in the auditor’s report
Objective of 4th standard of reporting:

● To indicate the character of the engagement and the degree of responsibility assumed by the
auditor. This would prevent FINANCIAL STATEMENTS users from misinterpreting the degree
of responsibility the auditor is assuming/taking.
● Reference to the expression "taken as a whole" in the fourth generally accepted auditing
standard of reporting means that the audit opinion applies equally to a complete set of
financial statements and to each individual financial statement.
Philippine Standards on Auditing (PSAs):

● The PSAs are interpretations of GAAS, meaning, they are intended to clarify the meaning of
"generally accepted auditing standards."
● The PSAs contains basic audit principles and essential procedures together with related guidance in
the form of explanatory and other material which the auditor should follow when conducting financial
statements audit.
● Application of PSAs: PSAs apply to independent examination of (historical) financial statements of
any entity conducted for the purpose of expressing an opinion.
● Compliance with PSA: The auditor should conduct an audit in accordance with PSA. Compliance
with PSAs means application of basic audit principles and performance of essential audit procedures.
Compliance with relevant PSAs is mandatory. Only in exceptional instances where departure from
relevant PSA is allowed such as when the auditor believes that the:
➢ Amount involved is insignificant; or
➢ Requirement of the PSA is impractical to perform; or
➢ Requirement of the PSA is impossible to perform.
NATURE OF SYSTEM OF QUALITY CONTROL:
One of the recognized objectives of the accountancy profession is to attain the highest levels of
performance. To achieve this objective, there is a need for assurance that all professional services provided
by CPAs are carried out to the highest quality or standards of performance. Reasonable assurance of
meeting such need is provided through a system of quality control.
A system of quality control refers to quality control policies and procedures adopted by CPA firms that
are designed to provide reasonable assurance that the firm and its personnel comply with professional
41
standards and regulatory and legal requirements and that reports issued by the firm or engagement partners
are appropriate in the circumstances.
System of Quality Control in an Audit Engagement: Policies and procedures to provide

reasonable assurance that all audits are conducted in accordance with PSAs and that audit reports
issued are appropriate in the circumstances
QC policies vs. QC procedures:

a. Quality control policies – are the objectives and goals to be achieved
b. Quality control procedures – are steps/procedures to be taken to:
● accomplish the policies adopted, or
● implement and monitor compliance with those policies
Mandatory requirement for CPA firms to establish SQC: Under Philippine Standard on Quality Control
1 (PSQC 1) CPA firms are required to establish and implement a system of quality control.
Nature and Extent of a System of Quality Control: The nature and extent of the SQC developed by
CPA firms vary from firm to firm due to various factors such as:
a. Size of the CPA firm
b. Nature of its practice
c. Operating characteristics
d. Its organization
e. Geographical dispersion
f. Cost-benefit consideration
g. Whether it is part of a network
Elements of System of Quality Control: Although the nature and extent of the system of quality control
developed by CPA firms vary from one firm to another, a system of quality control must have the following
elements:
1. Leadership responsibilities for quality within the firm – The CPA firm should establish policies
and procedures that:
● Promote an internal culture based on recognition that quality is essential in the performance of
the engagements
● Require CPA firm’s leader (CEO/ managing board of partners or its equivalent), to assume
ultimate responsibility for the firm’s system of quality control.
2. Ethical requirements, including independence –
● The CPA firm should establish policies and procedures to provide reasonable assurance that the
firm and its personnel comply with relevant ethical requirements (including independence):
3. Acceptance and continuance of client relationships and specific engagements – The CPA
firm should establish policies and procedures to provide reasonable assurance that the CPA firm will
only undertake or continue relationships and engagements where it:
a. Has considered the client’s integrity
b. Is competent to perform the engagement and has the capabilities, time and resources to do so;
and
c. Can comply with ethical requirements
4. Human resources – The CPA firm should establish policies and procedures to provide reasonable
assurance that it has sufficient personnel with the capabilities, competence, and commitment to
ethical principles necessary to perform the engagement.
5. Engagement performance – The CPA firm should establish policies and procedures to provide
reasonable assurance that engagements are performed in accordance with professional standards
and regulatory and legal requirements, and that the firm or engagement partner issue reports that
are appropriate in the circumstances.
6. Monitoring – The CPA firm should establish policies and procedures to provide reasonable
assurance that quality control are relevant, adequate and operating effectively and complied with in
practice and should include an ongoing consideration and evaluation of the firm’s system of quality
control, including a periodic inspection of a selection of completed engagements.
The purpose of monitoring compliance with quality control policies and procedures is to provide an
evaluation of:
a. Adherence to professional standards and regulatory and legal requirements;
b. Whether the quality control system has been appropriately designed and effectively
implemented; and
c. Whether the firm’s quality control policies and procedures have been appropriately applied, so
42
that reports that are issued by the firm or engagement partners are appropriate in the
circumstances.
The following shall also be included in the CPA firm’s SQC:

1. Complaints and Allegations: The firm should establish policies and procedures designed to
provide it with reasonable assurance that it deals appropriately with:
a. Complaints and allegations that the work performed by the firm fails to comply with
professional standards and regulatory and legal requirements; and
b. Allegations of non-compliance with the firm’s system of quality control.
2. Documentation: The firm should establish policies and procedures requiring appropriate
documentation to provide evidence of the operation of each element of its system of quality control.
Distinction between GAAS/PSA and SQC: GAAS/PSAs relate to each individual audit engagement,
whereas SQC relates to all professional activities/services of the firms practice as a whole.
QUALITY REVIEW COMMITTEE:

● To ensure that CPAs work to the highest standards, the government thru the Professional Regulatory
Board of Accountancy (BOA) has required all CPA firms and individual CPAs in public practice to
obtain a certificate of accreditation to practice public accountancy. Such certificate is valid for three
(3) years and can be renewed after complying with the requirements of the BOA.
● As a condition to the renewal of the certificate of accreditation to practice public accountancy, the
BOA requires individual CPAs and CPA firms to undergo a quality control review to ensure that these
CPAs comply with accounting and auditing standards and practices.
● The BOA has created a Quality Review Committee (QRC) which shall conduct a quality review on
applicants for registration to practice public accountancy.
Functions of the Quality Review Committee:

● Conducts quality review on applicants for registration, or renewal thereof, to practice public
accountancy
● Render a report on such quality review, which shall be attached to the application for registration
● Recommend to BOA revocation of registration and professional ID cards of CPAs for not observing
the SQC requirements
Quality review – an oversight into (or study or appraisal of) the quality of audit of FS through a review
of quality control measures established by CPA firms and individual CPAs in public practice to ensure
compliance with accounting and auditing standards and practices
Republic Act No. 9298 – PHILIPPINE ACCOUNTANCY ACT OF 2004

(and its Implementing Rules and Regulations)
Objectives of the Philippine Accountancy Act:

a. The standardization and regulation of accounting education;
b. The examination for registration of CPAs; and
c. The supervision, control, and regulation of the practice of accountancy in the Philippines.
Scope of Practice of Accountancy:

Practice of accountancy shall include, both not limited to the following:
1. Practice of Public Accountancy – Practice of public accountancy shall constitute in a

person, be it his/her individual capacity, or as a partner or as a staff member in an
accounting or auditing firm, holding out himself/herself as one skilled in the knowledge,
science and practice of accounting, and as a qualified person to render professional services
as a certified public accountant; or offering or rendering, or both, to more than one client
on a fee basis or otherwise, services such as:
a. The audit or verification of financial transaction and accounting records
b. The preparation, signing, or certification for clients of reports of audit, balance sheet,
43
and other financial, accounting and related schedules, exhibits, statements or reports
which are to be used for publication or for credit purposes, or to be filed with a court or
government agency, or to be used for any other purpose
c. The design, installation, and revision of accounting system
d. The preparation of income tax returns when related to accounting procedures
e. The representation of clients before government agencies on tax and other matters
related to accounting
f. Renders professional assistance in matters relating to accounting procedures and the
recording and presentation of financial facts or data
2. Practice in Commerce and Industry – Practice in commerce and industry shall

constitute in a person:
a. Involved in decision making requiring professional knowledge in the science of
accounting, (as well as the accounting aspects of finance and taxation); or
b. When the CPA represents his employer before government agencies on tax and other
matters related to accounting
c. When such employment or position requires that the holder thereof must be a CPA.
The IRR provides that business or company in the private sector should employ a duly
registered CPA if:
a. Paid-up capital is at least P5.0 million; and/or
b. Annual revenue is at least P10.0 million
3. Practice in Education / Academe – Practice in education or the academe shall constitute

in a person in an educational institution which involve teaching of accounting, auditing,
management advisory services, finance, business law, taxation, and other technically related
subjects.
● A CPA is considered to be engaged in the practice of accountancy in education /

academe if he/she is employed in educational institutions as teachers of accounting,
auditing, MAS, (accounting aspects of) finance, business law, taxation and other
technically related subjects.
● Members of the Integrated Bar of the Philippines (IBP) may be allowed to teach
business law and taxation subjects.
● The position of either the Dean or department chairman (or its equivalent) that
supervises the BSA program of an educational institution is deemed to be in practice
of accountancy in the academic /education and therefore must be occupied only by
a duly registered CPA.
4. Practice in Government – Practice in the government shall constitute in a person who

holds, or is appointed to, a position in an accounting professional group in government or in
a government-owned and/or controlled corporation, including those performing proprietary
functions, where decision making requires professional knowledge in the science of
accounting, or where a civil service eligibility as a CPA is a prerequisite.
Sector – is the area of practice of accountancy namely public accountancy, commerce and
industry, academe/education and government
Limitations of the Practice of Public Accountancy:

● Single practitioners (individual CPAs) and Partnership of CPAs shall be registered CPAs in
the Philippines.
● The SEC shall not register any corporation organized for the practice of public accountancy.
In other words, corporation form of CPA firm is not allowed.
● A certificate of accreditation issued only after showing that the registrant has acquired the
minimum 3 years meaningful experience in any of the areas of accountancy (whether in
the public accountancy, commerce and industry, education/academe and government)
44
Certificate of Accreditation – a certificate under seal, issued by the PRC upon the
recommendation by the BOA, attesting that Individual CPAs, including the staff members
thereof, firms including the sole proprietors and the staff members thereof and
partnerships of CPAs including the partners and the staff members thereof, are duly
accredited to practice public accountancy in the Philippines.
Definition of Meaningful Experience:

In Public practice Shall include:
● At least 1 year as audit assistant and
● At least 2 years as auditor-in-charge of audit engagements
covering full audit functions of significant clients
In Commerce and Includes significant involvement in:
Industry ● General accounting, budgeting and tax administration
● Internal auditing and liaison officer
● Representing his/her employer before government agencies on
tax and matters related to accounting or any other related
functions
In the Academe or Shall include:
Education ● Teaching for at least 3 trimesters or 2 semesters subjects in
either financial accounting, business law and tax, auditing
problems, auditing theory, financial management and
management services
● Provided, that the accumulated teaching experience on these
subjects shall not be less than 3 school years
In Government Includes significant involvement in:
● General accounting
● Budgeting
● Tax administration
● Internal auditing
● Liaison with the COA
● Any other related functions
Prohibition in the Practice of Accountancy:

Non-CPAs:
● Are not allowed to practice accountancy in the Philippines
● Cannot use the title “Certified Public Accountant” or “CPA”
● Should not indicate (thru display or use any title, sign, card, advertisement, or other
device) that he practices or offers to practice accountancy or that he is a CPA
Non-Filipino professional accountants/CPAs:
● Are also not allowed to practice accountancy in the Philippines, unless:
a. Through foreign reciprocity
b. With valid temporary/special permit duly issued by the BOA and the PRC
Professional Regulatory Board of Accountancy (BOA):

● The BOA is the official government agency empowered to enforce RA 9298.
● BOA is under the supervision and administrative control of the Professional Regulation
Commission (PRC)
1. Composition of BOA:
● BOA shall be composed of a chairman and 6 members (all of which are to be appointed
by the President of the Philippines)
● BOA shall elect a vice-chairman from among its members for a term of 1 year.
According to the IRR, the 4 sectors in the practice of accountancy shall as much as
possible be equitably represented in the BOA.
2. Qualifications of BOA members: At the time of appointment, he/she must be:
45
a. Natural-born citizen and a resident of the Philippines;

b. Duly registered CPA with at least 10 years of work experience in any scope of practice of
accountancy
c. Of good moral character and must not have been convicted of crimes involving moral
turpitude
d. Not have any pecuniary interest, directly or indirectly, in any school, college, university
or institution conferring an academic degree necessary for admission to the practice of
accountancy (those that offer BSA degree) or where review classes in preparation for
the licensure examination are being offered or conducted (such as RESA, PRTC and
CPAR), nor shall he/she be a member of the faculty or administration thereof at the time
of his/her appointment to the BOA, and
e. Not be a director/officer of the APO (PICPA) at the time of his/her appointment – this is
an additional requirement under the IRR
3. Term of office of BOA members:

● The Chairman and the members of the BOA members shall hold office for a term of 3
years.
● Any vacancy during the term of a member shall be filled up for the unexpired portion of
the term only. Appointment to fill up an unexpired term is not to be construed as a
complete term.
● No person who has served 2 successive complete terms shall be eligible for
reappointment until the lapse of 1 year.
● No person shall serve in the BOA for more than 12 years. (addition under the IRR)
4. Powers and Functions of the BOA: The BOA shall exercise the following specific
powers, functions and responsibilities:
a. To prescribe and adopt the rules and regulations necessary for carrying out the
provisions of this Act (RA 9298)
b. To supervise the registration, licensure and practice of accountancy in the Philippines;
c. To administer oaths
d. To issue, suspend, revoke, or reinstate the Certificate of Registration for the practice of
the accountancy profession
e. To adopt its own official seal
f. To prescribe and/or adopt a Code of Ethics for the practice of accountancy
g. To monitor the conditions affecting the practice of accountancy and adopt such
measures, including promulgation of accounting and auditing standards, rules and
regulations and best practices as may be deemed proper for the enhancement and
maintenance of high professional, ethical, accounting and auditing standards
h. To conduct an oversight into the quality of audits of financial statements through a
review of the quality control measures
i. To investigate violations of this Act as IRR, to issue summons, subpoena and subpoena
ad testificandum and subpoena duces tecum to violators or witness thereof and compel
their attendance to such investigation or hearings and the production of documents in
connection therewith
j. The Board may, motu propio in its discretion, make such investigations as it deems
necessary to determine whether any person has violated any provisions of this law, any
accounting or auditing standard or rules duly promulgated by the BOA as part of the
rules governing the practice of accountancy
k. To issue a cease or desist order to any person, association, partnership or corporation
engaged in violation of any provision of this Act, any accounting or auditing standards or
rules duly promulgated by the BOA as part of the rules governing the practice of
accountancy in the Philippines
l. To punish for contempt of the BOA, both direct and indirect, in accordance with the
pertinent provisions of and penalties prescribed by the Rules of Court
m. To prepare, adopt, issue or amend the syllabi of the subjects for examinations in
consultation with the academe, determine and prepare questions for the licensure
examination which shall strictly be within the scope of the syllabi of the subjects for
46
examinations as well as administer, correct and release the results of the licensure
examinations
n. To ensure, in coordination with the Commission on Higher Education (CHED) or other
authorized government offices that all higher educational instruction and offering of
accountancy comply with the policies, standards and requirements of the course
prescribed by CHED or other authorized government offices in the areas of curriculum,
faculty, library and facilities; and
o. To exercise such other powers as may be provided by law as well as those which may
be implied from, or which are necessary or incidental to the carrying out of, the express
powers granted to the BOA to achieve the objectives and purposes of this Act.
5. Grounds for Suspension or Removal of BOA Members:

The President of the Philippines, upon the recommendation of the PRC may suspend or
remove any BOA member on the following grounds:
a. Neglect of duly or incompetence
b. Violation or tolerance of any violation of RA 9298 and its IRR or the CPA Code of
Ethics and the technical and professional standards of practice for CPAs
c. Final judgment of crimes involving moral turpitude
d. Manipulation or rigging of the CPA's licensure examination results, disclosure of
secret and confidential information in the examination questions prior to the conduct
of the said examination or tampering of grades.
● The President’s power to appoint carries with it the power to suspend or removed a
BOA member based on the abovementioned grounds.
● When a member of the BOA has been sued of crimes involving moral turpitude, it is
not a valid ground for suspension or removal of BOA members.
FRSC and AASC: (Refer to notes on public accounting profession)
Education Technical Council (ETC):

● Assists BOA in continuously upgrading accounting education in the Philippines
1. Functions of the ETC:

● Determine a minimum standard curriculum for the study of accountancy to be
implemented in all schools offering accountancy as an undergraduate degree.
● Established teaching standards, including the qualifications of members of the faculty of
schools and colleges of accountancy.
● Monitor the progress of the program on the study of accountancy and undertaking
measures for the attainment of a high quality of accountancy education in the country.
● Evaluate periodically the performance of educational institution offering accountancy
education.
2. ETC Composition/Membership:
Chairman (had been or presently a senior accounting practitioner 1
in the academe/education)
BOA 1
Accredited National Professional Organization of CPAs - PICPA:
Public practice 1
Academe/Education 2*
Government 1 5
Total 7
*1 private school and 1 public school offering Bachelor of Science in Accountancy
● Appointment. The Chairman and members of the ETC shall be appointed by the
47
PRC upon the recommendation of the BOA in connection with the APO (PICPA).
● Term of office. The Chairman and the members of the ETC shall have a term of 3
years renewable for another term.
CPA Examinations:
All applicants for registration for the practice of accountancy shall be required to undergo a
licensure examination to be given by the BOA in such places and dates as the PRC may designate
subject to compliance with the requirements prescribed by the PRC in accordance with Republic Act
No. 8981.
1. Qualifications of Applicants for CPA Examinations:

a. Must be a Filipino citizen
b. Must be of good moral character
c. Must be a holder of the degree of BSA conferred by a school, college, academy or
institute duly recognized and/or accredited by the CHED or other authorized government
offices, and
d. Has not been convicted of any criminal offense involving moral turpitude
2. Scope of Examinations:
The CPA examination shall cover, but are not limited to, the following subjects:
1. Theory of Accounts (80 – 100 items)
2. Business Law and Taxation (50 – 70 items)
3. Management Services (50 – 70 items)
4. Auditing Theory (80 – 100 items)
5. Auditing Problems (40 – 50 items)
6. Practical Accounting I (40 – 50 items)
7. Practical Accounting II (40 – 50 items)
● Each subject has a corresponding syllabus.

● The BOA, subject to the approval of the PRC, may revise or exclude any of the
subjects and their syllabi, and add new ones as the need arises.
3. Rating in the CPA Examinations:

● To pass the CPA exams – 75%; 65%: A candidate must obtain at least a general average of
75%, with no grades lower than 65% in any given subject.
● Conditional status: If a candidate obtains a rating of 75% and above in at least a majority of
the subjects tested, he/she will be given conditional credits for the subjects passed.
4. Removal Examination:
● The candidates with conditional status shall take an examination in the remaining subjects within
2 years from the preceding examination.
● If the candidate fails to obtain at least a general average of 75% and a rating of at least 65% in
each of the subjects reexamined, he/she shall be considered as failed in the entire examination.
● The original exam and the removal exam are counted as one exam only.
5. Candidates required to take Refresher Course:

● Any candidate who fails in 2 complete CPA exams shall be disqualified from taking
another set of examinations unless he/she submits evidence to the satisfaction of the
BOA that he/she enrolled in and completed a refresher course with at least 24 units of
subjects given in the CPA exams.
● The examination in which the candidate was conditioned together with the removal
examination on the subject in which he/she failed shall be counted as one complete
examination.
● The IRR provides that the required refresher course (whether regular or special
refresher course) shall be offered only by an educational institution granting a degree
of BSA.
48
Oath:
All successful candidates in the CPA examination, prior to entering upon the practice of the
profession, shall be required to take an oath of profession before:
a. Any member of the BOA; or
b. Any government official authorized by the PRC; or
c. Any person authorized by law to administer oaths
Issuance of Certificates of Registration and Professional Identification Card:

● Certificate of Registration – a certificate under seal bearing a registration number,
issued to an individual, by the PRC, upon recommendation by the BOA, signifying that the
individual has complied with all the legal and procedural requirements for such issuance
including, in appropriate cases, having successfully passed the CPA licensure examination
➢ A certificate of registration shall be issued to examinees who pass the CPA licensure
examination subject to payment of fees prescribed by the PRC.
➢ The Certificate of Registration shall bear the signature of the chairperson of the PRC and
the chairman and members of the BOA, stamped with the official seal of the PRC and of
the BOA, indicating that the person named therein is entitled to the practice of the
profession with all the privileges appurtenant thereto. The said certificate shall remain
in full force and effect until withdrawn, suspended or revoked.
● Professional Identification Card – a card with validity of 3 years bearing the registration
number, date of issuance with an expiry date, due for periodic renewal, duly signed by the
Chairperson of the PRC issued by the PRC to a registered CPA upon payment of the annual
registration fees for 3 years
● Certificate of Registration – has no expiry; shall remain in full force until/unless

withdrawn, suspended or revoked
● Professional Identification Card – subject to expiry; renewable every 3 years
Grounds for Refusal to Issue Certificate of Registration and Professional ID:

The BOA shall not register and issue a certificate of registration and professional identification
card to any successful examinee due to the following grounds:
a. Convicted by a court of competent jurisdiction of a criminal offense involving moral
turpitude or
b. Guilty of immoral and dishonorable conduct or
c. Of unsound mind
● The BOA shall not register either, any person who has falsely sworn, or misrepresented
himself/herself in his/her application for examination.
● Registration shall not be refused and a name shall not be removed from the roster of
CPAs on conviction for a political offense (or for an offense, in the opinion of the BOA,
that does not disqualify a person from practicing accountancy)
Suspension and Revocation of Certificates of Registration and Professional

Identification Card and Cancellation of Special Permit:
The BOA shall have the power, upon due notice and hearing, to:
a. Suspend or revoke the practitioner’s certificate of registration and professional identification
card
b. Suspend him/her from the practice of his/her profession
c. Cancel his/her special permit
Causes or Grounds for Suspension/Revocation/Cancellation:

a. Convicted by a court of competent jurisdiction of a criminal offense involving moral
turpitude or
b. Guilty of immoral and dishonorable conduct or
c. Of unsound mind
d. Any unprofessional or unethical conduct
49
e. Malpractice
f. Violation of any of the provisions of this Act and its IRR
g. Violation of the CPA‘s Code of Ethics and the technical and professional standards of
practice for CPAs
Reinstatement, Reissuance and Replacement of Revoked or Lost Certificates:

The BOA may, after the expiration of 2 years from the date of revocation of a certificate of
registration and upon application and for reasons deemed proper and sufficient, reinstate the
validity of a revoked certificate of registration and in so doing, may, in its discretion, exempt the
applicant from taking another examination.
Ownership of Working Papers:

All working papers, schedules and memoranda made by a CPA and his staff in the course of an
examination, including those prepared and submitted by the client, incident to or in the course of
an examination, by such CPA, except reports submitted by a CPA to a client shall be treated
confidential and privileged and remain the property of such CPA in the absence of a written
agreement between the CPA and the client, to the contrary, unless such documents are required to
be produced through subpoena issued by any court, tribunal, or government regulatory or
administrative body.
● Working papers – owned/property of the CPA/Practitioner

● Practitioner must observe the rule on confidentiality (subject to certain exceptions such
as production of documents through subpoena issued by any court, tribunal, or
government regulatory or administrative body).
Accredited Professional Organization (APO) – PICPA:

All registered CPAs whose names appear in the roster of CPAs shall be united and integrated
through their membership in a one and only registered and accredited national professional
organization of registered and licensed CPAs, which shall be registered with the SEC as a nonprofit
corporation and recognized by the BOA, subject to the approval by the PRC.
The members in the said integrated and accredited national professional organization shall
receive benefits and privileges appurtenant thereto upon payment of required fees and dues.
Membership in the integrated organization shall not be a bar to membership in any other
association of CPA.
Continuing Professional Education (CPE) Program:

● Rationale: Voluntary compliance with the CPE program is an effective and credible means
of ensuring competence, integrity and global competitiveness of professional in order to
allow them to continue the practice of their profession.
● CPE Objective:
a. To provide and ensure the continuous education of a registered professional with the
latest trends in the profession brought about by modernization and scientific and
technological advancements;
b. To raise and maintain the professional's capability for delivering professional services;
c. To attain and maintain the highest standards and quality in the practice of his
profession;
d. To make the profession globally competitive; and
e. To promote the general welfare of the public.
● Continuing Professional Education (CPE) – refers to the inculcation assimilation and

acquisition of knowledge, skills, proficiency and ethical and moral values, after the initial
registration of a professional that raise and enhance the professional's technical skills and
competence
● CPE program – consists of properly planned and structured activities, the implementation
50
of which requires the participation of a determinant group of professionals to meet the

requirements of voluntarily maintaining and improving the professional standards and ethics
of the profession
● All CPAs shall comply with the rules and regulations on CPE.
PRC CPE Council:

● The PRC CPE Council was created to assist BOA in implementing the CPE program.
1. Composition of PRC CPE Council:

a. 1 Chairperson (the chairperson shall be chosen from among the members of BOA by the
BOA members themselves) and
b. 2 members
(1) First member – the president or, in his absence or incapacity, any officer chosen by the
Board of Directors of PICPA
(2) Second member – the president, or in his absence or incapacity, any officer of the
organization of deans or department heads of schools, colleges or universities, offering the
degree requiring licensure examination (BSA); or shall be appointed by the PRC from 3
recommendees of the BOA concerned. Such recommendees shall be well-known
academicians.
2. Term of office of CPE Council members:

a. Chairperson – co-terminus with his/her incumbency in the PRC
b. First member – co-terminus with his/her incumbency as officer of the PICPA
c. Second member – co-terminus with his/her incumbency as officer of the organization of
deans or department heads of colleges or universities offering BSA degree
CPE Program:
● Program activities and sources of accreditation:
a. Seminars
b. Conventions
c. Masteral degree and doctoral degree
d. Authorship
e. Self-directed learning package
f. Post-graduate/in-house training
g. Resource speaker
h. Peer reviewer
i. CPE provider
j. CPE program, activities or sources
● CPE credit units:

➢ 60 credit units for 3 years
➢ Minimum of 15 credit units shall be earned in each year.
● Exemption from CPE requirement:

1. Permanent exemption: Upon reaching the age of 65 years old
2. Temporary exemption: If the following conditions are met:
a. During their stay abroad for at least 2 years immediately prior to the date of
renewal; and
b. Working or practicing his/her profession or furthering his/her studies abroad
Seal and Use of Seal:

● All licensed CPAs shall obtain and use a seal of a design prescribed by the BOA bearing the
registrant’s name, registration number and title.
● The auditor’s reports shall be stamped with said seal, indicating therein his/her current
Professional Tax Receipt (PTR) number, date/place of payment when filed with government
authorities or when used professionally.
51
Foreign Reciprocity:
A person not a citizen of the Philippines may be allowed to practice accountancy in the
Philippines:
● Where there is foreign reciprocity (in accordance with provisions of existing laws,
international treaty obligations including mutual recognition agreements entered into by the
Philippine government with other countries)
● Upon presentation of proof that his country admits citizens of the Philippines to the practice
of accountancy without restriction
Coverage of Temporary or Special Permits:

Special / temporary permit may be issued by the BOA subject to the approval of the PRC and
payment of the fees the latter has prescribed and charged thereof to the following Foreign CPAs:
a. A foreign CPA called for consultation or for a specific purpose which, in the judgment of the
BOA, is essential for the development of the country: Provided, That his/her practice shall
be limited only for the particular work that he/she is being engaged: Provided, further, That
there is no Filipino CPA qualified for such consultation or specific purposes;
b. A foreign CPA engaged as professor, lecturer or critic in fields essential to accountancy
education in the Philippines and his/her engagement is confined to teaching only; and
c. A foreign CPA who is an internationally recognized expert or with specialization in any
branch of accountancy and his/her service is essential for the advancement of accountancy
in the Philippines.
Penal Provisions:
Any person who shall violate any of the provisions of this Act or any of its IRR shall, upon
conviction, be punished by:
● Fine – not less than P 50,000.00, or
● Imprisonment – for a period not exceeding 2 years, or
● Both
52
PRELIMINARY ENGA GEMENT ACTIVITIES

(PRE-PLANNING ACTIVITIES)
Purpose of Preliminary Engagement Activities:

Preliminary engagement activities assist the auditor in identifying and evaluating events or
circumstances that may adversely affect the auditor’s ability to plan and perform the audit
engagement. Such activities help ensure that:
a. There are no issues with client management’s integrity that may affect the willingness to
continue the engagement
b. The auditor maintains the necessary independence and ability to perform the engagement
c. There is no misunderstanding with the client as to the terms of the engagement
Preliminary Engagement Activities:
1. Perform procedures regarding acceptance or continuance of the client

relationship
Acceptance or selection procedures – in case of initial audit (prospective/new

client)
a. Evaluate integrity of the client’s management

Evaluation of management integrity is necessary to avoid
association with clients whose management lacks integrity.
Most of litigations involving CPAs are due to lack of
integrity of client’s management.
Lack of management integrity usually results to high audit risk.
Factors to consider in evaluating client’s integrity:
Identity, attitude and business reputation of
the client (such as its principal owners, key
management or those charge with
corporate governance, and related parties,
if any)
Nature of the client’s operations
Indications of an inappropriate limitation in the
scope of work
Involvement in money laundering or other
criminal activities
The reasons for the proposed appointment
of the CPA firm or auditor and non-
reappointment of the previous CPA firm or
auditor
(2) Investigate/research the client’s background

Internet searches
Review the entity’s financial statements
Consider engaging professionals/investigators to
evaluate the principals associated with the prospective
client
Obtain credit ratings and reports, if necessary
(3) Inquiring from other firm personnel or third parties (such as

bankers, legal counsel/advisors, industry peers and others in the
financial or business community who may have knowledge regarding
the client)
53
(4) Communicate with prospective client’s predecessor auditor:

Matters to be inquired of or discussed with the predecessor
(previous/former) auditor by the
incoming/successor auditor:
a) Facts/information that might bear on the integrity of the prospective client
b) Predecessor auditor’s understanding as to the reasons for the change of auditors
c) Any disagreement between the predecessor auditor and the client regarding accounting
principles or auditing procedures or other similarly significant matters
d) Communication to management, the audit committee, and those charged with governance
regarding fraud, illegal acts by the client, and matters relating to internal control.
Under the Code of Ethics for CPAs, the successor auditor has the responsibility
to initiate communication with the predecessor auditor. However, the
communication requires prior client’s permission/consent (preferably in writing)
to avoid violation of confidentiality principle.
If the client is unwilling to agree to such communication (communication is

not permitted by the client or the client limits the responses of the
predecessor auditor), the successor auditor should:
Consider the implications of such refusal/limitation, and
Decide whether or not to accept the
engagement.
b. Other Considerations:
Auditability of client’s financial statements – determine whether the auditor
will be able to accumulate sufficient appropriate audit evidence to render an
opinion on the financial statements by considering:
a. The adequacy of accounting records
b. Quality of internal control
High level of public scrutiny and media interest
The financial health of the client
Ability to pay audit fees
Continuance or retention procedures – in case of recurring audit (or existing

client)
To ensure the audit firm’s continuing compliance with acceptance and
continuance
procedures, existing clients should be evaluated once a year or upon occurrence of the
following:
Changes in management, directors or ownership
Nature of client’s business
2. Evaluate compliance with ethical requirements, including independence
a. Independence – The CPA firm or auditor shall identify, evaluate and respond to
any threat to independence
The CPA firm or auditor must be independent of the client whose
financial statements are subject to audit.
Audit opinion is not credible or of little or no value if the auditor is not
independent.
b. Professional competence – determine if the CPA firm or auditor has the

necessary skills and competence
Professional accountants should not portray themselves as having the
54
required expertise which they do not possess.

The auditor should obtain preliminary understanding of prospective client’s
business
and industry to determine whether the auditor has the required degree of
competence.
If the auditor does not possess the industry expertise, he should obtain
knowledge of matters that relate to the nature of the entity’s business
and industry.
c. Ability to serve the client properly – the CPA firm or auditor must have
capability, time and resources to perform the audit
Examples:
Availability of appropriately qualified staff when the work is
required
The firm is able to complete the engagement within the
reporting deadline (proximity of the deadline)
Consider the need for expert’s assistance and any conflicts of
interest
Firm personnel have knowledge of relevant industries
The firm has sufficient personnel with the necessary
capabilities and competence.
3. Establish an understanding of the terms of the engagement

The CPA firm or auditor shall accept or continue an audit engagement
only when: a. The preconditions for an audit are present:
(1) Management has used acceptable financial reporting framework (or
suitable criteria or appropriate basis for) in the preparation of the
financial statements
Factors to consider in determining the acceptability of the financial
reporting framework:
a. The nature of the entity (for example, whether it is
a business enterprise, a public sector entity or a
not-for-profit organization);
b. The purpose of the financial statements (for
example, whether they are prepared to meet the
common financial information needs of a wide
range of users or the financial information needs of
specific users);
• Financial statements prepared in
accordance with a financial reporting
framework designed to meet the common
financial information needs of a wide range
of users are referred to as general purpose
financial
stateme nts.
• Financial statements prepared in accordance with a financial reporting
framework designed to meet the financial information needs of specific users are
referred to as special purpose financial statements.
c. The nature of the financial statements (for example, whether the financial statements
are a complete set of financial statements or a single financial statement); and
d. Whether law or regulation prescribes the applicable financial reporting framework.
Examples of financial reporting frameworks:

IFRSs
PFRSs
55
IPSASs – International Public Sector Accounting Standards
(2) Management agrees to the premise that it has acknowledged and understood its
responsibilities
If the preconditions for an audit are not present, the auditor shall not accept the
proposed audit engagement, unless acceptance is required by law or regulation.
Preconditions for an audit are within the control of the entity.
b. There is a common understanding between the auditor and management (and, where
appropriate, those charged with governance) of the terms of the audit engagement.
Agreement on audit engagement terms:

The auditor shall agree on the terms of the audit engagement with
management or those charged with governance, as appropriate. Such agreed
terms shall be recorded in an audit engagement letter or other suitable form of
written engagement.
Preliminary conference: A preliminary conference with the client is scheduled after the
CPA has determined that:
The firm is independent
The firm is competent to perform the audit
The firm can serve the client properly, and
The client’s reputation is one of integrity
The terms of engagement are usually agreed with the client during a preliminary
conference with the client, and formalized through a signed engagement letter. During
the preliminary conference, the auditor and client agree on the following issues:
The specific services to be rendered
The cooperation and work expected to be performed by the client’s personnel
Expected start and completion dates of the engagement
The possibility that the completion date may be changed if unforeseen a udit
problems arise if unforeseen audit problems arise if adequate cooperation from
client’s personnel is not received
The nature and limitations of the audit engagement
An estimate of the fee to be charged for the engagement
Engagement letter – an agreement between the CPA firm or auditor and the client for the
conduct of the audit. It is a letter from the auditor to the client management, and when signed
by the client it serves as a formal written contract between them.
Engagement letter documents and confirms the:

a. Auditor’s acceptance of the appointment
b. Client’s acceptance of the terms of the audit engagement
c. Responsibilities of both the client management and the auditor
d. Arrangements or agreed terms of the engagement (such as the
objectives and scope of the audit, the form of any reports, etc.)
Importance (primary reason) of an engagement letter: It clarifies

the nature of the engagement and the responsibilities of management and
those of the auditor. This will help in avoiding or minimizing or resolving future
misunderstandings disagreement between the auditor and the client with
respect to the engagement.
Engagement letter should be sent to the client preferably before the start of the
engagement.
56
An engagement letter is normally addressed to whoever hired the CPA.
Form and Contents of the Engagement Letter:

The form and content of engagement letters may vary for each client. Engagement letters
should be adapted according to individual requirements and circumstances of the engagement.
Generally, engagement letters should include reference to:
1. Principal Contents:
a. Objective and scope of the audit of the financial statements
b. Responsibilities of the auditor
c. Responsibilities of management
d. Identification of financial reporting framework for the preparation of the
e. Reference to any form and content of any reports to be issued by the
auditor and a statement that there may be circumstances in which a
report may differ from its expected form and content
2. In addition, and audit engagement letter may make reference to, for example:
Elaboration of the scope of the audit, including reference to applicable
legislation, regulations, PSAs, and ethical and other pronouncements of
professional bodies to which the auditor adheres.
The form of any other communication of results of the audit engagement
The fact that because of the inherent limitations of an audit, together with the
inherent limitations of internal control, there is an unavoidable risk that some
material misstatement may not be detected, even though the audit was
properly planned and performed in accordance with the PSAs
Arrangements regarding the planning and performance of the audit, including
the composition of the audit team
Expectation that management will provide written representations
The agreement of management to make available to the auditor draft financial
statements and any accompanying other information in time to allow the
auditor to complete the audit in accordance with the proposed timetable
The agreement of management to inform the auditor of facts that may affect
the financial statements, of which management may become aware during the
period from the date of the auditor’s report to the date the financial statements
are issued.
Basis on which fees are computed and any billing arrangements
A request for management to acknowledge receipt of the engagement letter
and to agree to the terms of the engagement outlined therein
3. Other arrangements, when relevant, such as:

Involvement of other auditors and experts in some aspects of the audit
Involvement of internal auditors and other staff of the entity
Arrangements to be made with the predecessor auditor, if any, in the case of
an initial audit
Any restriction of the auditor’s liability when such possibility exists
A reference to any further agreements between the auditor and the client
Any obligations to provide audit working papers to other parties
Audits of Components:
Factors to consider whether to send a separate engagement letter to the component when the
auditor of the parent company is also the auditor of its component (subsidiary, branch or division):
1. Who appoints the auditor of the component
2. Whether a separate auditor’s report is to be issued on the component
3. Legal requirements in relation to audit appointments
4. The extent of any work performed by other auditors
5. Degree of ownership by parent, and
57
6. Degree of independence of the component’s management from the parent entity
Audit Engagement in Recurring Audits:

1. The auditor may decide not to send a new engagement letter or other written agreement each
period.
2. The following factors may make it appropriate to send a new engagement letter:
a. Revision of the terms of audit engagement because:
Any revised or special terms of the engagement
A recent change of senior management or those charged with governance
A significant change in ownership
A significant change in nature or size of the client’s business
A change in legal or regulatory requirements
A change in the financial reporting framework adopted in the preparation the
A change in other reporting requirements
b. Reminder to the client of the existing terms of the engagement
Any indication that the client misunderstands the objective and scope of the
audit.
Audit procedures when the client requests for a change in engagement:

1. Consider the appropriateness of reasons for the engagement
2. If there is a reasonable justification for the change – stop the original engagement and
agree on the new terms of engagement. And then proceed with the new engagement
To avoid confusing the users of the new report, do not mention the following in the
new report:
a. The original engagement
b. Any procedures that may have been performed in the original
engagement (except where
the engagement is changed to an engagement to undertake agreed- upon
procedures and thus the reference to the procedures performed is a normal part of
the report)
3. If there is no reasonable justification – refuse the client’s request, and continue to perform
the original engagement and issue the original report
If the auditor is not permitted to continue the original engagement, the auditor
should withdraw from the engagement and consider reportorial responsibilities to
the BOD or shareholders of the client.
Whether or not to accept a change in engagement:

Change in the terms of the audit engagement: The auditor shall not agree where
there is no justification/basis for the change in the terms of the audit engagement.
Reasonable basis includes:

a. A change in circumstances affecting the entity’s requirements
For example, the client's bank required an audit before committing to a loan, but
the client subsequently acquired alternative financing.
b. A misunderstanding as to the nature of the service originally
requested Not a reasonable basis:
➢ Change that relates to information that is incorrect, incomplete or otherwise
unsatisfactory. For example, the entity asks for the audit engagement to be changed
to a review engagement to avoid a qualified opinion or disclaimer of opinion.
Change to a lower level assurance engagement: The auditor shall not agree where there
is no justification/basis for the change to a lower level assurance engagement.
1. The auditor should agree if there is reasonable basis, such as:
a. A change in circumstances affecting the entity’s requirements or need for the
service
58
For example, the client's bank required an audit before committing to a loan, but
the client subsequently acquired alternative financing.
b. A misunderstanding as to the nature of an audit or related service originally requested
c. A restriction on the scope of the engagement, whether imposed by management or caused
by circumstances
If there is a reasonable change, no reference of the same shall be included in the

report.
2. Not agree if there is no reasonable justification – if the change relates to incorrect,

incomplete or otherwise unsatisfactory information.
For example, in an audit engagement, the auditor is unable to obtain sufficient

appropriate audit evidence regarding receivables and the client asks for the engagement to
be changed to a revie w engagement to avoid a qualified audit opinion or a disclaimer of
opinion.
Withdraw from the engagement – if the auditor is unable to agree to the change and is
not permitted/allowed to continue the original engagement because of his disagreement
AUDIT PLANNING
Audit Planning:
Audit planning involves establishing the overall audit strategy for the engagement and developing an
audit plan, in order to reduce audit risk to an acceptably low level
Objective of the auditor in planning the audit: So that the audit will be performed in an effective
manner
Who are involved in planning the audit: Engagement partner and other key members of the
engagement team (because of their experience and insight to enhance the effectiveness and efficiency of
the planning process)
Benefits/Importance of adequate audit planning:

● Appropriate attention is devoted to important areas of the audit
● Potential problems are identified and resolved on a timely basis
● The audit is performed in an effective and efficient manner
● The audit engagement is properly organized, staffed and managed
● The audit is completed expeditiously
● Assists in the selection of engagement team members with appropriate levels of capabilities and
competence to respond to anticipated risks
● Assists in the proper assignment of work or proper utilization of assistants
● Facilitates the direction and supervision and the review of work
● Assists in coordination of work done by auditors of components and experts
● Proper utilization of experience gained from previous years’ engagements and other assignments
59
Nature of Planning:
Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins
shortly after (or in connection with) the completion of the previous audit and continues until the completion
of the current audit engagement. In other words, planning is a continuous function that last throughout the
audit.
Factors that affect the nature and extent of audit planning:

The nature and extent of planning activities will vary according to the following factors:
a. The size and complexity of the entity – big companies and companies with more complex
operations require more audit planning time
b. Changes in circumstances that occur during the audit engagement – for example,
expansion of operation because of diversification
c. The auditor’s previous experience with and understanding of the entity – more work is
required to obtain information regarding a new client than for an existing client
● Initial audit requires more audit time because the auditor has no previous knowledge or is
unfamiliar with the client’s business, industry and internal control which need to be carefully
studied.
● Recurring audit requires lesser audit time because of auditor’s previous knowledge of the entity
and its industry
Whether the audit is initial or recurring, the purpose and objective of audit planning are the
same. It is the nature and extent of audit planning that varies. For example, in case of initial
audit the auditor may need to expand the planning activities because he does not ordinarily
have the previous experience with the entity that is considered when planning recurring audit
engagements. Additional considerations in initial audit engagements are necessary such as
the need for the auditor to review the predecessor’s working papers and to perform audit
procedures regarding opening balances.
d. The composition and size of the audit team
Planning stage of audit – the time before fieldwork starts, when the auditor is gathering information about
the client and its environment and designing overall audit strategy and audit plan
Effect of timing of appointment of auditor on audit planning:

● The earlier the auditor is appointed, the more efficient the audit plan and performance can be. Thus,
early appointment of the auditor allows the auditor to plan a more efficient audit.
● It is acceptable for an auditor to accept an audit engagement near or after year-end. However, the
auditor should consider whether late appointment will pose limitations on the audit that may lead to a
qualified opinion or a disclaimer of opinion, and should discuss such concerns with the client.
PLANNING ACTIVITIES FOR THE AUDIT ENGAGEMENT:
In order to reduce audit risk to an acceptably low level (Note 3), the auditor shall:
1. Establish an overall audit strategy that sets the scope, timing and direction for the audit, and that
guides the development of the more detailed audit plan (Note 1)
2. Develop an audit plan that addresses the various matters identified in the overall audit strategy
Audit plan includes a description of:
a. The nature, timing and extent of planned risk assessment procedures (Note 2)
b. The nature, timing and extent of planned further audit procedures (at the assertion level) – to be
performed during testing stage
Further audit procedures include:
(1) Tests of controls – tests of the operating effectiveness of internal control
(2) Substantive tests/procedures – include tests of details and analytical procedures
c. Other planned audit procedures (that are required to be carried out to comply with PSAs)
AUDIT PLANNING ALSO INVOLVES:
1. Modifying (updating) the overall audit strategy and the audit plan as necessary during
the course of the audit
Revision is necessary because of:
● Unexpected events
● Changes in conditions
● Audit evidence obtained from the results of audit procedures
60
The establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete and or sequential processes, but are closely inter-related since changes in one may result
in consequential changes to the other.
2. Planning the nature, timing and extent of direction, supervision of the engagement team
members and the review of their work
The nature, timing and extent of direction, supervision of audit engagement team members and
review of their work depend on the following factors:
a. Size and complexity of the entity – Audits of small entities requires lesser (or even no)
direction, supervision, and review of the work of assistants
b. Area of audit – Difficult aspects of audit demand increased direction, supervision, and a
more detailed review of work of assistants.
c. Risks of material misstatement – As the assessed risk of material misstatement increases,
a given area of the audit, the auditor ordinarily increases the extent and timeliness of
direction, supervision and review
d. Capabilities and competence of personnel performing the audit work.
3. Other planning considerations:

● The auditor should consider the work of experts and other independent auditors
a. Considering the work of an expert – An expert is a person or firm possessing special
skill, knowledge and experience in a particular field or discipline other than accounting and
auditing.
Examples of work of experts include:
➢ Valuation of certain assets (such as precious stones, works of arts, real estate,
plant and machinery)
➢ Valuation of financial instruments
➢ Actuarial valuation
➢ Determination of quantities or physical condition of assets such as minerals stored
in stockpiles, underground mineral and petroleum reserves, and the remaining
useful life of plant and machinery
➢ Measurement of % of completion on contracts in progress
➢ Legal opinions concerning interpretations of statute and regulations and contracts
such as legal documents or legal title to property
When determining the need for an expert, the auditor would consider:
a. The materiality of the financial statement item being considered
b. The risk of misstatement
c. The quality and quantity of other audit evidence available
b. Considering the work of other independent auditors – applicable when a component
of the entity is to be audited by other independent auditor
● Discussing planned audit procedures with client management:
➢ Discussion is allowed to facilitate the conduct and management of the audit engagement (for
example, to coordinate some of the planned audit procedures with the work of the client’s
personnel)
➢ Discussion should not compromise the effectiveness of the audit (audit procedures should
not be too predictable)
● Audit engagement team discussions :
➢ The members of the engagement team should discuss the susceptibility of the entity’s
financial statements to material misstatements.
➢ Communication between audit team members is necessary at all stages of the engagement
to ensure all matters are appropriately considered.
➢ The objective of audit team discussions is to:
→ Share insights based on their knowledge of the entity;
→ Exchange information about business risks;
→ Gain a better understanding of the potential for material misstatements (especially for
the audit areas assigned to them);
→ Consider the susceptibility of the entity’s financial statements to material misstatement
due to fraud;
→ Consider application of the applicable financial reporting framework to the entity’s facts
and circumstances; and
→ Understand how the results of the audit procedures performed may affect other
aspects of the audit including the decisions about the nature, timing, and extent of
61
further audit procedures.

➢ Members of the engagement team have an ongoing responsibility to discuss:
→ Their understanding of the entity to be audited;
→ The business risks to which the entity is subject;
→ Application of the applicable financial reporting framework; and
→ The susceptibility of the financial statements to material misstatements, including fraud.
4. Developing the audit program:

The auditor should prepare an audit program.
● An audit program is a listing of audit procedures (tests of controls and/or
substantive tests) that the auditor will perform to gather sufficient appropriate
evidence.
● It sets out in detail the nature, timing and extent of planned audit procedures
required to implement the overall audit plan.
● It is a set of instructions to assistants involved in the audit and as a means to
control and record the proper execution of work
● It provides a proof that the audit was adequately planned
● It is a basic tool used by the auditor to control the audit work and review the
progress of the audit.
● The form and content of audit program may vary for each particular engagement.
● The auditor may use standard audit programs or audit completion checklists but
should appropriately tailor to suit the circumstances on particular engagement.
● An audit program at the beginning of the audit process is temporary because a
complete audit program for an engagement generally should be developed after
evaluation of internal control.
Time budget – an estimate of time that will be spent in executing audit procedures listed
in the audit program that provides a basis for estimating audit fees and assists the auditor in
assessing the efficiency of the assistants
5. The auditor should document the planning activities:

Documentation of the following serves as a record/evidence of the proper planning and
performance of the audit procedures:
a. The overall audit strategy – documentation or record of the key decisions
b. The audit plan (including the audit program) – documentation of the planned nature, timing
and extent of audit procedures
c. Record of:
● Any significant changes made to the overall audit strategy and the audit plan during the
audit
● Resulting changes to the planned nature, timing and extent of audit procedures
● Final overall audit strategy and audit plan
● Appropriate response to the significant changes occurring during the audit
The following shall also be documented:

a. Discussion among the engagement team
b. Key elements of the understanding of the entity, its environment, including internal control
c. The identified and assessed risks of material misstatements
d. The risks identified, and related controls about which the auditor has obtained an
understanding
Note 1:
Establishing the overall audit strategy involves:
a. Identifying the characteristics of the engagement that define its scope

Examples:
● Financial reporting framework (Ex. PFRS)
● Industry specific reporting requirements (Reports required by industry regulators)
● Expected coverage of the audit (Ex. Locations and number of components of the entity to be
included in the audit)
● Nature of the control relationships between a parent and its components (this affects how the
group is to consolidated)
● Extent to which components are audited by other auditors
62
● Nature of business segments to be audited (this may require the need for specialized
knowledge)
● Reporting currency to be used (may involve foreign currency translation)
● The need for a statutory audit of standalone financial statements in addition to an audit for
consolidation purposes
● Availability of the work of internal auditors and the extent of the auditor’s reliance on such
work (Note 1.1)
● The entity’s use of service organizations
● Expected use of audit evidence obtained in previous audits (in case of recurring audit), for
example, audit evidence related to risk assessment procedures and tests of controls
● The effect of information technology (IT) on the audit procedures
● Coordination of audit work with reviews of interim financial information
● Availability of client personnel and data
b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and the
nature of the communications required
Examples:
● Deadlines or timetable for interim and final reporting
● Organization of meeting with the management to discuss the nature, timing and extent of the
audit work
● Discussion with management regarding the expected type and timing of reports to be issued
and other communications, both oral and written, including the auditor’s report, management
letter and communications to those charged with governance
● Discussion with management regarding the expected communication and status of audit work
throughout the engagement
● Communication with auditors of components
● Expected nature and timing of communications among engagement tem members
● Any other expected communications with third parties
c. Considering the factors that are significant in directing the engagement team’s efforts
Examples:
● Determining the appropriate materiality levels (Note 1.2)
● Preliminary identification of areas where there may be higher risks of material misstatement
(Note 1.3)
● The impact of assessed risk of material misstatement at the overall financial statement level on
direction, supervision and review
● The manner in which professional skepticism is emphasized to engagement team members
● Management commitment to a sound internal control
● Volume of transactions, which may determine whether it is more efficient for the auditor to rely
on internal control
● Importance attached to internal control throughout the entity to the successful operation of the
business
● Significant business developments affecting the entity (such as changes in information
technology, changes in key management, acquisitions, mergers and divestments)
● Significant industry developments (such as changes in industry regulations and new reporting
requirements)
● Significant changes in financial reporting framework (such as changes in accounting standards)
● Other significant relevant developments (such as changes in the legal environment affecting the
entity)
d. Considering the results of preliminary engagement activities and, where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the entity is
relevant, and
Examples:
● Results of previous audit regarding evaluation of internal control, identified weaknesses and
action taken to address them
● The discussion of matters that may affect the audit with firm personnel responsible for
performing other services to the entity
e. Ascertaining the nature, timing and extent of resources necessary to perform the engagement.
Examples:
● Selection of the engagement team
● Assignment of audit work to team members (experienced team members are assigned to areas
where there may be higher risks of material misstatement
● Engagement budgeting (more audit time is set aside for areas where there may be higher risks
63
of material misstatement)
Benefits of developing the overall audit strategy:

Establishing the overall audit strategy assists the auditor in determining the following:
a. The resources to deploy for specific audit areas
For example:
● Use of experienced team members for high risk areas
● Involvement of experts on complex matters
b. The amount of resources to allocate to specific audit areas
For example:
● Number of team members assigned to observe the inventory count at material locations
● Extent of review of other auditors’ work in the case of group audits
● Audit budget in hours to allocate to high risk areas
c. When these resources are to be deployed
● Is it at an interim audit stage or at key cut-off dates?
d. How such resources are managed, directed and supervised
● When to hold team briefing and debriefing meetings
● How engagement partner and manager reviews are expected to take place (for example, on-site
or off-site)
● Whether to complete engagement quality control reviews
Note 1.1 – Considering the work of internal auditing/ auditors

● The external auditor should consider the work of internal auditing in order to minimize audit costs.
● The auditor should obtain a sufficient understanding of the internal audit function because the work
performed by internal auditors may be a factor in determining the nature, timing, and extent of
external auditor’s procedures.
● Internal auditing can affect the scope of the external auditor’s audit of financial statements by
decreasing the auditor’s need to perform detailed tests.
● The tasks that could be delegated to the internal audit staff include preparation of schedules. The
auditor has sole responsibility for the audit opinion expressed, and that responsibility is not reduced
by any use made of internal auditing.
Considering the work of internal auditing involves two important phases:

1. Making a preliminary assessment of internal auditing – important criteria in assessment of internal
auditor’s:
a. Technical competence – personal qualifications and experience as internal auditors
b. Objectivity / organizational status – organizational level to which the internal auditor report
the results of his work
c. Due professional care – proper planning, supervision and documentation of internal auditor’s
work
d. Scope of function – nature and extent of internal auditing assignments performed
2. Evaluating and testing the work of internal auditing
Note 1.2 – Determining the appropriate materiality levels

The auditor shall determine materiality and performance materiality when planning the audit.
Concept of materiality:
● Materiality is the amount (threshold or cut-off point) at which judgment of informed decision
makers based on the financial statement may be altered (changed or influenced).
● An item or information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements.
● In determining appropriate level of materiality, the auditor uses professional judgment using
his perception of the needs of reasonable users of the financial statements.
Uses of materiality in planning the audit:

a. To determine the nature, timing and extent of risk assessment procedures
b. To identify and assess risk of material misstatement, and
c. To determine the nature, timing and extent of further audit procedures
Considering materiality throughout the audit:

1. Planning stage
a. To identify and assess risks of material misstatements
64
b. To determine the nature, timing and extent of further audit procedures

2. Testing stage (materiality levels set during audit planning are simply updated/revised if
necessary)
3. Completion stage
c. To evaluate the effect of uncorrected misstatements, if any, on the financial statements and in
forming the opinion in the auditor’s report
Documentation on materiality: Documentation should include the amounts and the factors
considered in their determination:
a. Materiality level for the financial statements as a whole
b. Materiality level or levels for a particular classes of transactions, account balances or
disclosures, if applicable
c. Performance materiality
d. Any revision of materiality levels (a to c) as the audit progresses
Qualitative and quantitative considerations:

Materiality should address qualitative and quantitative considerations. In some cases,
misstatements of relatively small amounts could have a material effect on the financial statements.
For example, an illegal payment of an otherwise immaterial amount or failure to comply with a
regulatory requirement may be material if there is a reasonable possibility of such payment or failure
leading to a material contingent liability, a material loss of assets, or a material loss of revenue.
Inverse relationship between materiality and audit procedures/evidence:

● More evidence will be required for a low peso amount of materiality than for a high peso amount.
● The lower the tolerable misstatement, the more extensive the required audit procedures.
Materiality levels:
a. Materiality at financial statement as a whole – it is the smallest aggregate level that could
misstate/distort any of the financial statements
● Also known as materiality threshold or planning materiality or overall materiality

● Overall materiality is usually expressed as a % of a chosen benchmark (such as profit before
tax, total revenues, gross profit, total expenses, total equity or net asset value).
● Profit from continuing operations is often used for profit-oriented entities except when the
profit from continuing operations is volatile.
● Relevant financial data as source of benchmarks:
➢ Prior periods’ financial statements
➢ Annualized interim financial statements
➢ Period-to-date financial statements
➢ Budgeted financial statements of the current year
b. Materiality at assertion level – materiality level for individual or particular class of transactions,
account balance, or disclosure where appropriate; this is also known as tolerable misstatement
● Tolerable misstatement refers to allocated materiality to affected accounts (usually
statement of financial position accounts because they are fewer)
● Account balance – an individual line item in the financial statements, such as cash and cash
equivalents, loans and receivable, etc.
● Class of transactions – type of transaction processed by the client’s accounting system,
such as sales transactions and purchasing transactions
● Allocation may be done judgmentally or using formal quantitative approaches.
● Materiality at this level are lesser than the overall materiality level but could reasonably be
expected to influence the economic decisions of financial statement users.
c. Performance materiality – amount or amounts set by the auditor:

● At less than materiality for the financial statements as a whole
● At less than materiality level or levels for particular classes of transactions, account balances or
disclosures
Purpose of performance materiality: It provides margin to reduce the possibility of
undetected misstatements because:
a. It reduces to an appropriately low level the probability that the aggregate of
uncorrected and undetected misstatements in the financial statements exceeds the
materiality level for the financial statements as a whole
65
b. It reduces to an appropriately low level the probability that the aggregate of

uncorrected and undetected misstatements in the particular class of transactions,
account balance or disclosure exceeds the materiality level for that particular class of
transactions, account balance or disclosure
Note 1.3 – Preliminary identification of areas where there may be higher risks of material
misstatement
a. Risks of material misstatements may be greater for significant non-routine transactions which
involves:
● Greater management intervention to specify the accounting treatment
● Greater manual intervention for data collection and processing
● Complex calculations or accounting principles
b. Risk of material misstatements may be greater for significant judgmental matters such as:
● Accounting estimates
● Revenue recognition may be subject to differing interpretation
● Required judgment may be subjective or complex or require assumptions about the effects of
future events (for example, judgment about fair value)
c. Significant risk of relating to risk of material misstatement due to fraud
d. There are areas where special audit consideration may be necessary, for example:
● Existence of related parties and related party transactions
Related party transaction – a transfer of resources, services or obligations between
related parties, regardless of whether a price is charged
The auditor shall inquire of management regarding:

a. The identity of the entity’s related parties (relationships and transactions), including
changes from the prior period;
b. The nature of the relationships between the entity and these related parties; and
c. Whether the entity entered into any transactions with these related parties during
the period and, if so, the type and purpose of the transactions.
● Management’s use of going concern assumption (financial statements are prepared based on
going concern assumption but there is a significant doubt as to the continued existence of the
entity) – the auditor shall assess the appropriateness of management’s use of going concern
assumption
Note 2:
Risk assessment procedures – are audit procedures whose purposes include:

a. To obtain understanding of the entity and its environment, including the entity’s internal control
(Note 2.1)
b. To identify risks of material misstatements, whether due to fraud or error, at the financial statement
and assertion levels (Note 2.2)
c. To assess risks of material misstatement (Note 2.3)
d. To provide a basis for the identification and assessment of risks of material misstatements
e. To provide a basis for designing and implementing responses to the assessed risks of material
misstatement
Risk assessment procedures include (Note 2.4):

1. Inquiry of management and other firm personnel
2. Analytical procedures
3. Observation and inquiry
Note 2.1 – Required understanding of the entity and its environment, including internal control:
1. Understanding of the environment – external factors:
a. Relevant industry’s factors – the industry in which the entity operates may give rise to
specific risks of material misstatements arising from the nature of the business or the degree of
regulation
Examples of industry factors:
● Industry conditions such as the competitive environment, supplier and customer relationships
and technological developments
Specific examples of industry factors:
● Market and competition (including demand, capacity, and price competition)
● Cyclical or seasonal activity
66
● Product technology relating to the entity’s products

● Energy supply and cost
b. Regulatory factors – include the regulatory environment
● Accounting principles and industry specific practices
● Regulatory framework for a regulated industry
● Laws/legislations or regulations that significantly affect the entity’s operations, including
direct supervisory activities
● Taxation
● Legal and political environment
● Government policies currently affecting the conduct of the entity’s business
● Environmental requirements affecting the industry and the entity
c. Applicable financial reporting framework
d. Other external factors affecting the entity – such as general economic conditions, interest
rates and availability of financing, and inflation or currency revaluation
2. Entity – internal factors:
a. Nature of the entity: An understanding of the nature of an entity enables the auditor to
understand the classes of transactions, account balances, and disclosures to be expected in the
financial statements. Factors to consider include:
● Entity’s operations
● Ownership and governance structures
● Types of investments that the entity is making and plans to make
● Entity structure (locations, subsidiaries, etc.) – complex structures may give rise to risks of
material misstatement
● How the entity is financed
● How related party transactions are identified and accounted for
b. Entity’s selection and application of accounting policies – consider whether accounting
policies are:
● Appropriate for the entity’s business
● Consistent with the applicable financial reporting framework, and
● Used in the relevant industry
c. Entity’s objectives and strategies, and those related business risks that may result in
risks of material misstatement of the financial statements
1. Objectives – relate to entity’s mission, vision or values statement
2. Strategies – pertain to operational approaches by which management intends to achieve its
objectives
3. Business risks – risks of inability to achieve the objectives
● The term “business risk” is broader than the risks of material misstatement in the
financial statements. Not all business risks give rise to risk of material misstatement.
● An understanding of business risks increases the likelihood of identifying the risks of
material misstatement. However, the auditor does not have a responsibility to identify or
assess all business risks.
d. Measurement and review of the entity’s financial performance
Performance measures, whether external or internal, create pressures on the entity that may
motivate management to take action to improve the business performance or to
manipulate/misstate the financial statements.
e. Internal control – The auditor shall obtain an understanding of internal control relevant to the
audit.
Internal control is designed, implemented and maintained to address identified business risks
that threaten the achievement of any of the entity’s objectives that concern:
1. The reliability of the entity’s financial reporting;
2. The effectiveness and efficiency of its operations; and
3. Its compliance with applicable laws and regulations.
An understanding of internal control assists the auditor in identifying types of potential
misstatements and factors that affect the risks of material misstatement, and in designing the
nature, timing, and extent of further audit procedures.
Note 2.2 – Identify the risks of material misstatement:

● Identify risks of material misstatement (inherent risk and control risk) based on understanding the
entity and its environment, including the entity’s relevant internal control. The auditor shall provide
reasonable assurance of detecting material misstatements, whether arising from errors or fraud.
Risk of material misstatement (RMM) – the risk that the financial statements contain a
material misstatement.
67
Components of RMM:
The risks of material misstatement are a combination of inherent risk and control risk:
1. Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no
related controls to mitigate such risks
Inherent risk may also be described as follows:
● The concept of inherent risk recognizes that the risk of misstatement is greater for
some assertions than for others.
● Inherent risk is the risk that financial statements are likely to be materially misstated.
Examples of inherent risk:
● Cash is more susceptible to theft than an inventory of coal
● Complex calculations are more likely to be misstated than simple calculations
● Estimation transactions, especially if they involve accounting estimates that are subject
to significant measurement uncertainty
● High value inventory (could be easily stolen, thus, there would be an inherent risk
relating to the existence assertion)
2. Control risk – the risk that a material misstatement, either individually or when
aggregated with other misstatements, that could occur will not be prevented or detected
and corrected on a timely basis by the entity’s internal control
● Control risk is a function of the effectiveness of the entity’s internal control.
● Control risk is the type of risk that the management has the most control over in the
short term.
● Some control risk will always exist because of the inherent limitations of any internal
control system.
Risk of material misstatement (inherent risk and control risk) cannot be eliminated or controlled by
the auditor because these are entity’s risks that exist independently of the audit of financial
statements.
Causes of misstatements of the financial statements:

1. Errors – refer to mistakes or unintentional misstatements or omissions of amounts or
disclosures in the financial statements. Examples:
● Mistakes in gathering or processing data from which FS are prepared
● Incorrect accounting estimate arising from oversight or misinterpretation of facts
● Mistake in applying accounting principles
2. Fraud – intentional misstatements or omissions of amounts or disclosures in the financial

statements
The term “fraud” refers to an intentional act by one or more individuals among
management, those charged with governance, employees or third parties, involving the use
of deception to obtain an unjust or illegal advantage.
The factor that distinguishes fraud from error is whether the underlying action is
intentional or unintentional.
Two types of Fraud:

a. Fraudulent financial reporting (or management fraud) – intentional misstatements
committed by members of management or those charged with governance or oversight to
render financial statements misleading to deceive users of the financial statements
The most serious types of fraud usually involve management. This results from the
fact that management is primarily responsible for the design and implementation of internal
control in the first place.
Fraudulent financial reporting may be accomplished by:

● Manipulation, falsification, or alteration of accounting records or related supporting
documents
● Misrepresentation in, or intentional omission from, the FS of events/transactions or
other significant information
● Intentional misapplication of accounting principles
68
Examples of techniques used by management are:

● Recording fictitious journal entries
● Using inappropriate assumptions in accounting estimate
● Untimely recognition in the FS of events and transactions
● Concealing, or not disclosing, facts that could affect the amounts recorded in the FS
Manipulation of financial statements occurs when a higher or lower level of earnings is

reported than that which actually occurred. It could also take the form of omissions (failure
to disclose certain matters) or false statements in the notes and/or other disclosures. The
motive may be to raise finances, reach a bonus threshold, inflate the value of the business
or simply minimize taxes.
b. Misappropriation of assets (employee fraud or defalcation) – theft of assets and is

often perpetrated by non-management employees. Examples:
● Misappropriating collections on accounts receivable
● Stealing inventory
● Colluding with a competitor by disclosing technological data in return for payment
● Payments to fictitious employees or vendors
● Using the entity’s assets as collateral for a personal loan
The most popular ways to manipulate financial statements involves journal entries and
accounting estimates because if manipulation is discovered management can easily deny
involvement. A bias in estimates can be attributed to excessive conservatism or optimism. An
unsupported journal entry, if discovered, can be characterized as a simple mistake. This
differs from strategies such as falsified records that, if discovered by the auditor, would be
quite difficult for management to deny.
Fraud Risk Factors:

Fraud risk factors – conditions that could heighten an auditor’s concern about risk of material
misstatements because they provide clues or red flags to the existence of fraud
1. Incentives/pressures – reasons to commit fraud. A pressure is often generated by
immediate needs (such as having significant personal debts or meeting an analyst’s or
bank’s expectations for profit) that are difficult to share with others.
Examples:
● Management is under pressure to reduce earnings to minimize taxes
● Management is under pressure to inflate earnings to secure bank financing
● Meeting analyst’s or bank’s expectations for profit
● Inflating the purchase price of the business
● Meeting the threshold for a performance bonus
● Having significant personal debts or poor credit
● Trying to cover financial losses
● Being greedy or involved in gambling, drugs, and/or affairs
● Being under undue peer or family pressure to succeed
● Living beyond one’s means
Other situations or characteristics, not necessarily financial in nature, include:

● Enjoying the challenge of beating the system
● Fearing personal loss of pride, position or status such as when a company is doing
poorly
● Being dissatisfied with a job or wanting revenge against an employer
● Being emotionally unstable
Some of these pressures can easily be identified (such as performance incentive

plans). Others are more difficult to identify (such as family or peer pressure, living beyond
one’s means or having a gambling problem).
2. Opportunity (whether perceived or real) – Opportunity pertains to an individual’s

perception that he can commit fraud and that it will not be detected. Potential
perpetrators who think they might be detected and charged with a criminal offense would
not likely to commit fraud. A poor corporate culture and a lack of adequate internal control
procedures can often create the confidence that a fraud could go undetected.
Opportunity often emanates from:
69
● Poor corporate culture

● Where a person feels they can take advantage of the trust placed in him or her
● Knowledge of specific control weakness
3. Attitudes/rationalizations – fraud involves some rationalization to commit fraud or the

belief that a crime has not been committed. For example:
● Some individuals possess an attitude or character to knowingly and intentionally
commit a dishonest act
● Being dissatisfied with pay
● Feeling underappreciated (such as not getting an expected promotion)
Degree of assurance between detection of material fraud and material errors:

1. Fraud is harder to detect than errors: Reasons:
a. Fraud may involve sophisticated and carefully organized schemes designed to conceal
it.
b. Fraud may be accompanied by collusion.
2. Management fraud vs. employee fraud – the risk of not detecting a material
misstatement resulting from management fraud is greater than for employee fraud
Reasons:
● Management has the most opportunity to commit fraud, while employees need to
exploit weakness in internal control in order to commit fraud.
● Management has the ability to override or bypass an existing effective internal control.
● Management can influence the preparation and presentation of financial statements.
Conditions and events that may indicate risks of material misstatement:

The following are examples of conditions and events that may indicate the existence of risks of
material misstatement. The examples provided cover a broad range of conditions and events;
however, not all conditions and events are relevant to every audit engagement and the list of
examples is not necessarily complete.
● Operations in regions that are economically unstable, for example, countries with significant
currency devaluation or highly inflationary economies.
● Operations exposed to volatile markets, for example, futures trading.
● Operations that are subject to high degree of complex regulation.
● Going concern and liquidity issues including loss of significant customers.
● Constraints on the availability of capital and credit.
● Changes in the industry in which the entity operates.
● Changes in the supply chain.
● Developing or offering new products or services, or moving into new lines of business.
● Expanding into new locations.
● Changes in the entity such as large acquisitions or reorganizations or other unusual events.
● Entities or business segments likely to be sold.
● Existence of complex alliances and joint ventures.
● Use of off-balance-sheet finance, special-purpose entities, and other complex financing
arrangements.
● Significant transactions with related parties.
● Lack of personnel with appropriate accounting and financial reporting skills.
● Changes in key personnel including departure of key executives.
● Weaknesses in internal control, especially those not addressed by management.
● Inconsistencies between the entity’s IT strategy and its business strategies.
● Changes in the IT environment.
● Installation of significant new IT systems related to financial reporting.
● Inquiries into the entity’s operations or financial results by regulatory or government
bodies.
● Past misstatements, history of errors or a significant amount of adjustments at period end.
● Significant amount of non-routine or non-systematic transactions including intercompany
transactions and large revenue transactions at period end.
● Transactions that are recorded based on management’s intent, for example, debt
refinancing, assets to be sold and classification of marketable securities.
● Application of new accounting pronouncements.
● Accounting measurements that involve complex processes.
● Events or transactions that involve significant measurement uncertainty, including
accounting estimates.
70
● Pending litigation and contingent liabilities, for example, sales warranties, financial
guarantees and environmental remediation
Considering compliance with laws and regulations:

● Non-compliance refers to acts of omission or commission by the entity being audited,
either intentional or unintentional, which are contrary to the prevailing laws or regulations.
● The auditor should consider compliance with laws and regulations since noncompliance by
the entity with laws and regulations may materially affect the financial statements.
However, an audit cannot be expected to detect noncompliance with all laws and
regulations.
● Noncompliance is sometimes described as violations of law or regulations or illegal acts.
● Common examples of non-compliance:
➢ Violation of tax laws and environmental laws
➢ Occupational safety and health
➢ Inside trading of securities
● Result of non-compliance with laws and regulations:
➢ Fines/penalties
➢ Damages
➢ Threat of expropriation of assets
➢ Enforced discontinuation of operations
➢ Litigation
● Auditor’s responsibility in detecting non-compliance is limited to material direct-effect
noncompliance or illegal act. (Reason: Generally, the further removed non-compliance is
from the events and transactions that are ordinarily reflected in financial statements, the
less likely the auditor is to become aware of or to recognize non-compliance.
● Responsibility for the compliance with laws and regulations rests with management. This
responsibility includes prevention and detection (and correction) of noncompliance with
laws and regulations.
Indications that noncompliance may have occurred:

● The entity is under investigation by government departments
● Payment of fines or penalties.
● Payments for unspecified services or loans to consultants, related parties, employees or
government employees.
● Sales commissions or agent's fees that appear excessive in relation to those ordinarily paid
by the entity or in its industry or to the services actually received.
● Purchasing at prices significantly above or below market price.
● Unusual payments in cash, purchases in the form of cashiers' checks payable to bearer or
transfers to numbered bank accounts.
● Unusual transactions with companies registered in tax havens.
● Payments for goods or services made other than to the country from which the goods or
services originated.
● Payments without proper exchange control documentation.
● Existence of an accounting system with inadequate audit trail or sufficient evidence.
● Unauthorized transactions or improperly recorded transactions
● Media comment
Note 2.3 – Assess the identified risks of material misstatement:

Factors to consider whether a risk is significant:
● Whether the risk is a risk of fraud
● Whether the risk is related to recent significant economic accounting or other developments and,
therefore, requires specific attention
● Complexity of transactions
● Whether the risk involves significant transactions with related parties
● The degree of subjectivity in the measurement of financial information related to the risk,
especially those involving uncertainty
● Whether the risk involves significant transactions that are outside the normal course of business
for the entity, or that otherwise appear to be unusual
Significant risk – an identified and assessed risk of material misstatement that, in the auditor’s
judgment, requires special audit consideration
71
Significant risks often relate to:

a. Non-routine transactions – unusual (in size or nature) and infrequent transactions
b. Judgmental matters – such as those involving accounting estimates for which there is
significant measurement uncertainty
Note 2.4 – Risk assessment procedures include:
1. Inquires of management and others within the entity that is likely to assist the auditor in
identifying risk of material misstatement due to fraud or error
For example, inquiries of management, audit committee, board of directors, internal auditors, in-
house legal counsel, and other client personnel
2. Analytical procedures
● Analytical procedures – evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data
● Purpose of preliminary analytical procedures:

a. To identify areas that may represent specific risks such as the existence of unusual
transactions or events, and amounts, ratios, and trends that may assist the auditor in
identifying risks of material misstatements that the auditor may need to investigate further
b. To enhance the auditor’s understanding of the entity’s business and transactions to help plan
the nature, timing, and extent of substantive auditing procedures that will be used to gather
audit evidence
● Analytical procedures performed during audit planning is known as preliminary analytical
procedures
● Analytical procedures involve:
a. Analysis of significant ratios and trends or the study of plausible relationships among both
financial and non-financial data
b. Investigation of fluctuations and relationships that are inconsistent with other relevant
information or deviate significantly from predicted amounts by:
● Inquiries of management
● Corroboration of management responses, and
● Applying other appropriate audit procedures
Basic premise underlying the use of analytical procedures:

The basic premise underlying the use of analytical procedures is that plausible relationships
among data may reasonably expected to exist and continue (predictable) in the absence of known
conditions to the contrary. The relationship among data should be both:
a. Plausible – there is a clear cause and effect relationship among data
b. Predictable – reasonably expected to exist and continue in the absence of known
conditions to the contrary
Generalizations in assessing the predictability of the accounts:

➢ Income statements accounts are more predictable than balance sheet accounts.
➢ Accounts that are not subject to management discretion are generally predictable.
➢ Relationships in a stable environment are more predictable that those in a dynamic or
unstable environment.
Main purpose of analytical procedures: To assess the overall reasonableness of account

balances and transactions
Specific purpose/focus/objective of analytical procedures in the three stages of audit:

1. In the planning stage – performed as risk assessment procedures (required/mandatory)
to obtain an understanding of the entity and its environment
Objective/purpose/focus during planning stage:
● To enhance the auditor’s understanding of the entity’s business and transactions to
help plan the nature, timing, and extent of substantive auditing procedures that will be
used to gather audit evidence.
● To identify areas that may represent specific risks (such as unusual transactions and
events or abnormal/significant fluctuations in amounts, ratios, or trends) that the
auditor may need to investigate further
2. In testing stage – as substantive procedures when their application is, based on the
72
auditors judgment, more effective and efficient than test of details (not required)
Objective/purpose/focus during testing stage:
● To obtain audit evidence to confirm individual account balances
3. In the overall review or completion stage – As an overall review of the financial
statements (required)
Objective/purpose/focus:
● To identify a previously unrecognized risk of material misstatement (unusual
fluctuations that were not identified in the planning and testing phases of the audit)
● To confirm conclusions reached with respect to the fairness of the financial statements
3. Observation and inspection – these include:

● Observation of entity activities and operations
● Inspection of documents (such as business plans and strategies, records, and internal control
manuals)
● Inspection of reports prepared by management (such as quarterly management reports) and
those charged with governance (such as minutes of board of directors’ meetings)
● Visit or tour of entity’s premise/facilities
Note 3 – Reducing audit risk to an acceptably low level

To reduce audit risk to acceptably low level the auditor shall:
a. Assess the risks of material misstatement (inherent and control risk); and
b. Limit detection risk. This may be achieved by performing procedures that respond to the assessed
risks of material misstatement at the financial statements, class of transactions, account balance and
assertion levels.
Steps in assessing Audit Risk:

1. Set the desired level of Audit Risk
Audit risk – the risk that the auditor gives an inappropriate audit opinion when the financial
statements are materially misstated; it is the risk that the auditor may unknowingly fail to modify
appropriately the opinion on financial statements that are materially misstated
2. Assess the level of Inherent Risk (such as low, medium, or high) – for example, low level if likelihood
of misstatement is low
● Inherent risk – the susceptibility of an assertion to a misstatement that could be material,
either individually or when aggregated with other misstatements, assuming there are no related
controls to mitigate such risks
● Sources of assessment include knowledge of entity and its environment and preliminary analytical
procedures.
3. Assess the level of Control Risk (such as low, medium, or high) – for example, low control risk if
internal control is effective, or high control risk if internal control is not effective
● Control risk – the risk that a material misstatement, either individually or when aggregated with
other misstatements, that could occur will not be prevented or detected and corrected on a
timely basis by the entity’s internal control
● Sources of assessment include knowledge of internal control and observation and inspection
Combined assessment:
The auditor usually makes combined assessment of inherent and control risks. If the combined
assessment of inherent risk and control risk is high, the auditor should:
● Place more emphasis on obtaining external evidence
● Reduce reliance on internal evidence
● Design more effective substantive procedures
4. Determine the acceptable level of detection risk: The acceptable level of detection risk depends on
the assessed level of inherent and control risk (inverse relationship)
● Detection risk – the risk that the auditor will not detect such a material misstatement that
exists/occurs in an assertion
● Detection risk is a function of the effectiveness of an auditing procedure and its application
by the auditor
● Detection risk is significantly affected by the nature, timing, and extent of the auditor’s
substantive procedures
73
●Detection risk is a complement of assurance provided by substantive tests (for example, a

10% detection risk means a 90% assurance of detecting material misstatement)
● Detection risk can be increased or decreased by the auditor by performing substantive tests
but can never be reduced to zero because of the inherent limitations in the procedures
carried out, the human judgments required, and the nature of the evidence examined.
● The auditor uses the Audit Risk Model:
Audit Risk = Inherent risk x Control risk x Detection risk
Acceptable level of Audit risk

Detection risk = Inherent risk x
Control risk
5. Design audit substantive tests
● Auditor’s reaction to level of detection risk:
a. Lower acceptable level of detection risk – higher assurance are to be provided by
substantive tests by changing any or combination of the following:
✓ Nature – performing more effective substantive procedures
✓ Timing – performing substantive procedures at year-end rather than at interim dates
(decreases detection risk by reducing the risk for the period subsequent to the
performance of those tests)
✓ Extent – increasing the extent of substantive tests by using larger sample size
b. Higher acceptable level of detection risk – low assurance are to be provided by
substantive tests by changing any or combination of the following:
✓ Nature – performing less effective substantive procedures
✓ Timing – performing substantive procedures at interim dates
✓ Extent – decreasing the extent of substantive tests using smaller sample size
In summary, the auditor performs audit procedures to assess the risks of material misstatement
and seeks to limit detection risk by performing further audit procedures based on that assessment.
Summary of relationships among audit risk components:

● The acceptable level of detection risk for a given level of audit risk bears an inverse
relationship to the risks of material misstatement at the assertion level. Therefore:
↑ Risk of material misstatement (inherent risk and control risk), ↓ detection risk that can be
accepted, and vice versa.
● Audit risk and detection risk move in the same direction: ↑ Audit risk, ↑ detection risk, and vice
versa
● The relationship between the risks can also be expressed mathematically in the following
formula:
Audit Risk = RMM (Inherent Risk x Control Risk) x Detection Risk
Inherent risk and control risk are independent variables while detection risk is a dependent
variable.
● All the components of audit risk cannot be eliminated by the auditor due to the following
reasons:
a. Inherent risk – some accounts are susceptible to a material misstatement or the risk of
such misstatement is greater for some accounts than for others
b. Control risk – due to inherent limitations of internal control system
c. Detection risk –
➢ Use of testing/sampling
➢ Use of auditor’s judgment
➢ Even when the auditor conducts 100% examination because audit evidence is
persuasive rather than conclusive in nature
● The components of audit risk that can or cannot be controlled by the auditor:
a. Inherent risk and control risk – cannot be controlled because these are entity’s risk and
exist independently of the audit
b. Detection risk – can be directly controlled (increased or decreased) by the auditor because
detection risk relates to the auditor’s procedures and can be altered by adjusting the
nature, timing, and extent of substantive procedures
The relationship between materiality and audit risk:

● There is an inverse relationship between materiality and the level of audit risk – ↑
materiality level, ↓ audit risk and vice versa.
74
● Materiality is directly related to the acceptable level of detection risk.

● It would lead to most audit work if both audit risk and materiality levels are low.
CONSIDERATION OF INTERNAL CONTROL
BASIC CONCEPTS AND ELEMENTS OF INTERNAL CONTROL
Internal control (IC) – the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the achievement of an
entity’s objectives.
Essential concepts of internal control:
a. Internal control is a process. Internal control is not an end in itself but a means of achieving the
entity's objectives.
b. Internal control is effected by those charged with governance, management and other
personnel. Internal control is accomplished by people at every level of organization.
Responsibilities:
● Management: to design, implement and maintain internal control to assist in achieving the
entity's objectives
● Those charged with governance: to ensure the integrity of accounting and financial
reporting systems through oversight of management
● Staff personnel: to perform their respective functions in order to accomplish the objectives
of the entity
c. Primary purpose/reason for establishing internal control is to provide reasonable

assurance about the achievement of an entity’s objectives.
d. Internal control can be expected to provide reasonable assurance of achieving the entity's
objectives – this is due to inherent limitations of any system of internal control; although internal
control is designed to prevent, detect and correct problems, an effective internal control can only
minimize but not eliminate material misstatements, whether due to fraud or error.
Inherent limitations of internal control:

1. Management overriding the internal control.
2. Circumvention of internal controls through the collusion among employees.
3. The cost-benefit relationship is a primary criterion in designing internal control, that is, the cost of
a control should not exceed its expected benefits. This is known as the concept of reasonable
assurance.
4. Most internal controls tend to be directed at routine transactions rather than non-routine
transactions.
5. The potential for human error due to carelessness, distraction, mistakes of judgment and the
misunderstanding of instructions. Human error may include errors in the design or use of
automated controls.
6. The possibility that procedures may become inadequate due to changes in conditions, and
compliance with procedures may deteriorate.
7. Segregation of duties may be difficult to achieve in a smaller entity.
e. Internal control is designed to help achieve the entity's objectives. Internal control is geared
towards the achievement of the entity's objectives.
Entity’s objectives: what an entity strives to achieve

Categories of entity's objectives:
1. Financial reporting objective – this objective relates to reliability of financial reporting
2. Operational effectiveness objective – this objective is intended to enhance effectiveness
and efficiency of operations
3. Compliance objective – this objective relates to entity’s compliance with applicable laws and
regulations
Classification of internal control:
75
1. According to objectives:
a. Financial reporting controls – controls to achieve reliability of financial reporting objective
b. Operational effectiveness controls – controls to achieve operational effectiveness objective
c. Compliance controls – controls to achieve compliance objective
There is a direct relationship between the entity’s objectives and the internal control it
implements to provide reasonable assurance about their achievement. Both the entity’s
objectives and controls relate to financial reporting, operations and compliance.
2. According to functions:
a. Preventive controls – to deter problems before they arise
Examples:
● Segregation of employee duties
● Control physical access to assets, facilities and information
b. Detective controls – to discover problems as they arise
Examples:
● Preparing bank reconciliation
● Preparing monthly trial balance
c. Corrective controls – to remedy problems discovered with detective controls
Example:
● Maintaining backup copies of transactions and master files
Benefits of strong internal control:

● Reduced cost of an external audit
● Availability of reliable data for decision-making purposes
● Protection of important documents and records
● Assurance of compliance with applicable laws and regulations
Internal control objective relevant to the audit: not all entity’s objectives and internal control are
relevant to the auditor’s risk assessment
1. Relevant to the auditor – financial reporting objective

Reasons:
● It is relevant to the financial statement assertions
● Pertain to the management of risk that may give rise to material misstatement to financial
statements
2. May be relevant to the auditor – operational and compliance objectives are not usually relevant to the
audit but may relevant to the auditor only if they relate to data the auditor evaluates to determine
the reliability of some financial statement assertions
Examples of operational controls that are not normally be relevant to the audit production and
staff scheduling, quality control, and employee compliance with health and safety requirements.
However, these may be relevant to the auditor if:
a. The information produced is used to develop an analytical procedure.

For example:
● Controls pertaining to non-financial data that the auditor uses in analytical procedures,
such as production statistics
● Controls pertaining to detecting non-compliance with laws and regulations that may have
a direct and material effect on the financial statements, such as controls over compliance
with income tax laws and regulations used to determine the income tax provision
b. The information is required for disclosure in the financial statements.

Example,
● Controls to ensure the accuracy of such data to produce statistics that were used as a
basis for an analytical procedure
● Controls for detecting and reporting on non-compliance with certain laws and regulations
that has a direct and material effect on the financial statements
Controls related to the safeguarding of assets often relate to both operations and financial
reporting and objectives. The auditor would generally consider only those controls related to
76
financial reporting, such as controls that limit access to the programs used to process cash
disbursements.
Components of Internal Control: the interrelated components of internal control represent means used
by an entity to help it achieve its objectives (CRIME)
Five interrelated and essential components or aspects of internal control:

1. Control environment – the overall tone of the organization
2. Risk assessment – management’s identification and assessment of risks
3. Information, financial reporting and communication systems – a means of recording
transactions and communicating responsibilities
4. Monitoring the controls – assessment of internal control performance over time
5. Existing control activities – control policies and procedures
Component 1 – Control Environment:

● It sets the tone of an organization, influencing the control consciousness of its people.
● It includes the governance and management functions the attitudes, awareness, and actions of
those charged with governance and management concerning the entity’s internal control and its
importance in the entity.
● It is a set of characteristics that defined good control working relationships in an entity.
● It is the foundation for effective internal control for it provides an appropriate foundation for other
components of internal control.
Elements of control environment:

1. Integrity and ethical values – The entity should establish ethical standards. Ethical
standards influence the effectiveness of the design, administration and monitoring of
controls.
2. Participation by those charged with governance (BOD and audit committee).
3. Management’s philosophy and operating style – Management’s approach to taking
and managing business risks, attitudes and actions toward financial reporting, and attitudes
toward information processing and accounting functions and personnel.
4. Assignment of authority and responsibility – How authority and responsibility for
operating activities are assigned and how reporting relationships and authorization
hierarchies are established. Appropriate methods of assigning responsibility must be
implemented to avoid incompatible functions and to minimize the possibility of errors
because of too much work load assigned to an employee.
5. Commitment to competence – Management’s consideration of the competence levels
for particular jobs and how those levels translate into requisite skills and knowledge.
Competence is the knowledge and skills necessary to accomplish tasks that define the
individual’s job.
6. Personnel or Human resource policies and procedures – The entity must implement
appropriate policies for recruitment/hiring, orientation, training, evaluating, counseling,
promoting, compensating, and remedial actions because the competence of the entity's
employees will bear directly on the effectiveness of the entity's internal control.
7. Organizational structure – The framework within which an entity’s activities for
achieving its objectives are planned, executed, controlled and reviewed. Establishing a
relevant organizational structure includes considering key areas of authority and
responsibility and appropriate lines of reporting. The appropriateness of an entity’s
organizational structure depends, in part, on its size and the nature of its activities.
Component 2 – Risk Assessment: An entity’s risk assessment for financial reporting purposes is its
identification, analysis, and management of risks relevant to the preparation of financial statements that are
fairly presented in conformity with generally accepted accounting principles. (Note that this component
concerns the assessment by management of risk facing the entity, not the auditor's assessment of control
risk.)
Matters the auditor should consider are how management:

a. Identifies business risks (inherent and residual risks) relevant to financial reporting;
b. Estimates the significance of the risks;
c. Assesses the likelihood of their occurrence; and
d. Decides upon actions to manage them.
77
Component 3 – Information and Communication System: Information and communication systems

support the identification, capture, and exchange of information in a timely and useful manner.
The auditor shall obtain an understanding of the information system, including the related business
processes, relevant to financial reporting, including the following areas:
a. The classes of transactions in the entity’s operations that are significant to the financial statements;
b. The procedures, within both information technology (IT) and manual systems, by which those
transactions are initiated, recorded, processed, corrected as necessary, transferred to the general
ledger and reported in the financial statements;
c. The related accounting records, supporting information and specific accounts in the financial
statements that are used to initiate, record, process and report transactions; this includes the
correction of incorrect information and how information is transferred to the general ledger.
d. The records may be in either manual or electronic form;
e. How the information system captures events and conditions, other than transactions, that are
significant to the financial statements;
f. The financial reporting process used to prepare the entity’s financial statements, including significant
accounting estimates and disclosures; and
g. Controls surrounding journal entries, including non-standard journal entries used to record non-
recurring, unusual transactions or adjustments.
The information system relevant to financial reporting objectives, which includes the accounting system,
consists of the methods and records established to record, process, summarize, and report entity transactions
(as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity.
Communication involves providing an understanding of individual roles and responsibilities pertaining to

internal control over financial reporting. Communication may take such forms as policy manuals and financial
reporting manuals. Open communication channels help ensure that exceptions are reported and acted on.
Accounting system: means the series of tasks and records of an entity by which transactions are
processed as a means of maintaining financial records. The tasks identify, assemble, analyze, calculate,
classify, record, summarize and report transactions and other events.
Component 4 – Control Activities: Control activities are the policies and procedures that help ensure
management’s directives are carried out and that necessary steps to address risks are taken. Control
activities address risks that if not mitigated would threaten the achievement of the entity’s objectives.
The auditor should obtain a sufficient understanding of control activities to assess the risks of material
misstatement at the assertion level and to design further audit procedures responsive to assessed risks.
Categories of Control activities: Categories of specific control activities that may be relevant to an
audit:
1. Prenumbering of documents – helps to assure that:

a. All transactions are recorded (completeness).
b. No transactions are recorded more than once (existence).
2. Authorization of transactions – authorization should occur before commitment of

resources
3. Independent checks to maintain asset accountability – independent checks involve the

verification of work previously performed by others
Examples include:
a. Review of bank reconciliations
b. Comparison of subsidiary records to control accounts
c. Comparison of physical counts of inventory to perpetual records
4. Documentation – provides evidence of the underlying transactions and is a basis for

establishing responsibility for the execution and recording of transactions
5. Performance reviews – includes review of the following:

a. Reviews and analyses of actual performance versus budgets, forecasts, and prior period
performance
78
b. Relating different sets of data to one another, together with analyses of the relationships
and investigative and corrective actions (for example, the management of a sports team
might use attendance data to ascertain the reasonableness of ticket sales).
c. Comparing internal data with external sources of information, and
d. Review of functional or activity performance (for example, sales reports, receivable
reports, etc., may be used to analyze performance and to identify errors).
6. Information processing controls – ensure that transactions are valid, properly authorized,
and completely and accurately recorded
a. Application controls – controls which apply to the processing of individual applications

Examples of application controls:
● Checking the arithmetical accuracy of records
● Maintaining and reviewing accounts and trial balance
● Automated controls such as edit checks of input data and numerical sequence
checks
● Manual follow-up of exception reports
● Controls surrounding receivables
● Controls surrounding payroll
b. General controls – which are controls that relate to many applications and support the
effective functioning of application controls by helping to ensure the continued proper
operation of information systems. General controls apply to information processing
throughout the company.
Examples of general controls:
● Program change controls
● Controls that restrict access to programs or data
● Controls over the implementation of new releases of packaged software applications
● Controls over system software that restrict access to or monitor the use of system
utilities that could change financial data or records without leaving an audit trail
● Controls over data center/network
7. Physical controls – are physical controls for safeguarding assets involve security devices and
limited access to programs and to restricted areas, including computer facilities
a. Physical segregation and security of assets, including adequate safeguards such secured
facilities over access to assets and records.
Examples of physical controls:
● Protective or security devices
● Bonded or independent custodians
● Physical and security of assets:
➢ Cash – placed in cash boxes, vault or safe deposit boxes
➢ Cash – deposited in a bank
➢ Inventory – placed in a warehouse
➢ PPE items – tagged with non-movable labels
b. Authorization for access to computer programs and data files (for example, requiring
password prior to access)
c. Authorized access to assets and records (such as through the use of computer access
codes, prenumbered forms, and required signatures on documents for the removal or
disposition of assets)
d. Required signatures on documents for the removal or disposition of assets
e. Periodic counting and comparison with amounts shown on control records
Examples:
➢ Comparing the results of cash, security and inventory counts with accounting
records
➢ Reconciliations
f. The extent to which physical controls intended to prevent theft of assets are relevant to
the reliability of financial statement preparation, and therefore the audit, depends on
circumstances such as when assets are highly susceptible to misappropriation.
8. Segregation of duties – involves ensuring that individuals do not perform incompatible

duties. Duties should be segregated such that the work of one individual provides a crosscheck
on the work of another individual.
79
A proper segregation of duties (or incompatible functions) requires that one person should
not be responsible for all phases of a transaction. It requires assigning different people the
responsibilities of:
● Authorizing transactions
● Recording transactions – recordkeeping
● Maintaining custody of assets involved in the transactions
This means that different employees authorize transactions in the asset, record the
transactions, and have custody of the asset.
Segregation of duties is intended to reduce the opportunities to allow any person to be in

a position to both perpetrate and conceal errors or fraud in the normal course of the person’s
duties.
Example of segregation of duties:

● The responsibilities of the treasury department include handling of cash and custody of
securities but do not include data processing.
Component 5 – Monitoring the Controls: Monitoring is a process that assesses the quality of internal
control performance on an ongoing basis. Management’s monitoring of controls includes considering whether
they are operating as intended and that they are modified as appropriate for changes in conditions.
Monitoring assesses the effectiveness of the internal control’s performance over time. The objective is to
ensure the controls are working properly and, if not, to take necessary corrective actions. Management
accomplishes monitoring of controls through ongoing activities, separate evaluations or a combination of the
two.
Management’s monitoring activities may also include using information from external parties such as
complaints from customers or comments from regulatory bodies that may indicate problems, highlight areas
in need of improvement, or require communications relating to internal control from external auditors.
Internal Control in Smaller Entities
In smaller entities, there are often few employees, which can limit the extent to which segregation of
duties is practicable and the paper trail of documentation available. But internal control still exists. In such
entities, the control environment (management’s commitment to ethical values, competence, attitude
toward control, and their day-to-day actions) will be very important to evaluate. This will involve assessing
the behavior, attitudes, and actions of management.
The presence of a highly involved owner-manager can be both an internal control strength and an
internal control weakness. The strength is that the person (assuming his or her competence) will be
knowledgeable about all aspects of operations and that it is highly unlikely material errors will be missed.
The weakness is that the person is also in a good position to override internal controls.
Effect of Information Technology on Internal Control
Effect on Internal Control

An entity's use of information technology may affect any of the five components of internal control:
a. Management's failure to appropriately address IT risks may negatively impact the control
environment.
b. The use of IT may enhance an entity's risk assessment by providing more timely information.
c. Many information and communication systems make extensive use of IT, and the way in which IT
is used often affects an entity's internal control.
d. Much of the information used in monitoring is provided by IT, and therefore, the accuracy of the IT
system is crucial.
e. The use of IT may affect the way in which existing control activities are implemented. Also, the
effectiveness of user controls may depend upon the accuracy of information provided to the user
by IT systems.
Manual vs. Automated Controls

a. Manual controls may be more appropriate than automated controls in situations where judgment
80
and discretion is required, such as circumstances in which misstatements are difficult to define,
anticipate, or predict.
b. Manual controls, however, may pose additional risks because they can be more easily ignored or
overridden, they are subject to human error, and they are less consistent than automated controls.
Testing Automated Controls

a. In testing automated controls, the auditor needs to identify and test not just specific application
controls but relevant general controls on which the application controls depend. (Application
controls and general controls are covered further below.)
b. In a manual system, manual controls such as approvals, reviews, and reconciliations are used. In
an automated system using information technology, both manual and automated controls may be
used; however, even manual controls may be dependent to some extent on the effective
functioning of IT.
IT Benefits
IT is used by an entity to improve the efficiency and effectiveness of its internal control. The auditor
should consider the effect of such benefits as part of assessing internal control. Benefits may include:
a. The ability to process large volumes of transactions and data accurately and consistently.
b. Improved timeliness and availability of information.
c. Facilitation of data analysis and performance monitoring.
d. Reduction in the risk that controls will be circumvented.
e. Enhanced segregation of duties through effective implementation of security controls.
IT Risks
The use of IT may also create additional internal control risks. The auditor must evaluate the entity's
use of IT to determine whether and to what extent the following risks exist:
a. Potential reliance on inaccurate systems.
b. Unauthorized access to data, which may result in loss of data and/or data inaccuracies.
c. Unauthorized changes to data, systems, or programs.
d. Failure to make required changes or updates to systems or programs.
CONSIDERING INTERNAL CONTROL
● Considering internal control – involves study and evaluation of internal control

● Reasons/purpose of the auditor’s study and evaluation of internal control:
1. Primary: to provide a basis for planning the audit to determine the nature, timing, and extent of
audit procedures
2. Secondary: to provide a basis for constructive suggestions to management about improvements
in internal control structure
● Steps in consideration of internal control:
1. Obtain sufficient understanding of the internal control relevant to the audit – involves
obtaining understanding of the design and operation of internal control relevant to the audit
● The auditor should use the understanding of the five components of internal control sufficient
to evaluate the design and determine if the control has been implemented.
● While the five components of internal control provide a useful framework for identifying and
evaluating controls, the auditor should be more concerned with whether and how a specific
control prevents, or detects and corrects, material misstatements, than with the classification
of controls into categories.
● Internal control is relevant to the entire entity and each of the five components of internal
control may affect any of the three entity objectives, but not all of an entity's objectives and
related controls are relevant to the audit. Generally, those controls that pertain to financial
reporting objective are most relevant to the audit; it is primarily those controls that the
auditor must consider and understand. The auditor need not assess all controls related to
financial reporting, but rather applies professional judgment in determining which controls to
assess.
a. Evaluate the design of relevant control – involves determining whether the control,
individually or in combination with other controls, is capable of effectively preventing or
detecting and correcting material misstatements
81
Major emphasis in the design of effective control

a. Assets are properly protected
b. Duties are segregated
c. Transactions are authorized
b. Determine whether the control has been implemented – whether the control is placed
in operation; a control has been implemented if the control exists and is being used by the
entity
Procedures to obtain evidence about the design and implementation of controls:

● Inquiry of entity personnel (inquiry alone is not sufficient)
● Inspecting documents and records
● Observing of application of specific controls
● Performing a “walk-through” test – tracing a transaction through the accounting
system, from initial recording to presentation in the financial statements
The understanding of internal control is used by the auditor in:

● Identify types of potential misstatements that can occur
● Consider factors that affect the risks of material misstatements
● Determine the nature, timing, and extent of audit procedures
2. Perform preliminary assessment of control risk – the assessment of control risk is based
on understanding of internal control
a. Assess control risk at a high level:
(1) If internal control is poor or not effective, or
(2) If it is inefficient to rely on internal control (inefficient to perform tests of controls)
Auditor’s response if control risk is assessed at a high/maximum level:

● Skip or do not perform tests of controls
● Rely primarily on substantive tests
b. Assess control risk at less than high level:

(1) If internal control is effective or reliable, and
(2) If it is inefficient to obtain evidence to justify the assessment of control risk at less than
high level
Note: Even if the internal control is effective, the auditor should assess control risk at a
high level if it is inefficient to obtain evidence to justify the assessment of control risk at
less than high level. The PSA requires the auditor to document the basis which is the
evidence to justify the assessment of control risk at less than high level.
Auditor’s response if control risk is assessed at less than high/maximum level:

● Perform tests of controls – to confirm operating effectiveness of controls
3. Perform tests of controls – tests of controls are performed when the auditor plans to rely on
internal control; the auditor will only test those controls that he plans to rely upon (controls that
are likely to prevent or detect and correct material misstatement relevant to the financial
statements)
Tests of controls –
● Tests performed to test the operating effectiveness (as to design and operation) of internal
controls that are likely to detect or prevent material misstatements in support of a reduced
assessed level of control risk. Thus, tests of controls are performed to substantiate the
reduced assessed level of control risk
● Tests performed confirm that the controls tested are working effectively
● Unlike substantive tests of details, tests of controls are not required audit procedure.
● The greater the reliance the auditor plans to place on internal control, the more extensive the
tests of those controls that need to be performed.
● Tests of controls generally consist of one (or combination of the following evidence gathering
techniques:
a. Inquiry
82
b. Observation
c. Inspection
d. Reperformance
a. Results of tests of controls does not confirm effectiveness of controls – the auditor should
revise the preliminary risk assessment of control risk from less than high to high level; the
auditor should also make the necessary revision on the overall audit strategy, audit plan and
preliminary audit program
b. Results of tests of controls confirm effectiveness of controls – the auditor may rely on entity’s
internal control and decrease substantive testing
Required Documentation:
1. Document the understanding of accounting and internal control systems
● Form of documentation may vary

● One form or a combination of forms of documentation may be used at the same time
● Forms of documentation:
1. Internal control questionnaire – consists of a list of questions on internal control be
answered by "Yes" or "No" response. A negative response is designed to draw attention to
a possible weakness in internal control. Written explanations are required for "No"
answers.
2. Flowcharts – pictorial/symbolic diagram depicting the operation of a program/system or
the sequential flow of authority, processes, transactions and documents. The use of
standard symbols makes flowcharts easy to understand.
a. Systems flowcharts – used to evaluate internal control because it shows the origin of
each document in the system, its subsequent processing, and its final disposition
b. IT flowcharts – used in evaluating the internal control in an automated/computerized
accounting environment. The auditor can use these flowcharts to evaluate both the
flow of the program and the internal controls related to the IT function in general.
3. Internal control checklists – a detailed listing of ideal control measures (the auditor
tickmarks the controls adopted by the client)
4. Narrative memoranda – a written version of a flowchart. It is a description of the
auditor's understanding of the system of internal control. Note that flowcharts are more
appropriate for documenting complex control structures, while written narratives are more
appropriate for less complex structures.
5. Decision trees or tables –
a. Decision trees – are graphic illustrations that depict the logic of an operation or
process. They generally employ questions with "Yes" or "No" answers, which direct the
user to the next relevant questions.
b. Decision tables – are graphic illustrations that depict the logical relationships of a
system in table form. Both approaches document the auditor's understanding of a
process.
2. Document the assessed level of control risk

● If the control risk is assessed at a high level, the auditor should document his conclusion that
control risk is at a high level.
● If the control risk is assessed at less than high level, the auditor should document:
a. His conclusion that control risk is at less than high level, and
b. The basis for that assessment – results of tests of controls confirming the assessment of
control risk at below high/maximum level
Communicating with those charged with governance and management:
The auditor should communicate audit matters of governance interest arising from the audit of financial
statements with those charged with governance of an entity.
Governance refers to the role of persons entrusted with the supervision, control and direction of an
entity. Those charged with governance ordinarily are accountable for ensuring that the entity achieves its
objectives, financial reporting, and reporting to interested parties.
Reportable conditions are significant deficiencies/weaknesses in the design or operation of the
83
internal control which have come to the auditor’s attention that should be reported to the appropriate level of
management such as the highest official of the company or those charged with governance (usually to the
entity’s audit committee of the board of directors) in writing, in a formal management letter (the by-
product of the audit engagement) at the earliest opportunity so that appropriate corrective actions may be
taken as soon as possible.
A deficiency may be of such magnitude as to be considered a material weakness in internal control. A

material internal control weakness is a condition in which material errors or fraud would ordinarily not
be detected within a timely period by employees in the normal course of performing their assigned functions.
No expression of opinion on entity’s internal control:
Consideration of internal control in financial statement audit is not sufficient to express an opinion on an
entity’s controls because only those controls on which an auditor intends to rely are reviewed, tested, and
evaluated. Moreover, the auditor is not required to identify or search for internal control weaknesses.
Internal control weaknesses: Examples of significant weaknesses in internal control include:

● Weak control environment (such as ineffective oversight, poor attitude toward internal control, or
instances found of management override or fraud)
● Weaknesses in IT general controls.
● Significant business risks that have not been addressed by policies, procedures or internal controls.
● Inadequate policies and procedures in place for:
➢ Appropriately assessing and applying accounting principles
➢ Determining accounting estimates and assessing their reasonableness
➢ Preparing the financial statements and the disclosures required, and
➢ Safeguarding assets
● Significant internal control activities or application controls not operating as designed, not applied
consistently by appropriate individuals, or not monitored by appropriate individuals.
● Significant deficiencies previously communicated to management or those charged with governance
that remain uncorrected after some reasonable period of time.
ASSERTIONS, AUDIT PROCEDURES AND AUDIT EVIDENCE
ASSERTIONS AND AUDIT OBJECTIVES
Nature of Assertions:
Financial statements are not statements of facts. They are a collection of claims and assertions,
made implicitly or explicitly by the entity’s management, about the recognition, measurement,
presentation, and disclosure of information in the financial statements.
Assertions (or management assertions) are representations by management, explicit or

otherwise, that are embodied in the financial statements. These assertions relate to the fairness of
presentation of the financial statements, thus, they are directly related to applicable financial
Examples of assertions:
● All the assets exist. (Existence)
● All sales transactions have been recorded. (Completeness)
● Inventories are properly valued. (Valuation)
● All amounts are properly presented and disclosed in the financial statements.
(Accuracy)
Levels of Assertions:
1. Financial statement level – entity’s management representation that the financial
statements as a whole are presented fairly, in all material respects, in accordance with the
applicable financial reporting framework
● For example, management asserts the financial statements are free from material
misstatements.
2. Account balance or class of transactions level – entity’s management representation that
84
the underlying account balances and class of transactions, including related disclosures, are free
of material misstatements
● For example, when considering the sales balance, management is asserting that sales
revenue is complete (completeness assertion), the transactions occurred (occurrence
assertion), and transactions have been appropriately recorded in the accounting records
(accuracy assertion).
Categories of Assertions used by the Auditor:

1. Assertions about classes of transactions and events for the period under audit
a. Occurrence – recorded transactions and events have occurred and pertain to the entity
b. Completeness – all transactions and events that should have been recorded have been
recorded
c. Accuracy – amounts and other data relating to recorded transactions and events have
been recorded appropriately
d. Cutoff (proper period) – transactions and events have been recorded in the correct
accounting period
e. Classification – transactions have been recorded in the proper accounts
2. Assertions about account balances at the period end
a. Existence – assets, liabilities, and equity interests exist
b. Rights and obligations – the entity holds or controls the rights to assets, and liabilities
are the obligations of the entity
c. Completeness – all assets, liabilities and equity interests that should have been recorded
have been recorded
d. Valuation and allocation – assets, liabilities, and equity interests are included in the FS
at appropriate amounts and any resulting valuation or allocation adjustments are
appropriately recorded
3. Assertions about presentation and disclosure
a. Occurrence and rights and obligations – disclosed events, transactions, and other
matters have occurred and pertain to the entity
b. Completeness – all disclosures that should have been included in the financial statements
have been included
c. Classification and understandability – financial information is appropriately presented
and described, and disclosures are clearly expressed
d. Accuracy and valuation – financial and other information are disclosed fairly and at
appropriate amounts
The existence and completeness objectives emphasize opposite audit concerns. Existence
deals with overstatements and completeness deals with understatements (such as due to
unrecorded transactions).
Auditor’s Use of Relevant Assertions:

The auditor uses relevant assertions in developing audit objectives that will be the basis for
designing audit procedures. Relevant assertions are assertions that have a meaningful bearing
on whether an account is fairly stated. For example:
● Existence assertion, not valuation, is typically relevant to the audit of cash account.
● The valuation assertion would be relevant to assessing the inventory balance than assessing
sales balance.
The auditor should use relevant assertions to:

a. Consider the types of potential misstatements that may occur
Examples include:
● Does the asset exist? (Existence)
● Are all sales transactions recorded? (Completeness)
● Is inventory properly valued? (Valuation)
● Did the transaction occur? (Occurrence)
● Are amounts properly presented and disclosed in the financial statements?
(Accuracy)
b. Assess the risks of material misstatement – The auditor should identify what
85
controls have been implemented to address the relevant assertions.

Examples:
● How does management ensure transactions are recorded? (Completeness)
● How does management ensure that significant estimates are based on reasonable
assumptions and properly recorded in the financial statements? (Accuracy)
c. Design audit procedures that are responsive to the assessed risks
Examples:
● If the risk is high that receivables are being overstated, the audit procedures should
be designed to specifically address the valuation assertion.
● When the auditor designs tests of controls, emphasis should be placed on testing
controls over the relevant assertions rather than just significant controls.
● An audit procedure may provide evidence supporting more than one assertion. For
example, when an auditor obtains confirmation of inventories held at outside
locations, evidence is obtained not just about completeness, but also about the
existence of inventory.
● More than one procedure may be required to fully support an assertion. For
example, in order to be reasonably certain that inventory quantities include all
inventories on hand at year-end, the auditor should also inspect receiving
transactions near year-end for recording in the proper period.
Audit Objectives:
The auditor develops audit objectives that relate to management assertions about the financial
statement components. To achieve audit objectives, the auditor shall design audit procedures and
gather sufficient appropriate audit evidence whether the assertions are in accordance with the
applicable financial reporting framework.
Audit objectives are used to verify management assertions. Thus, there should be proper
matching of auditor’s objectives with management assertions.
Types of Audit Objectives:

1. Whether general or specific:
a. General audit objectives – are broad objectives of auditing an account balance or
class of transactions
● Examples of general audit objectives include existence, completeness, valuation,
classification, cut-off, accuracy, presentation and disclosure, validity, ownership, and
overall reasonableness
b. Specific audit objectives – audit objectives stated in terms tailored to the specific
audit engagement
● The general audit objectives remain the same for every audit engagement, but the
evidence varies, depending on the circumstances. The general audit objectives are
applicable to every account balance on the financial statements.
● After the general objectives are understood, specific objectives for each account
balance on the financial statements can be developed. There should be one specific
audit objective for each relevant general objective.
2. Whether substantive or compliance
a. Substantive audit objectives – objectives that relate to the determination of the
validity of assertions on account balances or class of transactions or disclosures found in
the financial statements
b. Compliance audit objectives – objectives that relate to the degree of entity’s
compliance with relevant controls
AUDIT PROCEDURES
Based on audit objectives, the auditor should plan and perform audit procedures. Audit
procedures are the means for obtaining sufficient appropriate audit evidence to satisfy financial
statement assertions and to support audit opinion on the fairness of the financial statements. They
86
are the detailed instructions for the collection of a particular type of evidence that is to be obtained
during the audit. Since audit procedures are performed to verify management assertions, they
would differ depending on the particular assertion or account audited.
Primary Purpose of Audit Procedures:

Audit procedures are performed to gather necessary (not all) corroborative evidence to achieve
audit objectives in order to result to sufficient appropriate audit evidence on the fairness of the
presentation of the entity’s financial statements.
Audit procedures distinguished from audit standards and audit techniques:

● Audit standards – measure of the quality of the audit performance; they are set by the
AASC, thus, they remain the same from one audit engagement to another
● Audit procedures – performed to meet the audit standards; determined by the auditor,
thus, they vary from audit to audit; although they vary from audit to audit, the auditor
should perform relevant essential audit procedures provided by the audit standards (PSAs)
● Audit techniques – methods used by the auditor or the details of the audit procedures;
they also vary from audit to audit
Nature, Timing and Extent of Audit Procedures:

a. Nature of an audit procedure – refers to:
(1) Its purpose (i.e., test of controls or substantive procedure) and
(2) Its type (i.e., inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedures)
When RMM is assessed at high level it affects the types of audit procedures to be
performed and their combination.
b. Timing of an audit procedure – refers to when to perform the audit procedure, or the
period or date to which the audit evidence applies
Audit procedures are normally performed:
a. Early in the accounting period being examined
b. Throughout the accounting period being examined, but with emphasis of the
transactions near the end
c. Within one to three months after the close of the accounting period
Audit procedures performed before period end are known as interim work.
The nature and timing of the audit procedures to be used may be affected by the fact
that some of the accounting data and other information may be available only in
electronic form or only at certain points or periods in time.
c. Extent of an audit procedure – refers to the quantity to be performed or the extent of
testing or the number of items to be examined (for example, a sample size, or the number
of observations of a control activity)
Audit Procedures for Obtaining Audit Evidence:
1. Risk assessment procedures – procedures to obtain an understanding of the entity and its
environment, including its internal control, in order to identify and assess the risks of material
misstatement (RMM)
Risk assessment procedures include:
a. Inquiry of management and other personnel
b. Analytical procedures (as a planning tool)
c. Observation and inspection
Risk assessment procedures alone do not provide audit evidence sufficient to support an
audit opinion. Risk assessment procedures must be supplemented by tests of controls,
when necessary, and substantive procedures.
2. Further audit procedures – The auditor shall design and perform audit procedures whose
nature, timing, and extent are based on and are responsive to the assessed RMM at the
assertion level.
● Further audit procedures are actually audit procedures classified according to purpose
87
● In designing the further audit procedures to be performed, the auditor shall:

(1) Consider the assessed RMM
(2) Obtain more persuasive audit evidence the higher the auditor’s assessment of risk by:
a. Increasing the quantity of evidence; or
b. Obtain evidence that is more relevant or reliable (such a obtaining third party
evidence or by obtaining corroborating evidence from a number of independent
sources)
Auditor’s responses to assessed risks of material misstatements (RMM) include

both:
a. Overall responses – The auditor shall design and implement overall responses to
address the RMM at the financial statement level.
Overall responses may include:
● Emphasizing to the audit team the need to maintain professional skepticism
● Assigning more experienced staff or those with special skills or using experts
● Providing more supervision
● Incorporating additional elements of unpredictability in the selection of further
audit procedures to be performed
● Making general changes to the nature, timing, or extent of audit procedures (such
as performing substantive procedures at the period end instead of at an interim
date)
Overall responses affect auditor’s general approach:
● Substantive approach – an approach whose emphasis is on substantive
procedures
● Combined approach – an approach that uses both tests of controls and
substantive procedures
b. Further audit procedures
Further audit procedures include:

(1) Tests of controls (compliance tests) – audit procedures designed to evaluate the
operating effectiveness of relevant controls in preventing, or detecting and correcting
material misstatements at the assertion level
● In designing and performing tests of controls, the auditor shall obtain more
persuasive audit evidence the higher/greater reliance the auditor places on the
effectiveness of a control.
● Test of controls, although not intended to detect material misstatements, may
provide evidence that a misstatement is likely to occur.
When to perform tests of controls:

a. When the auditor intends to rely on the operating effectiveness of relevant
controls in determining the nature, timing and extent of substantive procedures;
or
● Tests of controls are performed only on those controls that the auditor has
determined are suitably designed to prevent, or detect and correct, a material
misstatement in an assertion.
b. When substantive procedures alone cannot provide sufficient appropriate
evidence at the assertion level
● For example, an entity conducts its business using IT and no documentation
of transactions is produced or maintained, other than through the IT system.
Dual purpose test:

● The auditor may design a test of controls to be performed concurrently with a
test of details on the same transaction. Although the purpose of a test of
controls is different from the purpose of a test of details, both may be
accomplished concurrently by performing test of controls and test of details on
the same transaction, also known as a dual-purpose test.
88
(2) Substantive procedures – audit procedures designed to detect material

misstatements at the assertion level
Other best descriptions: Substantive procedures may also be described as audit
procedures that are designed to:
● Detect material peso/monetary errors or fraud
● Substantiate the validity of management's assertions regarding the financial
statements. Thus, substantive procedures are sometimes called validation
procedures because they provide evidence about the existence of
misstatement.
● Gather evidence in respect to all material classes of transactions, account
balances, and disclosures.
● Be performed in response to the assessment of the risks of material
misstatement at the assertion level, which includes the results of tests of
controls, if any. In other words, substantive procedures are performed in
response to the planned level of detection risk.
Substantive procedures are mandatory:

Irrespective of the assessed risks of material misstatement, substantive
procedures are required for all relevant assertions related to each material class of
transactions, account balance, and disclosure. This requirement reflects the fact that:
a. The auditor’s assessment of risk is judgmental and so may not identify all risks
of material misstatement; and
b. There are inherent limitation to internal control
Substantive testing cannot be eliminated. However, it may be reduced by
auditor’s reliance on entity’s effective internal control.
Nature, timing and extent of substantive tests:

When internal control is not reliable, the auditor will have to perform extensive
substantive tests. Thus, the result of test of controls is a major factor in determining
the nature, timing and extent of substantive tests.
1. Nature: relates the quality of audit evidence (performing more effective or
less effective audit procedures)
2. Timing: also relates to the quality of evidence (performing the audit
procedures at year-end or at interim date)
3. Extent: relates to the quantity of audit evidence (using larger sample size or
smaller sample size)
Reliance on substantive tests:

The reliance placed on substantive tests in relation to the reliance placed on
internal control has an inverse relationship.
Types of substantive procedures:

Whether or not to use substantive analytical procedures or to perform tests of
details of transactions and balances, the auditor usually consider the relative
effectiveness and efficiency of the tests.
1. Tests of details – examining or obtaining audit evidence on the actual details of
account balance, class of transactions, and disclosure
● The objective of tests of details is to substantiate or identify misstatements in the
recorded amounts.
Directional testing – refers to the direction of an audit test
a. Tracing – if the auditor starts from original source documents and traces
forward to the accounting records, this tests the assertion of completeness.
This helps the auditor identify understatement errors.
b. Vouching – If the auditor starts from the accounting records and vouches
backwards to the original source documents, this tests the assertion of
existence or occurrence. This helps the auditor identify overstatement
errors.
89
a) Test of details of transactions – testing of transactions which give rise to the

ending balance of a given account; these involve examining authorization,
recording and posting of transactions (such as examining receipts or
disbursements of Cash account)
● Applicability of test of details of transactions: It is used when the
account being substantiated has relatively few or smaller volume of
transactions of relatively material amounts occurring during the year (for
example, PPE, intangibles, bonds payable and stockholders’ equity accounts)
● Test of transactions are often performed several months prior to the balance
sheet date.
● Tests of details of transactions primarily involve tracing and vouching.
b) Tests of details of balances – direct testing of accounts ending balance

● Tests of details of balances focus on obtaining evidence directly about an
account balance.
● More types of evidence are obtained using tests of details of balances than
by using any other type of test.
● Test details of balances is usually the most costly to perform.
● Applicability of test of details of balances:
➢ For accounts whose balances are affected by large volume transactions of
relatively immaterial amounts (such as cash, accounts receivable and
inventories).
➢ If an account has a high turnover rate with many transactions occurring
during the year, the auditor generally will concentrate more on the
ending balance total.
➢ It is used when the auditor is satisfied that internal control is strong.
2. Substantive analytical procedures – these are analytical procedures performed

during testing phase to substantiate predictable relationships among both financial
and non-financial data
● Analytical procedures are evaluations of financial information made by a study
of plausible relationships among both financial and nonfinancial data. Analytical
procedures generally involve comparisons of recorded amounts to independent
expectations developed by the auditor.
● The application of planned analytical procedures is based on the expectation that
relationships among data exist and continue in the absence of known conditions
to the contrary.
● Analytical procedures will result to circumstantial evidence rather than conclusive
evidence.
● Results of substantive analytical procedures would entail additional tests to be
performed.
● Analytical procedures are the audit tests that are usually the least costly to
perform.
Applicability of substantive analytical procedures:

● Generally more applicable to large volume of transactions that tend to be
predictable over time
● Not required substantive procedures during testing phase (but are
required during audit planning and final or overall review stages)
● When appropriate, they are used on accounts that are predictable and
plausible.
Limitations of analytical procedures: Since analytical procedures are based

on expected plausible relationships among data, differences do not necessarily
indicate errors or fraud, but simply indicate the need for further investigation.
Changes in an account, changes in accounting principle, and inherent differences
90
between industry norms and the client all contribute to fluctuations in expected
amounts.
Audit Procedures According to Types:

The following procedures, individually or in combinations, may be used as risk assessment
procedures, test of controls, or substantive procedures, depending on the context in which they are
applied by the auditor:
1. Inspection – consists of examining records or documents (whether internal or external, in
paper form, or other media), or a physical examination of an asset
● For example, an inspection of records or documents for evidence of authorization is a
test of controls.
2. Observation – consists of viewing/looking at a process or procedure being performed by
others.
Examples:
● Observation of the counting of inventories by the entity’s personnel
● Observation of the performance of control activities that leave no audit trail
3. External confirmation – represents audit evidence obtained by the auditor as a direct
written response to the auditor from a third party (the confirming party) in paper form, or
by electronic or other medium
● Confirmation is a specific type of inquiry that involves the process of obtaining a
representation of information or of an existing condition about account balances and
transactions or events directly from independent third parties.
● Confirmations are controlled by the auditor because the auditor:
a. Selects the parties to be contacted
b. Prepares and mails the confirmation requests, and
c. Receives the confirmation replies directly from the third parties
● External confirmations frequently are relevant when addressing assertions associated
with certain account balance and their elements. However, they are not restricted to
account balances only.
Examples of external confirmation:
● Confirmation of accounts receivable balances:
a. Positive confirmation – customers should reply whether or not they agree with
their respective balances; it is considered more effective than negative
confirmation
b. Negative confirmation – customers should reply if there are discrepancies
● Bank confirmation of account balances (including amount of loan outstanding)
● Suppliers’ confirmation of accounts payable
● Confirmation from lenders
● Inventory confirmation when inventory is under custody and control of a third party
● Confirmation from lawyers or financiers who have custody over client’s property title
deeds
● Confirmations of the terms of agreements or transactions an entity has with third
parties
● Confirmation about the absence of certain conditions, for example, the absence of a
“side agreement” that may influence revenue recognition
d. Recalculation (computation) – consists of checking the mathematical accuracy
(manually or electronically) of documents or records
Examples:
● Auditor’s recalculation of depreciation, interest expense or earnings per share
e. Reperformance – involves the auditor’s independent execution of procedures or controls
that were originally performed (by the client’s staff) as part of the entity’s internal control
f. Analytical procedures – consist of evaluations of financial information made by a study of
plausible relationships among both financial and non-financial data
Analytical procedures also encompass the investigation of identified fluctuations and
relationships that are inconsistent with other relevant information or deviate significantly
from predicted amounts.
g. Inquiry – consists of seeking information of knowledgeable persons, both financial and
91
non-financial, within the entity or outside the entity.

● Inquiry is used extensively throughout the audit in addition to other audit procedures.
● Inquiries may be formal written inquiries or informal oral inquiries.
● Evaluating responses to inquiries is an integral part of the inquiry process.
● Evidence obtained from inquiry can be gathered with every type of audit test.
In respect of some matters, the auditor may consider it necessary to obtain written
representation from management and, where appropriate, those charged with
governance to confirm responses to oral inquiries.
Audit Techniques:
The auditor applies audit techniques (methods) to gather corroborative evidence and uses his
professional judgment to determine which audit techniques would best result to the audit evidence
he needs.
Examples of audit techniques:

1. Confirm – to obtain information directly from an independent third party
2. Inspect – to obtain evidence through physical examination
3. Count – physical examination of assets (such as cash count or petty cash count)
4. Compare – technique used after count of assets; also used to compare current period
balances with those of prior periods
5. Inquire – asking questions, whether oral or written, directed to the client or to third parties
6. Trace – to determine whether transactions supported by source documents are properly
recorded and posted
7. Vouch – examine and authenticate of underlying evidential papers
8. Verify – to prove the accuracy of extensions, footings, postings, ownership and existence
9. Reconcile – to bring into agreement information obtained from two groups of related, but
independent, figures
Reconciliation involves comparing financial amounts from two independent sources for
agreement, such as:
● Reconciling the cash balance per the books with the balance per bank
● Reconciling the physical inventory count with the perpetual inventory records
● Reconciling lead schedules to general ledger amounts
10. Analysis of accounts – to detail the composition of an account or to detail the individual
debits and credits in the account in a chronological sequence
11. Review – perform to obtain evidence of authoritative documentation to support certain
transactions
12. Extend – to prove the accuracy of multiplications (on invoices, payroll records, etc.)
13. Foot – to prove the accuracy of vertical or horizontal additions
14. Scan – looking for evidence of unusual amounts/items, which, if found, would be further
investigated
● Scanning may also be considered an analytical procedure, as the auditor uses
professional judgment to search for large, significant, or unusual items in the accounting
records.
AUDIT PROGRAM
An audit program is a detailed listing of the nature, timing and extent of planned audit
procedures (tests of controls and/or substantive tests) that the auditor will perform to gather
sufficient appropriate evidenced. It is a set of instructions to assistants involved in the audit and as
a means to control and record the proper execution of work.
AUDIT EVIDENCE
The auditor shall design and perform audit procedures that are appropriate in the circumstances
for the purpose of obtaining reasonable assurance or sufficient appropriate audit evidence to
reduce audit risk at acceptably low level thereby enable the auditor to draw reasonable conclusions
on which to base the auditor’s opinion.
92
Most of the auditor's work in forming the auditor's opinion consists of obtaining and evaluating
audit evidence. The auditor shall conclude whether sufficient appropriate audit evidence has been
obtained based on his professional judgment.
Audit Evidence, Defined:

● Audit evidence refers to all the information used by the auditor in arriving at the
conclusions on which the audit opinion is based. Thus, audit evidence supports the opinion
and the auditor's report.
● Sometimes called as evidential matter, it is the main output/product of performing audit
procedures.
Audit Evidence Relationship with Assertions: Audit evidence comprises both:

a. Information that supports and corroborates management's assertions, and
b. Information that contradicts such assertions.
Nature of Audit Evidence:

Audit evidence includes both information contained in the accounting records underlying the
financial statements and other information:
1. Accounting records (Underlying data) – accounting records/data prepared by the

client’s personnel and from which financial statements are prepared
a. Records of initial accounting entries
b. Supporting records, such as checks and records of electronic fund transfers, invoices
and contracts
c. General and subsidiary ledgers
d. Journal entries and other adjustments to the financial statements that are not reflected
in formal journal entries
e. Records such as worksheets and spreadsheets supporting cost allocations,
computations, reconciliation and disclosures
2. Corroborating evidence – corroborating information that are used by the auditor to verify
the fairness of the accounting records
a. Documents (such as checks, bank statements, contracts and minutes of meetings)
b. Information/evidence from other sources such as:
● Previous audits
● Quality control procedures for client acceptance and continuance
● Confirmations from third parties
● Industry analysts’ reports
● Comparable data about competitors (benchmarking)
● Client written representation
c. Information obtained by he auditor from audit procedures such as inquiry, observation,
inspection and computation
d. Other information developed by, or available to, the auditor that permits the auditor to
reach conclusions through valid reasoning
Types of Audit Evidence:

1. Physical evidence – obtained by physical examination of assets (such as count of stock
certificates in support of stock investment account or observation of client’s processes or
procedures)
2. Mathematical recomputations – auditor’s recomputation of the accuracy of client’s
computations such as depreciation, amortization, doubtful accounts, etc.
3. Documentation – examination of the supporting documents of recorded transactions and
balances appearing in the financial statements
4. Representation by third parties (or confirmation) – a document originating from
independent outside party and sent directly to the auditor
5. Representation by client personnel – statements from client personnel in response to
queries posed by the auditor
93
6. Results of analytical procedures

7. Internal control – existence of effective internal control may be regarded as a strong
evidence of the validity of the accounts and amounts found in the financial statements
8. Subsequent events – they provide additional evidence regarding conditions that already
existing on the balance sheet that and affect accounting estimates
Sources of audit evidence:

● Audit evidence is cumulative in nature and is primarily obtained from audit procedures
performed during the course of the audit. However, it may also include information
obtained from other sources such as:
➢ Previous audits (where the auditor performs audit procedures to establish its
continuing relevance)
➢ Firm's quality control procedures for client acceptance and continuance
● Audit evidence may come from:
a. Internal sources (inside the entity) – generated internally, such as evidence existing
within the accounting records, minutes of meetings, or a management
representation
b. External or independent sources (outside the entity) – for example, confirmations
from third parties analysts’ reports, and comparable data about competitors
(benchmarking data)
c. Direct knowledge of the auditor
● Audit evidence may also come from:
a. Information obtained from testing the accounting records (accounting records are
an important source of audit evidence) – for example, through analysis and review,
reperforming procedures followed in the financial reporting process, and reconciling
related types and application s of the same information
b. Non-financial original records
● Audit evidence may include information prepared using the work of a management’s
expert.
● In some cases the absence of information (for example, management's refusal to
provide a requested representation) is used by the auditor, and therefore, also
constitutes audit evidence.
Information to Be Used as Audit Evidence

● When designing and performing audit procedures, the auditor shall consider the relevance
and reliability of the information to be used as audit evidence.
● When information to be used as audit evidence has been prepared using the work of a
management's expert, the auditor shall, to the extent necessary, having regard to the
significance of that expert's work for the auditor's purposes:
a. Evaluate the competence, capabilities and objectivity of that expert;
b. Obtain an understanding of the work of that expert; and
c. Evaluate the appropriateness of that expert's work as audit evidence for the relevant
assertion.
● When using information produced by the entity, the auditor shall evaluate whether the
information is sufficiently reliable for the auditor's purposes, including as necessary in the
circumstances:
a. Obtaining audit evidence about the accuracy and completeness of the information; and
b. Evaluating whether the information is sufficiently precise and detailed for the auditor's
purposes.
Sufficient Appropriate Audit Evidence:

The auditor shall design and perform audit procedures that are appropriate in the circumstances
for the purpose of obtaining sufficient appropriate audit evidence.
1. Sufficiency – the measure of the quantity or amount of audit evidence that the auditor
shall accumulate
● Sufficiency is determined based on the auditor’s professional judgment.
94
● Audit evidence is sufficient if there is enough of it to afford a reasonable basis for an

audit opinion on the financial statements.
Factors affecting sufficiency of audit evidence:
Auditor’s judgment as to the quantity of audit evidence is influenced by:
a. Auditor’s assessment of the risks of misstatement – the higher the assessed risks,
the more audit evidence is likely to be required
● For example, as risk of material misstatement increases in Accounts Receivable,
audit evidence required also increases.
b. Quality or competence of audit evidence – the higher the quality, the less may be
required. Obtaining more audit evidence, however, may not compensate for its poor
quality.
c. Materiality of item being examined – more material amounts, more evidence to
support its validity
d. Experience gained during previous audit may indicate the amount of evidence taken
before and whether such evidence was enough
e. Type of information available
Merely obtaining more audit evidence may not compensate for audit evidence of lower
quality. The auditor should exercise professional judgment and professional skepticism in
evaluating the sufficiency and appropriateness of audit evidence to support the audit
opinion.
The sufficiency and appropriateness of audit evidence are interrelated.
2. Appropriateness – measures the quality of audit evidence, that is, its relevance and its
reliability in providing support for the conclusions on which the auditor's opinion is based
a. Relevance – deals with the logical connection with, or bearing upon, the purpose of
audit procedures and the assertion under consideration
● Audit evidence is considered relevant if it pertains to the assertions being
evaluated or to the specific audit objective being tested. For example:
➢ Obtaining audit evidence relating to the physical existence of inventory is not
relevant in obtaining audit evidence relating to the valuation of inventory.
➢ Accounts receivable confirmations are relevant to the existence of receivables,
but not to their valuation (i.e., a customer can confirm that a receivable exists,
but this does not necessarily imply that the customer has the intent or the
ability to pay).
● The relevance of information to be used as audit evidence may be affected by the
direction of testing.
● A given set of audit procedures may provide audit evidence that is relevant to
certain assertions, but not to others.
● Obtaining audit evidence regarding a particular assertion, for example, the
existence of inventory, is not a substitute for obtaining audit evidence regarding
another assertion.
● Audit evidence from different sources or of a different nature may often be
relevant to the same assertion.
b. Reliability – objectivity of evidence

Reliability of evidence is influenced by:
● Its source (external or internal)
● Its nature (visual, documentary, or oral)
● The circumstances under which it is obtained
● Where relevant, the controls over its preparation and maintenance
Generalizations about the reliability of audit evidence:

1. The reliability of audit evidence is increased when it is obtained from
knowledgeable independent sources outside the entity.
● Examples of information from sources independent of the entity may include
confirmations from third parties, analysts' reports, and comparable data
95
about competitors (benchmarking data).

2. The reliability of audit evidence that is generated internally is increased when
the related controls, including controls over its preparation and maintenance,
imposed by the entity are effective. (Effective internal control provides more
reliable audit evidence than ineffective internal control.)
3. Audit evidence obtained directly by the auditor is more reliable than evidence
obtained indirectly or by inference.
● For example, observation of the application of a control is more reliable than
inquiry about the application of a control).
4. Audit evidence in documentary form (whether paper, electronic, or other
medium) is more reliable than evidence obtained orally.
● For example, a contemporaneously written record of a meeting is more
reliable than a subsequent oral representation of the matters discussed.
5. Evidence provided by original documents is more reliable than evidence provided
by photocopies or facsimiles.
The above generalizations should be considered in determining which evidence is

persuasive or least persuasive.
Generalizations about reliability are subject to important exceptions, for example,

even when the information to be used as audit evidence is obtained from sources
external to the entity, circumstances may exist that could affect its reliability (such
as if the source is not knowledgeable or a management’s expert may lack
objectivity).
More assurance is ordinarily obtained from consistent audit evidence obtained from
different sources or of a different nature than from items of audit evidence
considered individually.
Hierarchy of reliability of evidence: (from most reliable to least reliable)

1. Direct evidence or personal observation and knowledge (such as physical
observation)
2. Externally generated evidence sent directly to the auditor (such as confirmations
from banks and customers and bank statements and cut-off bank statements
received from banks)
3. Externally generated evidence kept by the client (such as vendor’s invoices, bank
statements received from the client)
4. Internally generated evidence circulated externally (such as sales invoices from sale
to customers and paid checks and cost allocations)
5. Internally generated evidence not circulated externally (such as purchase
requisitions, customer’s order and cost allocations)
6. Oral evidence
Persuasive Evidence:
Audit evidence is persuasive if it is sufficient both in quantity and quality to support audit
opinion. Thus, sufficiency and appropriateness of audit evidence are the determinants of
persuasiveness of audit evidence. The auditor may need to rely on audit evidence that is
persuasive rather than conclusive. However, to obtain reasonable assurance, the auditor must not
be satisfied with audit evidence that is less than persuasive.
Cost-benefit considerations:
The auditor should consider the relationship between the cost of obtaining audit evidence and
the usefulness of the information obtained.
The valid bases for omitting an audit test/procedure for which there is no alternative are:
a. Relative risk (or inherent risk) involved
b. Relationship between the cost of obtaining audit evidence and the usefulness of the
96
information obtained
c. Degree of reliance on the relevant internal controls (or Assessment of control risk at a low
level)
Difficulty and expense involved in testing a particular item is not a valid basis for an auditor of
deciding to omit an audit procedure.
Information produced by a management expert as audit evidence:

A management expert is an individual or organization possessing expertise in a field other
than accounting or auditing, whose work in that field is used by the entity to assist the entity in
preparing the financial statements.
When information to be used as audit evidence has been prepared using the work of a
management’s expert, the auditor shall, to the extent necessary, having regard to the significance
of that expert’s work for the auditor’s purposes:
1. Evaluate the competence, capabilities and objectivity of that expert
a. Competence – relates to the nature and level of expertise of the management’s expert
b. Capability – relates to the ability of the management’s expert to exercise that
competence in the circumstances
c. Objectivity – relates to the possible effects that bias, conflict of interest or the influence
of others may have on the professional or business judgment of the management expert
Sources of information regarding competence, capabilities and objectivity of a
management’s expert:
● Personal experience with previous work of that expert
● Discussions with that expert
● Discussions with others who are familiar with that expert’s work
● Knowledge of that expert’s qualifications, membership of a professional body or
industry association, license to practice, or other forms of external recognition
● Published papers or books written by that expert
● An auditor’s expert, if any, who assists the auditor regarding the information
produced by the management expert
2. Obtain an understanding of the work or field of expertise of that management’s

expert
Aspects of the management’s expert’s filed relevant to the auditor’s understanding may
include:
● Whether that expert’s field has areas of specialty within it that are relevant to the
audit.
● Whether any professional or other standards, and regulatory or legal requirements
apply.
● What assumptions and methods are used by the management’s expert, and whether
they are generally accepted within that expert’s filed and appropriate for financial
reporting purposes.
● The nature of internal and external data or information the auditor’s expert uses
3. Evaluate the appropriateness of that expert’s work as audit evidence for relevant
assertion
The auditor shall consider:
a. The relevance and reasonableness of that expert’s findings or conclusions, their
consistency with other audit evidence, and whether they have been appropriately
reflected in the financial statements;
b. If the expert’s work involves use of significant assumptions and methods, the relevance
and reasonableness of those assumptions and methods; and
c. If that expert’s work involves significant use of source data the relevance, completeness,
and accuracy of that source data
Evaluating the Sufficiency and Appropriateness of Audit Evidence:
97
Based on the audit procedures performed and the audit evidence obtained, the auditor shall
evaluate before the conclusion of the audit whether the assessments of the RMM at the assertion
level remain appropriate.
Factors affecting sufficient appropriate audit evidence:

The auditor’s judgment as to what constitutes sufficient appropriate audit evidence is
influenced by such factors as the following:
● Significance of the potential misstatement in the assertion and the likelihood of its
having a material effect on the financial statements.
● Effectiveness of management’s responses and controls to address the risks.
● Experience gained during previous audits with respect to similar potential
misstatements.
● Results of audit procedures performed, including whether such audit procedures
identified specific instances of fraud or error.
● Source and reliability of the available information.
● Persuasiveness of audit evidence.
● Understanding of the entity and its environment, including internal control.
AUDIT SAMPLING
Definition of terms:
● Sampling – testing of less than 100% of the items within a population to form a conclusion about
the population
● Audit sampling – applying audit procedures to less than 100% of the items within an account
balance or class of transactions, such that all sampling units have a chance of selection, to form a
conclusion about the balance or class
● Error – either control deviations, when performing tests of control, or misstatements, when
performing substantive procedures.
● Total error – either the rate of deviation (in case of tests of control) or total misstatement (in case
of substantive procedures)
● Anomalous error – means an error that arises from an isolated event that has not recurred other
than on specifically identifiable occasions and is therefore not representative of errors in the
population
● Sampling risk – the possibility that the auditor’s conclusion, based on a sample may be different
from the conclusion reached if the entire population were subjected to the same audit procedure.
● Non-sampling risk – arises from factors that cause the auditor to reach an erroneous conclusion
for any reason not related to the size of the sample. For example, most audit evidence is persuasive
rather than conclusive, the auditor might use inappropriate procedures, or the auditor might
misinterpret evidence and fail to recognize an error.
● Population – the entire set of data from which a sample is selected and about which the auditor
wishes to draw conclusions. For example, all of the items in an account balance or a class of
transactions constitute a population. A population may be divided into strata, or sub-populations,
with each stratum being examined separately. The term population is used to include the term
stratum.
● Confidence levels – the mathematical complements of sampling risks
● Sampling unit – the individual items constituting a population, for example checks listed on deposit
slips, credit entries on bank statements, sales invoices or debtors’ balances, or a monetary unit
● Stratification – the process of dividing a population into subpopulations, each of which is a group of
sampling units which have similar characteristics (often monetary value)
● Tolerable error –
a. Tolerable error amount – in substantive procedures, it is the maximum total error in a
population that the auditor is willing to accept
b. Tolerable deviation rate – in tests of control, it is the maximum rate of deviation from the
prescribed control procedure the auditor is willing to accept without changing control risk
assessment or planned reliance on internal control.
● Expected error –
a. Expected error amount – in substantive tests, it is the auditor's best estimate of the amount of
error the auditor expects to find in the population
98
b. Expected deviation rate – in tests of control, it is the auditor's best estimate of the rate of
deviation from a prescribed control procedure in the population
Whether audit sampling is a required: Audit sampling is not required part of any audit procedure
because when designing audit procedures, the auditor should determine appropriate means of selecting items
for testing as follows:
a. Selecting all items (100% examination)
b. Selecting specific items from a population judgmentally based on such factors as knowledge of
the client’s business, preliminary assessments of inherent and control risks, and the characteristics of
the population being tested (subject to non-sampling risk)
Specific items selected:

● High value or key items that exhibit some other characteristic (for example, items that are
suspicious, unusual, particularly risk-prone or that have a history of error)
● All items over a certain amount. The auditor may decide to examine items whose values
exceed a certain amount so as to verify a large proportion of the total amount of an account
balance or class of transactions.
● Items to obtain information. The auditor may examine items to obtain information about
matters such as the client’s business, the nature of transactions, accounting and internal
control systems.
● Items to test procedures. The auditor may use judgment to select and examine specific items
to determine whether or not a particular procedure is being performed.
c. Audit sampling: Sampling is essential throughout audits as auditors attempt to gather sufficient
appropriate evidence in a cost efficient manner.
When to use audit sampling:

● Where an auditor has no special knowledge about likely misstatements contained in account
balances and transactions
● When the auditor believes that the sample is to be a good representative of the population
(account balances and transactions)
Situations where sampling may not apply: Sampling concepts generally do not apply to:
a. Risk assessment procedures performed to obtain an understanding of internal control.
b. Tests of automated application controls when effective general controls are present.
(Generally, such controls would only be tested once or a few times.)
c. Analyses of security and access controls, or other controls that do not provide documentary
evidence of performance (e.g., controls related to segregation of duties).
d. Some tests related to the operation of the control environment or the accounting system
(e.g., examination of the effectiveness of activities performed by those charged with
governance).
Lists procedures that do not involve sampling:

a. Inquiry and observation
b. Analytical procedures
c. Procedures applied to every item in a population
d. Tests of controls where application is not documented
e. Procedures from which the auditor does not intend to extend a conclusion to the remaining item in
the account
f. Untested balances
Approaches to audit sampling:
1. Statistical sampling – any approach to sampling that has the following characteristics:
a. Random selection of a sample; and
b. Use of probability theory to evaluate sample results, including measurement of sampling risk
In statistical sampling, auditors specify the sampling risk they are willing to accept and then
calculate the sample size that provides that degree of reliability. Results are evaluated quantitatively.
Statistical sampling measures quantitatively the risk from testing only part of an audit population.
99
a. Advantages of statistical sampling: Conclusions may be drawn in more precise ways

when using statistical sampling because it enables the auditor to:
a. Measure the sufficiency of the audit evidence obtained.
b. Provide an objective basis for quantitatively evaluating sample results.
c. Design an efficient sample.
d. Quantify sampling risk so as to limit/control risk to an acceptable level.
b. Random sample selection: Random sample selection methods should be used in

statistical sampling. Such methods give all items in the population an equal chance to be
included in the sample to be audited.
2. Nonstatistical sampling – the sample size is not determined mathematically. Auditors use their
judgment in determining sample size, and sample results are evaluated judgmentally. Conclusions
may be drawn in more precise ways when using statistical sampling methods.
● It is acceptable for auditors to use either or combination of statistical and nonstatistical sampling.
● Both sampling approaches involve judgment in planning, executing the sampling plan, and
evaluating the results of the sample.
● Both sampling approaches can provide sufficient competent evidence.
● Sampling methods are used by auditors in both control testing and substantive testing.
● Basic distinction between statistical sampling and nonstatistical sampling: Statistical sampling is a
mathematical approach to inference, whereas nonstatistical sampling is a more subjective approach.
Auditor’s professional judgment:
Although statistical sampling aids the auditor in quantitative ways, it is not a substitute for professional
judgment. The auditor must exercise professional judgment in both statistical and nonstatistical sampling to:
a. Define the population and the sampling unit;
b. Select the appropriate sampling method;
c. Evaluate the appropriateness of audit evidence;
d. Evaluate the nature of deviations or errors;
e. Consider sampling risk; and
f. Evaluate the results obtained from the sample and project those results to the population.
Types of sampling:
Audit sampling is used for both tests of controls (attributes sampling) and for tests of details of
transactions and balances (usually, variables sampling). In both attributes sampling and variables sampling,
the plans may be either nonstatistical or statistical.
1. Attribute sampling – estimates the quality characteristic of a population; it estimates the rate of
deviation for internal controls that the auditor decides to rely upon
Applicability of attribute sampling: primarily used for test of controls because attribute sampling
deals with estimating deviation from internal control procedures
2. Variables sampling – estimates the numerical quantity of a population

Applicability of variable sampling: typically used in substantive testing of account balances
because variables sampling deal with peso balances
Sampling risk:
● The possibility that the auditor’s conclusion, based on a sample may be different from the conclusion
reached if the entire population were subjected to the same audit procedure.
● The risk that the sample is not representative of the population and that the auditor's conclusion will
be different from the conclusion had the auditor examined 100% of the population.
● The possibility that even though a sample is properly chosen, it may not be representative of the
population.
Two types of sampling risk:
1. Risk that affects audit effectiveness and may lead to an inappropriate audit opinion
(“Beta risk” or “Type II error”) – the risk the auditor will conclude that:
100
a. In the case of a test of control, that control risk is lower than it actually is, or
b. In the case of a substantive test, that a material error does not exist when in fact it does
2. Risk affects audit efficiency as it would usually lead to additional work to establish that
initial conclusions were incorrect (“Alpha risk” or “Type I error”) – the risk the auditor will
conclude that:
a. In the case of a test of control, that control risk is higher than it actually is, or
b. In the case of a substantive test, that a material error exists when in fact it does not
Aspects of audit risk: (Sampling risk and Nonsampling risk)
1. Sampling risk: aspects of audit risk that are due to sampling; the risk or the possibility that, when
a test of controls or a substantive test is restricted to a sample, the auditor's conclusions may be
different from the conclusions which would have been reached had the tests been applied to all items
in the account balance or class of transactions
a. Sampling risks in substantive testing: (Risk of incorrect acceptance and risk of

incorrect rejection)
1) Risk of incorrect acceptance – the risk that the recorded account balance (based on the
sample) is not materially misstated when in fact it is materially misstated (i.e., sample results
fail to identify an existing material misstatement).
➢ This means that the auditor wrongly concludes material error in an account
balance does not exist when in fact it does.
2) Risk of incorrect rejection – the risk that the recorded account balance (based on the
sample) is materially misstated when in fact it is not materially misstated (i.e., sample results
mistakenly indicate a material misstatement).
➢ This means that the auditor wrongly concludes that material error in an
account balance exists when in fact it does not.
b. Sampling risks in tests of controls: (Risk of assessing control risk to low and Risk of
assessing control risk to high)
a. Risk of assessing control risk too low – the risk that the assessed level of control risk
(based on the sample) is lower than the true level of control risk (i.e., sample results indicate
a lower deviation rate than actually exists in the population).
➢ This means that the auditor wrongly concludes that the control risk is low or
that client’s internal control system can be relied upon.
b. Risk of assessing control risk too high – the risk that the assessed level of control risk
(based on the sample) is higher than the true level of control risk (i.e., sample results
indicate a greater deviation rate than actually exists in the population).
➢ This means that the auditor wrongly concludes that the control risk is high or
that the client’s internal control system cannot be relied upon.
Analysis of sampling risks:
Aspects of Auditor’s Effect on audit work

sampling risks wrong because of wrong Sacrificed
conclusion conclusion
Risk of incorrect Not materially Performance of less Effectiveness of the audit
acceptance misstated when extensive substantive because it may lead to
in fact materially tests inappropriate opinion due
misstated to inappropriate less
extensive substantive tests
Risk of incorrect Materially Additional work Efficiency of the audit
rejection misstated when (performance of because of unnecessary
in fact not unnecessary more additional work
materially extensive substantive
misstated tests)
101
Risk of ↓CR than actual Performance of tests of Effectiveness of the audit

assessing CR – internal controls and less because it may lead to
control risk too control is reliable extensive substantive inappropriate opinion due
low tests to inappropriate less
extensive substantive tests
Risk of ↑ CR than actual Additional work Efficiency of the audit
assessing CR – internal (because non- because of unnecessary
control risk too control is not performance of tests of additional work
high reliable controls would lead to
the performance of
unnecessary more
extensive substantive
tests
2. Nonsampling risk: all aspects of audit risk that are not due to sampling. Nonsampling risk is the
possibility that auditors will arrive at an erroneous conclusion not because of the chosen sample but
due to other factors.
● Nonsampling risk is always present and cannot be measured.
● Nonsampling risk can be controlled by adequate planning and supervision of audit work and
proper adherence to quality control standards.
● Examples of nonsampling risk:
➢ The auditor might use/select inappropriate procedures (audit procedures that are not
appropriate to achieve a specific objective)
➢ The auditor might misinterpret evidence or the results of audit tests
➢ and fail to recognize an error (for example, failure by the auditor to recognize misstatements
in documents examined)
Sampling risk and non-sampling risk can affect the components of audit risk. For
example, when performing tests of control, the auditor may find no errors in a sample and conclude
that control risk is low, when the rate of error in the population is, in fact, unacceptably high
(sampling risk). Or there may be errors in the sample which the auditor fails to recognize (non-
sampling risk).
Types of statistical plans:
1. Attribute sampling – sampling in tests of controls
Attribute sampling is a statistical sampling method used to estimate the rate (%) of
occurrence (exception) of a specific characteristic or attribute. Samples taken to test the operating
effectiveness of controls are intended to provide a basis for the auditor to conclude whether the
controls are being applied as prescribed. Attribute sampling generally deals with yes/no questions.
For example, "Are time cards properly authorized (i.e., to assure recorded hours were worked)?", or
"Are invoices properly voided (e.g., stamped "paid") to prevent duplicate payments?"
Attribute sampling models:
a. Discovery sampling – a special type of attribute sampling appropriate when the auditor
believes the population deviation rate is zero or near zero. It is used when the auditor is looking
for a very critical characteristic or deviations (e.g., fraud). The auditor predetermines the desired
reliability (confidence) level (e.g., 95%) and the maximum acceptable tolerable rate (e.g., 1%),
and a table is then used to determine sample size. If no deviations are found in the sample, the
auditor can be 95% certain that the rate of deviation in the population does not exceed 1%. If
deviations are found, a regular attribute sampling table may be used to estimate the deviation
rate in the population, and audit procedures may need to be expanded.
b. Stop-or-go sampling (sequential sampling) – is designed to avoid oversampling for

attributes by allowing the auditor to stop an audit test before completing all steps. It is used
when few errors are expected in the population. Sequential sampling separates the sampling
process into several states. After a step, the auditor determines if it is warranted to accept or
increase the preliminary level of control risk.
2. Variables sampling – sampling in substantive tests:
102
a. Probability-proportional-to-size (PPS) sampling – sampling technique where the sampling

unit is defined as an individual peso in a population. Once a peso is selected, the entire account
(containing that peso) is audited.
● It is a sampling plan that automatically stratifies the population.
b. Classical variables sampling – a statistical sampling method used to estimate the numerical
measurement of a population, such as a peso value (e.g., accounts receivable balance). This
sampling method is used primarily in substantive testing. The objective of variables sampling is to
obtain evidence about the reasonableness of monetary amounts. The auditor estimates the true
value of the population by computing a point estimate of the population and computing a
precision interval around this point estimate. Classical variables sampling measures sampling risk
by using the variation of the underlying characteristic of interest.
Three commonly used classical variables sampling:
1. Mean-per-unit estimation – a sampling plan that uses the average value of the items
in the sample to estimate the true population value (i.e., estimate = average sample
value x number of items in population). MPU does not require the book value of the
population to estimate true population value.
2. Ratio estimation – a sampling plan that uses the ratio of the audited (correct) values
of items to their book values to project the true population value. Ratio estimation is a
highly efficient technique when the calculated audit amounts are approximately
proportional to the client's book amounts.
3. Difference estimation – a sampling plan that uses the average difference between the
audited (correct) values of items and their book values to project the actual population
value. Difference estimation is used instead of ratio estimation when the differences are
not nearly proportional to book values.
Comparison of PPS sampling to classical variables sampling
Advantages of PPS sampling Advantages of classical variables sampling

1. Generally easier to use 1. May result in a smaller sample size if there are
2. Size of sample not based on variation of many differences between audited and book
audited amounts values
3. Automatically results in a stratified sample 2. Easier to expand sample size if that becomes
4. Individually significant items are necessary
automatically identified 3. Selection of zero balances does not require
5. Usually results in a smaller sample size if no special sample design considerations
misstatements are expected 4. Inclusion of negative balances does not require
6. Can be easily designed and sample selection special sample design considerations
can begin before the complete population is
available
Factors influencing determination of sample size for tests of control and substantive procedures:
Factor Relationsh Required sample Analysis

ip to size
Tests of Substantive sample ↓ ↑
control procedures size Smaller Larger
Assessed level Direct ↓ Lower ↑ Higher The higher the auditor’s
of IR and CR assessment of inherent risk and
control risk, the larger the sample
size needs to be.
Acceptable Direct ↓ Lower ↑ Higher Higher inherent risk and control risk
level of imply that a lower detection risk is
103
detection risk needed to reduce the audit risk to

an acceptable low level, and lower
detection risk can be obtained by
increasing sample size.
Reliance on Inverse ↑ Higher ↓ Lower The more the auditor is relying on
other other substantive procedures to
substantive reduce to an acceptable level the
procedures detection risk, the less assurance
the auditor will require from
sampling and, therefore, the
smaller the sample size can be.
Expected Expected error Direct ↓ Lower ↑ Higher ● The higher the rate of deviation
deviation that the auditor expects, the
rate larger the sample size needs to
be so as to be in a position to
make a reasonable estimate of
the actual rate of deviation.
● The greater the amount of
error the auditor expects to find
in the population, the larger the
sample size needs to be in
order to make a reasonable
estimate of the actual amount
of error in the population.
Degree/level Degree/level Direct ↓ Lower ↑ Higher ● The more assurance the auditor
of intended of confidence intends to obtain from
reliance accounting and internal control
systems, the lower the auditor’s
assessment of control risk will
be, and the larger the sample
size will need to be.
● The greater the degree of
confidence that the auditor
requires that the results of the
sample are in fact indicative of
the actual incidence of error in
the population, the larger the
sample size needs to be.
Tolerable Tolerable Inverse and ↑ Higher ↓ Lower ● The lower the rate of deviation
deviation error indirect that the auditor is willing to
rate accept, the larger the sample
size needs to be.
● The lower the total error that
the auditor is willing to accept,
the larger the sample size
needs to be.
Risk of Inverse ↑ Higher ↓ Lower The more assurance the auditor
assessing intends to obtain from accounting
control risk and internal control systems, the
too low lower the auditor’s assessment of
control risk will be, and the larger
the sample size will need to be.
This is a sampling risk and sampling
risk is reduced by increasing the
sample size.
Risk of Inverse ↑ Higher ↓ Lower The greater the degree of
incorrect confidence that the auditor requires
acceptance that the results of the sample are in
fact indicative of the actual
incidence of error in the population,
the larger the sample size needs to
be. This is a sampling risk and
104
sampling risk is reduced by

increasing the sample size.
Number of items in the Negligible effect, that is, virtually no For large populations, the actual
population effect on sample size unless the size of the population has little, if
population is very small. In other any, effect on sample size. For
words, population size is not an small populations however, audit
issue provided the population is sampling is often not as efficient as
large. alternative means of obtaining
sufficient appropriate audit
evidence.
● When the deviation in the sample is at the expected deviation rate or less, the auditor can continue
using his planned assessment of control risk. If it happens to be greater than expected,
reassessment of risk is necessary. Usually, an increase in such should be made.
● The stronger the internal control, the lower the control risk, the lower the tolerable deviation rate.
Principal sample selection methods: Appropriate sample selection methods could reduce sampling risk.
a. Random-number sampling – use of a computerized random number generator or random number

tables.
b. Systematic selection – the number of sampling units in the population is divided by the sample
size to give a sampling interval regardless of the amount involved (for example 50, and having
determined a starting point within the first 50, each 50th sampling unit thereafter is selected).
c. Haphazard selection – the auditor selects the sample without following a structured technique, but
the method is intended to avoid or predictability (for example avoiding difficult to locate items, or
always choosing or avoiding the first or last entries on a page) and thus attempt to ensure that all
items in the population have a chance of selection. Haphazard selection is not appropriate when
using statistical sampling.
Other sample selection methods:
1. Value-weighted selection – sets the high-value items as priority to be included in the sample
2. Block selection – involves selecting a block(s) of contiguous items from within the population. Block
selection cannot ordinarily be used in audit sampling because most populations are structured such
that items in a sequence can be expected to have similar characteristics to each other, but different
characteristics from items elsewhere in the population.
3. Stratification – grouping of items of similar size and each group is treated as a separate population.
For example, assume 1,000 items are stratified into two groups: the 100 largest items will all be
examined individually, but sampling techniques will be applied to the remaining 900 items. In this
case, the population size for the sampling application would be 900, not 1,000. Stratification is used
when there is a wide range (variability) in the monetary size of items in the population.
Steps when applying a variables sampling
1. Define the objective of the test

● For example, the auditor wishes to estimate the value of an account balance (e.g., the
client's accounts receivable balance).
2. Define the population

● For example, the population might consist of 5,000 accounts with a recorded book value of
P4,500,000. The auditor would examine 100% of accounts for which potential errors could
equal or exceed the tolerable error and would exclude those accounts from the population to
be sampled.
3. Define the sampling unit

● The auditor should consider the completeness of the population in defining the sampling unit
(for example, each of the 5,000 accounts is a sampling unit)
105
4. Determine the sample size

● The auditor uses the following parameters, in conjunction with tables or formulas to
determine sample size.
1) Tolerable misstatement
2) Expected misstatement (size, frequency, etc.)
3) Acceptable level of risk: audit risk, risk of incorrect acceptance, and risk of incorrect
rejection
4) Characteristics of the population (e.g., an estimate of the standard deviation, or
variability, of the population)
5) Assessed risk: asses
5. Select the sample

● Sample items should be selected in such a way that the sample can be expected to be
representative of the population (e.g., random sampling).
● In this example, an appropriate sample would consist of individual account balances.
Confirmations could then be used to determine the audited values for sample items.
6. Evaluate the sample results

● The auditor projects the misstatements found in the sample to the population using one of
several methods (e.g., MPU, ratio, difference, etc.). The projected misstatement is applied to
the recorded balance to obtain a "point estimate" of the true balance.
● The auditor must then add an allowance for sampling risk (sometimes called a "precision
interval") to this estimate.
7. Form conclusions about the balances (or transactions) tested

● In deciding whether to accept the client's book value, the auditor determines whether the
recorded book value falls within the acceptable range (i.e., the point estimate +/- the
allowance for sampling risk). If so, the book value is fairly stated.
● The auditor's treatment of items selected for sampling that cannot be located (e.g., are
"lost") will depend on their effect on the auditor's evaluation of the sample.
● If the sample is representative of the population, the auditor generally will make a correct
decision regarding whether the account balance is fairly stated.
● If the sample is not representative of the population, the auditor will make an incorrect
decision, either accepting a materially misstated balance, or rejecting a fairly stated balance.
8. Document the sampling procedure

● The auditor must document each step in audit sampling, starting with planning and including
the rationale for the auditor's parameters, the performance of procedures, the observed
results, and the evaluation and interpretation of those results.
AUDIT DOCUMENTATION / WORKING PAPERS
AUDIT DOCUMENTATION
The auditor should prepare, on a timely basis, audit documentation that provides:
a. A sufficient and appropriate record of the basis for the auditor’s report; and
b. Evidence that the audit was performed in accordance with PSAs and applicable legal and regulatory
requirements.
Audit documentation:
● It refers to the documentation of audit evidences collected and evaluated by the auditor to support
the audit opinion.
● The records kept by the auditor that documents:
a. The procedures applied
b. The tests performed
c. The information or evidenced obtained, and
d. The conclusions the auditor reached in the engagement
● Also called “working papers” or “workpapers” or audit file
Purposes / functions of audit documentation:
106
File documentation plays a critical role in the planning and performance of the audit. During an audit
engagement, data are compiled and included in the audit working papers. It provides the record that work
was in fact performed and it forms the basis for the auditor’s report. It will also be used for quality control
reviews, monitoring of adherence to the accounting firm’s standards, and possibly inspections by third
parties.
1. Primary
● To support the auditor's conclusions/opinion/report on the financial statements (and not to
support the FS).
● To provides a basis for determining the appropriate audit report.
● To support the auditor's representation that an adequate audit was conducted in accordance with
PSA/GAAS
● To provide evidence of the audit work performed
● To assist the auditor in the planning, performance, review, supervision and coordination of the
engagement and in preparation of the audit report
● To show that the accounting records agree or reconcile with the financial statements
● Provide supervisory personnel the opportunity to assess the sufficiency of evidence obtained
during the audit
2. Other objectives:
● To assist the auditor in planning future audits
● To enable the audit team to be accountable for its work
● To provide information useful in rendering other services (MAS or tax consulting)
● To provide adequate defense in case of litigation
● To enable an experienced auditor to conduct quality control reviews and inspections in
accordance with quality control standards
● To enable an experienced auditor to conduct external inspections in accordance with applicable
legislation, regulations or other requirements
To comply with the quality control standards, firms should have policies and procedures that specifically
address engagement documentation. These documentation policies should be documented and
communicated to all staff.
Design of audit documentation:

● When preparing working papers, the auditor should remember that working papers should be
designed to meet the circumstances and the auditor's needs on each engagement.
Form, content and extent of audit documentation:

● Form, content and extent of audit documentation depend on auditor’s judgment – since it is neither
necessary nor practical to document every matter.
● Audit documentation should be complete in itself and should not require subsequent or additional
oral explanation.
● Audit documentation should be concise and limited only to essentials.
● Audit documentation should be appropriately organized to provide a clear link to the significant
matters
● Experienced auditor: The audit documentation should be in such form, content and extent of audit
documentation that would enable an experienced auditor, having no previous connection with the
audit, to understand:
a. The nature, timing, and extent of the audit procedures performed to comply with PSAs and
applicable legal and regulatory requirements
b. The results of the audit procedures and the audit evidence obtained, and
c. Significant matters arising during the audit and the conclusions reached thereon.
Factors to consider by the auditor in deciding the form, content and extent of audit
documentation:
a. Nature of the audit procedures to be performed;
b. Risks of material misstatement;
c. Extent of judgment required in performing the work and evaluating the results;
d. The significance of the audit evidence obtained;
e. Nature and extent of exceptions identified;
f. The need to document a conclusion or the basis for a conclusion not readily determinable from the
documentation of the work performed or audit evidence obtained; and
g. Audit methodology and tools used
107
Classification and composition of auditor’s working papers:

A. Continuing engagement (recurring audit):
1. Permanent file – contains information of continuing or long-term significance/interest to the
auditor in performing recurring audits, such as:
a. Information
● Organizational chart
● Analysis of business and industry
● Analyses of long-term accounts (such as PPE, long-term liabilities and of stockholders'
equity accounts)
● Analyses of internal control (flowchart, narrative descriptions, etc.)
b. Copies or extracts of entity’s important legal documents and agreements:
● Corporate charter or articles of Incorporation (or articles of co-partnership) and by-laws
● Major contracts (such as bond and note indentures)
● Pension plans, stock option plans, profit-sharing plans and employee bonus
● Terms of share capital and bond issues
● Engagement letter
2. Current audit file – contains evidence gathered and conclusions reached relevant to the audit
of a particular year. It is designed to support management assertions. Includes all papers
accumulated during the current year’s audit:
● Copy of the financial statements
● Audit plan and audit programs
● Working (top) trial balance – listing of unadjusted ending balances of accounts (contains
columns for adjusting and reclassifying entries)
● Adjusting and reclassifying entries – adjustments are made to correct material errors
while reclassifications are made to properly present information in the financial
statements
● Lead or top schedule (assembly sheet) – shows the major components of an amount
reported in the financial statements; this working paper show the grouping of related
accounts; it eliminates voluminous details from the auditor’s working trial balance by
classifying and summarizing similar or related items
● Supporting schedules – schedules that support specific amounts on the financial
statements; usually the largest portion of the audit file
● Audit memoranda – includes documentation on discussions of certain items such as
internal control, inventory observation, errors identified, and problems encountered
● Account analysis – shows the activity during the period in a particular short-term account
● Correspondence with other parties such as lawyers, customers, banks, and management
● Audit notes – used to record items of work to be done and questions concerning the
audit investigation
● Abstract or copies of minutes of board of directors’ meeting
B. One-time engagement – no distinction as to permanent or current file
Other types of files:

1. Tax files – contain file of information on client’s current and income taxes and other business taxes
that may be used as bases for:
a. Preparing current year’s tax returns
b. Preparing other tax-related services
c. Representing the client in tax assessment case
2. Correspondence file – contains all correspondence/letters to or from (or in behalf of) a client
3. Completion memorandum – a summary that describes the significant matters identified during the
audit and how they are addressed
Ownership of working papers or audit documentation:

Legal provision on ownership of working papers (Sec. 29 of RA 9298 – Ownership of
Working Papers): All working papers, schedules and memoranda made by a CPA and his staff in the
course of an examination, including those prepared and submitted by the client, incident to or in the course
of an examination, by such CPA, except reports submitted by a CPA to a client shall be treated confidential
and privileged and remain the property of such CPA in the absence of a written agreement between the CPA
and the client, to the contrary, unless such documents are required to be produced through subpoena issued
by any court, tribunal, or government regulatory or administrative body.
108
● Audit documentation or working papers are the property of the auditor/audit firm and the client
has no right to the working papers prepared by the auditor.
● Confidentiality of working papers: Although working papers are the personal property of the
auditor, they can not be shown to third parties under the rule on confidentiality unless it falls
under the certain exceptions such as production of documents through subpoena issued by any
court, tribunal, or government regulatory or administrative body.
● Although certain working papers may sometimes serve as a useful reference source for his client,
auditor’s working papers should not be regarded as part or substitute for the client's accounting
records.
● The audit documentation for a specific audit engagement is assembled in an audit file.
Auditor/CPA firm’s responsibility on audit documentation:

1. Policies and procedures: Establishment of policies and procedures on audit documentation
2. Confidentiality and safe custody: Adopt appropriate procedures for maintaining confidentiality
and safe custody of working papers and
3. Retention of audit documentation: Working papers should be retained by the auditor for a
period of time sufficient to meet the needs of his practice and to satisfy any pertinent legal
requirements of record retention. Retention period should be no shorter than 5 years from the date
of the auditor’s report, or, if later, the date of the group auditor’s report. The auditor should not
delete or discard audit documentation before the end of its retention period.
4. Completion of final audit file: within 60 days after the date of the auditor’s report
Deletion from/changes to audit documentation:

● After completion date: Not allowed
● During assembly process: Allowed but limited to changes that are administrative in nature, such
as:
1. Deleting or discarding superseded documentation
2. Sorting, collating and cross-referencing working papers
3. Signing off on completion checklists relating to the file assembly process
4. Documenting audit evidence that the auditor has obtained, discussed and agreed with the
relevant members of the audit team before the date of the auditor’s report.
Elements of working papers:

Working papers should be properly organized to facilitate their review. Working papers should have the
following elements:
1. Heading – used to properly identify each working paper; it includes the name of the client, type/title
of working paper, description of its content, and the date or period covered by the examination.
2. Dates and initial of staff and reviewers
3. Indexing – use of lettering or numbering system to aid in cross-referencing to other working papers
4. Cross-indexing / cross referencing – Audit working papers are indexed by means of reference
numbers. The primary purpose of cross-indexing audit working papers is to permit cross-referencing
and simplify supervisory review by providing a trail useful to the auditor and supervisors in reviewing
the working papers. (For example, reported findings should be adequately cross-referenced to
supporting documentation.)
Audit working papers should have an indexing system that shows the relationship between
findings, conclusions, and the related facts. The main advantage of properly indexed working papers
is to better organize the working papers.
5. Tick marks – symbols that describe the audit procedures performed. Tick marks are explained in
working papers.
Using electronic tools in working papers:

There are three important principles to note when using electronic tools in working paper preparation:
● All the requirements of the PSAs still apply;
● Electronic files require electronic document management. This addresses matters such as
accessibility (such as password access), data security, application management (including training),
back-up routines, edit rights, storage locations, review procedures, and decisions on what changes to
files will be tracked to provide the necessary audit trail; and
● Final documents (all documents that are required to be maintained to support the audit opinion)
must be retained and be accessible in accordance with the firm’s file retention policies.
COMPLETING THE AUDIT
109
The procedures being performed in completing the audit are necessary. These procedures are usually
performed by audit managers or other senior members of the audit team who have extensive audit
experience with the client because the procedures involve many subjective judgments by the auditor. These
procedures do not pertain to specific transaction cycles or accounts.
REVIEWING RELATED PARTY TRANSACTIONS
Management’s responsibility: Identification and disclosure of:

a. Related parties; and
b. Related party transactions
Auditor’s responsibility
1. Review related party transactions to ensure that they have been properly identified, recorded and
disclosed in the financial statements
2. Obtain a written representation from management concerning:
a. Completeness of information on identification of related parties; and
b. Adequacy of disclosure in the FS
● The auditor needs to have the level of knowledge of the entity’s business and industry that will
enable identification of the events and transactions and practices that may have material effect on
the financial statements.
● An audit cannot be expected to detect all related party transactions.
Reasons for the review: The auditor should modify the auditor’s report in case of:
● Inability to obtain sufficient appropriate audit evidence concerning related parties and transactions
with such parties
● Inadequate disclosure in the FS
PERFORM SUBSEQUENT EVENTS REVIEW
● Subsequent events refer to events occurring between period end (the date of the financial
statements or the balance sheet date) and the date of the auditor’s report that may affect the
financial statements and the auditor’s report.
● These events are also called post-balance sheet events/transactions since they occur after or
subsequent to the balance sheet date.
● Subsequent events may also refer to facts discovered after the date of the auditor’s report.
● The period between the date of the financial statements and the date of the auditor's report is called
the subsequent period. During this period, the auditor has an active responsibility to investigate
certain subsequent events.
Types of subsequent events:
1. Those requiring adjustment – those that provide evidence of conditions that existed at the date
of the financial statements.
Examples:
● Settlement of litigation in excess of amount recorded
● Loss on uncollectible accounts resulting from of customer’s continued deteriorating financial
condition leading to bankruptcy
2. Those requiring disclosure – events that are indicative of conditions that arose after the date of
Examples:
● Issuance of bonds/stocks after the BS date
● Major purchase of a business
● Loss on inventory due to fire that occurred in the subsequent period
● Loss of plant due to flood
● Loss on uncollectible receivable because of a major catastrophe suffered by the customer after
the BS date
Subsequent events relevant to the auditor: limited to those subsequent events (both requiring
adjustment or disclosure) that occur subsequent to date of the FS and the date of the auditor’s report
110
Auditor’s responsibility for subsequent events:
1. Perform audit procedures designed to identify subsequent events
The auditor should perform procedures designed to obtain sufficient appropriate audit evidence
that all events up to the date of the auditor’s report that may require adjustment of, or disclosure in,
the financial statements have been identified.
These procedures would include:

a. Reviewing procedures management has established to ensure that subsequent events are
identified.
b. Inquiry:
● Inquiring of management as to whether any subsequent events have occurred which
might affect the financial statements.
● Inquiring of the entity’s legal counsel concerning litigation claims, and assessments
c. Reading minutes of the meetings (of shareholders, those charged with governance, audit
and executive committees) including those held after period end and inquiring about
matters discussed at meetings for which minutes are not yet available.
d. Reading the entity’s latest available interim financial statements as well as budgets and
cash flow forecasts and other related management reports; compare them with the
financial statements under audit.
e. Obtaining representation letter from management regarding whether any events occurred
during the subsequent period that require adjustments to or disclosure in the financial
statements.
Examples of inquiries of management on specific matters are:

● Current status of items that were accounted for on the basis of preliminary or
inconclusive data
● New commitments, borrowings or guarantees
● Sales or acquisition of assets that have occurred or are planned
● Issue of new shares or debentures or an agreement to merge or liquidate that is made
or planned
● Any assets that have been appropriated by government or destroyed, for example, by
fire or flood
● Any developments regarding risk areas and contingencies
● Any unusual accounting adjustments made or contemplated
● Any events that have occurred or are likely to occur which will bring into question the
appropriateness of accounting policies used in the financial statements (such as going-
concern issues).
2. To consider/evaluate the effect of subsequent events (whether such events are properly
accounted for and adequately disclosed) on the financial statements and on the auditor’s
report
When subsequent events that materially affect the financial statements are identified, the
auditor should consider whether such events are properly accounted for and adequately disclosed in
LITIGATIONS AND CLAIMS
Litigation and claims involving an entity may have a material effect on the financial statements and thus
may be required to be disclosed and/or provided for in the financial statements.
Audit procedures regarding litigation and claims:
1. Identify existence of any litigation and claims
The auditor should carry out procedures to identify existence of any litigations and claims
involving the entity which may result in a material misstatement of the financial statements. Such
procedures would include the following:
● Make appropriate inquiries of management including obtaining representations
● Review minutes of those charged with governance and correspondence with the entity’s legal
111
counsel
● Examine legal expense accounts, and
● Use any information obtained regarding the entity’s business including information obtained
from discussions with any in-house legal department.
2. Communicate directly with the entity’s lawyers.
The auditor should seek direct communication with the entity’s lawyers when litigation or claims
have been identified or when the auditor believes they may exist. The letter would ordinarily specify
the following:
● A list of litigation and claims;
● Management’s assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved; and
● A request that the entity’s legal counsel confirm the reasonableness of management’s
assessments and provide the auditor with further information if the list is considered by the
entity’s legal counsel to be incomplete or incorrect.
The letter, which should be prepared by management and sent by the auditor, should request
the lawyer to communicate directly with the auditor.
If management refuses to give the auditor permission to communicate with the entity’s legal
counsel, this would be a scope limitation and should ordinarily lead to a qualified opinion or a
disclaimer of opinion. Where the entity’s legal counsel refuses to respond in an appropriate manner
and the auditor is unable to obtain sufficient appropriate audit evidence by applying alternative audit
procedures, the auditor would consider whether there is a scope limitation which may lead to a
qualified opinion or a disclaimer of opinion.
PERFORMING WRAP-UP PROCEDURES
Performing analytical procedures in the overall review at/near the end of the audit
Analytical procedures involve analysis of significant ratios and trends including the resultant
investigation of fluctuations and relationships that are inconsistent with other relevant information or
expectation:
Analytical procedures are required to be performed during the planning and overall review
stages.
● Purpose of performing analytical procedures in the overall review stage of the audit: to
ensure that the auditor’s overall conclusion as to whether the financial statements as a whole are
consistent with the auditor’s understanding of the entity.
● Auditor’s focus when performing analytical procedures in the overall review stage:
a. Identifying unusual fluctuations or transactions or unexpected account balances that were not
previously identified
➢ Requires investigation, adequate explanation and appropriate corroborative evidence by
performing additional tests of details
b. Assessing the validity of the conclusions reached and evaluating the overall financial statements
presentation
Assessing going concern assumption
● Financial statements are ordinarily prepared based on going concern basis, contrary to the quitting
concern basis, in the absence of information to the contrary. This means that the assets and
liabilities are recorded on the basis that the entity will be able to realize its assets and discharge its
liabilities in the normal course of business.
● Going concern assumption – an entity is ordinarily viewed as continuing in business for the
foreseeable future with neither the intention nor the necessity of liquidation, ceasing trading or
seeking protection from creditors pursuant to laws and regulations.
112
Management’s responsibility:
a. Management should assess the entity’s ability to continue as a going concern – making a
judgment about the future outcome of uncertain events or conditions (for a period of one year
from balance sheet date)
b. To disclosure (based on the result of assessment)
Disclosure requirements if FS are not prepared on a going concern basis:

a. The fact that FS are not prepared on a going concern basis
b. The basis on which the FS are prepared, and
c. The reasons why the entity is not regarded as a going concern
Auditor’s responsibility:
a. Overall evaluation of the appropriateness of management’s use of the going concern assumption
in the preparation of the financial statements
b. Identifying material uncertainties about the entity’s ability to continue as a going concern that
need to be disclosed in the financial statements
c. Whether such events or conditions are adequately disclosed in the financial statements
d. Consider report modification because of these events or conditions
e. If conditions or events such as those identified previously create substantial doubt as to the
ability of the entity to continue as a going concern, the auditor should consider whether
management has feasible plans (plans for and the ability to implement alternative means of
maintaining adequate cash flows)
The auditor has no responsibility to predict future events or conditions that may cause an entity to
cease to continue as a going concern. Thus, auditors are not required to design audit procedures
solely to detect going concern problems.
Examples of events/conditions that may signify existence

of a material going concern uncertainty
Events or conditions that may give rise to business risks, that individually or collectively, may cast
doubt about the entity’s ability to continue as a going concern:
Financial events and conditions:

● Net liability or net current liability position
● Maturing fixed-term borrowings without realistic prospects of renewal or repayment
● Indications of withdrawal of financial support by debtors and other creditors
● Negative operating cash flows
● Adverse key financial ratios
● Substantial operating losses
● Significant deterioration in value of assets used to generate cash flows
● Arrears or discontinuance of dividends
● Inability to pay creditors on due dates
● Inability to comply with the terms of loan agreements or other statutory requirements
● Change from credit to cash-on-delivery transactions with suppliers
● Inability to obtain financing for essential new product development or other essential
investments
Operating events and conditions:

● Loss of key management without replacement
● Loss of a major market, franchise, license, or principal supplier
● Labor difficulties or shortages of important supplies
Other events and conditions:

● Noncompliance with capital or statutory requirements
● Pending legal or regulatory proceedings against the entity that may, if successful, result in
claims that are unlikely to be satisfied
● Changes in legislation or government policy expected to adversely affect the entity
Factors that can mitigate the adverse effects of identified material going concern
uncertainty: The auditor should consider whether management has plans for and the ability to
implement alternative means of maintaining adequate cash flows to mitigate events and conditions that
113
may cast doubt about the entity’s ability to continue as a going concern.
Examples of mitigating factors:

● When there is a history of profitable operations and a ready access to financial resources
● Management has plans and ability to maintain adequate cash flows by alternative means, such
as:
➢ Disposal of assets (including disposal of operations producing negative cash flows)
➢ Borrowing money or restructuring debt
➢ Leasing (instead of purchasing) of PPE items
➢ Renewal or, extension or rescheduling of loan repayments
➢ Reducing or delaying or postponing expenditures
➢ Obtaining additional capital
➢ Reducing or postponing dividend payments
● Availability of alternative source of supply in case of loss of a principal supplier
Audit procedures to identify conditions and events that may cast doubt about an entity’s
ability to continue as a going concern:
● Analytical procedures
● Subsequent events review
● Review of compliance with debt and loan agreements
● Reading minutes of meetings
● Inquiry of legal counsel
● Confirmation with related and third parties of arrangements for financial support
MANAGEMENT REPRESENTATION LETTER:
● Auditor’s responsibility: The auditor should obtain appropriate written representations from
management.
Management letter vs. management representation letter:

Management letter is a letter to management regarding internal control deficiencies/weaknesses.
On the other hand, management representation letter is a letter from the management
confirming its responsibility and its oral representations.
● Management’s responsibility: Management has responsibility to provide written representations

(this responsibility is included in the engagement letter that sets out the terms of engagement).
● Purposes of a management representation letter:

a. Main: To emphasize or impress upon management its ultimate responsibility for the financial
statements
b. Other purposes:
➢ It confirms oral representations made by management during the audit
➢ It reduces the possibility of misunderstanding between the auditor and the client concerning
the matters that are the subject of the representations
➢ It documents management’s acceptance acknowledgment of its responsibility for fair
presentation of the financial statements
➢ It may provide corroborative evidence when audit evidence may not be reasonably expected
to be available
For example: Audit evidence to corroborate management’s intention to hold a specific
investment for long-term appreciation or to discontinue a line of business
➢ It complements, but do not replace or substitute, other audit procedures or other audit
evidence that the auditor could reasonably expect to be available
● Forms of management representations: Management representations may be verbal, whether

solicited or unsolicited, or written, whether explicitly such as contained in a management
representation letter or implicitly such as contained in financial information provided. The forms of
representations include:
a. A representation letter from management – known as the management representation
letter or client’s representation letter
b. A letter from the auditor ( confirmatory letter) – outlining the auditor’s understanding of
management’s representations, duly acknowledged and confirmed by management
c. Relevant minutes of meetings (of the board of directors or similar body)
114
d. Signed copy of the financial statements

e. Matters communicated in discussions or electronically such as e-mails or telephone
messages.
f. Schedules, analyses, and reports prepared by the entity, and management’s notations and
comments therein.
● Basic elements of a management representation letter:

a. Addressee: Should be addressed to the auditor
b. Contents: Should contain the specified information
c. Date: Should be appropriately dated (ordinarily coincides with date of the auditor’s report)
d. Signatory: Should be appropriately signed by the members of management who have
primary or overall responsibility for financial and operating aspects of the entity
Appropriate signatory of a management representation letter:

● Owner-manager
● Chief/senior executive officer
● Chief/senior financial officer
● Other members of management
● Basic contents of management representation letter:

➢ That management acknowledges its responsibility for the fair presentation of the financial
statements in accordance with the applicable financial reporting framework
➢ That management has approved the financial statements
➢ That management acknowledges its responsibility for the design and implementation of internal
control to prevent and detect error
➢ That management believes the effects of those uncorrected financial statement misstatements
aggregated by the auditor during the audit are immaterial, both individually and in the
aggregate, to the financial statements taken as a whole
● Classification of matters to be included in a management representation letter: Written

confirmation or representations should be obtained for all significant representations provided to the
auditor for all financial statements on which the auditor reports. These representations are grouped
below:
a. Representations that directly relate to items that are material, either individually or in aggregate,
to the financial statements.
b. Representations not directly related to items that are material to the financial statements but are
significant, either individually or in aggregate, to the engagement.
c. Representations that are relevant to management’s judgments or estimates that are material,
either individually or in aggregate, to the financial statements.
Specific matters included in a management representation letter:

● Management’s acknowledgement of its responsibility for the fair presentation of the FS
● Management’s acknowledgement of its responsibility for the design and
implementation of internal control to prevent and detect error
● Availability of all financial records and related data and minutes of meetings (of
shareholders, board of directors, and committee of directors)
● Irregularities involving management or employees
● Confirmation on the completeness of the information provided regarding the
identification of related parties
● That the FS are free of material misstatements, including omissions
● Compliance or noncompliance with aspects of contractual agreements or requirements
of regulatory that could have a material effect on the FS in the event of
noncompliance.
● Plans or intentions that may materially alter the carrying value or classification of
assets and liabilities
● Plans to abandon lines of product or other plans or intentions that will result in any
excess or obsolete inventory, and no inventory is stated at an amount in excess of net
realizable value
● Satisfactory title on assets and liens or encumbrances on the company’s assets
● Communications from regulatory agencies concerning noncompliance with/or
deficiencies in financial reporting practices
● Information or recording and/or disclosure of:
115
➢ The identity of, and balances and transactions with, related parties
➢ Losses arising from sale and purchase commitments
➢ Agreements and options to buy back assets previously sold
➢ Assets pledged as collateral
➢ All liabilities, both actual and contingent
➢ Formal or informal compensating balance arrangements or other arrangements
involving restrictions on cash balances and credit line or similar arrangements
➢ Subsequent events requiring adjustment of or disclosure in the FS
➢ Claims and assessments in connection with litigation
➢ Capital stock repurchase options and agreements, and capital stock reserved for
options, warrants, conversions and other requirements
● Limitations of management representations: although management representations are

considered part of evidential matter, they (are):
➢ Not a substitute for performing other audit procedures or a means to reduce the auditor’s
responsibility
➢ Not as the sole source of evidence on significant audit matters
➢ Cannot be substitute for other audit evidence that the auditor could reasonably expect to be
available
● Auditor’s responsibility on representations relating to matters that are material to the

financial statements:
a. Seek corroborative audit evidence from sources inside or outside the entity;
b. Evaluate whether the representations made by management appear reasonable and consistent
with other audit evidence obtained, including other representations; and
c. Consider whether the individuals making the representations can be expected to be well informed
on the particular matters.
● Example of a management representation letter: The following letter is not intended to be a

standard letter. Representations by management will vary from one entity to another and from one
period to the next.
(Entity Letterhead)
(To Auditor) (Date)
This representation letter is provided in connection with your audit of the financial statements of
ABC Company for the year ended December 31, 19X1 for the purpose of expressing an opinion as
to whether the financial statements present fairly, in all material respects, the financial position of
ABC Company as of December 31, 19X1 and of the results of its operations and its cash flows for
the year then ended in accordance with (indicate applicable financial reporting framework).
We acknowledge our responsibility for the fair presentation of the financial statements
in accordance with (indicate applicable financial reporting framework).
We confirm, to the best of our knowledge and belief, the following representations:
● There have been no irregularities involving management or employees who have a significant
role in internal control or that could have a material effect on the financial statements.
● We have made available to you all books of account and supporting documentation and all
minutes of meetings of shareholders and the board of directors (namely those held on March
15, 19X1 and September 30, 19X1, respectively).
● We confirm the completeness of the information provided regarding the identification of related
parties.
● If required, add “On behalf of the board of directors (or similar body).”
● The financial statements are free of material misstatements, including omissions.
116
● The Company has complied with all aspects of contractual agreements that could have a
material effect on the financial statements in the event of noncompliance.
● There has been no noncompliance with requirements of regulatory authorities that could have a
material effect on the financial statements in the event of noncompliance.
● The following have been properly recorded and, when appropriate, adequately disclosed in the
financial statements:
➢ The identity of, and balances and transactions with, related parties.
➢ Losses arising from sale and purchase commitments.
➢ Agreements and options to buy back assets previously sold.
➢ Assets pledged as collateral.
● We have no plans or intentions that may materially alter the carrying value or classification of
assets and liabilities reflected in the financial statements.
● We have no plans to abandon lines of product or other plans or intentions that will result in any
excess or obsolete inventory, and no inventory is stated at an amount in excess of net realizable
value.
● The Company has satisfactory title to all assets and there are no liens or encumbrances on the
company’s assets, except for those that are disclosed in Note X to the financial statements.
● We have recorded or disclosed, as appropriate, all liabilities, both actual and contingent, and
have disclosed in Note X to the financial statements all guarantees that we have given to third
parties.
● Other than . . . described in Note X to the financial statements, there have been no events
subsequent to period end which require adjustment of or disclosure in the financial statements
or Notes thereto.
● The . . . claim by XYZ Company has been settled for the total sum of XXX which has been
properly accrued in the financial statements. No other claims in connection with litigation have
been or are expected to be received.
● There are no formal or informal compensating balance arrangements with any of our cash and
investment accounts. Except as disclosed in Note X to the financial statements, we have no
other line of credit arrangements.
● We have properly recorded or disclosed in the financial statements the capital stock repurchase
options and agreements, and capital stock reserved for options, warrants, conversions and
other requirements.
Yours truly,
(Senior Executive Officer)
(Senior Financial Officer)
● Legal representation letter – client’s letter of inquiry to lawyer who have been consulted by the
client concerning litigation, claims, or assessments to provide corroborative evidential matter; such
letter of inquiry should be mailed only by the auditor after preparation by the client and review by the
auditor
● Application of materiality:
1. Representations may be limited to matters that are considered either individually or collectively
material to the financial statements
2. Materiality limits would not apply when obtaining written client representation on:
a. Fraud or irregularities involving management
b. Availability of minutes of meetings
117
● Effect if management refuses to provide the necessary written representations: Refusal

by management to provide a written representation requested by the auditor that the auditor deems
necessary constitutes a scope limitation and would result in a qualified opinion or a disclaimer of
opinion. In such circumstances, also consider:
a. Any reliance placed on other representations made by management during the audit; and
b. Any additional implications of the refusal on the auditor’s report.
● When management representation is contradicted by other audit evidence: The auditor

should investigate the circumstances and, when necessary, reconsider the reliability of other
representations made by management
SUBSEQUENT DISCOVERY OF OMITTED PROCEDURES AFTER SUBMISSION OF THE AUDIT

REPORT
● Omitted audit procedures may be discovered (after the audit report has been submitted) during a
firm's internal inspection program or during peer review.
● Auditor’s action:
a. The auditor should assess the importance of the omitted procedures to his ability to support
the audit opinion.
b. The auditor should determine whether other audit procedures that were applied tend to
compensate for the omitted audit procedures. If so, no further action is necessary.
c. If, on the other hand, the omitted audit procedures impair the auditor's ability to support the
previously issued opinion, and there are people relying (or likely to rely) on the report, then
the auditor should promptly undertake to apply the omitted procedures or the corresponding
alternative procedures.
d. If, after applying the omitted procedures, the auditor determines that the financial
statements are materially misstated and that the auditor's report is inappropriate, the auditor
should discuss the matter with the management and take steps to prevent future reliance on
the report.
THE AUDITOR’S REPORT ON FINANCIAL STATEMENTS

(Based on PSA 700 revised – The Independent Auditor’s Report
On a Complete Set of General Purpose Financial Statements)
Introduction
At the end of the audit, the auditor shall:

a) Form an opinion on the financial statements (FSs) based on an evaluation of the conclusions drawn from
the audit evidence obtained; and
b) Express clearly that opinion through a written report that also describes the basis for the opinion.
Auditor’s Opinions
Types of Auditor’s Opinions
a) Unmodified (unqualified) opinion—The opinion expressed when the FSs are prepared, in all material
respects, in accordance with the applicable FRF.
b) Modified opinion—The three types of are:
i. Qualified opinion – the auditor is satisfied that the FSs are presented fairly, except for a specific
aspect of them.
ii. Adverse opinion – the auditor does not believe the FSs are fairly presented.
iii. Disclaimer of opinion – the auditor does not know if the FSs are presented fairly.
The table below illustrates how the auditor’s judgment about the affects the type of opinion to be expressed.
Nature of Matter Giving Rise to the Material but Not Material and Pervasive
Modification Pervasive
FSs are materially misstated Qualified opinion Adverse opinion
Inability to obtain SAAE (Scope limitation):
118
Due to management imposed Qualified opinion Resign, if appropriate; or

limitation Disclaimer of opinion
Other limitations Qualified opinion Disclaimer of opinion
Pervasive effects or possible effects on the FSs are those that, in the auditor’s judgment:
a) Are not confined to specific elements, accounts or items of the FSs;
b) If so confined, represent or could represent a substantial proportion of the FSs; or
c) In relation to disclosures, are fundamental to users’ understanding of the FSs.
Auditor’s Reports
The auditor’s report shall be in writing (hard copy format or an electronic medium).
Standard Auditor’s Report
The following are the parts of a standard auditor’s report with unqualified opinion without emphasis of matter
paragraph and other matter paragraph:
a) Title
b) Addressee
c) Sub-title (if the report includes “Other Reporting Responsibilities” paragraph in (h))
d) Introductory Paragraph
e) Management’s Responsibility for the financial statements
f) Auditor’s Responsibility
g) Auditor’s Opinion
h) Other Reporting Responsibilities, if applicable
i) Signature of the Auditor
j) Date of the Auditor’s Report
k) Auditor’s Address
Title
The auditor’s report shall have a title that clearly indicates that it is the report of an independent auditor. For
example, “Independent Auditor’s Report,” affirms that the auditor has met all of the relevant ethical
requirements regarding independence and distinguishes the independent auditor’s report from reports issued
by others.
Addressee
The auditor’s report is normally addressed to those for whom the report is prepared, often either to the
shareholders and/or to TCWG of the entity.
Introductory Paragraph
The introductory paragraph in the auditor’s report shall:

a) Identify the entity whose FSs have been audited;
b) State that the FSs have been audited;
c) Identify the title of each statement comprising the FSs;
d) Refer to the summary of significant accounting policies and other explanatory information; and
e) Specify the date or period covered by each FS comprising the FSs.
Management’s Responsibility for the Financial Statements
This section describes the responsibilities of those in the organization responsible for the FSs and internal
control relevant to the preparation of FSs that are free from material misstatement, whether due to fraud or
error.
Auditor’s Responsibility
This section states that the responsibility of the auditor is to express an opinion on the FSs based on the
audit.
119
Auditor’s Opinion
This includes a section with the heading “Opinion.” Use the phrase: The financial statements present fairly, in
all material respects, in accordance with [the applicable financial reporting framework].
Other Reporting Responsibilities
If the auditor addresses other reporting responsibilities (e.g., reportorial requirement of regulatory
authorities) in the auditor’s report on the FSs that are in addition to to report on the FSs, these shall be
addressed in a separate section in the auditor’s report that shall be sub-titled “Report on Other Legal and
Regulatory Requirements”.
Signature of the Auditor
The auditor’s report shall be signed. The auditor’s signature is either in the name of the audit firm, the
personal name of the auditor or both, as appropriate.
In the Philippines, Securities Regulation Code (SRC) Rule 68 requires that the auditor’s report on FSs filed
with the Securities and Exchange Commission (SEC), which will likewise be filed with the Bureau of Internal
Revenue (BIR), be manually signed. In case of an auditing firm, the certifying partner shall sign his/her own
signature and shall indicate that he/she is signing for the firm, the name of which is also indicated in the
report. The auditor is also required to state the signing accountant’s license number, Tax Identification No.
(TIN), Privilege Tax Receipt (PTR) No., registration number with the PRC/BOA, and accreditation issued by
the SEC.
Date of the Auditor’s Report
The auditor’s report shall be dated no earlier than the date on which the auditor has obtained SAAE on which
to base the auditor’s opinion on the FSs, including evidence that:
a. All the statements that comprise the FSs, including the related notes, have been prepared; and
b. Those with the recognized authority have asserted that they have taken responsibility for those FSs.
The date of the auditor’s report informs the user of the auditor’s report that the auditor has considered the
effect of events and transactions of which the auditor became aware and that occurred up to that date.
In the Philippines, under SRC Rule 68, management is required to submit to the SEC, together with the FSs, a
‘Statement of Management Responsibility’ that indicates, that the company’s Board of Directors reviewed and
approved the FSs before such statements are submitted to the stockholders of the company.
Modifications to Auditor’s Report
The instances of modifications include when the auditor:

● adds “Emphasis of Matter Paragraph”
● includes “Other of Matter Paragraph”
● provides modified auditor’s opinion
Emphasis of Matter Paragraph
A paragraph included in the auditor’s report that refers to a matter appropriately presented or disclosed in
the FSs, in the auditor’s judgment, is of such importance that it is fundamental to users’ understanding of the
FSs. The auditor can include emphasis of matter paragraph provided the auditor has obtained SAAE that the
matter is not materially misstated in the FSs. The inclusion of this paragraph in the auditor’s report does not
affect the auditor’s opinion.
When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the auditor shall:
● Include it immediately after the Opinion paragraph;
● Use the heading “Emphasis of Matter,” or other appropriate heading;
120
● Include in the paragraph a clear reference to the matter being emphasized and to where relevant
disclosures that fully describe the matter can be found in the FSs; and
● Indicate that the auditor’s opinion is not modified in respect of the matter emphasized
Other Matter Paragraph
A paragraph included in the auditor’s report that refers to a matter other than those presented or disclosed in
the FSs that, in the auditor’s judgment, is relevant to users’ understanding of the audit, the auditor’s
responsibilities or the auditor’s report.
The auditor shall include this paragraph immediately after the Opinion paragraph and any Emphasis of Matter
paragraph, or elsewhere in the auditor’s report if the content of the Other Matter paragraph is relevant to the
Other Reporting Responsibilities section.
Modified Auditor’s Opinions
Description of Introductory Paragraph

● Qualified or Adverse Opinion – No modification made.
● Disclaimer of Opinion – Amend this paragraph of the auditor’s report to state that the auditor was only
engaged (not audited) to audit the FSs.
Description of Auditor’s Responsibility Paragraph

● Qualified or Adverse Opinion – Amend this section to state that the auditor believes that the audit
evidence the auditor has obtained is sufficient and appropriate to provide a basis for the auditor’s
modified audit opinion.
● Disclaimer of Opinion – Amend this section to state only the following: “Our responsibility is to express an
opinion on the financial statements based on conducting the audit in accordance with Philippine
Standards on Auditing. Because of the matter(s) described in the Basis for Disclaimer of Opinion
paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a basis
for an audit opinion.”
Basis for Modification Paragraph

● The auditor shall include additional paragraph on the standard auditor’s report immediately before the
opinion paragraph, and use the heading “Basis for Qualified Opinion,” “Basis for Adverse Opinion,” or
“Basis for Disclaimer of Opinion,” as appropriate.
Opinion Paragraph
● The auditor shall use the heading “Qualified Opinion,” “Adverse Opinion,” or “Disclaimer of Opinion,” as
appropriate, for the opinion paragraph.
Sample of Auditor’s Reports
INDEPENDENT AUDITOR’S REPORT
The Board of Directors and Shareholders
Report on the Financial Statements
We have audited [if disclaimer of opinion, We were engaged to audit] the accompanying financial statements
of [Name of Client], which comprise the statements of financial position as at [Reporting Date], 2012 and
2011, and the statements of [comprehensive income, income, operations, or other appropriate title used in
the financial statements], statements of changes in equity and statements of cash flows for the years then
ended, and a summary of significant accounting policies and other explanatory information.
Management is responsible for the preparation and fair presentation of these financial statements in
accordance with [Applicable Financial Reporting Framework], and for such internal control as management
determines is necessary to enable the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.
Auditors’ Responsibility
121
[If qualified opinion or adverse]
Our responsibility is to express an opinion on these financial statements based on our audits. We conducted
our audits in accordance with Philippine Standards on Auditing. Those standards require that we comply with
ethical requirements and plan and perform the audit to obtain reasonable assurance about whether the
financial statements are free from material misstatement.
An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the
financial statements. The procedures selected depend on the auditors’ judgment, including the assessment
of the risks of material misstatement of the financial statements, whether due to fraud or error. In making
those risk assessments, the auditors consider internal control relevant to the entity’s preparation and fair
presentation of the financial statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as evaluating the overall presentation
of the financial statements.
We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our
[qualified or adverse, as appropriate] audit opinion.
[If disclaimer of opinion]
Our responsibility is to express an opinion on these financial statements based on conducting the audit in
accordance with Philippine Standards on Auditing. Because of the matter described in the Basis for Disclaimer
of Opinion paragraph, however, we were not able to obtain sufficient appropriate audit evidence to provide a
basis for an audit opinion.
Opinion [If unqualified/unmodified opinion]
In our opinion, the financial statements present fairly, in all material respects, the financial position of [Name
of Client] as at [Reporting Date], 2012 and 2011, and its financial performance and its cash flows for the
years then ended in accordance with [Applicable financial reporting framework].
[If qualified opinion]
Basis for Qualified Opinion
The Company’s inventories are recognized in the statement of financial position at P16 million Based on the
audit evidence obtained, we believe that an adjustment to inventories of P5 million is required to recognize
slow moving items at their net realized value. The tax effect of this adjustment is P1.5 million. Accordingly,
we believe that shareholders’ equity and profit for the year are overstated by P3.5 million respectively.]
Qualified Opinion
In our opinion, except for the effects of the matters descried in the basis for qualified opinion paragraph, the
financial statements present fairly, in all material respects, the financial position of [Name of Client] as of
[Reporting Date], 2012 and 2011, and its financial performance and its cash flows for the years ended in
accordance with Philippine Financial Reporting Standards.
[If adverse opinion]
Basis for Adverse Opinion
As discussed in Note X to the financial statements, the Company’s financing arrangements expired and the
amount outstanding was payable on December 31, 20XI. The company has been unable to re-negotiate or
obtain replacement financing and is considering filling for bankruptcy. Based on the audit evidence obtained,
we believe that the company will not be able to meet its obligations in the ordinary course of business.
Accordingly, we do not agree with management’s preparation and presentation of financial statements on a
going concern basis. Had the financial statements been prepared on a liquidation basis of accounting, we
believe that it would have had a significant negative effect on the company’s financial position and financial
performance.
Adverse Opinion
122
Adverse Opinion
In our opinion, because of the significance of the matter discussed in the basis for adverse opinion
paragraph, the financial statements do not present fairly, in all material respects the financial position [Name
of Client] as of [Reporting Date], 2012 and 2011, and of its financial performance and its cash flows for the
years then ended in accordance with Philippine Financial Reporting Standards.
[If disclaimer of opinion]
Basis for Disclaimer of Opinion
The company’s investment in its joint venture XYZ (Country X) Company is carried at xxx on the company’s
statement of financial position, which represents over 90% of the company’s net assets as at December 31,
2012. We were not allowed access to the management and the auditors of XYZ, including XYZ’s auditors’
audit documentation. As a result, we were unable to determine whether any adjustments were necessary in
respect of the company’s proportional share of XYZ’s assets that it controls jointly, its proportional share of
XYZ’s liabilities for which it is jointly responsible, its proportional share of XYZ’s income and expenses for the
year, and the elements making up the statement of changes in equity and statement of cash flow.
Disclaimer of Opinion
Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we have
not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion.
Accordingly, we do not express an opinion on the financial statements.
[If with emphasis of a matter]
Emphasis of Matter
We draw attention to Note X to the financial statements, which appropriately describe the significant
uncertainty related to the outcome of a lawsuit in which the company is the defendant. The lawsuit alleges
infringement of certain patent right and claims royalties and punitive damages in the amount of P10 million to
the outcome of the lawsuit, the company believes that it will be able to successfully defend its case and,
accordingly, no provision for any liability that may result has been recognized in the financial statements. Our
opinion is not qualified in respect of this matter.
Report on Other Legal and Regulatory Requirements
[NAME OF AUDITING FIRM]

BOA Registration No.
SEC Accreditation No.
TIN
By:
[NAME OF PARTNER]
Partner
CPA License No.
SEC A.N.
TIN
BIR AN.
PTR No., Issued on [Date, Place of Issue]
Makati City, Philippines
[Date of Auditors’ Report]
Supplementary Information Presented with the Financial Statements
Supplementary information – information that is presented together with the FSs that is not required by the
applicable FRF used to prepare the FSs, normally presented in either supplementary schedules or as
123
additional notes.
The auditor shall evaluate whether such supplementary information is clearly differentiated from the audited
FSs. If such supplementary information is not clearly differentiated, the auditor shall ask management to
change how the unaudited supplementary information is presented. If management refuses to do so, the
auditor shall explain in the auditor’s report that such supplementary information has not been audited. The
fact that supplementary information is unaudited does not relieve the auditor of the responsibility to read that
information to identify material inconsistencies with the audited financial statements.
Comparative Information
The two broad approaches to the auditor’s reporting responsibilities in respect of comparative information
are:
a) Corresponding figures –comparative information where amounts and other disclosures for the prior
period are included as an integral part of the current period FSs, and are intended to be read only in
relation to the amounts and other disclosures relating to the current period (referred to as “current period
figures”). The level of detail presented in the corresponding amounts and disclosures is dictated primarily
by its relevance to the current period figures; and
b) Comparative FSs –comparative information where amounts and other disclosures for the prior period are
included for comparison with the FSs of the current period but, if audited, are referred to in the auditor’s
opinion. The level of information included in those comparative FSs is comparable with that of the FSs of
the current period.
Audit Procedures
The auditor shall evaluate whether:

a) The comparative information agrees with the amounts and other disclosures presented in the prior period
or, when appropriate, have been restated; and
b) The accounting policies reflected in the comparative information are consistent with those applied in the
current period or, if there have been changes in accounting policies, whether those changes have been
properly accounted, presented and disclosed.
If the auditor becomes aware of a possible material misstatement in the comparative information while
performing the current period audit, the auditor shall perform such additional audit procedures necessary to
obtain SAAE, including requesting written representations for all periods referred to in the auditor’s opinion.
Audit Reporting
The essential audit reporting differences between the approaches are:

a) For corresponding figures, the auditor’s opinion on the FSs refers to the current period only; whereas
b) For comparative FSs, the auditor’s opinion refers to each period for which FSs are presented.
Corresponding figures
The auditor’s opinion shall not refer to the corresponding figures because the auditor’s opinion is on the
current period FSs includes corresponding figures, except:
a) Modification in auditor’s report on the prior period remain unresolved
b) Misstatement in prior period FSs
c) Prior period FSs not audited
d) Prior period FSs audited by a predecessor auditor
Modification in auditor’s report on the prior period remain unresolved
The auditor shall modify the auditor’s opinion on the current period’s FSs.
Misstatement in prior period FSs
If the auditor obtains audit evidence that a material misstatement exists in the prior period FSs on which an
unmodified opinion has been previously issued, and the corresponding figures have not been properly
restated, the auditor shall express a qualified opinion or an adverse opinion in the auditor’s report on the
current period FSs.
When the prior period FSs that are misstated have not been amended and an auditor’s report has not been
124
reissued, but the corresponding figures have been properly restated or appropriate disclosures have been
made in the current period FSs, the auditor’s report may include an Emphasis of Matter paragraph.
Prior period FSs not audited
The auditor shall state in an Other Matter paragraph in the auditor’s report that the corresponding figures are
unaudited.
Prior period FSs audited by a predecessor auditor
The auditor shall state (if nor prohibited by law to do so) in an Other Matter paragraph in the auditor’s
report:
a) That the FSs of the prior period were audited by the predecessor auditor;
b) The type of opinion expressed and, if the opinion was modified, the reasons therefore; and
c) The date of that report.
Comparative financial statements
The auditor’s opinion shall refer to each period for which FSs are presented on which an audit opinion is
expressed.
Opinion on Prior Period FSs Different from Previous Opinion
The opinion expressed on the prior period FSs may be different from the opinion previously expressed if the
auditor becomes aware of circumstances or events that materially affect the FSs of a prior period during the
course of the audit of the current period. The auditor shall disclose the substantive reasons for the different
opinion in an Other Matter paragraph.
Prior Period FSs Audited by a Predecessor Auditor
In addition to expressing an opinion on the current period’s FSs, the auditor shall state in an Other Matter
paragraph:
a) that the FSs of the prior period were audited by a predecessor auditor;
b) the type of opinion expressed and, if the opinion was modified, the reasons therefore; and
c) the date of that report,
unless the predecessor auditor’s report on the prior period’s FSs is reissued with the FSs.
Prior Period Financial Statements Not Audited
If the prior period FSs were not audited, the auditor shall state in an Other Matter paragraph that the
comparative FSs are unaudited.
Other Information in Documents Containing Audited Financial Statements
Other information refers to financial and non-financial information (other than the FSs and the auditor’s
report thereon) which is included, either by law, regulation or custom, in a document containing audited FSs
and the auditor’s report thereon. Other information may comprise, for example:
● A report by management or TCWG on operations.
● Financial summaries or highlights.
● Employment data.
● Planned capital expenditures.
● Financial ratios.
● Names of officers and directors.
● Selected quarterly data.
“Documents containing audited FSs” refers to annual reports (or similar documents), that are issued to
owners (or similar stakeholders), containing audited FSs and the auditor’s report, as well as other documents
containing audited FSs, such as those used in securities offerings.
The auditor’s opinion does not cover other information and the auditor has no specific responsibility for
determining whether or not other information is properly stated. However, the auditor reads the other
125
information because the credibility of the audited FSs and the auditor’s report may be undermined by
material inconsistencies between the audited FSs and other information.
Material Inconsistencies
If, on reading the other information, the auditor identifies a material inconsistency, the auditor shall
determine whether the audited FSs or the other information needs to be revised.
Material Inconsistencies Identified in Other Information Obtained Prior to the Date of the Auditor’s Report
If revision of the audited FSs is necessary and management refuses to make the revision, the auditor shall
modify the opinion in the auditor’s report.
If revision of the other information is necessary and management refuses to make the revision, the auditor
shall communicate this matter to TCWG; and
a) Include in the auditor’s report an Other Matter paragraph describing the material inconsistency.
b) Withhold the auditor’s report.
c) Withdraw from the engagement, if possible.
d) Seek advice from the auditor’s legal counsel.
Material Inconsistencies Identified in Other Information Obtained Subsequent to the Date of the Auditor’s
Report
If revision of the audited FSs is necessary, the auditor shall follow the relevant requirements in “Subsequent
Events”.
If revision of the other information is necessary and management agrees to make the revision, the auditor
shall carry out the procedures necessary under the circumstances, which may include reviewing the steps
taken by management to ensure that individuals in receipt of the previously issued FSs, the auditor’s report
thereon, and the other information are informed of the revision.
If revision of the other information is necessary, but management refuses to make the revision, the auditor
shall notify TCWG of the auditor’s concern regarding the other information and take any further appropriate
action, which may include obtaining advice from the auditor’s legal counsel.
Material Misstatements of Fact
If, on reading the other information for the purpose of identifying material inconsistencies, the auditor
becomes aware of an apparent material misstatement of fact, the auditor shall discuss the matter with
management. Misstatement of fact occurs when other information that is unrelated to matters appearing in
the audited FSs that is incorrectly stated or presented. A material misstatement of fact may undermine the
credibility of the document containing audited FSs.
If the auditor concludes that there is a material misstatement of fact in the other information which
management refuses to correct, the auditor shall notify TCWG of the auditor’s concern and take any further
appropriate action, which may include obtaining advice from the auditor’s legal counsel.
Audit of Financial Statements Prepared in Accordance with Special Purpose Framework
Introduction
Special purpose FSs are FSs prepared in accordance with a special purpose framework designed to meet the
financial information needs of specific users.
Examples of special purpose frameworks are:

● A tax basis of accounting for a set of FSs that accompany an entity’s tax return;
● The cash receipts and disbursements basis of accounting for cash flow information that an entity may be
requested to prepare for creditors;
● The financial reporting provisions established by a regulator to meet the requirements of that regulator
such as SEC, BSP or IC; or
● The financial reporting provisions of a contract, such as a bond indenture, or a project grant.
The financial reporting framework (FRF) must be acceptable. The financial information needs of the intended
126
users are a key factor in determining the acceptability of the FRF and is a matter of professional judgment.
The auditor shall comply with (a) relevant ethical requirements, including independence and (b) all PSAs
relevant to the audit.
Forming an Opinion and Reporting Considerations
Description of the applicable financial reporting framework:

a) The auditor’s report shall also describe the purpose for which the FSs are prepared and, if necessary,
the intended users, or refer to a note in the special purpose FSs that contains that information; and
b) If management has a choice of financial reporting frameworks in the preparation of such FSs, the
explanation of management’s responsibility for the FSs shall also make reference to its responsibility for
determining that the applicable financial reporting framework is acceptable in the circumstances.
The auditor’s report shall include an Emphasis of Matter paragraph alerting users of the auditor’s report that
the FSs are prepared in accordance with a special purpose framework and that, as a result, the FSs may not
be suitable for another purpose. In addition to the above, the auditor may consider it appropriate to indicate
that the auditor’s report is intended solely for the specific users.
[Appropriate Addressee]
We have audited the accompanying financial statements of ABC Company, which comprise the balance sheet
as at December 31, 20X1, and the income statement, statement of changes in equity and cash flow
statement for the year then ended, and a summary of significant accounting policies and other explanatory
information. The financial statements have been prepared by management of ABC Company based on the
financial reporting provisions of Section Z of the contract dated January 1, 20X1 between ABC Company and
DEF Company (“the contract”).
Management is responsible for the preparation of these financial statements in accordance with the financial
reporting provisions of Section Z of the contract; this includes the design, implementation and maintenance
of internal control relevant to the preparation of financial statements that are free from material
misstatement, whether due to fraud or error.
Our responsibility is to express an opinion on these financial statements based on our audit. We conducted
our audit in accordance with Philippine Standards on Auditing. Those standards require that we comply with
financial statements are free from material misstatement.
financial statements. The procedures selected depend on the auditor’s judgment, including the assessment of
the risks of material misstatement of the financial statements, whether due to fraud or error. In making those
risk assessments, the auditor considers internal control relevant to the entity’s preparation of the financial
statements in order to design audit procedures that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness of the entity’s internal control. An audit also includes
evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates
made by management, as well as evaluating the overall presentation of the financial statements.
audit opinion.
Opinion
In our opinion, the financial statements of ABC Company for the year ended December 31, 20X1 are
prepared, in all material respects, in accordance with the financial reporting provisions of Section Z of the
contract.
Basis of Accounting and Restriction on Distribution and Use
127
Without modifying our opinion, we draw attention to Note X to the financial statements, which describes the
basis of accounting. The financial statements are prepared to assist ABC Company to comply with the
financial reporting provisions of the contract referred to above. As a result, the financial statements may not
be suitable for another purpose. Our report is intended solely for ABC Company and DEF Company and
should not be distributed to or used by parties other than ABC Company or DEF Company.
[Auditor’s signature]
[Date of the auditor’s report]
[Auditor’s address]
Audits of Single Financial Statements and Specific Elements, Accounts or Items of a Financial
Statement
Introduction
“Element of a financial statement” or “element” means an “element, account or item of a financial

statement.” Examples of Specific Elements, Accounts or Items of a Financial Statement
● Accounts receivable, allowance for doubtful accounts receivable, inventory, including related notes.
● A schedule of externally managed assets and income of a private pension plan, including related notes.
● A schedule of disbursements in relation to a lease property, including explanatory notes.
● A schedule of profit participation or employee bonuses, including explanatory notes.
Considerations When Accepting the Engagement
The auditor shall comply with relevant ethical requirements, including independence and all PSAs relevant to
the audit.
If the auditor is not also engaged to audit the entity’s complete set of financial statements, the auditor shall
determine whether the audit of a single financial statement or of a specific element of those financial
statements in accordance with PSAs is practicable.
Form of opinion
The auditor’s decision as to the expected form of opinion is a matter of professional judgment. It may be
affected by whether use of the phrase “presents fairly, in all material respects” in the auditor’s opinion on a
single financial statement or on a specific element of a financial statement prepared in accordance with a fair
presentation framework is generally accepted in the particular jurisdiction.
Forming an Opinion and Reporting Considerations
If the auditor undertakes an engagement to report on a single financial statement or on a specific element of
a financial statement in conjunction with an engagement to audit the entity’s complete set of financial
statements, the auditor shall express a separate opinion for each engagement.
If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the
entity’s complete set of financial statements as a whole, PSA 705 does not permit the auditor to include in the
same auditor’s report an unmodified opinion on a single financial statement that forms part of those financial
statements or on a specific element that forms part of those financial statements. This is because such an
unmodified opinion would contradict the adverse opinion or disclaimer of opinion on the entity’s complete set
of financial statements as a whole.
If the auditor concludes that it is necessary to express an adverse opinion or disclaim an opinion on the
entity’s complete set of financial statements as a whole but, in the context of a separate audit of a specific
element that is included in those financial statements, the auditor nevertheless considers it appropriate to
express an unmodified opinion on that element, the auditor shall only do so if:
a) The auditor is not prohibited by law or regulation from doing so;
b) That opinion is expressed in an auditor’s report that is not published together with the auditor’s report
containing the adverse opinion or disclaimer of opinion; and
c) The specific element does not constitute a major portion of the entity’s complete set of financial
statements.
128
We have audited the accompanying balance sheet of ABC Company as at December 31, 20X1 and a summary
of significant accounting policies and other explanatory information (together “the financial statement”).
Management’s Responsibility for the Financial Statement
Management is responsible for the preparation and fair presentation of this financial statement in accordance
with those requirements of the Financial Reporting Framework in Jurisdiction X relevant to preparing such a
financial statement, and for such internal control as management determines is necessary to enable the
preparation of the financial statement that is free from material misstatement, whether due to fraud or error.
Our responsibility is to express an opinion on the financial statement based on our audit. We conducted our
audit in accordance with Philippine Standards on Auditing. Those standards require that we comply with
financial statement is free from material misstatement.
financial statement. The procedures selected depend on the auditor’s judgment, including the assessment of
the risks of material misstatement of the financial statement, whether due to fraud or error. In making those
risk assessments, the auditor considers internal control relevant to the entity’s preparation and fair
presentation of the financial statement in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal
control. An audit also includes evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates, if any, made by management, as well as evaluating the overall
presentation of the financial statement.
audit opinion.
Opinion
In our opinion, the financial statement presents fairly, in all material respects, the financial position of ABC
Company as at December 31, 20X1 in accordance with those requirements of the Financial Reporting
Framework in Jurisdiction X relevant to preparing such a financial statement.
Engagements to Report on Summary Financial Statements
Introduction
Summary FSs refer to historical financial information that is derived from FSs but that contains less detail
than the FSs, while still providing a structured representation consistent with that provided by the FSs of the
entity’s economic resources or obligations at a point in time or the changes therein for a period of time.
Engagement Acceptance
The auditor shall accept an engagement to report on summary FSs only when the auditor has been engaged
to conduct an audit of the FSs from which the summary FSs are derived.
129
Form of Opinion
When the auditor has concluded that an unmodified opinion on the summary FSs is appropriate, the auditor’s
opinion shall use one of the following phrases:
a) The summary FSs are consistent, in all material respects, with the audited FSs, in accordance with [the
applied criteria]; or
b) The summary FSs are a fair summary of the audited FSs, in accordance with [the applied criteria].
When the auditor’s report on the audited FSs contains a qualified opinion, an Emphasis of Matter paragraph,
or an Other Matter paragraph, but the auditor is satisfied that the summary FSs are consistent, in all material
respects, with or are a fair summary of the audited FSs, in accordance with the applied criteria, the auditor’s
report on the summary FSs shall:
a) State that the auditor’s report on the audited FSs contains a qualified opinion, an Emphasis of Matter
paragraph, or an Other Matter paragraph; and
b) Describe:
i. The basis for the qualified opinion on the audited FSs, and that qualified opinion; or the Emphasis of
Matter or the Other Matter paragraph in the auditor’s report on the audited FSs; and
ii. The effect thereof on the summary FSs, if any.
When the auditor’s report on the audited FSs contains an adverse opinion or a disclaimer of opinion, the
auditor’s report on the summary FSs shall
a) State that the auditor’s report on the audited FSs contains an adverse opinion or disclaimer of opinion;
b) Describe the basis for that adverse opinion or disclaimer of opinion; and
c) State that, as a result of the adverse opinion or disclaimer of opinion, it is inappropriate to express an
opinion on the summary FSs.
If the summary FSs are not consistent, in all material respects, with or are not a fair summary of the audited
FSs, the auditor shall express an adverse opinion on the summary FSs.
The Date of the Auditor’s Report
The auditor shall date the auditor’s report no earlier than:

a) The date on which the auditor has obtained sufficient appropriate evidence on which to base the opinion,
including evidence that the summary FSs have been prepared and those with the recognized authority
have asserted that they have taken responsibility for them; and
b) The date of the auditor’s report on the audited FSs.
Restriction on Distribution or Use or Alerting Readers to the Basis of Accounting
When distribution or use of the auditor’s report on the audited FSs is restricted, or the auditor’s report on the
audited FSs alerts readers that the audited financial statements are prepared in accordance with a special
purpose framework, the auditor shall include a similar restriction or alert in the auditor’s report on the
summary FSs.
REPORT OF THE INDEPENDENT AUDITOR ON THE SUMMARY FINANCIAL STATEMENTS
The accompanying summary financial statements, which comprise the summary balance sheet as at
December 31, 20X1, the summary income statement, summary statement of changes in equity and summary
cash flow statement for the year then ended, and related notes, are derived from the audited financial
statements of ABC Company for the year ended December 31, 20X1. We expressed an unmodified audit
opinion on those financial statements in our report dated February 15, 20X2. Those financial statements, and
the summary financial statements, do not reflect the effects of events that occurred subsequent to the date
of our report on those financial statements.
The summary financial statements do not contain all the disclosures required by [describe financial reporting
framework applied in the preparation of the audited financial statements of ABC Company]. Reading the
summary financial statements, therefore, is not a substitute for reading the audited financial statements of
ABC Company.
Management’s Responsibility for the Summary Financial Statements
130
Management is responsible for the preparation of a summary of the audited financial statements in
accordance with [describe established criteria].
Our responsibility is to express an opinion on the summary financial statements based on our procedures,
which were conducted in accordance with Philippine Standard on Auditing (PSA) 810, “Engagements to
Report on Summary Financial Statements.”
Opinion
In our opinion, the summary financial statements derived from the audited financial statements of ABC
Company for the year ended December 31, 20X1 are consistent, in all material respects, with (or a fair
summary of) those financial statements, in accordance with [describe established criteria].
REVIEW, OTHER ASSURANCE SERVICES, AND RELATED SERVICES
Review Engagements
The objective of a review of FSs is to enable a practitioner to state whether, on the basis of procedures which
do not provide all the evidence that would be required in an audit, anything has come to the practitioner’s
attention that causes the practitioner to believe that the FSs are not prepared, in all material respects, in
accordance with the applicable financial reporting framework (negative assurance).
A review engagement provides a moderate level of assurance.
The practitioner should comply with the Code of Ethics general principles, such as:
a) Independence;
b) Integrity;
c) Objectivity;
d) Professional competence and due care;
e) Confidentiality;
f) Professional behavior; and
g) Technical standards.
The practitioner should conduct a review in accordance with PSRE 2400.
The practitioner should plan and perform the review with an attitude of professional skepticism.
Terms of engagement
The practitioner and the client should agree on the terms of the engagement.
Planning
The practitioner should plan the work so that an effective engagement will be performed. In planning a
review of financial statements, the practitioner should obtain or update the knowledge of the business.
Documentation
The practitioner should document matters which are important in providing evidence to support the review
report, and evidence.
Procedures and Evidence
131
The practitioner should apply judgment in determining the specific nature, timing and extent of review
procedures, which are primarily through inquiry and analytical procedures to obtain sufficient appropriate
evidence and to be able to draw conclusions.
The practitioner should apply the same materiality considerations as would be applied if an audit opinion on
the FSs were being given.
The practitioner should inquire about events subsequent to the date of the FSs that may require adjustment
of or disclosure in the FSs. The practitioner does not have any responsibility to perform procedures to identify
events occurring after the date of the review report.
If the practitioner has reason to believe that the information subject to review may be materially misstated,
the practitioner should carry out additional or more extensive procedures as are necessary to be able to
express negative assurance or to confirm that a modified report is required.
Conclusions and Reporting
The review report should contain a clear written expression of negative assurance.
The report on a review of FSs should contain the following basic elements, ordinarily in the following layout:
a) Title;
b) Addressee;
c) Opening or introductory paragraph i
d) Scope paragraph
e) Statement of negative assurance;
f) Date of the report;
g) Practitioner’s address; and
h) Practitioner’s signature.
The review report should:

a) State that nothing has come to the practitioner’s attention based on the review that causes the
practitioner to believe the FSs are not presented fairly, in all material respects, in accordance with the
applicable financial reporting framework; or
b) If matters have come to the practitioner’s attention, describe those matters that impair a fair
presentation, in all material respects, in accordance with the applicable financial reporting framework,
including, unless impracticable, a quantification of the possible effect(s) on the FSs, and either:
i. Express a qualification of the negative assurance provided; or
ii. When the effect of the matter is so material and pervasive, give an adverse opinion; or
c) If there has been a material scope limitation, describe the limitation and either:
i. Express a qualification of the negative assurance; or
ii. When the possible effect of the limitation is so significant and pervasive that the practitioner
concludes that no level of assurance can be provided, not provide any assurance.
The practitioner should date the review report as of the date the review is completed.
SAMPLE UNQUALIFIED REVIEW REPORT
REVIEW REPORT TO .....
We have reviewed the accompanying financial statements of ABC Company, which comprise the statement of
financial position as at December 31, 19XX, and the statement of comprehensive income, statement of
changes in equity and statement of cash flows for the year then ended. These financial statements are the
responsibility of the Company’s management. Our responsibility is to issue a report on these financial
statements based on our review.
We conducted our review in accordance with the Philippine Standard on Review Engagements 2400. This
Standard requires that we plan and perform the review to obtain moderate assurance as to whether the
financial statements are free of material misstatement. A review is limited primarily to inquiries of company
personnel and analytical procedures applied to financial data and thus provides less assurance than an audit.
We have not performed an audit and, accordingly, we do not express an audit opinion.
Based on our review, nothing has come to our attention that causes us to believe that the accompanying
132
financial statements are not presented fairly, in all material respects, in accordance with Philippine Financial
Reporting Standards (or Philippine Financial Reporting Standard for Small and Medium-sized Entities).
PRACTITIONER
Date
Address
Examination of Prospective Financial Information
Introduction
“Prospective financial information” means financial information based on assumptions about events that may
occur in the future and possible actions by an entity. It is highly subjective in nature and its preparation
requires the exercise of considerable judgment. Prospective financial information can be in the form of:
● a forecast,
● a projection or
● a combination of both, for example, a one year forecast plus a five year projection.
A “forecast” means prospective financial information prepared on the basis of assumptions as to future
events which management expects to take place and the actions management expects to take as of the date
the information is prepared (best-estimate assumptions).
A “projection” means prospective financial information prepared on the basis of:

a) Hypothetical assumptions about future events and management actions which are not necessarily
expected to take place, such as when some entities are in a start-up phase or are considering a major
change in the nature of operations; or
b) A mixture of best-estimate and hypothetical assumptions.
Such information illustrates the possible consequences as of the date the information is prepared if the
events and actions were to occur (a “what-if” scenario).
Management is responsible for the preparation and presentation of the prospective financial information,
including the identification and disclosure of the assumptions on which it is based. The auditor may be asked
to examine and report on the prospective financial information to enhance its credibility whether it is intended
for use by third parties or for internal purposes.
The Auditor’s Assurance
When reporting on the reasonableness of management’s assumptions the auditor provides only a moderate
level of assurance. However, when in the auditor’s judgment an appropriate level of satisfaction has been
obtained, the auditor is not precluded from expressing positive assurance regarding the assumptions.
Acceptance of Engagement
Before accepting an engagement to examine prospective financial information, the auditor would consider,
amongst other things:
● The intended use of the information;
● Whether the information will be for general or limited distribution;
● The nature of the assumptions, that is, whether they are best-estimate or hypothetical assumptions;
● The elements to be included in the information; and
● The period covered by the information.
The auditor should not accept, or should withdraw from, an engagement when the assumptions are clearly
unrealistic or when the auditor believes that the prospective financial information will be inappropriate for its
intended use.
The auditor and the client should agree on the terms of the engagement.
Knowledge of the Business
The auditor should obtain a sufficient level of knowledge of the business to be able to evaluate whether all
significant assumptions required for the preparation of the prospective financial information have been
133
identified.
Period Covered
The auditor should consider the period of time covered by the prospective financial information. Since
assumptions become more speculative as the length of the period covered increases, as that period
lengthens, the ability of management to make best-estimate assumptions decreases.
Examination Procedures
When determining the nature, timing and extent of examination procedures, the auditor’s considerations
should include:
a) The likelihood of material misstatement;
b) The knowledge obtained during any previous engagements;
c) Management’s competence regarding the preparation of prospective financial information;
d) The extent to which the prospective financial information is affected by the management’s judgment; and
e) The adequacy and reliability of the underlying data.
Report on Examination of Prospective Financial Information
When the auditor believes that the presentation and disclosure of the prospective financial information is not
adequate, the auditor should express a qualified or adverse opinion in the report on the prospective financial
information, or withdraw from the engagement as appropriate. An example would be where financial
information fails to disclose adequately the consequences of any assumptions which are highly sensitive.
When the examination is affected by conditions that preclude application of one or more procedures
considered necessary in the circumstances, the auditor should either withdraw from the engagement or
disclaim the opinion and describe the scope limitation in the report on the prospective financial information.
The following is an example of an extract from an unmodified report on a forecast:
We have examined the forecast in accordance with Philippine Standard on Assurance Engagements.
Management is responsible for the forecast including the assumptions set out in Note X on which it is based.
Based on our examination of the evidence supporting the assumptions, nothing has come to our attention
which causes us to believe that these assumptions do not provide a reasonable basis for the forecast.
Further, in our opinion the forecast is properly prepared on the basis of the assumptions and is presented in
accordance with Philippine Financial Reporting Standards.
Actual results are likely to be different from the forecast since anticipated events frequently do not occur as
expected and the variation may be material.
The following is an example of an extract from an unmodified report on a projection:
We have examined the projection in accordance Philippine Standard on Assurance Engagements.

Management is responsible for the projection including the assumptions set out in Note X on which it is
based.
This projection has been prepared for (describe purpose). As the entity is in a start-up phase the projection
has been prepared using a set of assumptions that include hypothetical assumptions about future events and
management’s actions that are not necessarily expected to occur. Consequently, readers are cautioned that
this projection may not be appropriate for purposes other than that described above.
Based on our examination of the evidence supporting the assumptions, nothing has come to our attention
which causes us to believe that these assumptions do not provide a reasonable basis for the projection,
assuming that (state or refer to the hypothetical assumptions). Further, in our opinion the projection is
properly prepared on the basis of the assumptions and is presented in accordance with Philippine Financial
Reporting Standards.
Even if the events anticipated under the hypothetical assumptions described above occur, actual results are
still likely to be different from the projection since other anticipated events frequently do not occur as
expected and the variation may be material.
134
135
Agreed-upon Procedures Engagements
Introduction
The objective of an agreed-upon procedures engagement is for the auditor to carry out procedures of an
audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report
on factual findings.
An engagement to perform agreed-upon procedures may involve the auditor in performing certain procedures
concerning individual items of financial data (for example, accounts payable, accounts receivable, purchases
from related parties and sales and profits of a segment of an entity), a financial statement (for example, a
balance sheet) or even a complete set of financial statements.
As the auditor simply provides a report of the factual findings of agreed-upon procedures, no assurance is
expressed. Instead, users of the report assess for themselves the procedures and findings reported by the
auditor and draw their own conclusions from the auditor’s work.
The report is restricted to those parties that have agreed to the procedures to be performed since others,
unaware of the reasons for the procedures, may misinterpret the results.
General Principles of an Agreed-Upon Procedures Engagement
The auditor should comply with the Code of Ethics general principles, such as:
a. Integrity;
b. Objectivity;
c. Professional competence and due care;
d. Confidentiality;
e. Professional behavior; and
f. Technical standards.
The auditor should conduct an agreed-upon procedures engagement in accordance with this PSRS and the
terms of the engagement.
Defining the Terms of the Engagement
Matters that would be included in the engagement letter include the following:
● A listing of the procedures to be performed as agreed upon between the parties.
● A statement that the distribution of the report of factual findings would be restricted to the specified
parties who have agreed to the procedures to be performed.
Planning
The auditor should plan the work so that an effective engagement will be performed.
Documentation
The auditor should document matters which are important in providing evidence to support the report of
factual findings, and evidence that the engagement was carried out in accordance with this PSRS and the
terms of the engagement.
Procedures and Evidence
The auditor should carry out the procedures agreed upon and use the evidence obtained as the basis for the
report of factual findings.
The procedures applied in an engagement to perform agreed-upon procedures may include the following:
● Inquiry and analysis.
● Recomputation, comparison and other clerical accuracy checks.
● Observation.
● Inspection.
● Obtaining confirmations.
Reporting
136
The report on an agreed-upon procedures engagement needs to describe the purpose and the agreed-upon
procedures of the engagement in sufficient detail to enable the reader to understand the nature and the
extent of the work performed.
Illustration of a Report of Factual Findings in Connection with Accounts Payable
REPORT OF FACTUAL FINDINGS
To (those who engaged the auditor)
We have performed the procedures agreed with you and enumerated below with respect to the accounts
payable of ABC Company as at (date), set forth in the accompanying schedules (not shown in this example).
Our engagement was undertaken in accordance with the Philippine Standard on Related Services. The
procedures were performed solely to assist you in evaluating the validity of the accounts payable and are
summarized as follows:
1. We obtained and checked the addition of the trial balance of accounts payable as at (date) prepared by
ABC Company, and we compared the total to the balance in the related general ledger account.
2. We compared the attached list (not shown in this example) of major suppliers and the amounts owing at
(date) to the related names and amounts in the trial balance.
3. We obtained suppliers’ statements or requested suppliers to confirm balances owing at (date).
4. We compared such statements or confirmations to the amounts referred to in 2. For amounts which did
not agree, we obtained reconciliations from ABC Company. For reconciliations obtained, we identified
and listed outstanding invoices, credit notes and outstanding checks, each of which was greater than
Pxxx. We located and examined such invoices and credit notes subsequently received and checks
subsequently paid and we ascertained that they should in fact have been listed as outstanding on the
reconciliations.
We report our findings below:

a) With respect to item 1 we found the addition to be correct and the total amount to be in agreement.
b) With respect to item 2 we found the amounts compared to be in agreement.
c) With respect to item 3 we found there were suppliers’ statements for all such suppliers.
d) With respect to item 4 we found the amounts agreed, or with respect to amounts which did not agree,
we found ABC Company had prepared reconciliations and that the credit notes, invoices and outstanding
checks over Pxxx were appropriately listed as reconciling items with the following exceptions:
(Detail the exceptions)
Because the above procedures do not constitute either an audit or a review made in accordance with
Philippine Standards on Auditing, we do not express any assurance on the accounts payable as of (date).
Had we performed additional procedures or had we performed an audit or review of the financial statements
in accordance with Philippine Standards on Auditing, other matters might have come to our attention that
would have been reported to you.
Our report is solely for the purpose set forth in the first paragraph of this report and for your information and
is not to be used for any other purpose or to be distributed to any other parties. This report relates only to
the accounts and items specified above and does not extend to any financial statements of ABC Company,
taken as a whole.
AUDITOR
Date
Address
Compilation Engagements
Introduction
A compilation engagement would ordinarily include the preparation of financial statements (which may or
may not be a complete set of financial statements) but may also include the collection, classification and
summarization of other financial information.
137
The objective of a compilation engagement is for the accountant to use accounting expertise, as opposed to
auditing expertise, to collect, classify and summarize financial information. This ordinarily entails reducing
detailed data to a manageable and understandable form without a requirement to test the assertions
underlying that information. The procedures employed are not designed and do not enable the accountant to
express any assurance on the financial information. However, users of the compiled financial information
derive some benefit as a result of the accountant's involvement because the service has been performed with
professional competence and due care.
General Principles of a Compilation Engagement
The accountant should comply with the Code of Professional Ethics general principles, such as:
a) integrity;
b) objectivity;
c) professional competence and due care;
d) confidentiality;
e) professional behavior; and
f) technical standards.
Defining the Terms of the Engagement
An engagement letter confirms the accountant's acceptance of the appointment and helps avoid
misunderstanding regarding such matters as the objectives and scope of the engagement, the extent of the
accountant's responsibilities and the form of reports to be issued.
Planning
The accountant should plan the work so that an effective engagement will be performed.
Documentation
The accountant should document matters which are important in providing evidence that the engagement
was carried out in accordance with this PSA and the terms of the engagement.
Procedures
The accountant requires a general understanding of the nature of the entity's business transactions, the form
of its accounting records and the accounting basis on which the financial information is to be presented
through experience with the entity or inquiry of the entity's personnel.
If the accountant becomes aware that information supplied by management is incorrect, incomplete, or
otherwise unsatisfactory, the accountant should consider performing the above procedures and request
management to provide additional information or if the accountant becomes aware of material
misstatements, the accountant should try to agree appropriate amendments with the entity. If such
additional information or amendments are not made and the financial information is considered to be
misleading, the accountant should withdraw from the engagement.
Responsibility of Management
The accountant should obtain an acknowledgment from management of its responsibility for the appropriate
presentation of the financial information and of its approval of the financial information.
Reporting on a Compilation Engagement
The financial information compiled by the accountant should contain a reference such as "Unaudited,"
"Compiled without Audit or Review" or "Refer to Compilation Report" on each page of the financial
information or on the front of the complete set of financial statements.
EXAMPLE OF A REPORT ON AN ENGAGEMENT TO COMPILE FINANCIAL STATEMENTS
COMPILATION REPORT TO .....
On the basis of information provided by management we have compiled, in accordance with the Philippine
138
Standard on Related Services, the balance sheet of ABC Company as of December 31, 19XX and statements
of income, changes in equity and cash flows for the year then ended. Management is responsible for these
financial statements. We have not audited or reviewed these financial statements and accordingly express no
assurance thereon.
Accountant
Date
Address
139
AUDITING IN A CIS (IT) ENVIRONMENT
1. A CIS environment exists when a computer of any type or size is involved in the processing by the
entity of financial information of significance to the audit, whether the computer is operated by the
entity or by a third party
2. The overall objective and scope of an audit does not change in a CIS environment
3. A CIS environment may affect:
a. The procedures followed in obtaining a sufficient understanding of the accounting and
internal control systems
b. The consideration of the inherent and control risk
c. The design and performance of tests of controls and substantive procedures
4. The auditor should have sufficient knowledge of the CIS to plan, direct, and review the work
performed
5. If specialized skills are needed, the auditor would seek the assistance of a professional possessing
such skills, who may be either on the auditor’s staff or an outside professionals
6. In planning the portions of the audit which may be affected by the client’s CIS environment, the
auditor should obtain an understanding of the significance and complexity of the CIS activities and
the availability of data for use in the audit
7. When the CIS are significant, the auditor should also obtain an understanding of the CIS environment
and whether it may influence the assessment of inherent and control risks
8. The auditor should consider the CIS environment in designing audit procedures to reduce audit risk
to an acceptably low level. The auditor can use either manual audit procedures, computer-assisted
audit techniques, or a combination of both to obtain sufficient evidential matter
RISK ASSESSMENTS AND INTERNAL CONTROL:

CIS CHARACTERISTICS AND CONSIDERATION
Organizational Structure
Characteristics of a CIS organizational structure includes:
a. Concentration of functions and knowledge
Although most systems employing CIS methods will include certain manual operations,
generally the number of persons involved in the processing of financial information is significantly reduced.
b. Concentration of programs and data
Transaction and master file data are often concentrated, usually in machine-readable form,
either in one computer installation located centrally or in a number of installations distributed throughout the
entity.
Nature of Processing
The use of computers may result in the design of systems that provide less visible evidence than
those using manual procedures. In addition, these systems may be accessible by a larger number of persons.
System characteristics that may result from the nature of CIS processing include:
a. Absence of input documents
● Data may be entered directly into the computer system without supporting document
● In some on-line transaction systems, written evidence of individual data entry authorization
(e.g., approval for order entry) may be replaced by other procedures, such as authorization
controls contained in computer programs (e.g., credit limit approval)
b. Lack of visible audit trail
The transaction trail may be partly in machine-readable form and may exist only for a limited
period of time (e.g., audit logs may be set to overwrite themselves after a period of time or when the
allocated disk space is consumed)
c. Lack of visible output
Certain transactions or results of processing may not be printed or only summary data may
be printed
d. Ease of access to data and computer programs

Data and computer programs may be assessed and altered at the computer or through the
use of computer equipment at remote locations. Therefore, in the absence of appropriate controls, there is an
increased potential for unauthorized access to, and alteration of, data and programs by persons inside or
outside the entity
140
Design and procedural aspects

The development of CIS will generally result n design and procedural characteristics that are different
from those found in manual systems. These different design and procedural aspects of CIS include:
a. Consistency of performance
CIS perform functions exactly as programmed and are potentially more reliable than annual
systems, provided that all transactions types and conditions that could occur are anticipated and incorporated
into the system. On the other hand, a computer program that is not correctly programmed and tested may
consistently process transactions or other data erroneously
b. Programmed control procedures
The nature of computer processing allows the design of internal control procedures in
computer programs
c. Single transaction update of multiple or data base computer files
A single input t the accounting system may automatically update all records associated with
the transaction
d. Systems generated transactions
Certain transactions may be initiated by the CIS itself without the need for an input
document
e. Vulnerability of data and program storage media
Large volumes of data and the computer programs used to process such data may be stored
on portable or fixed storage media, such as magnetic disks and tapes. These media are vulnerable to theft,
loss, or intentional or accidental destruction.
INTERNAL CONTROLS IN A CIS ENVIRONMENT
GENERAL CIS CONTROLS – to establish a framework of overall control over the CIS activities and to
provide a reasonable level of assurance that the overall objectives of internal control are achieved
General CIS controls may include:

a. Organization and management controls – designed to define the strategic direction and establish an
organizational framework over CIS activities, including:
● Strategic information technology plan
● CIS policies and procedures
● Segregation of incompatible functions
● Monitoring of CIS activities performed by third party consultants
b. Development and maintenance controls – designed to provide reasonable assurance that systems are
developed or acquired, implemented and maintained in an authorized and efficient manner. They also
typically are designed to establish control over:
● Project initiation, requirements definition, systems design, testing, data conversion, go-live
decision, migration to production environment, documentation of new or revised systems,
and user training
● Acquisition and implementation of off-the-shelf packages
● Request for changes to the existing systems
● Acquisition, implementation, and maintenance of system software
c. Delivery and support controls – designed to control the delivery of CIS services and include:
● Establishment of service level agreements against which CIS services are measured
● Performance and capacity management controls
● Disaster recovery/contingency planning, training, and file backup
● Computer operations controls
● Systems security
● Physical and environment controls
d. Monitoring controls – designed to ensure that CIS controls are working effectively as planned. These
include:
● Monitoring of key CIS performance indicators
● Internal external CIS audits
CIS APPLICATION CONTROLS – to establish specific control procedures over the application systems in
order to provide reasonable assurance that all transactions are authorized, recorded and are processed
completely, accurately and on a timely basis. CIS application controls include:
a. Controls over Input – designed to provide reasonable assurance that:
● Transactions are properly authorized before being processed by the computer
● Transactions are accurately converted into machine readable form and recorded in the
computer data files
● Transactions are not lost, added, duplicated or improperly changed
141
● Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely

basis.
b. Controls over processing and computer data files – designed to provide reasonable assurance that:
● Transactions, including system generated transactions, re properly processed by the
computer
● Transactions are not lost, added, duplicated or improperly changed
● Processing errors (i.e., rejected data and incorrect transactions) are identified and corrected
on a timely basis
c. Controls over output – designed to provide reasonable assurance that:
● Results of processing are accurate
● Access to output is restricted to authorized personnel on a timely basis
● Output is provided to appropriate authorized personnel on a timely basis
Review of general CIS controls

General CIS controls that relate to some or all applications are typically interdependent controls in
that their operation is often essential to the effectiveness of CIS application controls. Accordingly, it may be
more efficient to review the design of the general controls before reviewing the application controls.
Review of CIS application controls

CIS application controls which the auditor may wish to test include:
a. Manual controls exercised by the user
b. Controls over system output
c. Programmed control procedures
CIS ENVIRONMENTS – STAND-ALONE PERSONAL COMPUTERS

1. A personal computer (PC) can be used in various configurations. These include:
a. A stand-alone workstation operated by a single user or a number of users at different
times;
b. A workstation which part of a Local Area Network (LAN) of PCs; and
c. A workstation connected to a server
2. In a stand-alone PC environment, it may not be practicable or cost-effective for management to
implement sufficient controls to reduce the risks of undetected error to a minimum level
3. After obtaining the understanding of the accounting system and control environment, the auditor
may find it more cost-effective not to make a further review of general controls or application
controls, but concentrate audit efforts on substantive procedures.
CIS ENVIRONMENTS – ON-LINE COMPUTER SYSTEMS

1. On-line computer systems are computer systems that enable users to access data and programs
directly through terminal devices
2. On-line systems allow users to directly initiate various functions such as:
a. Entering transactions
b. Making inquiries
c. Requesting reports
d. Updating master files
e. Electronic commerce activities
3. Types of terminals used in on-line systems:
A. General purpose terminals
1. Basic keyboard and screen
2. Intelligent terminal
3. PCs
B. Special purpose terminals
1. Point-of-sale devices
2. Automated teller machines (ATM)
2. Types of on-line computer systems:
a. On-line/ real time processing
Individual transactions are entered at terminal devices, validated, and used to update
related computer files immediately.
b. On-line/batch processing
Individual transactions are entered at a terminal device, subjected to certain
validation checks, and added to a transaction file that contains other transactions entered during the period.
Later, during a subsequent processing cycle, the transaction file may be validated further and then used to
update relevant master file.
c. On-line/Memo update (and subsequent Processing)
142
● Combines in-line/ real time and on-line/ batch processing

● Individual transactions immediately update a memo file containing
information that has been extracted from the most recent version of the
master file. Inquiries are made from this memo file
● These same transactions are added to a transaction file for subsequent
validation and updating of the master file on a batch basis
d. On-line/ inquiry
● Restricts users at terminal devices to making inquiries of master file
● Master files are updated by other systems, usually on a batch basis
e. On-line downloading/ uploading processing
● On-line downloading refers to the transfer of data from a master file to an
intelligent terminal device for further processing by a user
NETWORK ENVIRONMENT
1. A network environment is a communication system that enables computer users to share computer
equipment, application software, data, and voice and video transmissions
2. A file server is a computer with an operating system that allows multiple users in a network to access
software applications and data files
3. Basic types of networks
a. Local area network (LAN)
b. Wide area network (WAN)
c. metropolitan area network (MAN)
CIS ENVIRONMENTS – DATABASE SYSTEMS

1. DATABASE – a collection of data that is shared and used by many different users for different
purposes
2. Two components of database systems:
a. Database
b. Database management system (DBMS) – software that creates, maintains, and operates
the database
3. Characteristics of database systems:
a. Data sharing
b. Data independence
TERMS USED IN CIS ENVIRONMENTS
HARDWARE
1. COMPUTER HARDWARE – consists of the configuration of physical electronic equipment
2. CONSOLE – a special CRT (Cathode Ray Tube) used for communication between the operator and
the computer.
3. PERIPHERAL EQUIPMENT – all non-CPU hardware that may be placed under the control of the
processor. This consists of input, storage, output, and communication devices
4. CONTROLLERS – units designed to operate (control) specific input/output devices
5. CHANNELS – units designed to handle the transfer of data into or out of primary storage (memory)
6. BUFFER MEMORY (BUFFER) – temporary storage unit used to hold data during input/output
operations
7. OFF-LINE – peripheral equipment not in direct communication with the CPU
8. ON-LINE – peripheral equipment in direct communication with, and under the control of the CPU
9. INPUT DEVICES – provides a means of transferring data into CPU storage
a. Magnetic tape reader – capable of sensing information recorded as magnetized spots on
magnetic tape. It is also used as an output device and storage medium.
b. Magnetic ink character reader( MICR) – reads characters by scanning temporarily
magnetized characters using magnetic ink
c. Optical character recognition (OCR) – reads characters directly from documents based on
their shapes and positions on the source document
d. Cathode ray tube (CRT) – a typewriter-like device that decodes keystrokes into electronic
impulses
e. Key-to-tape and Key-to-disk – systems in which input data can be entered directly onto
magnetic tape, magnetic disk, or floppy disk through CRT
10. STORAGE DEVICES – devices which store data that can be subsequently used by the CPU
a. Random access – data can be accessed directly regardless of how it is physically stored
(e.g., magnetic disk)
143
b. Sequential access – data must be processed in the order in which it is physically stored
(e.g., magnetic tape)
11. OUTPUT DEVICES – produce readable data or machine-readable data when further processing is
required. Examples are CRT, printer, and CRT COM (Computer output to Micro film)
12. TERMINALS – CRT devices or microcomputers used for input/output (communication) with the CPU
13. POINT-OF-SALE DEVICES – a terminal connected to a computer. It takes the place of a cash register
or similar devices which allows instant recording and is capable of keeping perpetual inventory
14. MODEM – a device for interfacing communications equipment within communication networks
Software consists of computer programs which instruct the computer hardware to perform the desired
processing.
Types of computer programs

1. OPERATING SYSTEM – controls the functioning of the CPU and its peripheral equipment. Several
different operating systems allow a single configuration of hardware to function in the following
modes:
a. MULTIPROGRAMMING – the operating system processes a program until an input/output
operation is required. Since input or output can be handled by peripheral devices, such
as channels and controllers, the CPU can begin executing another program’s instructions.
Several programs appear to be concurrently processing
b. MULTIPROCESSING – multiple CPUs process data while sharing peripheral devices,
allowing two or more programs to be process simultaneously
c. VIRTUAL STORAGE – the operating system separates user programs into segment pages
automatically. It appears as though there is unlimited memory available for programs,
even though the program is still confined to a physical segment of memory.
2. UTILITY PROGRAM – performs a commonly required process, such as storing and merging
3. APPLICATION PROGRAM – performs the desired processing tasks (e.g., payroll preparation)
4. SOURCE PROGRAM – written by a programmer in a source language (e.g., COBOL) that will be
converted into an object program
5. OBJECT PROGRAM – converted source program that was changed using a complier to create a set of
machine-readable instructions
6. COMPILER – converts a source program to a machine language object program
7. INTERPRETER – converts each source code instruction to object code each time it is executed
8. DATABASE MANAGEMENT SYSTEM (DBMS) – a software package for the purpose of creating,
accessing, and maintaining a database
9. TELECOMMUNICATIONS MONITOR PROGRAM – provides edit capabilities and file maintenance to
users, monitors on-line terminals, and handles input to application programs
ELECTRONIC DATA INTERCHANGE (EDI) – the electronic exchange of transactions, from one entity’s
computer to another entity’s computer through an electronic communications network. In electronic fund
transfer (EFT) Systems, for example, electronic transactions replace checks as a mean of payment.
EDI controls include:
a. Authentication – controls must exist over the origin, proper submission, and proper delivery of
EDI communications to ensure that the EDI messages are accurately sent and received to and
from authorized customers and suppliers.
b. Encryption – involves conversion of plain text data to cipher text data to make EDI messages
unreadable to unauthorized persons
c. VAN controls – a value added network (VAN) is a computer service organization that provides
network, storage, and forwarding (mailbox) services for EDI messages
AUDIT APPROACHES
1. Auditing around the computer – the auditor ignores or bypasses the computer processing function of
an entity’s EDP system
2. Auditing with the computer – the computer is used as an audit tool
3. Auditing through the computer – the auditor enters the client’s system and examines directly the
computer and its system and application software
COMPUTER ASSISTED AUDIT TECHNIQUES FOR TESTS OF CONTROLS

I. Program analysis – techniques that allow the auditor to gain an understanding of the client’s
program
1. Code review – involves actual analysis of the logic of the program’s processing routines
2. Comparison programs – programs that allow the auditor to compare computerized files
3. Flowcharting software – used to produce a flowchart of a program’s logic and may be
144
used both in mainframe and microcomputer environments

4. Program tracing and mapping – program tracing is a technique in which instruction
executed is listed along with control information affecting that instruction. Program
mapping identifies sections of code which may be potential source of abuse
5. Snapshot – this technique “takes a picture” of the status of program execution,
intermediate results, or transaction data at specified processing points I the program
processing
II. Program testing – involves the use of auditor-controlled actual or simulated data
1. Historical audit techniques – test the audit computer controls at a point in time
a. Test data
● A set of dummy transactions specifically designed to test the control
activities that management claims to have incorporated into the processing
programs
● Shifts control over processing to the auditor by using the client’s software to
process auditor-prepared test data that includes both valid and invalid
conditions
● It embedded controls are functioning properly, the client’s software should
detect all the exceptions planted in the auditor’s test data
● Ineffective if the client does not use the software tested
b. Base case system evaluation (BCSE)
● Develops test data that purports to test every possible condition that an
auditor expects a client’s software will confront
● Provides an auditor with much more assurance than test data alone, but
expensive to develop and therefore cost-effective only in large computer
systems
c. Integrated test facility (ITF)
● A variation of test of data whereby simulated data and actual data are run simultaneously with the
client’s program and computer results are compared with auditor’s predetermined results
● It provides assurance that the software tested is actually used to prepare financial reports
d. Parallel simulation
● It involves of processing client’s live (actual) data utilizing an auditor’s generalized audit software
● If an entity’s control have been operating efficiently, the client’s software should generate the same
exceptions as the auditor’s software
● It should be performed on a surprise basis, I possible
e. Controlled reprocessing
● A variation of parallel simulation, it involves processing of actual client data through a copy of the
client’s application program
2. Continuous audit techniques – test the audit computer controls throughout a period.
a. Audit modules – programmed audit routines incorporated into an application
program that are designed to perform an audit function such as a calculation, or
logging activity
b. Systems control audit review files (SCARFs) – log that collect transaction
information for subsequent review and analysis by the auditor
c. Audit hooks – “exists” in an entity’s computer program that allows an auditor to
insert commands for audit processing
d. Transaction tagging – a transaction record is tagged and then traced through
critical control points in the information system
e. Extended records – this technique attaches additional audit data which would not
otherwise be saved to regular historic records and thereby helps to provide a
more complete audit trail
III. Review of operating system and other system software
1. JOB ACCOUNTING DATA/ OPERATING SYSTEM LOGS – these logs that track particular
functions, include reports of the resources use by the computer system. The auditor may
be able to use them to review the work processed, to determined whether unauthorized
applications were processed and to determine that authorized applications were
processed properly
2. LIBRARY MANAGEMENT SOFTWARE – this logs changes in programs, program modules,
job control language, and other processing activities
3. ACCESS CONTROL AND SECURITY SOFTWARE – this restricts access to computers to
authorized personnel through techniques such as only allowing certain users with “read-
only” access or through use of an encryption
COMPUTERIZED AUDIT TOOLS
145
1. AUDIT SOFTWARE – computer programs used to process data of audit significance from the client’s
accounting system
a. Package programs (generalized audit software)
1. Reading computer files
2. Selecting samples
3. Performing calculations
4. Creating data files
5. Printing reports in an auditor-specified format
b. Purpose written programs (special purpose or custom designed programs)
c. Utility programs – they are generally not designed for audit purposes
2. Electronic spreadsheets – contain a variety of predefined mathematical operations and functions that
can be applied to data entered into the cells of a spreadsheet
3. Automated work paper software – designed to generate a trial balance, lead schedules, and other
reports useful for the audit. The schedules and reports can be created once the auditor has either
manually entered or electronically imported through using the client’s account balance information
into the system
4. Text retrieval software – allow user to view any text that ia available in an electronic format. The
software program allows the user to browse through text files much as a user would browse through
books.
5. Database management systems
6. Public databases
7. Word processing software
Factors to consider in using CAAT

1. Degree of technical competence in CIS
2. Availability of CAAT and appropriate computer facilities
3. Impracticability of manual tests
4. Effectiveness and efficiency
5. Timing of tests
Controlling the CAAT application

Procedures to control the use of AUDIT SOFTWARE may include:
1. Participating in the design and testing of computer programs
2. Checking the coding of the program
3. Requesting the client’s CIS personnel to review the operating system instructions
4. Running the audit software on small test files before running them on main data files
5. Ensuring that the correct files were used
6. Obtaining evidence that the audit software functioned as planned
7. Establishing appropriate security measures to safeguard against manipulations of the entity’s data
files
Procedures to control the use of TEST DATA may include:

1. Controlling the sequence of submission of test data where it spans several processing cycles
2. Performing test runs
3. Predicting the results of test data
4. Confirming that the current version of the program was used
5. Obtaining reasonable assurance that the programs used to process the test data were used by the
entity throughout the applicable audit period
146

Review Notes

Uploaded by

Copyright:

Available Formats

Review Notes

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Review Notes

Uploaded by

Copyright:

Available Formats

AUDITING THEORY REVIEW NOTES

FUNDAMENTALS OF ASSURANCE ENGAGEMENTS1

● Assurance services improve the quality of information for decision-making.

Objective of an Assurance Engagement, In General:

Objective of Assurance Engagements:

Types of Assurance Engagements and their Objectives:

● Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably

● The objective of a limited assurance engagement is a reduction in assurance engagement risk to

● Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable

Assurance Engagement Risk:

Assertion-based and Direct Reporting Engagements:

In an assertion-based engagement, the practitioner’s conclusion can be worded in terms of

In a direct reporting engagement, the practitioner’s conclusion is worded directly in terms of

Range of Assurance Engagements:

Examples of Assurance Engagements:

g. Information Systems Reliability

Requirements before a practitioner can accept an assurance engagement:

Elements of Assurance Engagements:

Three Party Relationship:

Responsible party and intended user:

Appropriate Subject Matter:

Subject matter in an audit of financial statements:

● Subject matter information is the set of financial statements

Requirements for subject matter to be considered appropriate:

Forms of subject matter of an assurance engagement:

Five characteristics of suitable criteria:

Two types of criteria:

Examples of suitable criteria:

Availability of criteria to intended users:

Sufficient Appropriate Evidence:

● Professional skepticism – an attitude that includes a questioning mind, being alert to

Written Assurance Report:

Levels of assurance provided in the written report:

Type or level Form of conclusions Example

The subject matter of attestation services include:

Relationships among Auditing, Attestation, and Assurance Services:

Examples of non-assurance engagements:

Agreed-upon Procedures Engagements:

Compilation of Financial or Other Information Engagements:

A pervasive characteristic of a CPA’s role in a consulting services engagement is that of being an

Assurance Services vs. Consulting Services:

Points of distinction Assurance services Consulting services

Comparative Examples of Assurance and Non-Assurance Services:

Categories of Services / Engagements

Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation

Engagements and level of assurance:

Distinctions between Typical Assurance and Non-Assurance Services:

Objective To express To report whether To perform audit To assist the client in

Evidence Risk assessment, Limited to: Reading of the FS for

Pronouncements on Assurance Engagements:

Philippine Framework for Assurance Engagements:

Reports on Non-Assurance Engagements:

Remedies in case of inappropriate use of the practitioner’s name by other party:

Two processes of auditing:

2. Objectively obtaining and evaluating evidence – auditing involves gathering and

5. Ascertain the degree of correspondence between assertions and established

FS audit is an Assurance Engagement:

Need for Independent Audit of Financial Statements:

Elements of Theoretical Framework of Auditing: