Professional Documents
Culture Documents
Manila
AUDITING THEORY
CPA REVIEW
Audit
Review
Moderate
assurance
Positive assurance
on assertion(s)
(Audit Report)
Negative
assurance on
assertion(s)
(Review Report)
Agreedupon
Procedures
No assurance
Factual
findings of
procedures
Compilation
No assurance
Identification of
information
compiled
(Compilation
Report)
PSQC1
QUALITY CONTROL FOR FIRMS THAT PERFORM AUDITS AND
REVIEWS OF HISTORICAL FINANCIAL INFORMATION, AND OTHER ASSURANCE
AND RELATED SERVICES
PSA 220
(REVISED)
QUALITY CONTROL FOR AUDITS OF HISTORICAL FINANCIAL INFORMATION
PSA 210
[AMENDED BY PSA 700(REVISED)]
TERMS OF AUDIT ENGAGEMENTS
PSQC 1
1. The firm should establish a System of Quality Control to provide it with reasonable
assurance that:
a. The firm and its personnel comply with professional standards and regulatory and
legal requirements; and
b. The reports issued by the firm or engagement partners are appropriate in the
circumstances.
2. Elements of a System of Quality Control
a. Leadership responsibility for quality within the firm
b. Ethical requirements
c. Acceptance and continuance of client relationships and specific engagements.
d. Human resources
e. Engagement performance
f. Monitoring
PSA 220 (Revised)
1. The engagement team should implement quality control procedures that are applicable to
the individual audit engagement.
2. The engagement partner should
a. Take responsibility for the overall quality on each audit engagement to which that
partner is assigned.
b. Consider whether members of the engagement team have complied with ethical
requirements.
c. Be satisfied that appropriate procedures regarding the acceptance and continuance
of client relationships and specific audit engagements have been followed, and that
conclusions reached in this regard are appropriate and have been documented.
d. Be satisfied that the engagement team collectively has the appropriate capabilities,
competence and time to perform the audit engagement in accordance with
professional standards and regulatory and legal requirements, and to enable an
auditors report that is appropriate in the circumstances to be issued.
e. Take responsibility for the direction, supervision and performance of the audit
engagement in compliance with professional standards and regulatory and legal
requirements, and for the auditors report that is issued to be appropriate n he
circumstances.
f. Be satisfied that sufficient appropriate audit evidence has been obtained to support
the conclusions reached and for the auditors report to be issued.
PSA 210 [AMENDED BY THE PSA 700 (REVISED)]
1. The purpose of this standard is to establish standards and provide guidelines on:
a. Agreeing the terms of the engagement with the client; and
b. The auditors response to a request by a client to change the terms of an
engagement to one that provides a lower level of assurance.
2. Audit Engagement Letters
It is in the interest of both client and auditor that the auditor sends an engagement letter,
preferably before the commencement of the engagement, to help in avoiding misunderstandings
with respect to the engagement.
Principal Contents
An engagement letter would generally include reference to:
The objective of the audit of financial statements.
Managements responsibility for the financial statements.
The financial reporting framework adopted by management in preparing the
financial statements.
The scope of the audit, including reference to applicable legislation,
regulations or pronouncements of professional bodies to which the auditor
adheres.
The form of any reports or other communication of results of the
engagement.
The fact that because of the test nature and other inherent limitations of an
audit, together with the inherent limitations of any accounting and internal
controls system, there is an unavoidable risk that even some material
misstatement may remain undiscovered.
Unrestricted access to whatever records, documentation and other
information requested in connection with the audit.
3. Acceptance of a Change in Engagement
1. An auditor who, before the completion of the engagement, is requested to change
the engagement tone which provides a lower level of assurance, should consider the
appropriateness of doing so.
2. A request from the client for the auditor to change the engagement may result from:
a. A change in circumstances affecting the need for the service;
b. A misunderstanding as to the nature of an audit or related service originally
requested; or
c. A restriction on the scope of the engagement, whether imposed by
management or caused by circumstances.
(NOTE: A or B would ordinarily be a reasonable basis for requesting a
change in the engagement)
3. A change would not be considered reasonable if it appeared that the change relates
to information that is incorrect, incomplete or otherwise unsatisfactory.
4. Before agreeing to change an audit engagement to a related service, an auditor
would also consider any legal or contractual implications of the change.
5. If the auditor concludes that there is reasonable justification to change the
engagement and if the audit work performed complies with the PSAs applicable to
the change engagement, the report issued would be that appropriate for the revised
terms of the engagement.
6. In order to avoid confusing the reader, the report would not include reference to:
a. The original engagement; or
b. Any procedures that may have been performed by the original engagement,
except where the engagement is changed to undertake agreed-upon
procedures.
7. Where the terms of the engagement are changed, the auditor and the client should
agree in the new terms.
2. The nature, timing and extent of the direction and supervision of engagement team members
and review of their work vary depending on many factors, including:
The size and complexity of the entity;
The area of audit;
The risks of material misstatement; and
The capabilities and competence of personnel performing the audit work.
3. The auditor plans the nature, timing and extent of direction and supervision of engagement team
members based on the assessed risk of material misstatement.
Documentation
The auditor should document the overall audit strategy and the audit plan, including any significant
changes made during the audit engagement.
Communications with Those Charged with Governance and Management
1. The auditor may discuss elements of planning with those charged with governance and the
entitys management.
2. Discussions with those charged with governance ordinarily include the overall audit strategy and
timing of the audit, including any limitations thereon, or any additional requirements.
3. When discussion of matters included in the overall audit strategy or audit plan occur, care is
required in order not to compromise the effectiveness of the audit.
Additional Considerations in Initial Audit Engagements
The auditor should perform the following activities prior to starting an initial audit:
1. Perform procedures regarding the acceptance of the client relationship and the specific audit
engagement.
2. Communicate with the previous auditor, where there has been a change of auditors, in
compliance with relevant ethical requirements.
PSA 315
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT AND ASSESSING THE RISKS OF
MATERIAL MISSTATEMENT
1. The auditor should obtain an understanding of the entity and its environment, including its
internal control, sufficient to identify and assess the risks of material misstatement of the
financial statements whether due to fraud or error, and sufficient to design and perform further
audit procedures.
2. The auditor should perform the following risk assessment procedures to obtain an understanding
of the entity and its environment, including its internal control:
a.) Industry, regulatory, and other external factors, including the applicable financial reporting
framework.
b.) Nature of the entity, including the entitys selection and application of accounting policies.
c.) Objectives and strategies and the related business risks that may result in a material
misstatement of the financial statements.
d.) Measurement and review of the entitys financial performance.
e.) Internal control.
INTERNAL CONTROL
1. Internal control is the process designed and effected by those charged with governance,
management, and other personnel to provide reasonable assurance about the achievement of
the entitys objectives with regard to:
Reliability of financial reporting;
Effectiveness and efficiency of operations; and
Compliance with applicable laws and regulations.
2. The auditor uses the understanding of internal control to:
Identify types of potential misstatements;
Consider factors that affect the risks of material misstatement; and
Design the nature, timing and extent of further audit procedures.
3.
3.) The information system, including the related business processes, relevant to financial
reporting, and communication.
4.) Control activities.
5.) Monitoring of controls.
The control environment includes the governance and management functions and the
attitudes, awareness, and actions of those charged with governance and management
concerning the entitys internal control and its importance in the entity.
Elements of control environment:
a) Communication of enforcement of integrity and ethical values.
b) Commitment to competence.
c) Participation by those charged with governance.
d) Managements philosophy and operating style.
e) Organizational structure.
f) Assignments of authority and responsibility.
g) Human resource policies and practices.
The auditor should obtain an understanding of the entitys risk assessment process, i.e., the
entity process for identifying business risks relevant to financial reporting objectives and
deciding about actions to address those risks, and the results thereof.
The auditor should obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:
The classes of transactions in the entitys operations that is significant to the financial
statements.
The procedures, within both IT and manual systems, by which those transactions are
initiated, recorded, processed and reported in the financial statements.
The related accounting records, whether electronic or manual, supporting information, and
specific accounts in the financial statements, in respect of initiating, recording, processing
and reporting transactions.
How the information system captures events and conditions, other than classes of
transactions that are significant to the financial statements.
The financial reporting process used to prepare the entitys financial statements, including
significant accounting estimates and disclosures.
Control activities are the policies and procedures to help ensure that management directives
are carried out. Examples of control activities include those relating to the following:
Authorization
Performance reviews.
Information processing.
Physical controls.
Segregation of duties.
Monitoring of controls involves assessing the design and operation of controls on a timely
basis and taking the necessary corrective actions modified for changes in conditions.
4.
Considers the likelihood that the risks could result in a material misstatement of the
financial statements.
PSA 330
THE AUDITORS PROCEDURES IN REPONSE TO ASSESSED RISKS
Overall responses
1. The auditor should determine overall responses to address the risks of material misstatement
at the financial statement level. Such responses may include:
Emphasizing to the audit team the need to maintain professional skepticism n
gathering and evaluating audit evidence
Assigning more experienced staff or those with special skills or using experts
Providing more supervision
Incorporating additional elements of unpredictability in the selection of further
audit procedures to be performed
Making general changes to the nature, timing or extent of audit procedures
Audit Procedures Responsive to Risks of Material Misstatement at the Assertion Level
1. In designing further audit procedures, the auditor considers the following:
The significance of the risk
The likelihood that the material misstatement will occur
The characteristics of the class transactions, account balance, or disclosure
involved.
The nature of the specific controls used by the entity and in particular whether
they are manual or automated
Whether the auditor expects to obtain audit evidence to determine if the entitys
controls are effective n preventing, or detecting and correcting, material
misstatements
2. Considering the nature, timing and extent of further audit procedures
The nature of further audit procedures refers to their:
a. Purpose- tests of controls or substantive procedures
b. Type - inspection, observation, inquiry, confirmation, recalculation, reperformance, or
analytical procedures.
Timing refers to when audit procedures are performed or the period or date to which the audit
evidence applies.
Extent includes the quantity of a specific audit procedure to be performed.
TESTS OF CONTROLS
1. The auditor is required to perform tests of controls when:
a. The auditors risk assessment includes an expectation of the operating effectiveness
of controls; or
b. When the substantive procedures alone do not provide sufficient appropriate audit
evidence at the assertion level
2. Tests of the operating effectiveness of controls are performed only on those controls that
the auditor has determined are suitably designed to prevent, or detect and correct, a
material misstatement in an assertion
3. Testing the operating effectiveness of controls includes obtaining evidence about:
a. How controls were applied at relevant times during the period under audit;
b. The consistency with which they were applied; and
c. By whom or by what means they were applied.
SUBSTANTIVE PROCEDURES
1. Substantive test procedures are performed in order to detect material misstatements at the
assertion level, and include:
Tests of details of classes of transactions, account balances, and disclosures; and
Substantive analytical procedures
2. The auditors substantive procedures should include the following audit procedures related to
the financial statement closing process:
Agreeing or reconciling the financial statements with accounting records; and
Examining material journal entries and other adjustments made during the
course of preparing the financial statements
3. The auditor should perform audit procedures to evaluate whether the overall presentation of
the financial statements, including the related disclosures, are in accordance with the
applicable financial reporting framework.
320
520
550
610
620
PSA 320
AUDIT MATERIALITY
1. Materiality should be considered by the auditor when:
Determining the nature, timing and extent of audit procedures; and
Evaluating the effect of misstatements
2. There is an inverse relationship between materiality and the level of audit risk
3. In evaluating whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework, the auditor should assess
whether the aggregate of uncorrected misstatements that have been identified during the
audit is material.
4. If the auditor concludes that the aggregate of uncorrected misstatements may be material, the
auditor needs to consider:
Reducing audit risk by extending audit procedures; or
requesting management to adjust the financial statements for the misstatements
identified
5. If management refuses to adjust the financial statements and the results of extended audit
procedures do not enable the auditor to conclude that the aggregate of uncorrected
misstatements is not material, the auditor should consider the appropriate modification to the
auditors report.
6. If the auditor has identified a material misstatement resulting from error, the auditor should
communicate the misstatements to the appropriate level of management on a timely basis,
and consider the need to report it to those charged with governance.
PSA 520
ANALYTICAL PROCEDURES
1. Analytical procedures means the analysis of significant ratios and trends including the
resulting investigation of fluctuations and relationships that are inconsistent with other
relevant information or which deviate from predicted amounts.
2. Analytical procedures also include consideration of comparisons of the entitys financial
statements:
a. Comparable information for prior periods
b. Anticipated results of the entity, such as budgets or forecasts, or expectations of the
auditor, such as an estimation of depreciation
c. Similar industry information
c. Technical competence
d. Due professional care
4. When planning to use the work of internal auditing, the external auditor will need to consider
internal auditings tentative plan for the period and discuss it as early a stage as possible.
5. Where the work of internal auditing is to be a factor in determining the nature, timing and
extent of the external auditors procedures, it is desirable to agree in advance the timing of
such work, the extent of audit coverage, materiality levels and proposed methods of sample
selection, documentation of the work performed and review and reporting procedures.
6. A liaison with internal auditing is more effective when meetings are held at appropriate
intervals during the period.
7. When the external auditor intends to use specific work of internal auditing, the external
auditor should evaluate and perform audit procedures on that work to confirm its adequacy for
the external auditors purposes.
8. The evaluation of specific work of internal auditing involves consideration of the adequacy of
the scope of the work and related programs and whether the preliminary assessment of the
internal auditing remains appropriate.
9. The nature, timing and extent of audit procedures performed on the specific work of internal
auditing will depend on:
The external auditors judgment as to the risk of material misstatement of the
area concerned;
The assessment of internal auditing; and
The evaluation of the specific work by internal auditing.
10.The external auditor would record conclusions regarding the specific internal auditing work
that has been evaluated and the audit procedures performed on the internal auditors work.
PSA 620
USING THE WORK OF AN EXPERT
1. Expert means a person or firm possessing special skill, knowledge and experience in a
particular filed other than accounting and auditing.
2. An expert may be:
a. Contracted by the entity;
b. Contracted by the auditor;
c. Employed by the entity; or
d. Employed by the auditor.
3. When determining the need to use the work of an expert, the auditor would consider:
a. The materiality of the financial statement item being considered;
b. The risk of misstatement based on the nature and complexity of the matter being
considered; and
c. The quantity and quality of other audit evidence available
4. When planning t use the work of an expert, the auditor should evaluate the professional
competence and objectivity of the expert.
5. The risk that an experts objectivity will be impaired increases when the expert is:
a. Employed by the entity; or
b. Related in some other manner to the entity.
6. The auditor should obtain sufficient appropriate audit evidence that the scope of the experts
work is adequate for the purposes of the audit. Audit evidence may be obtained through a
review of the terms of reference which are often set out in written instructions from the entity
to the expert.
Such instructions to the expert may cover matters such as:
a. The objectives and scope of the experts work
b. A general outline as to the specific matters the auditor expects the experts report to
cover
c. The intended use by the auditor of the experts work, including the possible
communication to third parties of the experts identity and extent f involvement
d. The extent of the experts access to appropriate records and files
e. Clarification of the experts relationship with the entity, if any.
f. Confidentiality of the entitys information
g. Information regarding the assumptions and methods intended to be used by the
expert and their consistency with those used in prior periods.
7. The auditor should evaluate the appropriateness of the experts work as audit evidence
regarding the financial statement assertion being considered. This will involve assessment of
whether the substance of the experts findings is properly reflected in the financial statements
or supports the financial statement assertions, and consideration of:
a. Source data used.
b. Assumptions and methods used and their consistency with prior periods
c. Results of the experts work in the light of the auditors overall knowledge of the
business and of the results of other audit procedures.
8. When considering whether the expert has used source data which is appropriate in the
circumstances, the auditor would consider the following procedures:
a. Making inquiries regarding any procedures undertaken by the expert to establish
whether the source data is sufficient, relevant and reliable.
b. Reviewing or testing the data used by the expert
9. If the results of the experts work do not provide sufficient audit evidence or if the results are
not consistent with other audit evidence, the auditor should resolve the matter. This may
involve:
a. Discussions with the entity and the expert
b. Applying additional audit procedures
c. Including possibly engaging another expert; or
d. Modifying the auditors report
10.When issuing an unmodified auditors report, the auditor should not refer to the work of an
expert. Such a reference might be misunderstood to be a qualification of the auditors opinion
or a division of responsibility, neither of which is intended.
11.If as a result of the work of an expert, the auditor decides to issue a modified auditors report,
in some circumstances it may be appropriate, in explaining the nature of the modification, to
refer to or describe the work o the expert (including the identity of the expert and the extent
of the experts involvement). In these circumstances, the auditor would obtain the permission
of the expert before making such a reference. If permission is refused and the auditor believes
a reference is necessary, the auditor may need to seek legal advice.
PSA
PSA
PSA
PSA
500(REVISED)
501
505
230
AUDIT EVIDENCE
AUDIT EVIDENCE ADDITIONAL CONSIDERATIONS ON SPECIFIC ITEMS
EXTERNAL CONFIRMATIONS
AUDIT DOCUMENTATION
PSA 500(REVISED)
AUDIT EVIDENCE
1. The auditor should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion
2. Audit Evidence is all the information used by the auditor in arriving at the conclusions on
which the opinion is based, and includes the information contained in the accounting records
underlying the financial statements and other information
3. Accounting records generally include:
The records of initial entries and supporting records, such as checks and records
of electronic fund transfers;
Invoices
Contracts
The general and subsidiary ledgers, journal entries and other adjustments to the
financial statements that are not reflected in formal journal entries; and
Records such as work sheets and spreadsheets supporting cost allocations,
computations, reconciliations and disclosures
4. Other information that the auditor may use as audit evidence includes:
Minutes of the meetings
Confirmations from third parties
Analysts reports
Comparable data about competitors (benchmarking)
Control manuals
Information obtained by auditors from such audit procedures as inquiry,
observation, and inspection; and
Other information developed by, or available to, the auditor that permits the
auditor to reach conclusions through valid reasoning
Sufficient appropriate evidence
1. Sufficiency is the measure of the quantity of audit evidence
2. Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its
reliability in providing support for, or detecting material misstatements in, the classes of
transactions, account balances, and disclosures and related assertions.
3. The following generalizations can be made about the reliability of audit evidence:
a. Audit evidence I more reliable when it is obtained from independent sources outside
the entity
b. Audit evidence that is generated internally is more reliable when the related controls
imposed by the entity are effective
c. Audit evidence obtained directly by the auditor (for example, observation of the
application of a control) is more reliable than audit evidence obtained indirectly or by
inference (for example, the inquiry about the application of control)
d. Audit evidence is more reliable when it exists in a documentary form, whether paper,
electronic, or other medium (for example, contemporaneously written record of a
meeting is more reliable than a subsequent oral representation of the matters
discussed)
e. Audit evidence provided by original documents is more reliable than audit evidence
provided by photocopies or facsimiles
4. An audit rarely involves the authentication of documentation, nor is the auditor trained as or
expected to be an expert in such authentication
5. When information produced by the entity is used by the auditor to perform audit procedures,
the auditor should obtain audit evidence about the accuracy and completeness of the
information
6. In forming an audit opinion, the auditor does not examine all the information available
because conclusions ordinarily can be reached by using sampling approaches and other
means of selecting items for testing.
The use of assertions in obtaining audit evidence
1. Management is responsible for the fair presentation of financial statements that reflect the
nature and operations of the entity.
2. In representing that the financial statements are presented fairly, in all material respects, in
accordance with the applicable financial reporting framework, management implicitly or
explicitly makes assertions regarding the recognition, measurement, presentation, and
disclosure of the various elements of financial statements and related disclosures
3. The auditor should use assertions for classes of transactions, account balances, and
presentation and disclosures in sufficient detail to form a basis for the assessment of risks of
material misstatement and the design and performance of further audit procedures
CATEGORIES OF ASSERTIONS
a. Assertions about classes of transactions and events for the period under audit:
1. OCCURRENCE - transactions and events that have been recorded have occurred and
pertain to the entity
2. COMPLETENESS
- all transactions and events that should have been recorded have
been recorded.
3. ACCURACY
- amounts and other data relating to recorded transactions and events
have been recorded appropriately
4. CUTOFF
- transactions and events have been recorded in the correct accounting
period
5. CLASSIFICATION
- transactions and events have been recorded in the proper accounts
b. Assertions about account balances at the period end:
1. EXISTENCE
-assets, liabilities, and equity interests exist
2. RIGHTS AND OBLIGATIONS- the entity holds or controls the right to assets, and liabilities
are obligations of the entity
3. COMPLETENESS
- all assets, liabilities, and equity interests that should have
been recorded have been recorded
4. VALUATION AND ALLOCATION - assets, liabilities and equity interests are included in the
financial statements at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded
c. Assertions about presentation and disclosure:
1. OCCURRENCE AND RIGHTS AND OBLIGATIONS
Disclosed events, transactions, and other matters have occurred and pertain
to the entity
2. COMPLETENESS
All disclosures that should have been included in the financial statements
have been included
3. CLASSIFICATION AND UNDERSTANDABILITY
Financial information is appropriately presented and described and
disclosures are clearly expressed
4. ACCURACY AND VALUATION
Financial and other information are disclosed fairly and at appropriate
amounts
Audit procedures for obtaining audit evidence
1. RISK ASSESSMENT PROCEDURES
Obtain an understanding of the entity and its environment, including its internal control,
to assess the risk of material misstatement at the financial statement and assertion
levels
2. TESTS OF CONTROLS
When necessary or when the auditor has determined to do so, test the operating
effectiveness of controls in preventing, or detecting and correcting, material
misstatements at the assertion level
3. SUBSTANTIVE PROCEDURES
Detect material misstatements at the assertion level. These include analytical review
procedures and tests of details
Examples of audit procedures
1. INSPECTION
Consists of examining records and documents, whether internal or external in paper
form, electronic form, or other media. Inspection of tangible assets consists of physical
examination of the assets.
2. OBSERVATION
Consists of looking at a process or procedure being performed by others
3. INQUIRY
Consists of seeking information of knowledgeable persons, both financial and
nonfinancial, throughout the entity or outside the entity
4. CONFIRMATION
The process of obtaining a representation of information or of an existing condition
directly from a third party
5. RECALCULATION
Consists of checking the mathematical accuracy of documents or records
6. REPERFORMANCE
The auditors independent execution of procedures or controls that were originally
performed as part of the entitys internal control, either manually or through the use of
CAATs
7. ANALYTICAL PROCEDURES
Consists of evaluations of financial information made by a study of plausible
relationships among both financial and nonfinancial data. It also encompasses the
investigation of identified fluctuations and relationships that are inconsistent with other
relevant information or deviate significantly from predicted amounts.
PSA 501
AUDIT EVIDENCE ADDITIONAL CONSIDERATIONS ON SPECIFIC ITEMS
Attendance at Physical Inventory Counting
1. When inventory is material to the financial statements, the auditor should obtain sufficient
appropriate audit evidence regarding its existence and condition by attendance at physical
inventory counting unless impracticable.
2. If unable to attend the physical inventory count on the date panned due to unforeseen
circumstances, the auditor should take or observe some physical counts on an alternative date
and, when necessary, perform tests of intervening transactions.
3. Where attendance is impracticable, due to factors such as the nature and location of the
inventory, the auditor should consider whether alternative procedures provide sufficient
appropriate audit evidence of existence and condition to conclude that the auditor need not
make reference to a scope limitation.
4. In planning attendance at the physical inventory count or the alternative procedures, the auditor
would consider:
The nature of the accounting and internal control systems used regarding inventory.
Inherent, control, and detection risks, and materiality related to inventory.
Whether adequate procedures are expected to be established and proper instructions issued
for physical inventory counting.
The timing of the count.
The locations at which inventory is held.
Whether an experts assistance is needed.
5. The auditor would review managements instructions regarding:
The application of control procedures, for example, the collection of used stocksheets,
accounting for unused stocksheets, and count and recount procedures.
6. To obtain assurance that managements procedures are adequately implemented the auditor
would observe employees procedures and perform test counts.
7. The auditor would also consider cutoff procedures including details of the movement of
inventory just prior to, during, and after the count so that the accounting for such movements
can be checked at a later date.
8. The auditor would test the final inventory listing to assess whether it accurately reflects actual
inventory counts.
9. When inventory is under the custody and control of a third party, the auditor would ordinarily
obtain direct conformation from the third party as to the quantities and condition of inventory
held on behalf of the entity. Depending on the materiality of this inventory, the auditor would
consider:
The integrity and independence of the third party.
Observing, or arranging for another auditor to observe, the physical inventory count.
Obtaining another auditors report on the adequacy of third partys accounting and internal
control systems for ensuring that inventory is correctly counted and adequately safeguarded.
Inspecting documentation regarding inventory held by third parties, for example, warehouse
receipts, or obtaining confirmation from other parties when such inventory has been pledged
as collateral.
Procedures regarding litigation and claims
1. The auditor should carry out procedures in order to become aware of any litigation and claims
involving the entity, which may have a material effect on the financial statements.
2. When litigation or claims have been identified or when the auditor believes they may exist, the
auditor should seek direct communication with the entitys lawyers.
3. The letter, which should be prepared by management and sent by the auditor, should request
the lawyer to communicate directly with the auditor. When it is considered unlikely that the
lawyer will respond to a general inquiry, the letter would ordinarily specify:
A list of litigation and claims.
Managements assessment of the outcome of the litigation or claim and its estimate of the
financial implications, including costs involved.
A request that the lawyer confirms the reasonableness of managements assessments and
provides the auditor with further information if the list is considered by the lawyer to be
incomplete or incorrect.
4. The auditor considers the status of legal matters up to date of the audit report.
5. If management refuses to give the auditor permission to communicate with the entitys lawyers,
this would be a scope limitation and should ordinarily lead to a qualified opinion or a disclaimer
of opinion.
Valuation and disclosure of long-term investments
1. When long-term investments are material to the financial statements, the auditor should obtain
sufficient appropriate audit evidence regarding their valuation and disclosure.
2. Audit procedures ordinarily include considering evidence as to whether the entity has the ability
to continue to hold the investments on a long-term basis and discussing with management
whether the entity will continue to hold the investments as long-term investments and obtaining
written representations to that effect.
3. Other procedures would ordinarily include considering related financial statements and other
information, such as market quotations, which provide an indication of value and comparing
such values to the carrying amount of the investments up to the date of the auditors report.
Segment information
1. When segment information is material to the financial statements, the auditor should obtain
sufficient appropriate audit evidence regarding its disclosure in accordance with the applicable
financial reporting framework.
2. The auditor considers segment information in relation to the financial statements taken as a
whole, and is not ordinarily required to apply auditing procedures that would be necessary to
express an opinion on the segment information standing alone.
3. Audit procedures regarding segment information ordinarily consist of analytical procedures and
other audit test appropriate in the circumstances.
4. The auditor would discuss with management the methods used in determining segment
information, and consider whether such methods are likely to result in disclosure in accordance
with GAAP and test the application of such methods.
PSA 505
EXTERNAL CONFIRMATIONS
1. External confirmation is the process of obtaining and evaluating audit evidence through a
direct communication from a third party in response to a request for information about a
particular item affecting assertions made by management in the financial statements.
Use of positive and negative external confirmations
2. A positive external confirmation request asks the respondent to reply to the auditor in all cases
either by indicating the respondents agreement with the given information, or by asking the
respondent to fill in the information.
3. A negative external confirmation request asks the respondent to reply only in the event of
disagreement with the information provided in the request.
4. Negative confirmation requests may be used to reduce the risk of material misstatement to an
acceptable level when:
The assessed risk of material misstatement is lower.
A large number of small balances are involved.
A substantial number of errors are not expected.
The auditor has no reason to believe that respondents will disregard these requests.
5. When performing confirmation procedures, the auditor should maintain control over the process
of selecting those to whom a request will be sent, the preparation and sending of confirmation
requests, and the responses to those requests.
6. The auditor should perform alternative procedures where no response is received to a positive
external confirmation request. The alternative audit procedures should be such as to provide the
evidence the evidence about the financial statement assertions that the confirmation request
was intended to provide.
7. When the auditor forms a conclusion that the confirmation process and alternative procedures
have not provided sufficient appropriate audit evidence regarding an assertion, the auditor
should undertake additional procedures to obtain sufficient audit evidence.
8. The auditor should evaluate whether the results of the external confirmation process together
with the results from any other procedures performed, provide sufficient appropriate audit
evidence regarding the assertion being audited.
PSA 230 (Revised)
AUDIT DOCUMENTATION
1. The auditor should prepare, on a timely basis, audit documentation that provides:
a sufficient and appropriate record of the basis for the auditors report; and
2.
3.
4.
5.
6.
7.
8.
9.
evidence that the audit was performed in accordance with PSAs and applicable legal
and regulatory requirements
Audit documentation means the record of audit procedures performed, relevant audit
evidence obtained, and conclusions the auditor reached (terms such as working papers or
work papers are also sometimes used).
experience auditor means an individual (whether internal or external to the firm) who has
reasonable understanding of
Audit processes;
PSAs and applicable legal and regulatory requirements
The business environment in which the entity operates; and
Auditing and financial reporting issues relevant to the entitys industry
Audit documentation may be recorded on paper or on electronic or other media
The auditor should prepare the audit documentation so as to enable an experiences auditor,
having no precious connection with the audit, to understand:
the nature, timing , and extent of the audit procedures performed to comply with PSAs
and applicable legal and regulatory requirements
the results of the audit procedures and the audit evidence obtained; and
significant matters arising during the audit and the conclusions reached thereon
in documenting the nature, timing and extent of audit procedures performed, the auditor
should record the identifying characteristics of the specific items or matters beig tested
the auditor should document discussions of significant matters with management and others
on a timely basis
where, in exceptional circumstances, the auditor judges it necessary to depart from a basic
principle or an essential procedure that is relevant in the circumstances of the audit, the
auditor should document how the alternative audit procedures performed achieved the
objective of the audit, and, unless otherwise clear, the reasons for the departure
the auditor should record:
who performed the audit work and the date such work was completed
who reviewed the audit work performed and the date and extent of such review
PSA 260
2. MISAPPROPRIATION OF ASSETS
Involves the theft of an entitys assets and is often perpetrated by employees in
relatively small and immaterial amounts
Can also involve management who are usually more able to disguise or conceal
misappropriations in ways that are difficult to detect
Often accompanied by false or misleading records or documents in order to conceal the
fact that the aspects are missing or have been pledged without proper authorization
Can be accompanied in a variety of ways including:
o Embezzling receipts
o Stealing physical assets or intellectual property
o Causing an entity to pay for the goods and services not received
o Using an entitys assets for personal use
Responsibilities of Those charged with Governance and of Management
1. The primary responsibility for the prevention and detection of fraud rests with both those
charged with governance of the entity and with management
2. It is important management, with the oversight of those charged with governance, place a
strong emphasis on fraud prevention, which may reduce opportunities for fraud to take place,
and fraud deterrence, which could persuade in individuals not to commit fraud because of the
likelihood detection and punishment
3. It is the responsibility of those charged with governance of the entity to ensure , through
oversight of management, that the entity establishes and maintains internal control to provide
reasonable assurance with regard to reliability of financial reporting, effectiveness and
efficiency of operations and compliance with applicable law and regulations
4. It is the responsibility of management, with oversight from those charged with governance, to
establish a control environment and maintain policies and procedures to assist in achieving the
objective ensuring, as far as possible, the orderly and efficient conduct of the entitys
business
Inherent limitations of an Audit in the context of Fraud
1. Owing to inherent limitations of an audit, there is an unavoidable risk that some material
misstatements of the financial statements will not be detected, even though the audit is
properly planned and performed in accordance with PSAs
2. The risk of not detecting a material misstatement resulting from fraud is higher than the risk of
not detecting a material misstatement resulting from error because fraud may involve
sophisticated and carefully organized schemes designed to conceal it, such as:
Forgery
Deliberate failure to record transactions
Intentional misrepresentation being made to the auditor
3. The risk of the auditor not detecting a material misstatement resulting from management
fraud is greater than for employee fraud, because management is frequently in a position to
directly or indirectly manipulate accounting records and present fraudulent financial
information
4. The subsequent discovery of a material misstatement of the financial statements resulting
from fraud does not, in and of itself, indicate a failure to comply with PSAs
Responsibilities of the auditor for detecting material misstatements due to fraud
1. An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the
financial statements taken as a whole are free from material misstatement, whether caused by
fraud or error
2. An auditor cannot obtain absolute assurance that material misstatements in the financial
statement will be detected because of such factors as of the following:
use of judgment
use of testing
inherent limitations of internal control
the fact that much of the audit evidence available to the auditor is persuasive
rather than conclusive in nature
3. The auditor should maintain an attitude of professional skepticism throughput the audit,
recognizing the possibility that a material misstatement due to fraud could exist,
notwithstanding the auditors past experience with the entity about the honesty and integrity
of management and those charged with governance
4. Members of the engagement team should discuss the susceptibility of the entitys financial
statements to material misstatement due to fraud
5. Risk assessment procedures
The auditor should perform risk assessment procedures to obtain an understanding of
the entity and its environment, including its internal control. As part of this work, the
auditor performs the following procedures to obtain information that is used to identify
the risks of material misstatements due to fraud:
1. Makes inquiries of management, of those charged with governance, and of others
within the entity as appropriate and obtains an understanding of how those charged
with governance exercise oversight of managements processes for identifying and
responding to the risks of fraud and he internal control that management has
established to mitigate these risks
2. Considers whether one or more fraud risk factors are present
3. Considers any unusual or unexpected relationships that have been identified in
performing analytical procedures
4. Considers other information that may be helpful in identifying the risks of material
misstatement due to fraud.
Responses to the risks of material misstatement due to fraud
1. The auditor should determine overall responses to address he assessed risks of material
misstatement due to fraud at the financial statement level and should design and perform
further audit procedures whose nature, timing and extent are responsive to the assessed risks
at the assertion level
2. In determining overall responses to address the risks of material misstatement due to fraud at
the financial statement level the auditor should:
Consider the assignment and supervision of personnel
Consider the accounting policies used by the entity; and
Incorporate an element of unpredictability in the selection of the nature, timing and
extent of audit procedures
3. Audit procedures responsive to risks of material misstatement due to fraud at the
assertion level
The auditors responses may include changing the nature, timing, and extent of audit
procedures in the following ways:
a. The nature of audit procedures to be performed may need to be changed to obtain audit
evidence that is more reliable and relevant to obtain additional corroborative
information
b. The timing of substantive procedures may need to be modified. The auditor may
conclude that performing substantive testing at or near the period end better addresses
an assessed risk of material misstatement due to fraud
c. The extent of the procedures applied reflects the assessment of the risks of material
misstatement due to fraud. For example, increasing sample sizes or performing
analytical procedures at a more detailed level may be appropriate
4. To respond to the risk of management override of controls, the auditor should design and
perform audit procedures to:
a. Test the appropriateness of journal entries recorded in the general ledger and other
adjustments made in the preparation of the financial statements
b. Review accounting estimates for biases that could result to material misstatement due
to fraud
c. Obtain an understanding of the business rationale of significant transactions that the
auditor become aware of that are outside the normal course of the business for the
entity, or that otherwise appear to be unusual given the auditors understanding of the
entity and its environment
Evaluation of audit evidences
1. The auditor should consider whether analytical procedures that are performed at or near the
end of audit when forming an overall conclusion as to whether the financial statements as a
whole are consistent with auditors knowledge of the business indicate a previously
unrecognized risk of material misstatement due to fraud
2. When the auditor identifies the misstatement, the auditor should consider whether such a
misstatement may be indicative of fraud and if there is such an indication the auditor should
consider the implications of the misstatement in relation to other aspects of the audit,
particularly the reliability of management representations
3. When the auditor confirms that, or is unable to conclude whether, the financial statements are
materially misstated as a result of fraud, the auditor should consider the implications for the
audit
Management representations
The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and implementation of internal control to
prevent and detect fraud
b. It has disclosed to the auditor the results of its assessment of the risk that the financial
statements may be materially misstated as a result of fraud
c. It has disclosed to the auditor its knowledge of fraud or suspected fraud affecting the entity
involving:
i. Management
ii. Employees who have significant roles in internal control
iii. Others where the fraud could have a material effect on the financial statements
and
d. It has disclosed to the auditor its knowledge of any allegations of fraud, or suspected
fraud, affecting the entitys financial statements communicated by the employees,
former employees, analysts, regulators or others
Communication with management and those charged with governance
1. If the auditor has identified a fraud or has obtained information that indicates that a fraud may
exist, the auditor should communicate these matters as soon as practicable to the appropriate
level of management
2. If the auditor has identified fraud involving management, employers who have significant roles
in internal control, or others where the fraud results in a material misstatement in the financial
statements, the auditor considers seeking legal advice to assist in the determination of the
appropriate course of action
3. If the integrity or honesty of management or those charged with governance is doubted, the
auditor considers seeking legal advice to assist in the determination of the appropriate course
of action
4. The auditor should make those charged with governance and management aware, as soon as
practicable, and at the appropriate level of responsibility, of material weaknesses in the design
or implementation of internal control to prevent and detect fraud which may have come to the
auditors attention
5. The auditors professional duty to maintain the confidentiality of client information may
preclude reporting fraud to a party outside the client the entity. However, the duty of
confidentiality may be overridden by regulatory requirements
Auditor unable to continue the engagement
1. If , as a result of a misstatement resulting from fraud or suspected fraud, the auditor
encounters exceptional circumstances that bring into question the auditors ability to continue
performing audit, the auditor should:
a. Consider the professional and legal responsibilities applicable in the circumstances,
including whether there is a requirement for the auditor to report to the person or
persons who made the audit appointment or, I some cases, to regulatory authorities
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:
i. Discuss the appropriate level of management and those charged with
governance the auditors withdrawal from the engagement and the reasons for
the withdrawal; and
ii. Consider whether there is a professional or legal requirement to report to the
person or persons who made the audit appointment or, in some cases, to
regulatory authorities, the auditors withdrawal from the engagement and the
reasons for the withdrawal
Documentation
1. The documentation of the auditors understanding of the entity and its environment and the
auditors assessment of the risks of material misstatement should include:
a. The significant decisions reached during the discussion among the engagement
team regarding the susceptibility of the entitys financial statements to material
misstatement due to fraud
b. The identified and assessed risks of material misstatement due to fraud at the
financial statement level and at the assertion level
2. The documentation of the auditors responses to the assessed risks of material misstatement
should include:
a. The overall responses to the assessed risks of material misstatement due to fraud at
the financial statement level and the nature, timing and extent of audit procedure,
and the linkage of those procedures with the assessed risks of material
misstatement due to fraud at the assertion level
b. The results of the audit procedures, including those designed to address the risk of
management override of controls
3. The auditor should document the communications about fraud made to management, those
charged with governance, regulators and others
4. When the auditor has concluded that the presumption that there is a risk of material
misstatement due to fraud related to revenue recognition is not applicable in the
circumstances of the engagement, the auditor should document the reasons for that
conclusion
PSA 250
CONSIDERATION OF LAWS AND REGULATIONS IN AN AUDIT OF FINANCIAL STATEMENTS
1. Noncompliance as used in PSA 250 refers to acts of omission or commission by he entity
being audited, either intentional and unintentional, which are contrary to the prevailing laws
and regulations
2. Noncompliance does not include personal misconduct (unrelated to the business activities of
the entity) by the entitys management or employees
3. When planning and performing audit procedures and in evaluating and reporting the results
thereof, the auditor should recognize that noncompliance by the entity with laws and
regulation may materially affect the financial statements
Responsibility of management for the compliance with laws and regulations
1. It is managements responsibility to ensure that the entitys operations conducted in
accordance with laws and regulations
2. The responsibility for the prevention and detection of noncompliance rests with management
3. The following policies and procedures, among others, may assist management in discharging
its responsibilities for the prevention and detection of noncompliance:
Monitoring legal requirements and ensuring that operating procedures are designed to
meet these requirements
Instituting and operating appropriate systems of internal control
Developing, publicizing and following a Code of Conduct
Ensuring employees are properly trained and understand the Code of Conduct
Monitoring compliance with the Code of Conduct and acting appropriately to discipline
employees who fail to comply with it
Engaging legal advisors to assist in monitoring legal requirements
Maintaining a register of significant laws with which the entity has to comply within its
particular industry and a record of complaints
The auditors consideration of compliance with laws and regulations
1. The auditor is not, and cannot be held responsible for preventing noncompliance
2. The auditor should plan and perform the audit with an attitude of professional skepticism
recognizing that the audit may reveal conditions or events that would lead to questioning
whether an entity is complying with laws and regulations
3. In order t plan the audit, the auditor should a general understanding of the legal and
regulatory framework applicable to the entity and the industry and how the entity is complying
wih that framework
4. After obtaining the general understanding, the auditor should perform procedures to help
identify instances of noncompliance with those laws and regulations where non compliance
should be considered when preparing financial statements specifically:
a. Inquiring of management as to whether the entity is in compliance with such laws
and regulations
b. On receipt of an inquiry from the proposed auditor, the existing auditor should advise
whether there are any professional reasons why the proposed auditor should not
accept the appointment. If permission from the client to discuss its affairs with the
proposed auditor of denied by the client, the fact should be disclosed to the propose
auditor
AUDIT SAMPLING
(BASED ON PSA 530: AUDIT SAMPLING AND OTHER SELECTIVE TESTING PROCEDURES)
Selecting items of testing to gather audit evidence
When designing audit procedures, the auditor should determine appropriate means of selecting
items for testing. The means available to the auditor are:
a. Selecting all items (100% examination)
b. Selecting specific items
c. Audit sampling
Selecting all items (100% examination)
Unlikely in the case of tests of control but more common for substantive procedures
May be appropriate when:
a. The population constitutes a small number of large value items
b. When both inherent risk and control risk are high and other means do not provide
sufficient appropriate audit evidence
c. When the repetitive nature of a calculation or other process performed by a computer
information system makes a 100% examination cost effective
Selecting specific items
The auditor may decide to select specific items from a population based on such factors as
knowledge of the clients business, preliminary assessments of inherent and control risks, and
the characteristics of the population being tested
The judgmental selection of specific items is subject to nonsampling risk
Specific selected items may include:
High value or key items
All items over a certain amount
Items to obtain information
Items to test procedures
While an efficient means of gathering audit evidence, it does not constitute audit sampling.
The results of audit procedures applied to specific items selected cannot be projected to the
entire population
AUDIT SAMPLING
1. Audit Sampling involves the application of audit procedures to less than 100% of items with
an account balance or class of transactions
2. Sampling may be statistical or nonstatistical.
I.
Statistical sampling means any approach t sampling that has the following
characteristics:
a. Random selection of a sample
b. Use of probability theory to evaluate sample results
II.
Audit sampling plan refers to the procedures an auditor applies t accomplish a sampling
application. In aids an auditor I forming conclusions about one r more characteristics or either a
particular class of transactions or a particular account balances
1. ATTRIBUTE SAMPLING
Applicable to tests of control
Used to test an entitys rate of deviation (also called rate of occurrence) from a
prescribed control procedure
2. VARIABLES SAMPLING
Applicable to substantive test
Most commonly used to test whether recorded account balances are fairly stated
SAMPLING RISK
1. It arises from the possibility that the auditors conclusion, based on a sample may be different
from the conclusion reached if the entire population were subjected to the same audit
procedures
2. The confidence level (also called reliability level) is the mathematical complement of the
applicable sampling risk factor
3. It is to be measured and controlled. The auditor controls it by specifying the acceptable level
when developing the sampling design
4. For tests of control, it has the following aspects:
3. DISCOVERY SAMPLING
Appropriate when the expected deviation rate is near zero and when the auditors
objective is to find at least one deviation in a sample if the actual population deviation
rate exceeds or equals a predetermined critical rate (tolerable deviation rate)
STEPS IN A VARIABLE SAMPLING PLAN
1. Determine the objectives of the test
The auditors objective is to test the reasonableness of a record account balance, called
hypothesis testing.
2. Define the population and sampling unit
3. Choose an audit sampling technique
a. Statistical vs. Nonstatistical
b. Classical variables sampling vs. Probability-proportional-to-size sampling
4. Determine the sample size
The auditor considers the following:
a. Variation within the population
Sample size varies in the same direction as the variation in population amounts. As
population variation increases, so does the sample size
An estimate of population variation is made by determining a population standard
deviation
b. Acceptable risk of incorrect rejection
c. Acceptable risk of incorrect acceptance
d. Tolerable error the maximum monetary error that may exist in an account balance
without causing the financial statements to be materially misstated
5. Determine the method of sample selection
6. Perform the sampling plan
7. Evaluate the sample results
The following procedures are performed:
a. Projecting the same error to the population
b. Considering sampling risk
c. Considering qualitative information
d. Reaching an overall conclusion
CLASSICAL VARIABLES SAMPLING TECHNIQUES
A. Mean-per-unit estimation
A classical variables sampling technique that projects the sample average to the
population by multiplying the sample average by the number of items in the population
B. Difference estimation
It is a classical variables sampling technique that uses the average difference between
audited amounts and individual recorded amounts to estimate the total audited amount of a
population and an allowance for sampling risk.
C. Ratio estimation
A classical variables sampling technique that uses the ratio of audited amounts to
recorded amount in the sample to estimate the total amount of the population and an
allowance for sampling risk
Conditions for using difference and ration estimation
1. Each population item must have a recorded book value
2. Total population book value must be known
3. Expected differences between audited and recorded book values must not be too rare
Choosing between difference and ratio estimation
Ratio estimation is more appropriate when he differences are nearly proportional to book
values.
Difference estimation is more appropriate when there is little or n relationship between the
absolute amounts of the differences and the book values.
PROBABILITY-PROPROTIONAL-TO-SIZE SAMPLING (PPS)
PPS uses a peso as the sampling unit
PPS sampling gives each individual peso in the population an equal chance of selection
PPS is only useful for TESTS OF OVERSTATEMENTS (e.g., assets) since the sample selection
method dictates that the larger the transaction or amount, the more likely that it will be
selected.
PPS is inappropriate for testing liabilities because understatement is the primary audit
consideration
decrease
increase
negligible effect
increase
decrease
increase
decrease
increase
decrease
negligible effect
6. In planning the portions of the audit which may be affected by the clients CIS environment,
the auditor should obtain an understanding of the significance and complexity of the CIS
activities and the availability of data for use in the audit
7. When the CIS are significant, the auditor should also obtain an understanding of the CIS
environment and whether it may influence the assessment of inherent and control risks
8. The auditor should consider the CIS environment in designing audit procedures to reduce audit
risk to an acceptably low level. The auditor can use either manual audit procedures, computerassisted audit techniques, or a combination of both to obtain sufficient evidential matter
RISK ASSESSMENTS AND INTERNAL CONTROL:
CIS CHARACTERISTICS AND CONSIDERATION
Organizational Structure
Characteristics of a CIS organizational structure includes:
a. Concentration of functions and knowledge
Although most systems employing CIS methods will include certain manual operations,
generally the number of persons involved in the processing of financial information is significantly
reduced.
b. Concentration of programs and data
Transaction and master file data are often concentrated, usually in machine-readable
form, either in one computer installation located centrally or in a number of installations distributed
throughout the entity.
Nature of Processing
The use of computers may result in the design of systems that provide less visible evidence
than those using manual procedures. In addition, these systems may be accessible by a larger
number of persons.
System characteristics that may result from the nature of CIS processing include:
a. Absence of input documents
Data may be entered directly into the computer system without supporting document
In some on-line transaction systems, written evidence of individual data entry
authorization (e.g., approval for order entry) may be replaced by other procedures, such
as authorization controls contained in computer programs (e.g., credit limit approval)
b. Lack of visible audit trail
The transaction trail may be partly in machine-readable form and may exist only for a
limited period of time (e.g., audit logs may be set to overwrite themselves after a period of time or
when the allocated disk space is consumed)
c. Lack of visible output
Certain transactions or results of processing may not be printed or only summary data
may be printed
d. Ease of access to data and computer programs
Data and computer programs may be assessed and altered at the computer or through
the use of computer equipment at remote locations. Therefore, in the absence of appropriate
controls, there is an increased potential for unauthorized access to, and alteration of, data and
programs by persons inside or outside the entity
Design and procedural aspects
The development of CIS will generally result n design and procedural characteristics that are
different from those found in manual systems. These different design and procedural aspects of CIS
include:
a. Consistency of performance
CIS perform functions exactly as programmed and are potentially more reliable than
annual systems, provided that all transactions types and conditions that could occur are anticipated
and incorporated into the system. On the other hand, a computer program that is not correctly
programmed and tested may consistently process transactions or other data erroneously
b. Programmed control procedures
The nature of computer processing allows the design of internal control procedures in
computer programs
c. Single transaction update of multiple or data base computer files
A single input t the accounting system may automatically update all records associated
with the transaction
d. Systems generated transactions
Certain transactions may be initiated by the CIS itself without the need for an input
document
e. Vulnerability of data and program storage media
Large volumes of data and the computer programs used to process such data may be
stored on portable or fixed storage media, such as magnetic disks and tapes. These media are
vulnerable to theft, loss, or intentional or accidental destruction.
INTERNAL CONTROLS IN A CIS ENVIRONMENT
GENERAL CIS CONTROLS to establish a framework of overall control over the CIS activities and to
provide a reasonable level of assurance that the overall objectives of internal control are achieved
General CIS controls may include:
a. Organization and management controls designed to define the strategic direction and
establish an organizational framework over CIS activities, including:
Strategic information technology plan
CIS policies and procedures
Segregation of incompatible functions
Monitoring of CIS activities performed by third party consultants
b. Development and maintenance controls designed to provide reasonable assurance that
systems are developed or acquired, implemented and maintained in an authorized and
efficient manner. They also typically are designed to establish control over:
Project initiation, requirements definition, systems design, testing, data conversion, golive decision, migration to production environment, documentation of new or revised
systems, and user training
Acquisition and implementation of off-the-shelf packages
Request for changes to the existing systems
Acquisition, implementation, and maintenance of system software
c. Delivery and support controls designed to control the delivery of CIS services and include:
Establishment of service level agreements against which CIS services are measured
Performance and capacity management controls
Disaster recovery/contingency planning, training, and file backup
Computer operations controls
Systems security
Physical and environment controls
d. Monitoring controls designed to ensure that CIS controls are working effectively as planned.
These include:
Monitoring of key CIS performance indicators
Internal external CIS audits
CIS APPLICATION CONTROLS to establish specific control procedures over the application
systems in order to provide reasonable assurance that all transactions are authorized, recorded and
are processed completely, accurately and on a timely basis. CIS application controls include:
a. Controls over Input designed to provide reasonable assurance that:
Transactions are properly authorized before being processed by the computer
Transactions are accurately converted into machine readable form and recorded in the
computer data files
Transactions are not lost, added, duplicated or improperly changed
Incorrect transactions are rejected, corrected and, if necessary, resubmitted on a timely
basis.
b. Controls over processing and computer data files designed to provide reasonable assurance
that:
Transactions, including system generated transactions, re properly processed by the
computer
Transactions are not lost, added, duplicated or improperly changed
Processing errors (i.e., rejected data and incorrect transactions) are identified and
corrected on a timely basis
c. Controls over output designed to provide reasonable assurance that:
Results of processing are accurate
Access to output is restricted to authorized personnel on a timely basis
Output is provided to appropriate authorized personnel on a timely basis
Review of general CIS controls
General CIS controls that relate to some or all applications are typically interdependent
controls in that their operation is often essential to the effectiveness of CIS application controls.
Accordingly, it may be more efficient to review the design of the general controls before reviewing
the application controls.
2.
3.
4.
5.
6.
7.
8.
9.
c. VIRTUAL STORAGE the operating system separates user programs into segment
pages automatically. It appears as though there is unlimited memory available for
programs, even though the program is still confined to a physical segment of
memory.
UTILITY PROGRAM performs a commonly required process, such as storing and merging
APPLICATION PROGRAM performs the desired processing tasks (e.g., payroll preparation)
SOURCE PROGRAM written by a programmer in a source language (e.g., COBOL) that will be
converted into an object program
OBJECT PROGRAM converted source program that was changed using a complier to create a
set of machine-readable instructions
COMPILER converts a source program to a machine language object program
INTERPRETER converts each source code instruction to object code each time it is executed
DATABASE MANAGEMENT SYSTEM (DBMS) a software package for the purpose of creating,
accessing, and maintaining a database
TELECOMMUNICATIONS MONITOR PROGRAM provides edit capabilities and file maintenance
to users, monitors on-line terminals, and handles input to application programs
ELECTRONIC DATA INTERCHANGE (EDI) the electronic exchange of transactions, from one
entitys computer to another entitys computer through an electronic communications network. In
electronic fund transfer (EFT) Systems, for example, electronic transactions replace checks as a
mean of payment.
EDI controls include:
a. Authentication controls must exist over the origin, proper submission, and proper delivery
of EDI communications to ensure that the EDI messages are accurately sent and received
to and from authorized customers and suppliers.
b. Encryption involves conversion of plain text data to cipher text data to make EDI
messages unreadable to unauthorized persons
c. VAN controls a value added network (VAN) is a computer service organization that
provides network, storage, and forwarding (mailbox) services for EDI messages
AUDIT APPROACHES
1. Auditing around the computer the auditor ignores or bypasses the computer processing
function of an entitys EDP system
2. Auditing with the computer the computer is used as an audit tool
3. Auditing through the computer the auditor enters the clients system and examines directly
the computer and its system and application software
COMPUTER ASSISTED AUDIT TECHNIQUES FOR TESTS OF CONTROLS
I.
Program analysis techniques that allow the auditor to gain an understanding of the
clients program
1. Code review involves actual analysis of the logic of the programs processing
routines
2. Comparison programs programs that allow the auditor to compare computerized
files
3. Flowcharting software used to produce a flowchart of a programs logic and may be
used both in mainframe and microcomputer environments
4. Program tracing and mapping program tracing is a technique in which instruction
executed is listed along with control information affecting that instruction. Program
mapping identifies sections of code which may be potential source of abuse
5. Snapshot this technique takes a picture of the status of program execution,
intermediate results, or transaction data at specified processing points I the program
processing
II.
Program testing involves the use of auditor-controlled actual or simulated data
1. Historical audit techniques test the audit computer controls at a point in time
a. Test data
A set of dummy transactions specifically designed to test the control
activities that management claims to have incorporated into the
processing programs
Shifts control over processing to the auditor by using the clients software
to process auditor-prepared test data that includes both valid and invalid
conditions
It embedded controls are functioning properly, the clients software should
detect all the exceptions planted in the auditors test data
Ineffective if the client does not use the software tested
b. Base case system evaluation (BCSE)
Develops test data that purports to test every possible condition that an
auditor expects a clients software will confront
III.
Provides an auditor with much more assurance than test data alone, but
expensive to develop and therefore cost-effective only in large computer
systems
c. Integrated test facility (ITF)
A variation of test of data whereby simulated data and actual data are run simultaneously
with the clients program and computer results are compared with auditors predetermined
results
It provides assurance that the software tested is actually used to prepare financial reports
d. Parallel simulation
It involves of processing clients live (actual) data utilizing an auditors generalized audit
software
If an entitys control have been operating efficiently, the clients software should generate
the same exceptions as the auditors software
It should be performed on a surprise basis, I possible
e. Controlled reprocessing
A variation of parallel simulation, it involves processing of actual client data through a copy
of the clients application program
2. Continuous audit techniques test the audit computer controls throughout a period.
a. Audit modules programmed audit routines incorporated into an application
program that are designed to perform an audit function such as a calculation,
or logging activity
b. Systems control audit review files (SCARFs) log that collect transaction
information for subsequent review and analysis by the auditor
c. Audit hooks exists in an entitys computer program that allows an auditor
to insert commands for audit processing
d. Transaction tagging a transaction record is tagged and then traced through
critical control points in the information system
e. Extended records this technique attaches additional audit data which would
not otherwise be saved to regular historic records and thereby helps to
provide a more complete audit trail
Review of operating system and other system software
1. JOB ACCOUNTING DATA/ OPERATING SYSTEM LOGS these logs that track particular
functions, include reports of the resources use by the computer system. The auditor
may be able to use them to review the work processed, to determined whether
unauthorized applications were processed and to determine that authorized
applications were processed properly
2. LIBRARY MANAGEMENT SOFTWARE this logs changes in programs, program modules,
job control language, and other processing activities
3. ACCESS CONTROL AND SECURITY SOFTWARE this restricts access to computers to
authorized personnel through techniques such as only allowing certain users with
read-only access or through use of an encryption
related party transactions by the auditor for each of the parties with appropriate exchange of
relevant information
6. Inspect or confirm and obtain satisfaction concerning the transferability and value of the
collateral
EVENTS AFTER THE BALANCE SHEET DATE (subsequent events)
(Based on PSA 560 subsequent events)
1. Events after the balance sheet date are those events, both favorable and unfavorable, that
occur between the balance sheet date and the date when the financial statements are
authorized for issue
2. The following procedures are typically performed at or near the completion of the fieldwork to
detect subsequent events:
a. Read the latest available interim financial statements and compare them with the
financial statements being reported on
b. Read the available minutes of the meetings of stockholders, directors, and
appropriate committees
c. Assemble pertinent findings resulting from inquiries of legal counsel and other
auditing procedures for litigation, claims, and assessments
d. Obtain a letter of representation from management
3. When the auditor becomes aware of events which materially affect the financial statements,
the auditor should consider whether such events are properly accounted for and adequately
disclosed in the financial statements
INQUIRIES OF CLIENTS LEGAL COUNSEL
1. The auditor is required to communicate directly with a clients attorney about liabilities arising
from litigations, claims, and assessments
2. A list of legal issues should be prepared by the clients management, rather than the clients
attorney. This information is sent by the auditor to the auditor to the attorney, requesting
information about:
a. Pending or threatened litigation, claims, and assessments
b. Unasserted claims and assessments
3. The client should request the attorney to furnish the following information for all pending or
threatened litigation, claims, and assessments, and to comment on differences between the
attorneys and managements views:
a. A description of the nature of the matter, progress to date, and action that client
intends to take
b. An evaluation of the likelihood of an unfavorable outcome and an estimate, if one
can be made, of the amount or range of potential loss
c. A statement that managements list of pending or threatened claims is complete, or
identification of any omissions
4. The attorneys refusal to reply to the audit inquiry is a SCOPE LIMITATION that may affect the
audit report
5. In the case of unasserted claims which the client has not disclosed, the lawyer is not required
to note them in his or her reply to the auditor. However, the lawyer is generally required to
inform the client of the omission and to consider withdrawing if the client fails to inform the
auditor
MANAGEMENT REPRESENTATION LETTER
(BASED ON PSA 560 MANAGEMENT REPRESENTATIONS)
1. The representation letter
a. Confirms the oral representations given by management to the auditor and reduces
the possibility of misunderstanding between the client and the auditor
b. Reminds management of its primary responsibility for the financial statements
c. Addressed to the auditor
d. Dated as of the audit report date
e. Signed by the CEO and the CFO
f. Not a substitute for the application of other necessary auditing procedures
2. If management refuses to provide a representation that the auditor considers necessary, this
constitutes a scope limitation and the auditor should express a qualified opinion or a
disclaimer of opinion
3. Written representations requested from management may be limited to matters that are
considered either individually or collectively material to the financial statements
EXAMPLE OF A MANAGEMENT REPRESENTATION LETTER
(TO AUDITOR)
(ENTITY LETTERHEAD)
(DATE)
The representation letter is provided in connection with your audit of the financial statements of ABC Company
for the year ended December 31, 20X1 for the purpose of expressing an opinion as to whether the financial
statements present fairly, in all material aspects, the financial position of ABC Company as of December 31,
20X1 and of the results of its operations and its cash flows for the year time ended in accordance with (indicate
relevant financial reporting framework).
We acknowledge our responsibility for the fair presentation of the financial statements in accordance with
(indicate relevant financial reporting framework).
We confirm to the best of our knowledge and belief, the following representations:
Include here representations relevant to the entity. Such representations may include:
There have been no irregularities involving management or employees who have a significant role in
the accounting and internal control systems or that could have a material effect on the financial
statements
We have made available to you all the books of account and supporting documentation and all
minutes of meetings and shareholders and BOD (namely those held on (dates) respectively)
We confirm the completeness of the information provided regarding the identification of related
parties
The financial statements are free of material misstatements, including omissions
The company has complied with all aspects of contractual agreements that could have a material
effect on the financial statements in the event of noncompliance. There has been no noncompliance
with requirements of regulatory authorities that could have a material effect on the financial
statements in the event of noncompliance.
We have no plans or intentions that may affect or alter the carrying value or classification of asset and
liabilities reflected in the financial statement
(no plans regarding the inventory abandonment or no inventory were stated in an amount in excess
of net realizable value)
Indicate that there are no events subsequent to period which require adjustments in the statements
Indicate that the claim is settled in a specific amount and there are no other litigations are expected to
be received
Indicate that there are no formal or informal compensating balance arrangements with any of the
cash, except those that are disclosed
Indicate that you have recorded material regarding the capital per se
______________________
(Senior Executive Officer)
______________________
(Senior Financial Officer)
Limitation on scope
ILLUSTRATIVE EXAMPLES OF MODIFIED REPORTS
1. LIMITATION ON SCOPE QUALIFIED OPINION
We have audited (remaining words are the same as in the introductory page)
Management is responsible for (same as illustrated in the managements responsibility
paragraph)
Our responsibility is to express an opinion on these financial statements based on our audit.
Except as discussed in the following paragraph, we conducted our audit in accordance with
(auditors responsibility paragraph)
We did not observe the counting of the physical inventories as of December 31, 20X1, since that
date was prior to the time we were initially engaged as auditors for the company. Owing to the
nature of the companys records, we were unable to satisfy ourselves as to inventory quantities
by other audit procedures.
In our opinion, except for the effects of such adjustments, if any, as might have been determined
to be necessary had we been able to satisfy ourselves as to physical inventory quantities, the
financial statements fairly presents, in all material respects (opinion paragraph)
Our responsibility is to express an opinion on these financial statements based on our audit.
Except as discussed in the following paragraph, we conducted our audit in accordance with
(auditors responsibility paragraph)
On January 31,20X2, the Company issued debentures in the amount of for the purpose of
financing plant expansion. The debenture agreement restricts the payment of future cash
dividends to earnings after December 31,19X1, which restrictions was not disclosed in the
companys financial statements. Disclosure of this is required by the PAS 1, Presentation of
financial statements.
In our opinion, except for the omission of the information included in the preceding paragraph,
the financial statements present fairly, in all material respects (opinion paragraph)
8. After the financial statements have been issued, the auditor has no obligation to make
any inquiry regarding such financial statements.
9. When, after the financial statements have been issued, the auditor becomes aware of
a fact which existed at the date of the auditors report and which, if known at date,
may have caused the auditor to modify the auditors report, the auditor should:
o Consider whether the financial statements need revision
o Discuss the matter with management
o Take the appropriate action in the circumstances
10.
When management revises the financial statements, the auditor would:
o Carry out the audit procedures necessary in the circumstances
o Review the steps taken by management to ensure that anyone in receipt of the
previously issued financial statements together with the auditors report thereon
is informed of the situation.
o Issue a new report on the revised financial statements:
Include an emphasis of a matter paragraph.
Would be dated earlier than the date the revised financial statements are
approved
The auditor is permitted to restrict the audit procedures regarding the
revised financial statements to effects of the subsequent event that
necessitated the revision.
11.
It may not be necessary to revise the financial statements and issue a new
auditors report when issue of the financial statements for the following period is
imminent, provided appropriate disclosures are to be made in such statements
USING THE WORK OF ANOTHER AUDITOR (BASED ON PSA 600)
1. The principal auditor is the auditor with responsibility for reporting on the financial
statements of an entity when those financial statements include financial information
of one or more components audited by another auditor
2. The auditor should consider whether the auditors own participation is sufficient to be
able to act as principal auditor. The following would be considered:
o The materiality of the portion of the financial statements which the principal
auditor audits
o The principal auditors degree of knowledge regarding the business of the
components
o The risk of material misstatements in the financial statements of the
components audited by the other auditor
o The performance of additional procedures as set out in PSA 600 regarding the
components audited by other auditor resulting in the principal auditor having
significant participation in such audit
3. When planning to use the work of another auditor, the principal auditor should:
o Consider the professional competence of the other auditor in the context of
specific assignment
o Perform procedures to obtain sufficient appropriate audit evidence that the work
of the other auditor is adequate for the principal auditors purposes in the
context of the specific assignment
o Consider the significant findings of the other auditor
4. Reporting conclusions
o When the principal auditor concludes that the work of the other cannot be used
and the principal auditor has not been able to perform sufficient additional
procedures regarding financial information of the component audited by the
other auditor, the principal auditor should express a qualified or a disclaimer of
opinion because of a scope of limitation.
o If the auditor issues or intend to issue, a modified auditors report, the principal
auditor would consider whether the subject of modification is of such a nature
and significance, in relation to the financial statements of the entity on which the
principal auditor is reporting that a modification on the principal auditors report
is required.
5. Division of responsibility
o When the principal auditor bases the audit opinion on the financial statements
taken as a whole solely upon the report of another auditor regarding the audit of
one or more components, the principal auditors report should state this fact
clearly and should indicate the magnitude of the portion of the financial
statements audited by the other auditor.
COMPARATIVES (BASED ON PSA 710)
1. Two broad financial reporting frameworks for comparatives:
CORRESPONDING FIGURES
o For the prior periods, these are an integral part of the current period financial
statements and have to be read in conjunction with the amounts and other
disclosures relating to the current period.
o These are not presented as complete financial statements capable of standing
alone
o The auditor should obtain sufficient appropriate audit evidence that the
corresponding figures meet the requirements of GAAP in the Philippine
o The auditor should assess whether:
Accounting policies used for the corresponding figures are consistent with
those of the current period or whether appropriate adjustments and/or
disclosures have been made
Corresponding figures agree with the amounts and other disclosures
presented in prior period or whether appropriate adjustments and/or
disclosures have been made
COMPARATIVE FINANCIAL STATEMENTS
These comparative financial statements for the prior period(s) are considered separate
financial statements.
These are presented for comparison with the financial statements of the current
period, but do not form part of the current period financial statements
The auditor should obtain sufficient appropriate evidence that the comparative
financial statements meet the requirements of GAAP in the Philippines
The auditor should assess whether:
o Accounting policies of the prior period are consistent with those of the current
period or whether appropriate adjustments and/or disclosures have been made
o Prior period figures presented agree with the amounts and other disclosures
presented in the prior period or whether appropriate judgments and disclosures
have been made
REPORTING CORRESPONDING FIGURES
1. The comparatives are not specifically identified in the audit report because the
auditors opinion is on the current period financial statements as a whole, including the
corresponding figures
2. When the auditors report on the prior period, as previously issued, included an opinion
other than unqualified and the matter which gave rise to the modification is:
a. Unresolved, and results in modification of the auditors report regarding the
current figures period, the auditors report should also be modified regarding the
corresponding figures
b. Unresolved, but does not result in a modification of the auditors report
regarding the current period figures, the auditors report should also be modified
regarding the corresponding figures
c. Resolved, and properly dealt with in the financial statements, the current period
report does not ordinarily refer to the previous modification. However, if the
matter is material to the current period, the auditor may include an emphasis of
the matter paragraph dealing with the situation
3. When the incoming auditor decides to refer to the predecessor auditors report, the
incoming auditors report should indicate:
a. That the financial statements of the prior period were audited by another auditor
b. Type of report issued by the predecessor auditor and, if the report was modified,
the reasons therefore;
5. If the auditor becomes aware that there is a misstatement of fact, the auditor should
discuss the matter with the entitys management
6. When the auditor still considers there is an apparent misstatement of fact in the other
information which management refuses to correct, the auditor should consider taking
appropriate action such as notifying those persons ultimately responsible for the
overall direction of the entity in writing of the auditors concern regarding the other
information and obtaining legal advice
THE AUDITORS REPORT ON SPECIAL PURPOSE AUDOT ENGAGEMENTS
(BASED ON PSA 800)
1. Special purpose audit engagements include:
a. Financial statements prepared in accordance with a comprehensive basis of
accounting other than GAAP in the Philippines
b. Specified accounts, elements of accounts, or terms in a financial statement
c. Compliance with contractual agreements
d. Summarized financial statements
2. The auditor should assess and review the conclusions drawn from the audit evidenced
obtained during the special purpose audit engagement as the basis for an expression
of opinion. The report should contain a clear written expression of opinion
3. Before undertaking a special purpose audit engagement, the auditor should ensure
there is agreement with the client as to the exact nature of the engagement and the
form and content of the report to be issued
4. The auditors report on a special purpose audit engagement, except for a report on
summarized financial statements, should include the following basic elements,
ordinarily in the following layout:
Title
Addressee
Opening or introductory paragraph
o Identification of the financial information audited
o A statement of the responsibility of the entitys management and the
responsibility of the auditor
A scope paragraph
o Reference to the PSAs applicable to special purpose audit engagements
o Description of the work the auditor performed
Opinion paragraph containing an expression of opinion on the financial
information
Date of the report
Auditors address
Auditors signature
Reports on an other comprehensive basis of accounting financial statements
1. The report should include a statement that indicates the basis of accounting used or
should refer to the note to the financial statements giving that information
2. The opinion should state whether the financial statements are prepared, in all material
aspects, in accordance with the identified basis of accounting
3. If the financial statements are not suitably titled or the basis of accounting is not
adequately disclosed, the auditor should issue an appropriately modified report
Reports on a component financial statement
1. This type of engagement may be undertaken as a separate engagement or in
conjunction with an audit of the entitys financial statements
2. The auditors report on a component of financial statements should include a
statement that indicates the basis accounting in accordance with which the
component is presented or refers to an agreement that specifies the basis. The opinion
should state whether the component is prepared, in all material aspects, in accordance
with the identified basis of accounting.
3. When an adverse opinion or disclaimer of opinion on the entire financial statements
has been expressed, the auditor should report components of the financial statements
only if those components are not so extensive as to constitute a major portion of the
AUDITING THEORY
CPA REVIEW
4. In planning a review of financial statements, the auditor should obtain or update the
knowledge of the business including consideration of the entitys organization,
accounting systems, operating characteristics and the nature of its assets, liabilities,
revenues, and expenses.
5. Procedures for the review of financial statements will ordinarily include:
Obtaining an understanding of the entitys business and the industry in which I
operates.
Inquiries concerning the entitys
6. If the auditor has reason to believe that the information subject to review may be
materially misstated, the auditor should carry out additional or more extensive
procedures as are necessary to be able to express negative assurance or to confirm that
a modified report is required.
EXAMPLE OF AN UNQUALIFIED REVIEW REPORT
We have reviewed the accompanying balance sheet of AAA Company at December 31, 19XX, and the related statements of income,
changes in equity and cash flows for the year then ended. These financial statements are the responsibility of the Companys management.
Our responsibility is to issue a report on these financial statements based on our review.
We conducted our review in accordance with the Philippines Standards on Review Engagements 2400. This Standard requires that we plan
and perform the review to obtain moderate assurance as to whether the financial statements are free of material misstatement. A review is
limited primarily to inquiries of company personnel and analytical procedures applied to financial data and thus provide less assurance than
an audit. We have not performed an audit an accordingly, we do not express an audit opinion.
Based on our review, nothing has come to our attention that causes us to believe that the accompanying financial statements are not
presented fairly, in all material respects in accordance with Philippine Financial Reporting Standards.
Individual items of financial data (for example, accounts payable, accounts receivable, purchases from
related parties and sales and profits of a segment of an entity).
A financial statement (for example, a balance sheet).
A complete set of financial statements.
2. The objective of an agreed-upon procedures engagement is for the auditor to carry out
procedures of an audit nature to which the auditor and the entity and any appropriate
third parties have agreed and to report on factual findings.
3. As the auditor simply provides a report of the factual findings of agreed-upon
procedures, no assurance is expressed. Users of the report assess for themselves the
procedures and findings reported by the auditor and draw their own conclusions from the
auditors work.
4. The report is restricted to those parties that have agreed to procedures to be
performed since others, unaware of the reasons for the procedures, may misinterpret the
results.
5. Independence is not a requirement for an agreed-upon procedures engagement.
REPORTING
6. The report on an agreed-upon procedures engagement needs to describe the purpose
and the agreed-upon procedures of the engagement in sufficient detail to enable the
reader to understand the nature and the extent of the work performed.
7. The report of factual findings should contain:
Title;
Addressee (ordinarily the client who engaged the auditor to perform the agreed-upon procedures);
Identification of specific financial or non-financial information to which the agreed-upon procedures
have been applied;
A statement that the procedures performed was those agreed upon with the recipient;
A statement that the engagement was performed in accordance with the Philippine Standard on
Related Services applicable to agreed upon procedures engagements;
A statement that the auditor is not independent of the entity if such is the case;
Identification of the purpose for which the agreed-upon procedures were performed;
A listing of the specific procedures performed;
A description of the auditors factual findings including sufficient details of errors and exceptions found;
A statement that the procedures performed does not constitute either an audit or a review and, as
such, no assurance is expressed;
A statement that had the auditor performed additional procedures, an audit or a review, other matters
might have come to light that would have been reported;
A statement that the report is restricted to those parties that have agreed to the procedures to be
performed;
A statement (when applicable) that report relates only to the elements, accounts, items, or financial
and non-financial information specified and that it does not extend to the entitys financial statements
taken as a whole;
Date of the report;
Auditors address; and
Auditors signature.
The procedures employed are not designed and do not enable the accountant to express
any assurance on the financial information.
5. The accountant should obtain a general knowledge of the business and operations of the
entity and should be familiar with the accounting principles and practices of the industry
in which the entity operates and with the form and content of the financial information
that is appropriate in the circumstances.
6. The accountant is not ordinarily required to:
Make any inquiries of management to assess the reliability and completeness of the
information provided;
Assess internal controls;
Verify any matters;
Verify any explanations.
If the accountant becomes aware that information supplied by management is incorrect,
incomplete, or otherwise unsatisfactory, the accountant should consider performing the
above procedures and request management to provide additional information.
If management refuses to provide additional information, the accountant should
withdraw from the engagement, informing the entity of the reasons for the withdrawal.
7. The accountant should read the compiled information and consider whether it appears
to be appropriate in form and free from obvious material misstatements.
8. The accountant should obtain an acknowledgement from management of its
responsibility for the appropriate presentation of the financial information and of its
approval of the financial information.
9. The financial information compiled by the accountant should contain a reference such
as Unaudited, Compiled without Audit or Review, or Refer to the Compilation report
on each page of the financial information or on the front of the complete set of financial
statements.
Example of a report on an engagement to compile financial statements
On the basis of information provided by the management we have compiled, in accordance with the Philippine Standard on Related
Services applicable to compilation engagements, the balance sheet of XXX Company as of December 31, 19XX and statements of income,
changes in equity and cash flows for the year then ended. Management is responsible for these financial statements. We have not audited or
reviewed these financial statements and accordingly express no assurance thereon.
Hypothetical assumptions about future events and management actions which are not
necessarily expected to take place, such as when some entities are in a start-up phase or are
considering a major change in the nature of operations; or
A mixture of best-estimate and hypothetical assumptions.
7. The auditor should not express any opinion as to whether the results shown in the
prospective financial information will be achieved.
8. When reporting on the reasonableness of managements assumptions, the auditor
provides only a moderate level of assurance.
9. The auditor should not accept, or should withdraw from, an engagement when the
assumptions are clearly unrealistic or when the auditor believes that the prospective
financial information will be inappropriate for its intended use.
10. The auditor should obtain written representations from management regarding the
intended use of the prospective financial information, the completeness of significant
management assumptions and managements acceptance of its responsibility for the
prospective financial information.
Example of an unmodified report on a forecast
We have examined the forecast (include name of the entity, the period covered by the forecast and provide suitable identification, such as by
reference to page numbers or by identifying the individual statements) in accordance with Philippine Standard on Assurance Engagements
applicable to the examination of prospective financial information. Management is responsible for the forecast including the assumptions
set out in Note X on which it is based.
Based on our examination of the evidence supporting the assumptions the assumptions, nothing has come to our attention which causes us
to believe that these assumptions do not provide a reasonable basis for the forecast. Further, in our opinion the forecast is properly prepared
on the basis of the assumptions and is presented in accordance with Philippine Financial Reporting Standards.
Actual results are likely to be different from the forecast since anticipated events frequently do not occur as expected and the variation may
be material.
Even if the events anticipated under the hypothetical assumptions described above occur, actual results are still likely to be different from
the projection since other anticipated events frequently do not occur as expected and the variation may be material.
When the auditor believes that the presentation and disclosure of the prospective information is
not adequate, the auditor should express a qualified or adverse opinion or withdraw from the
engagement as appropriate.
When the auditor believes that one or more significant assumptions do not provide a reasonable
basis for the prospective financial information, the auditor should either express an adverse
opinion or withdraw from the engagement as appropriate.
When the examination is affected by conditions that preclude application of one or more
procedures considered necessary in the circumstances, the auditor should either withdraw from
the engagement or disclaim the opinion describe the scope limitation in the report on the
prospective financial information.
6.
4. TAX PRACTICE
a. The professional accountant should ensure that the client or the employer are aware of
the limitations attaching to tax advice and services so that they do not misinterpret an
expression of opinion as an assertion of fact.
b. A professional accountant should not be associated with any return or communication
in which there is reason to believe that it:
1. Contains a false or misleading statement;
2. Contains statements or information furnished recklessly or without any real
knowledge of whether they are true or false; or
3. Omits or obscure information required to be submitted and such omission or
obscurity would mislead the revenue authorities.
c. When a professional accountant learns of a material error or omission in a tax return of
a prior year, or the failure to file a required tax return, he/she has a responsibility to:
1. Promptly advise the client or employer of the error or omission and recommend
that disclosure be made to the revenue authorities.
2. If the client or employer does not correct the error, he/she:
a. Should inform the client or the employer that it is possible to act for them in
connection with that return or other related information submitted to the
authorities; and
b. Should consider whether continued association with the client or employer in
any capacity is consistent with professional responsibilities.
5. CROSS BORDER ACTIVITIES
When a professional accountant performs services in a country other than the home
country and differences on specific matters exist between ethical requirements of the two
countries, the following provisions should be applied:
1. When the ethical requirements of the country in which the services are being
performed are LESS STRICT than the Philippine Code of Ethics, then our code should be
applied.
2. When the ethical requirements of the country in which the services are being
performed are STRICTER than our code, then the ethical requirements in the country
where services are being performed should be applied.
3. When the ethical requirements of the Philippines are mandatory for services performed
outside the Philippines and are stricter than that set out in (1) and (2) above, then the
ethical requirements of the Philippines should be applied.
PUBLICITY
In the marketing and promotion of themselves and their work, professional accountants
should:
a. Not use means which brings the profession into disrepute.
b. Not make exaggerated claims for the services they are able to offer, the qualifications
they possess, or experience they have gained; and
c. Not denigrate the work of other accountants.
RULES APPLICABLE TO PROFESSIONAL ACCOUNTANTS IN PUBLIC PRACTICE
INDEPENDENCE
a. Independence requires:
1. Independence of mind The state of mind that permits the provision of an opinion
without being affected by influences that compromise professional judgment,
allowing an individual to act with integrity, and exercise objectivity and professional
skepticism.
2. Independence in appearance The avoidance of facts and circumstances that are
so significant that a reasonable and informed third party, having knowledge of all
relevant information, including safeguards applied, would reasonably conclude a
firms, or a member of the assurance teams integrity, objectivity or professional
skepticism had been compromised.
b. Members of assurance teams, firms, and network firms should identify THREATS to
independence, evaluate the significance of those threats, and, if the threats are other
than clearly insignificant, identify and apply SAFEGUARDS to eliminate the threats or
reduce them to acceptable level, such that independence of mind and independence
in appearance are not compromised. In situations when no safeguards are available to
reduce the threat to an acceptable level. The only possible actions are to:
1. Eliminate the activities or interest creating the threat; or
2. Refuse to accept or continue the assurance engagement.
INDEPENDENCE REQUIREMENTS IN ASSURANCE ENGAGEMENTS
a. For assurance engagements provided to an audit client, the member of the assurance team,
the firm and network firms are required to be independent of the client
b. For assurance engagements provided to clients that are not audit clients, when the report is
not expressly restricted for use by identified users, the members of the assurance team and
firm are required to be independent of the client
c. For assurance engagements provided to clients that are not audit clients, when the assurance
report is expressly restricted for use by identified users, the members of the assurance team
are required to be independent of the client. N addition, the firm should not have a material
direct or indirect financial interest in the client
Network firm an entity under common control, ownership or management with the firm or any
entity that a reasonable and informed third party having knowledge of all relevant information would
reasonably conclude as being part of the firm nationally or internationally
Financial interest an interest in equity or other security, debenture, loan or other debt instrument
of an entity including rights and obligations to acquire such an interest and derivatives directly
related to such interest
Direct financial interest a financial interest:
1. Owned directly by and under the control of an individual or entity; or
2. Beneficially owned through a collective investment vehicle, estate, trust or other
intermediary over which the individual or entity has control
Indirect financial interest a financial interest beneficially owned through a collective investment
vehicle, estate, trust or other intermediary over which the individual or entity has no control
THREATS TO INDEPENDENCE
1. SELF-INTEREST THREAT
Occurs when a firm or a member of the assurance team could benefit from a financial interest
in, or other self-interest conflict with, an assurance client. Examples:
a. A direct financial interest or material indirect financial interest in an assurance client
b. A loan or guarantee to or from an assurance client or any of its directors or officers
c. Undue dependence on total fees from an assurance client
d. Concern about the possibility of losing the engagement
e. Having a close business relationship with an assurance client
f. Potential employment with an assurance client
g. Contingent fees relating to assurance engagements
2. SELF-REVIEWTHREAT
Occurs when:
a. Any product or judgment of a previous assurance engagement or non-assurance
engagement needs to be reevaluated in reaching conclusions on the assurance
engagement or;
b. When a member of the assurance team was previously a director or officer of the
assurance client, or was an employee in a position to exert direct and significant influence
over the subject matter of the assurance engagement
3. ADVOCACY THREAT
Occurs when a firm, or a member of the assurance team, promotes, or may be perceived to
promote, an assurance clients position or opinion to the point that objectivity may, or may be
perceived to be compromised
4. FAMILIARITY THREAT
Occurs when, by virtue of a close relationship with an assurance client, its directors, officers or
employees, a firm or a member of the assurance team becomes too sympathetic to the
clients interests.
5. INTIMIDATION THREAT
Occurs when a member of the assurance team may be deterred from acting objectively and
exercising professional skepticism by threats, actual or perceived, from the directors, officers
or employees of an assurance client
SAFEGUARDS
1. When the threats are identified, other than those that are clearly insignificant, appropriate
safeguards should be identified and applied to eliminate the threats or reduce them to an
acceptable level. This decision should be documented
2. When the safeguards are available are insufficient to eliminate the threats to independence or
to reduce them to an acceptable level, or when a firm chooses not to eliminate the activities or
interest creating the threat, the only course of action available will be the refusal to perform,
or withdrawal from, the assurance engagement
CATEGORIES OF
1. Safeguards
2. Safeguards
3. Safeguards
SAFEGUARDS
created by the profession, legislation or regulation
within the assurance client
within the firms own systems and procedures