Auditing – A Risk-Based Approach Part 1- Theory (2019 Issue – 1ST Edition)

Reviewer (Concepts and Theories)

By: Danilo Apiag Jr. – BSA 3
Part I – The Practitioner’s Engagements

Chapter 1 – The Practitioner’s Engagements

This chapter presents the fundamental concepts of assurance and non-assurance engagements.
LEARNING OBJECTIVES
1. Name the typical engagements that practitioners may render to various clients.
2. Discuss the nature and objective of an assurance engagement.
3. Cite some of the reasons for the demand for assurance engagements.
4. Discuss the different types of assurance engagements both according to assurance level,
including limitations thereon, and engagement structure.
5. Enumerate and explain the five elements of an assurance engagement.
6. Give examples of non-assurance engagements and discuss why they are considered as non-
assurance engagements.

Assurance and Non-assurance engagements (Learning Objective 1)

In practice, accountants (practitioners) offer many services to their clients mainly dealing with:
a. Financial
b. Control
c. Tax matters

These services include audit and review of financial statements (F/S), tax compliance and
consulting, advisory services, etc. These services are broadly classified as assurance and non-
assurance engagements.
Engagements
1. Assurance Engagements
a. Attestation (Assertion based)
• Audit (Reasonable assurance)
• Review (Limited assurance)
• Others
b. Direct Reporting
• Various
2. Non-Assurance Engagements (TCAAO)
a. Tax d. Agreed-upon procedures
b. Compilation e. Others
c. Advisory/ Consulting
Assurance Engagements (Learning Objective 2)
Assurance engagement is an independent, professional service that aims to improve the
quality (i.e., relevance and reliability) of information so that users of such information can
make informed decisions.
 In assurance engagement, a practitioner expresses a conclusion (in a written report)
designed to enhance the degree of confidence of the intended user other than the responsible
party of the outcome of the evaluation or measurement of a subject matter against criteria.
Nature of Assurance Engagement

• Audit of F/S is an example of assurance engagement. In this engagement, a

practitioner issues a report containing an opinion about whether the F/S are in accordance
with the GAAP or AFRF (applicable financial reporting framework) that enhances users’
confidence on F/S.
• Tax compliance and advisory services are non-assurance engagement because they do
not enhance client’s confidence on the subject matter.
Demand for Assurance Engagements (Learning Objective 3)
The demand for assurance engagement services arises from various reasons, including:
(PRCER)
1. Potential bias of information from information provider
2. Remoteness of information user from information provider
3. Complexity of subject matter information
4. Expertise and independence of practitioners
5. Risk management

Types of Assurance Engagements (Learning Objective 4)

Assurance engagements can be classified either as to (1) assurance level (2) structure.
Assurance Level
Engagement risk is the risk the practitioner expresses an inappropriate conclusion when the
subject matter information is materially misstated.
Assurance level
• Absolute
 • Reasonable – high but less than absolute assurance; a positive form of conclusion •
Limited (moderate) – a negative form of conclusion
• None
In accordance with the Philippine Framework for Assurance Engagements, the level of
assurance provided by the practitioner are: Reasonable assurance engagement and Limited
assurance engagement.
Limitations of Assurance Engagements
Practitioners cannot usually provide absolute assurance because reducing assurance
engagement risk to zero is unattainable or cost beneficial due to: (PICUU)
1. Persuasive evidence rather than conclusive
2. Inherent limitations of internal control
3. Characteristics of subject matter
4. Use of selective testing
5. Use of judgement
Engagement Structure
Assurance engagements classified as to structure is either:
• Attestation (assertion-based) – available to the users; responsible party
• Direct reporting – not available to users; practitioner
Elements of an Assurance Engagement
An engagement must have the following elements to be an assurance engagement:
1. A three party relationship: a practitioner, responsible party, and intended users;
2. An appropriate subject matter: Financial, Nonfinancial, System/Process, Aspects of
Behavior
• Is identifiable, and capable of evaluation or measurement against the criteria;
• Can be subjected to procedures for gathering evidence
3. Suitable criteria
A criteria must have the following characteristics in order to be suitable:
1. Relevance 4. Neutrality
2. Completeness 5. Understandability
3. Reliability
4. Sufficient appropriate evidence – information obtained by the practitioner in arriving
at the conclusions on which the opinion is based.
5. Written Assurance report – at the end of the engagement, the practitioner provides a
written report containing a conclusion that conveys the assurance obtained about the
subject matter information.
Non-assurance engagements (Learning Objective 6)
a. Agreed-upon procedures engagement
b. Compilation engagements
c. Preparation of tax returns
d. Consulting or advisory engagements
e. Engagement to testify
f. Engagement that includes professional opinion not intended to be an assurance
report.

Chapter 2 – Auditing: An Overview

 This chapter presents the types of auditing in general, but with particular emphasis on
external audit of F/5 in accordance with the Philippine Standards on Auditing (PSAs).
LEARNING OBJECTIVES
After studying this chapter, you should be able to:
1. Define auditing in general and describe its important facets.
2. List and differentiate the types of auditing.
3. Discuss the auditor's overall objectives in an audit of F/S.
4. Articulate the risk-based audit process using the audit roadmap.

Definition of Auditing (Learning Objective 1)

"An audit is a systematic process of objectively obtaining and evaluating evidence regarding
assertions about economic actions and events to ascertain the degree of correspondence
between these assertions and established criteria, and communicating the results to
interested users."
Auditing, therefore, encompasses both an investigative process and a reporting process, as
illustrated in the exhibit below.

1. An audit is a systematic process. To be effective and efficient, an audit must be

conducted in a structured, systematic process. Otherwise, the auditor may be unable to
address important areas that could result in an inappropriate opinion.
2. An audit is conducted objectively. An audit is an independent, objective, and expert
examination of evidence regarding assertions (the subject matter). Auditors should not
allow bias to override their objectivity and judgment. Audit opinions perceived to be
biased bear no value to users.
3. The auditor obtains and evaluates evidence. All auditor's works involve gathering
evidence as a basis for the opinion expressed. Without such basis, the auditor is precluded
from expressing an opinion.
4. The audit evidence concerns assertions about economic actions and events. Broadly
defined, the subject matter of audit refers to assertions by the responsible party (e.g., F/S
prepared by management) that is capable of being examined by the auditor.
5. The auditor ascertains the degree of correspondence between assertions and
established criteria. The auditor obtains evidence that either supports or disputes the
assertions.
6. The ultimate goal of audit is to communicate it’s the results to interested users. An
audit is conducted with an aim of expressing an opinion in a written report. For instance,
 in F/S audit, the report states "give a true and fair view" or "present fairly, in all material
respects" the financial position, performance, and cash flows of an entity.
Types of Audits (Learning Objective 2)
A. Types of audit as to nature of assertions (subject matter):
 Financial Statement (F/S) Audit –the main objective of an auditor here is to
express an opinion regarding the fairness of presentation of the financial
statements. (EA, GA, IA)
 Operational Audit – to express an opinion regarding the operating
effectiveness and efficiency. (GA, IA, EA due to outsourcing)
 Compliance Audit – the objective of the auditor would be to ascertain the
degree of compliance of a particular entity or of the audit client to certain laws
regulation set by some higher authority. (GA, IA, EA)

F/S audits and compliance audits are similar as they both involve determining whether
the subject matters conform to certain criteria. Operational audits tend to be more
subjective than the other audits because the criteria for effectiveness and efficiency vary
from entity to entity
B. Types of Audit as to auditor:
 External Auditor (EA)
 Internal Auditor (IA)
 Government Auditor (GA)

Financial Statements (F/S) Audit

This is conducted to determine whether F/S present fairly the financial position,
performance, and cash flows of an entity in accordance with the AFRF (the criteria). The
AFRF may be the full PFRS, PERS for SMEs, Other Acceptable Basis of Accounting, or the
US. GAAP The auditor's opinion, however, neither assures entity's future viability nor
management's efficiency or effectiveness.
F/S Assertions, Audit Objectiveness and Audit Programs:
Assertions are representations by management, explicit or otherwise, that are embodied in the
I/S. The three categories of assertions are: (CAP)

1. Classes of transactions and events (refer primarily to income statement accounts):

(OCACC)
 Occurrence-transactions and events that have been recorded have occurred and
pertain to the entity
 Completeness all transactions and events that should have been recorded have
been recorded.
 Accuracy - amounts and other data relating to recorded transactions and events
have been recorded appropriately.
 Cutoff - transactions and events have been recorded in the correct accounting
period.
 Classification - transactions and events have been recorded in the proper events
have been recorded appropriately.
  Cutoff - transactions and events have been recorded in the correct accounting
period.
 Classification - transactions and events have been recorded in the proper
accounts.
2. Balances (refer to balance sheet accounts): (ERVC)
 Existence-assets, liabilities, and equity interests exist.
 Rights and obligations-the entity holds or controls the rights to assets, and
liabilities are the obligations of the entity.
 Completeness- all assets, liabilities and equity interests that should have been
recorded have been recorded.
 Valuation and allocation- assets, liabilities, and equity interests are included in
the F/S at appropriate amounts and any resulting valuation or allocation
adjustments are appropriately recorded.
3. Presentation and disclosure (refer to entire F/S): (OCCA)
 Occurrence and rights and obligations - disclosed events, transactions and other
matters have occurred and pertain to the entity.
 Completeness-all disclosures that should have been included in the F/S have been
included."
 Classification and understandability - financial information appropriately
presented and described, and disclosures are clearly expressed.
 Accuracy and valuation-financial and other information are disclosed fairly and
at appropriate amounts

Operational Audit – This is a study of an entity ‘s specific unit for purpose of measuring
whether that unit conducted its operations efficiently or effectively. Operational audit maybe
divided into two:
 Economy and Efficiency (management audit) – The appraisal of management
performance from the most efficient point of view.
 Effectiveness (program results) audit – The valuation of programs and activities to
determine the extent of achievement of previously set goals and objectives.
Compliance Audit - This is an evaluation to determine whether an entity is following
specific police rules, or regulations set out by some higher authority. In other words, this
audit measures the entity's compliance with certain established criteria.
For example, a production department and its personnel may be evaluated to determine if they
comply with management policies and procedures. Thereafter, results and recommendations
are reported to the management for appropriate criteria.
Audits according to Auditors
Audits as to auditor are (a) external (independent) audits, (b) Internal audits, and (e)
governmental audits.

1. External (Independent) Audits

These are audits performed by professional accountants in public practice who are
independent of the entities whose assertions are the audit subject matter. External auditors
mainly perform F/5 audits of various entities. Although, they may also be contracted to do
operational and compliance audits, subject to ethical requirements

2. Internal Audits
Many large entities employ internal auditors that perform internal audits. Internal
auditing means "an independent, objective assurance and consulting activity designed to add
value and improve an organization's operations." To achieve this objective, internal auditors
must be independent of the department they auditing and directly report to those charged with
governance (TCWG or the audit committee or board of directors).

3. Governmental Audits
Government auditing involves the determination whether government funds are being
handled properly in compliance with the applicable laws and regulations, government
programs are conducted effectively and efficiently, and F/S are fairly presented. Governmental
auditors (e.g., COA auditors, BSP examiners, and BIR examiners) practically perform F/S
audit, operational audit, and compliance audit.

The Auditor's Overall Objectives Obtaining Reasonable Assurance, Reducing Audit Risk
(Learning Objective 3)

Auditor’s overall objectives:

Procedures – Evidence – Reasonable Assurance – Opinion – Report
Audit Risk and Reasonable Assurance
Audit risk is the risk (or likelihood) that the auditor gives an inappropriate audit
opinion when the F/S are materially misstated (beta risk). Audit risk does not include the
risk that the auditor might express an option that the F/S are materially misstated when they are
not (alpha risk) Alpha risk is ordinarily insignificant. Further, audit risk does not refer to the
auditor's business risks such as loss from litigation, adverse publicity, or other events arising in
connection with F/S audit
In other words, audit risk occurs when the F/S are already materially misstated even
before the audit, and the auditor fails to detect them leading to expression of an inappropriate
opinion.

Audit risk and Reasonable Assurance

f (RMM (Risk of Material misstatements) x (Detection Risk) = Audit Risk – Reasonable
Assurance
Audit risk is a function of the risks of material misstatement and detection risk [AR =
f(ROMM x DR)]. The ROMM refers to the likelihood that the F/S are materiality misstated
prior to the audit; while, DR is the risk that the auditor's procedures will not detect a material
misstatement that exists. ROMM relate to the entity, its environment, and its internal
control; while, DR is the function of the effectiveness of auditor's procedures.
The auditor views DR and ROMM as inversely related. The higher the assessed level of
ROMM, the lower the DR the auditor sets, vice versa. Note that detection risk cannot be set at
zero given that there is always XOMM.
Risk-Based Audit Process (Learning Objective 4)
Phase 1 – Risk Assessment Phase 3 – Conclusion and Reporting
Phase 2 – Risk Response

Professional Judgement:
The auditor's ability to exercise professional judgment is as the hallmark (trademark) of
auditing (i.e., accountants are engaged to audit of F/S because of their ability to exercise
professional judgment). Professional judgment is the application of relevant training,
knowledge, and experience that enables the proper interpretation of:

 Relevant ethical requirements

 PSAS
 Informed decisions

Professional judgment is necessary regarding decisions about:

 Materiality and audit risk

 Nature, timing, and extent of audit procedures
 Evaluating whether sufficient appropriate audit evidence has been obtained
 Evaluating management's judgments in applying the AFRF
 Drawing of conclusions, e.g., assessing reasonableness of management's estimate
Professional Skepticism
It is believed that professional skepticism is the auditor's best method to detect fraud.
Why is it so considering that fraud is often too difficult to detect? Because professional
skepticism is an attitude that includes (1) a questioning mind, (2) being alert to-conditions
which may indicate possible misstatement due to error or fraud, and (3) a critical
assessment of audit evidence.
Audit Evidence and Documentation
All throughout the audit process, the auditor gathers and accumulates audit evidence and
documentation that support the opinion.
Audit Quality
Quality audit means that the audit is performed in accordance with relevant ethical,
professional, legal, and regulatory requirements.
Relevant ethical requirements include the following fundamental principles of: (PICPO)
a. Integrity d. Confidentiality
b. Objectivity e. Professional behavior
c. Professional competence and due care
In addition, the Code of Ethics also requires professional accountants to be independent,
both of mind and in appearance, when performing audits.

Audit in Accordance with PSAS

The auditor shall comply with all PSAs relevant to the audit. The auditor shall not
represent compliance with PSAs in the auditor's report unless the auditor has complied with the
requirements of PSA and all other PSAs relevant to the audit.
 If an objective in a relevant PSA cannot be achieved, the auditor shall evaluate whether
this prevents the auditor from achieving the overall objectives of the auditor and thereby
requires the auditor, in accordance with the PSAs, to modify the auditor's opinion or withdraw
from the engagement. Failure to achieve an objective represents a significant matter requiring
documentation.
Chapter 3 – Audit Evidence and Documentation: Framework
This chapter presents the general framework that guides the auditor in gathering and
documenting audit evidence throughout the audit process.

Learning Objectives
1. Explain the nature and types of audit evidence.
2. Enumerate and describe audit procedures to obtain audit evidence.
3. Explain the framework of gathering sufficient appropriate audit evidence.
4. Define audit documentation and discuss its purpose(s).
5. Describe the types of audit documentation.
6. Explain the audit documentation that is satisfactory to independent, experienced auditor,
7. Discuss the audit file organization in assembling audit documentation.
8. Discuss the requirements in assembling and retaining, as well as the rules on ownership and
confidentiality of, the audit documentation.

Audit Evidence (Learning Objective 1)

Audit evidence is all information (oral or documentary, electronic or manual) used by the
auditor on which the audit opinion is based. The two types of audit evidence are:
a. Underlying accounting records-The journals and supporting records, such as checks and
electronic fund transfer records; invoices; contracts; the general and subsidiary ledgers, journal
entries and other adjustments to the F/S that are not reflected in journal entries; and records
such as work sheets and spreadsheets supporting cost allocations, computations, reconciliations
and disclosures.
b. Other information-All other evidence such as minutes of meetings, confirmation from third
parties and information obtained from such audit procedures as inquiry, observation, and
inspection.

The auditor must obtain both types of evidence that are consistent and not doubtful as to
reliability. Accounting records alone cannot constitute sufficient evidence.
Internal Documents
 Minutes of meetings
 Warranty provision schedules
 Depreciation/amortization schedules
 Employee records
 and invoices Management reports
 Employee time cards
 Sales agreements Lease contracts
  Royalty contracts
 Variance reports
 Purchase orders
 Canceled checks
 Disbursement vouchers
 Shipping and receiving reports Inventory scrap reports and transfer
External Documents
 Confirmation replies from
 Customers, investment trustees, legal counsel, and banks
 Loan agreements
 Vendor invoices and monthly statements
 Customer orders
 Sales or purchase contracts
Audit procedures - The Means to Obtain Audit Evidence (Learning Objective 2)
The gathering and evaluation of audit evidence is a cumulative and iterative process.
Audit evidence is primarily obtained through the performance of audit procedures. The audit
procedures can be classified either according to their purpose and type.
According to Purpose:
1. Risk assessment procedures (RAP) performed to obtain an understanding of the entity,
its environment, and its internal control to identify and assess the ROMM at the F/S and
assertion levels.
2. Further audit procedures (FAP) comprise:
a. Tests of controls (TOC)-performed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at the assertion
level; and b. Substantive procedures (SP), which include tests of desails (TOD) and substantive
analytical procedures (SAP)-performed to detect material misstatements at the assertion level.

According to Type: (IOERRAI)

1. Inspection-examining records or documents, whether internal or external, in paper form,

electronic form, or other media, or a physical examination of an asset.
2. Observation-looking at a process or procedure being performed by others
3. External Confirmation-a direct written response to the auditor from a third party (the
confirming party), in paper form, or by electronic or other medium.
4. Recalculation-checking the mathematical accuracy of documents or records such as
footing, cross-footing, and test of extensions.
5. Reperformance the auditor's independent execution of procedures or controls that were
originally performed as part of the entity's internal control.
6. Analytical Procedures-the evaluations of financial information through analysis of
plausible relationships among both financial and non-financial data as well as the
investigation of identified fluctuations or relationships that are inconsistent with other
information or that differ from expected values by a significant amount.
 7. Inquiry-seeking information of knowledgeable persons, both financial and nonfinancial,
within the entity or outside. Inquiry is the most extensively used procedures although alone
does not often provide sufficient evidence.

Types of Audit Procedures Linked According to Purpose

Audit Procedures and Audit Risk

Sufficiency of Audit Evidence – Extent of testing

Sufficiency is the measure of quantity of audit evidence. PSAs require no specific extent of
testing; although, the auditor's means of selecting items for testing are (1) all items (100%),
(2) specific items, and (3) audit sampling. The quantity of evidence is affected by (1) the
assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence
 is likely to be required) and (2) the quality of audit evidence (the higher the quality, the less
may be required). However, simply obtaining more audit evidence may not compensate for its
poor quality
Audit Documentation (Learning Objective 4)
Audit documentation (a.k.a., working papers or workpapers) is the record of (1) audit
procedures performed, (2) audit evidence obtained, and (3) conclusions the auditor reached.
The auditor prepares documentation to provide:
a. A sufficient and appropriate record of the basis for the auditor's report; and
b. Evidence that the audit was planned and performed in accordance with PSAS and applicable
legal and regulatory requirements.
Types of Audit File (Learning objective 5)
a. Permanent (continuing) – example: debt agreements, pension contracts, and
lease agreements
b. Current – example: reconciliation of accounting records to F/S, Legal schedules,
etc.
Audit File Organization (Learning Objective 6)
1. Index by Audit phase
2. Index by F/S Area

Final Audit File Assembly, Retention, Ownership, and Confidentiality

The date of Auditor’s report signifies audit work completion and extent of responsibility to obtain
audit evidence. The final assembly of audit files should take place on a timely basis, i.e.,
ordinarily not more than 60 days after the auditor’s report date.

Chapter 4 – Performing Engagement Activities

This chapter presents pre-planning activities the auditor performs aimed to determine
whether an audit engagement with a client, old or new, should be accepted.

LEARNING OBJECTIVES
After studying this chapter, you should be able to:
1. Discuss the activities in the pre planning phase of audit.
2 Enumerate client acceptance and continuance considerations.
3. Discuss the basis of audit engagement that the auditor should establish

Preliminary Engagement Activities (Leaning Objective 1)

Client Acceptance and Continuance (Learning Objective 2)
Auditors carefully determine what engagements to accept to manage auditor's business
risks (introduced in Chapter 2). For example, a client's involvement. A illegal activities (e.g.,
money laundering) and fraudulent financial reporting can lead to unpaid fees, loss of reputation
(auditor's most important asset), and lawsuits.

Ultimately, accepting or not a client depends on auditor's professional judgment and risks
tolerance. There is no client that is risk-free; every client always carries risks.
So, when is an engagement acceptable? It is where the auditor:
 is competent and has capabilities, time and resources to perform the engagement
 complies with the relevant ethical requirements; and
 considers client's integrity, including communicating with predecessor auditor.
Competence, Capabilities, Time, and Resources
Considerations include whether the auditor has:
 sufficient personnel who have competence, capabilities, and knowledge of industries
or subject matters, e.g., knowledge of banking industry for bank clients;
 experience or knowledge with regulatory requirements, e.g., SEC and BSP, experts, if
needed, such as work of actuaries, appraisers, etc.;
 individuals who can perform quality review (discussed in Chapter 17), and time to
complete the engagement within the reporting deadline.
Without meeting these requirements, it would be difficult to perform a quality audit.
Auditor's Compliance with Relevant Ethical Requirements: PIICPO
As discussed in Chapter 1, the relevant ethical requirements to audit include: (a) integrity, (b)
objectivity; (c) professional competence and due care; (d) confidentiality, (e) professional
behavior; and (c) independence.
The auditor shall identify, evaluate, and address threats to compliance with these
principles. If threats are not clearly insignificant, the auditor shall apply safeguards to
eliminate or reduce them to an acceptable level so as not to compromise compliance.
Integrity of Client
With regard to client's integrity, the matters to consider may include: The identity and
reputation of owners and officers, including related parties. The nature of the client's business.
  The owners and officers' attitudes towards accounting and control. The client's
aggressiveness in maintaining the auditor's fees as possible
 Indications of an inappropriate limitation in the scope of work.
 Indications of client's involvement in criminal activities. The reasons for proposed
appointment and non-reappointment of previous firm.

Third Party Communication and Background Searches

A successor auditor may make inquiries of attorneys, other CPAs, banks, and other
businesses, and searches public databases (i.e., the Internet) or hire investigators to obtain
client information.
Declining an Engagement
 When the auditor withdraws from the engagement, the auditor shall:
 Discuss with client's management and TCWG;
 If appropriate, determine and discuss reasons for withdrawal;
 Consider professional, regulatory or legal reportorial requirements; and
 Document significant issues, consultations, conclusions and basis.
Basis of Audit Engagement – Preconditions and Terms of Engagement (Learning
Objective 3)
Once an engagement is considered acceptable, the auditor establishes the basis of
engagement through:
a. Audit preconditions;
b. Terms of engagement
Audit Precondition
The auditor should not accept the engagement, unless required by law or regulation,
without the following audit preconditions:
 use of acceptable FRF available to F/S users; and
 agreement with management and TCWG's responsibility (i.e., the audit premise).

Management and TCWG's Responsibility-The Audit Premise

Management refers to person(s) with executive responsibility for the conduct of the
entity's operations. TCWG are the person(s) or organization(s) with responsibility for
overseeing the strategic direction of the entity and accountability of the entity, for example,
governance board. Management and TCWG have responsibility
1. For the F/S, including internal control relevant to preparation of F/S; and
2. To provide the auditor with:
a. All information relevant to F/S;
b. Any additional information the auditor may request; and Unrestricted access to those within
the entity to obtain audit evidence.
The auditor shall not accept an engagement, if management or TCWG limits the
scope of work that will result in a disclaimer of opinion, unless required by law or
regulation. This includes unrealistic deadlines, not accepting audit staff to perform the work,
and denial of access to a facility, key personnel, or relevant documents.
Agreement on Audit Engagement Terms
The agreed terms are documented in an engagement letter or other written contract.
It is in the interest of both the client and auditor that the auditor sends the engagement
letter before the commencement of audit to avoid misunderstandings.
Though the form and content of engagement letter (see example in the next exhibit) may
vary, the letter shall include:
c. The objective and scope of the audit of the F/S;
d. b. The responsibilities of the auditor;
e. The responsibilities of management;
f. Identification of the AFRF for the preparation of the F/S; and
g. Reference to auditor’s report and possible modifications thereon
Audit Fees Computation and Billing
The audit fees should reflect the fair value of work taking into account the following:
a. The skill and knowledge involved;
b. The level of training and experience requirement;
c. The time to be consumed; and
d. The degree of responsibility and urgency.
Charging lower fees than that of another auditor is not in itself unethical. However, the fees
should not be too low so not to compromise audit quality.
The typical billing methods used by the auditor are:
 Fixed or flat fee basis. The client is billed a lump sum, all-inclusive amount
 Actual time charges (Per Diem) basis. Billing is doneen the basis of actual time spent
by the staff multiplied by the rates/hour agreed upon.
 Maximum fee basis. The client is charged on a per diem basis, but not to exceed up to
a certain maximum amount.
 Retainer's fee basis. The client is billed a fixed fee periodically either on a monthly,
semiannually or annual basis.
Audits of Components
When the auditor of a parent entity is also the auditor of a component (a
subsidiary, joint venture, associate, or branch), the following factors are considered whether to
send a separate engagement letter to the component.

 Who appoints the component auditor--separate appointments for audit of parent entity
and its component typically require separate engagement letter
 Whether a separate auditor's report is to be issued on the component separate auditor's
reports for parent and component generally require separate engagement letters,
 Legal requirements in relation to audit appointments-the auditor should follow any
applicable legal requirements;
 Degree of ownership by parent-the principle is that the less the parent's degree of
ownership, the more likely that separate engagement letter will be required; and
  Degree of independence of the component management from the parent entity-the
principle is that the more independent component management operates, the more
likely that separate engagement letters will be used.

Recurring Audits Updating the Engagement Letter

On recurring audits, the engagement terms may be confirmed without a new letter.
However, circumstances may require the auditor to send a new letter to client include:
 Misunderstanding of the objective and scope
 Any revised or special terms
 Change in client's circumstance such as senior management, ownership, entity's nature or
size, legal or regulatory requirements and reporting requirements.
Acceptance of a Change in the Terms of the Audit Engagement
If, prior to completing the audit, the auditor is requested to change the audit to a lower
level of assurance engagement other engagements), the auditor shall determine whether there is
reasonable justification considering any legal or contractual implications. Circumstances that a
client may request a change may include:
 a change in circumstances affecting the need for the service;
 a misunderstanding as to the nature of an audit as originally requested; or
 a restriction on the scope of the audit engagement, whether imposed by management or
caused by other circumstances.

Chapter 5 - Planning an Audit

Main output of Audit planning

 Overall audit strategy - generally stated

 Detailed audit plan - detailed approach

Overview of Planning and Risk Assessment Activities

 The size and complexity of the entity - the larger & more complex —the more intensive
planning
 Auditors previous experience - helps plan the audit smoothly
 Changes in circumstances - updates & change the overall audit strategy & plan as
necessary

Benefits of Audit Planning

 a properly planned audit saves as 5 times the auditor’s time

 Appropriate attention to important audit areas
 Identify and resolve potential problems timely
 Organize and manage the audit so that it is performed effectively and efficiently
  Assist in proper selection of team members and assignment of work to them
 Facilitate direction and supervision of team members and review of their work
 Assist in coordination of work done by auditors components and expert

Results of Preliminary Engagement Activities

 Assist the auditor in identifying circumstances that may adversely effect audit
 Enable the auditor to
 maintain independence
 Identify issues with management integrity
 Ensure no misunderstanding as to engagement terms

Overall Audit Strategy - Purpose & Content

 Document that complies information about the entity, its environment, internal control,
significant audit factors, and ares of interest to auditor. Sets the scope, timing, and
direction of the audit, and guides the development of audit plan.
 In establishing the strategy, the auditor is required to:
 Identify characteristics of the engagement that defines its scope
 Ascertain reporting objectives to plan the timing of audit and communications
 Consider significant factors in directing the engagement team’s efforts
 Consider preliminary engagement activity results and knowledge
 Ascertain nature, timing and extent of resources to perform the engagement

Initial Audit engagement - Additional Considerations

 Arrangement with predecessor auditor ( review of predecessor workpapers)

 Any major issues discussed with management
 The audit procedures to obtain evidence regarding opening balances

Assembling the Audit Engagement Team

 Partners 
 owner of the firm & responsible for the audit
 Overall responsibility especially critical audit decision
 Signs the audit report on behalf of the firm
 Manager/Director
 Ensures audit is conducted according to direction and strategy set by partner.
 Setting up team, supervising subordinates, completing complex audit areas
 Senior Associates
 In charge of day-to-day audit
 Supervises the work of junior associates, review their works
 Assist the partner and manager in drafting the audit report
 Junior Associates
 Perform the more detailed routine audit tasks
 Most day-to-day exposure 

Involvement of Key Engagement Team Members

  Enables them to share their experience and insights to enhance the effectiveness and
efficiency of the planning process.

Direction, Supervision, and Review

 Less experienced team members — perform most of the audit tasks.

 Audit quality is enhanced if they are properly directed and supervised and their works
are properly reviewed by more experienced team members

Developing the Detailed Audit Plan

 Audit  plan (program)

 More detailed audit strategy to implement the overall  audit strategy
 Includes the nature, timing and extent of the audit procedures 
 RAP
 FAp at the assertion level
 Other audit procedure
 List of procedures gather evidence
 Serves as set of instructions

Communicating the Audit Plan with Management and TCWG

Two-way dialogue with management and TCWG is important. It may assist the manangement
and TCWG to:

 Understand the auditor’s work

 Discuss issues of risk and the concept of materiality
 Identify areas they may request the auditor to perform additional procedure

Matters that the auditor may consider for communication includes:

 How the auditor proposes to address the significant ROMM

 The auditor’s approach to internal control relevant to the audit
 The application of materiality in audit

Nevertheless, audit planning remains the auditor’s responsibility.

Chapter 6 - Determining Materiality

Concept of Materiality

 Professional Judgement

Materiality = Maximum misstatement (size and nature) in the F/S that could influence user’s
economic decision

 Material, if:
 Misstatement could influence the economic decision
 Materiality & misstatement are closely-related
 Relative, entity-specific concept:
 What is material to one entity may not be material to another.
Materiality and the Auditor’s Overall Objectives

 Auditor provides reasonable assurance - free from material misstatements and only
responsible to detect material misstatement
 Smallest aggregate level of misstatement
 P1,000,000 aggregate ( maximum) misstatement to be material to statement of financial
position
 P800,000 aggregate (maximum) to be material to statement of comprehensive income

Application of materiality

Materiality is used in three audit phases: 

 Identify material classes of transactions, account balances, and disclosures in F/S.

 Determine nature, timing, and extent of RAP.
 Identify and assess the ROMM.
 Determine nature, timing, and extent of FAp (TOC and SP)
 Evaluate effect of misstatements on F/S and form the opinion in auditor’s report.

Material Levels and Clearly Trivial Misstatements Threshold

To avoid dealing with clearly inconsequential misstatements, the auditor designates a “clearly
trivial threshold.” It is not an expression of materiality; rather, it is an amount below which
misstatements are deemed unimportant that are neither aggregated with other misstatements nor
required adjustments to financial statements.

Determining Performance Materiality

Performance Materiality = General Materiality or Particular Materiality - Expected Possible

Undetected Misstatements

Performance Materiality = General Materiality or Particular Materiality X 60% to 85% (the lower
the risk of material misstatement, the higher the %, vice versa)

Revision of Materiality

Materiality levels are not cast in stone once determined. They may be adjusted, upward and
downward, as necessary, for example:

 Changes in entity’s circumstances

 New information
 Change in understanding of entity and its operation

Chapter 7 - Understanding the Entity and Its Environment

Importance of Understanding the Entity, Its Environment, and Its Internal Control The
auditor's understanding of the entity, its environment, and its internal control serves as the
foundation of effective audit. It establishes a frame of reference within which the auditor plans
the audit and exercises professional judgement such as:

 Assessing ROMM;
  Establishing materiality;
 Considering appropriateness of accounting policies, and adequacy of disclosures;
 Identifying special areas, for example ,related party, going concern;
 Developing expectations in performing analytical procedures;
 Responding to assessed ROMM to obtain evidence; and
 Evaluating sufficiency and appropriateness of audit evidence.

Overview of the Risk Assessment Process

Step 1: Design and Perform Procedures to Obtain Understanding 

Step 2: Identify and Assess ROMM

Risk Assessment Procedures

RAP are performed to an understanding of the entity and its environment, including the entity’s
internal control, to identify and assess the risks of material misstatement, whether due to fraud or
error, at the F/S assertion levels, thereby providing a basis for designing and implementing
responses to assessed ROMM. The RAP include:

 Inquiries of management and of others within the entity.

 Analytical procedures
 Observation and inspection

Used of information from prior period audit

For a continuing client, auditor’s previous experience and audit procedures contained prior years
working papers are helpful in obtaining understanding of the entity, its environment, and its
internal control about matters as:

 Past misstatements and whether they were correct timely 

 Significant changes in the entity, which may assist to identify and assess ROMM.

Discussion Among Engagement Team

Brainstorming is critical to an effective and efficient audit. This discussion:

 Provides opportunity for sharing more experienced team members insights.

 Allows team members exchange information about business risks and ROMM.
 Assist team members better understand ROMM and responses thereof.
 Provides a basis of team members communication and sharing new information.

Chapter 8 - Understanding The Entity’s Internal Control

Importance of Understanding the Entity's Internal Control

 Every entity, profit-oriented or not, faces risks that may prevent it from meeting its
objectives. To address these risks, including ROMM of F/S, the entity establishes a system of
internal control. Simply put, without an effective internal control system, the entity will not be
able to survive for long. Therefore, for effective audit, PSAs require the auditor to obtain
understanding of the entity's relevant internal control in order to identify and assess ROMM.

Overview of Risk Assessment Process

Step 1: Design and perform procedures to obtain understanding

The procedures aimed to obtain understanding are:

• Risk assessment procedures (RAP).

• Information obtained in prior period audits.

• Discussions among the audit team ("brainstorming').

Step 2: Identify and assess ROMM

• Identify material account balances, class of transactions, and disclosures in F/S.

• Identify and relate the risks identified to F/S assertions 

Risks Assessment Procedures to Obtain Understanding of Internal Control

The auditor performs the following RAP to obtain understanding of internal control:

•Inquiring of entity personnel. However, inquiry alone is not sufficient.

•Observing the application of specific controls.

•Inspecting documents and reports.

•Walkthrough tests 

Nature of Internal Control

The following concepts about internal control can be deduced:

•Internal control is a process. Internal control is neither an end in itself nor a one-off event, but a
series of activities that allows an entity's unit to function effectively. Internal control must be
updated and monitored to remain relevant and effective.

•Internal control is effected by people. All entity personnel are involved with internal control; that
is, from management formulating business objectives and strategies, as overseen by TCWG, to
security guards safeguarding the entity's premises. They establish objectives and put controls in
place.
•Internal control can only be expected to provide reasonable assurance, not absolute assurance.
As the saying goes: "There is no perfect system." The likelihood that internal control addresses
business risks is affected by inherent limitations.

The Five Internal Control Components and the Auditor’s Required Understanding

•Control environment- The control history, culture, and consciousness

a. The tone at the top"

b. The "head" and "brains" of internal control

•Risk assessment process- The evaluation of internal and external factors that impact an entity's
achievement of its objectives

The "eyes" and "senses" of internal control

•Information system and communication- The process which ensures that relevant information is
identified and communicated timely

a. -The "blood" and "veins" of internal control

•Control activities-The policies and procedures that help prevent, detect, and correct risks

b. The "arms" and "legs" of internal control

•Monitoring-The process that determines whether internal control remains effective and relevant.

c. -The "assessor" of internal control

Entity-Level and Transaction-Level Internal Controls

1. Entity-Level and Transaction-Level Internal Controls Entity-Level (Pervasive) Controls:

These controls relate to entity's overall operations. They typically address governance and
management and serve to establish the control environment or "tone at the top."
2. Transaction-Level (Specific) Controls: These are specific processes/controls designed to
ensure that:

• Transactions are appropriately recorded;

• Accounting records are maintained accurately;

• Receipts and expenditures are properly authorized; and

• Unauthorized transactions are timely prevented or detected.

Evaluating Entity Level Controls

1. Integrity and ethical values

•Conduct interviews with a sample of staff.

•Read code of conduct and communications to staff.

2. Commitment to competence

•Review hiring and firing policies.

•Review job descriptions on selected employee files.

3. Participation by TCWG

•Review any self-assessments made.

•Review BOD qualifications and minutes of meetings.

•Attend a meeting as an observer.

4. Management's philosophy and operating style

•Review any documentation.

• Conduct interviews with a sample of staff. Organizational structure

• Review structure in light of best practices.

5. Assignment of authority and responsibility

• Review any documentation such as job descriptions.

6. Human resources policies and practices

•Review policies and practices and compliance

•Review employee files for staff evaluations, training, etc

The Entity's Transaction Cycle and Controls

The common divisions of an entity's transaction cycles are:

•Revenue and receipt cycle- refers to the processes of receipt of customer order, extension of
credit to customers, shipment of goods or rendering of service to customers, and receipt cash.

•Purchasing and payment cycle-a.k.a., Purchase-to-Pay (P2P) business process. This cycle relates
to purchase and payment of goods and services to vendors.

•Personnel and payroll cycle-this cycle pertains to the processes of hiring employees, receipt of
their service, and payment of their compensation.
•Inventory and production cycle-encompasses the production of raw materials to finished
products for sale.

•Financing and investing cycle-two major business functions associated with this cycle are
receiving capital funds from investors and using capital funds for operations or investing those
funds temporarily until needed operations.

Internal Control in Smaller Entities

Internal control varies with entity's size and complexity. Smaller entities use simpler processes
and procedures to achieve their objectives. There are often few employees because of resources
constraint, which may limit:

•Segregation of duties; and

•Paper trail of documentation 

Scope of Internal Control Understanding Determining Relevant Controls

The auditor obtains only understanding of internal control relevant to auditors which typically
relate to financial reporting objectives that address ROMM. For example, an airline's automated
controls that maintain flight schedules an unlikely relevant being operational in nature.
Additionally, a furniture manufacturer's controls for incidental sales of scrap materials that
accounts for less than 1% of total sales are unlikely to be relevant being immaterial, even the
relate to financial reporting objectives. Ultimately, it is a matter of auditor professional judgment
whether a control is relevant. Factors relevant to auditor judgment include:

• Materiality and significance of risk

• Size and nature of entity

• How a specific control prevents, or detects and corrects, materials misstatement

Chapter 9 – Identifying and Assessing Risks of Material Misstatement

Key points

 Importance of identifying and assessing risk ROMM in F/S – It guides the auditor
(Risked based audit approach) in performing appropriate audit procedures.
 Audit completion by completion checklist – An in effective audit approach wherein the
auditor simply performs specified procedures without considering its appropriateness or
ROMM.
Relation of identifying and assessing ROMM to risk assessment process:

 Step 2 of Risk Assessment process: Identify material account balances, class of

transactions, and disclosures in F/S;
 Identify and relate the risks to F/S assertions.
As the audit is focused on areas that have a high chance of material misstatement, the auditor
needs to identify material classes of transactions, account balances, and disclosures in the F/S.
This exercise needs professional judgement taking into account both the quantitative and
qualitative factors.
Quantitative considerations involve comparison of account’s amount with general materiality.
The account is quantitatively material if it exceeds materiality.
Qualitative consideration takes into account the possibility of material misstatement, based on
auditor’s knowledge (e.g. accounting estimates, suspicious accounts, etc.)
The risk of ROMM at F/S level refer to the risk that relate pervasively (widely) to the F/S as a
whole, and potentially affect many assertions. In other words, they relate to risks that have a
potential impact on a large number of F/S items.
Inherent risk is the risk of susceptibility of an assertion to a misstatement that could be material
before consideration of any related controls.
Control risk is the risk that a misstatement could occur in an assertion will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control. Hence, it is a function of
effectives of internal control that always exists because of the inherent limitations of internal
control.
The process of identifying and assessing ROMM:
Step 1 – Identify, assess, and relate risks to F/S;
Step 2 – Relate risks to WCGW at the Assertion Level and Relevant Controls;
Step 3 – Consider likelihood and Magnitude of misstatement
Significant risk is a ROMM that, in the auditor’s judgement, requires special audit consideration.
Example, fraud risks, significant developments, complex transactions, related party transactions,
degree of subjectivity and unusual transactions.
Chapter 10 – Responding to Assessed Risks
After assessing the ROMM, the auditor designs and implement risk responses to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and be able
to obtain reasonable assurance and express opinion.
The auditor’s responses classified according to level of ROMM are:
1. Overall responses to address the ROMM at F/S level. These responses may include:
Maintaining professional skepticism, providing more supervision, incorporating
additional elements of unpredictability in FAP etc.
2. FAP as responses to the assessed ROMM at assertion level, which comprise TOC (test
of control) and SP (substantive procedures). SP includes test of details (TOD) and
substantive analytical procedures (SAP). TOC and TOD may be performed
simultaneously, known as dual purpose tests.
The shall design and perform FAP (further audit procedures) whose nature, timing, and extent
are based on and are responsive to the assessed ROMM at the assertion level that may include:
only TOC, only SP, a combination of TOC and SP.
The nature of FAP is the most important consideration as it refers to:
  Purpose – whether to evaluate operating effectiveness (TOC) or to detect a material
misstatement (SP); and
 Type – such as inspection, observation, inquiry, confirmation, recalculation,
reperformance, or analytical procedure.
Steps in performing TOC.
1. Identify ROMM;
2. Identify controls that address ROMM
3. Evaluate D & I effectives of controls
4. Perform TOC procedures
5. Evaluate OE of controls and document results
In performing TOC, the auditor obtains evidence about the OE of controls throughout the audit
period by evaluating the following three aspects of controls:
1. How the controls were applied.
2. Consistency of controls application
3. By whom or by what means controls applied
In performing SP, the auditor should determine the nature, timing, and extent of SP based on
the acceptable level of detection risk (DR) – AR = f (IR x CR x DR). IR and CR are inversely
related to DR. The higher the assessed level of ROMM, the lower the acceptable level of DR,
and vice versa. The lower of DR, the more intensive SP tend to be, and vise versa.
Nature of SP – SP include any or combination of (1) inspection, (2) observation, (3) external
confirmation, (4) recalculation, (5) analytical procedures, and (6) inquiry. SP are classified as:
1. TOP of transactions, account balances, presentation and disclosures; and
2. SAP.
TOD of transactions refer to tests to detect material misstatements in individual transactions.

Chapter 11 - Determining The Extent of Testing

The next exhibit shows the auditor's means of selecting items as the extent testing

Exhibit 11.1-Extent and Selection of Items for Testing

Tests of Controls (TOC)                            Tests of Details (TOD)

1. All items (100%)

2. Specific items (non-representative)

3. Audit sampling (representative)

Extent and Selection

Sufficient Appropriate Audit Evidence

The choice of extent of testing depends on audit risk and efficiency. The main considerations are
the one or combination of methods that provide the auditor with sufficient appropriate audit
evidence and meet the objectives of the test. 

Testing All Items (100%)

100% testing is unlikely in case of TOC; it is common for TOD such as when:

The population constitutes a small number of large value items (e.g., land account); There is a
significant risk   and other means do not provide sufficient appropriate audit evidence (erg.,
instances of fraud such as stolen cash receipts, fictitious sales, etc.);

 Testing Specific Non-Representative Items

 Testing specific non-representative items may include:

•       High value or key items (e.g., suspicious, risk-prone, or unusual items).

•       All items over a certain amount

•       Items to obtain information (e.g.,   nature of the entity or transactions).

•       Items to test the operation of certain control activities.

 However, this type of testing does not constitute audit sampling because the specific items
selected do not represent the population. Consequently, the results of this testing cannot be
projected to the entire population. The judgmental selection of specific items is subject to non-
sampling risk (discussed later).

Audit Sampling

In performing TOC.and TOD, it is normally not feasible to test all items constituting a an
account, a class of transaction, or a control procedure. In such cases, the auditor usually performs
audit sampling, which is the application of audit procedures to:

•       less than 100% a of items within a population of audit relevance

•       such that all sampling units have a chance of selection

•       in order to provide the auditor with a reasonable basis on which to draw conclusions
about the entire population. 

Representative Sample

 A representative sample is one in which the characteristics in the sample of   audit interest is
approximately the same as those of the population.

 As audit sampling concludes about the sample that represents population, the auditor should have
the population for. the conclusion to be valid. However, a sample may not represent the
population due to sampling risk and non-sampling risk, which also represent the audit risk, i.e.,
[Audit risk = f (Sampling risk x Non- sampling risk)].
 Sampling Risks

 Sampling risk is the   risk that the auditor's different from the conclusion if the entire conclusion
based on a sample may be audit procedure. Sampling risk can population were subjected to the  
same lead to two types of erroneous conclusions:

a. In TOC, the   controls are ineffective when they are actually effective. In TOD material
misstatement exists when in fact it does not.   This is known as "Alpha Risk" or "Type I
Misstatement." This error affects audit efficiency as it as leads to additional unnecessary
work; or
b. In TOC, the controls are effective when they are actually not. In TOD, material
misstatement does not exist when in fact it does. This is known as "Beta Risk" or "Type Il
Misstatement." This is the auditor's primary concern and recognized sampling risk
inappropriate audit opinion.

The complement of sampling risk is of sampling are in fact indicative of actual deviation (for
TOC) or misstatement (for TOD) in the population.

Dealing with Sampling Risks

 The auditor sampling risks by testing the entire can eliminate population

However, such testing is usually not possible. Instead, the auditor reduces sampling risk to an
acceptably level by making the sample low more representative of the population by:

• Increasing the sample size; and

• Using appropriate sample selection method.

Non-Sampling Risks

Non sampling risk is the risk that the auditor reaches an erroneous conclusion for any reason not
related to sampling risk such as human error due to:

• Use of inappropriate audit procedures;

• Failure to recognize misstatements or deviations in the samples tested;
• Misinterpretation of evidence obtained.

 Dealing with Non-Sampling Risks

 Non-sampling risks cannot be eliminated due to inherent limitations of audit.

• However, the auditor audit through:

• Proper planning; and
• Adequate direction and supervision of audit team and work.

The 10-Step Audit Sampling Process

 Exhibit 11.4-- The 10-Step Audit Sampling Process

Step 1 Define the objective (purpose) of test

Step 2 Define the deviation or misstatement

Step 3 Identify the relevant population

Step 4 Determine the relevant sampling unit

Step 5 Select the appropriate sampling approach

 Step 6 Determine the sufficient sample size

Step 7 Select   the representative sample items

Step 8 Perform the testing and evaluate evidence

Step 9 Evaluate the test results and reach conclusion

 Step 10 Complete documentation

Step 1-Define the Objective (Purpose) of Test

 The test objective is based on the ROMM at assertion level that guide in design the appropriate
audit procedures samples necessary to achieve the objective. See examples in Exhibits 11.16 and
11.17.

 Step 2—Define the Deviation of Misstatement

The auditor considers what conditions constitute a deviation or misstatement by reference to test
objective. In TOC, a deviation, is   a departure   from adequate control performance (e.g., a sales
invoice not supported by a credit approved report   and a shipping document).   In TOD, a
misstatement is a difference between the recorded amount and the amount   the auditor
determines to appropriate (e.g., a recorded receivable relating to a fictitious sale or from
prematurely recognized sale). 

 Step 3-Identify the Relevant Population

 Population means the entire set of data from which a sample is selected and about which the
auditor wishes to draw conclusions. For example, consider account receivable with P1,000,000
balance consisting of 1,000 customers and 5,000 sale voices. Any of the entire P1,000,000, 1,000
customers, or   5,000 invoices may be considered as the population depending on which a sample
will be selected and conclusions be drawn.

The auditor identifies the relevant population by considering its characteristics

• Direction of testing;
• Completion of population; and
• For tests of details, stratification or value-weighted selection.

 Direction of Test

In TOC, the direction of deviations determines the relevant population. When the deviation
results in overstatement, the population should be the record. For example, if the auditor wants to
test a control that ensures that all billed sales (record) are for all shipped goods. The appropriate
population is all sales invoices. Conversely, when the - deviation results in understatement, the
population should be the support. For example, if the auditor wishes to test a control that ensures
all shipments (support) are population is all shipping documents (support).

In TOD, the direction of misstatement determines the relevant population. When testing for
overstatement, the population should be the record. For example, vouching a sample of
inventories from listing (record) to actual goods during observation of inventory count. The
appropriate population is all inventory listing (record). Conversely, when testing for
understatement, the population should be the support.   For example, tracing a sample of actual
goods (support) to inventory listing during observation of inventory count. The appropriate
population is all actual goods (support).

Completeness of the Population

 Completeness of population is verified by its boundaries or totality, as shown below.

 Verification of Completeness of Population

 Boundaries

• First and last numbers of a series of prenumbered documents.

• Beginning and ending days of an audit period.
• Totality  
• Accounting for  numerical sequence of prenumbered documents.
• Footing population items and comparing to control total.

 Stratification

Stratification is the process of dividing a population into sub-populations; it makes sub-

populations more meaningful by having a group of sampling units which have similar
characteristics.

Stratification reduces the variability (wide difference) of items within each stratum and allows
sample size to be reduced without increasing sampling risk thus improving audit efficiency and
effectiveness 

The population is often stratified by monetary value to allow   greater effort for larger value items
(see illustration in the next exhibit) or according to indication of higher risk of misstatement, e.g.,
when testing allowance for doubtful accounts in the valuation of receivables, balances may be
stratified by age. Value-Weighted Selection

This is appropriate when Monetary Unit Sampling (MUS) is used (see Step 5 below); it treats
individual monetary unit as the sampling unit that comprise the population. For of accounts
receivable and each P1 as example, the population is automatically the P1,000,000 amount the
sampling unit (see Step 4). Items in the   population with negative or zero balances separately.  
This also results in   (no monetary units) considered being all P1, is eliminated. automatic
stratification as the variability of items.

Step 4-Determine the Relevant Sampling Unit

Sampling unit is the individual items constituting a population. The sampling units might be
physical items (e.g., checks listed on deposit slips, credit entries on bank statements, sales
invoices or balances) or monetary units (in case of MUS).

Step 5-Select the Appropriate Sampling Approach

 Audit sampling can be applied using either statistical or non-statistical approach. Both
approaches involve auditor's professional judgment. 

Statistical

• Results can be mathematically projected.

• Use of probability theory to design sample and results.
• Non-statistical
• Does not have the characteristics evaluate 

The decision whether to use a statistical or of statistical sampling matter of auditor's judgment
based on their advantages and disadvantages.

 Statistical Attributes Sampling for TOC

 Statistical attributes sampling can be applied using:

a. Regular attributes sampling- a conclusion is reached about a population in terms of rate

(frequency) of occurrence based on a fixed sample size. For instance, a sample of
disbursement vouchers can be examined for signatures evidencing approvals. The number of
missing signatures (deviations) is then used to estimate the overall rate of exceptions for the
entire file of vouchers (population).
b. Stop or go (Sequential) - attributes sampling this in stages; consequently, no fixed sample
size stage determines the need to continue on sampling plan is performed may either be so
poor is set. The result of previous the next stage. That is, the results: to indicate that control
is ineffective and stopping TOC, or so good as to justify reliance at each step and may go on
performing TOC on the next stage.
c. Discovery attributes sampling - a sampling plan for determining enough sample size
required to have a probability of discovering at least one (critical) deviation. It is most
appropriate when the expected deviation rate is zero or near zero that any deviation detected
in the sample results in rejection of the sampling plan.

 Statistical Variables Sampling for TOD

 Statistical variables sampling used for tests of details include:

a. Classical variables sampling. This approach generally answers: (1) How much? or (2) Is the
account materially misstated? Hence, the sampling units are testing to determine their
audited value. The differences between the carrying and audited amounts (the sample
misstatement) are projected to estimate the population misstatement. This approach has three
variations: mean-per-unit approach, difference approach; and ratio approach.
b. Monetary unit sampling (MUS). MUS is a sampling approach in which sample size,
selection, and results evaluation are in terms of monetary amounts. This is usually
appropriate for testing for overstatement of testing assets and income. See Steps 3 & 7 for
further discussion.
Step 6-Determine the Sufficient Sample Size

The auditor shall determine a sample size sufficient to reduce sampling risk to an acceptably low
level.   The level of sampling risk (i.e., the beta risk or type Il misstatement) the auditor is willing
to accept is inversely related to sample size. The lower the sampling risk, the greater the sample
size to achieve higher confidence level.

There is no sample size specified in PSAs although certain factors are provided to determine
sample size statistically or judgmentally (non-statistical). 

Tolerable deviation rate (TDR)

TDR is a rate   of control deviation set by the auditor that if exceeded by the actual rate of
deviation in the population, the auditor concludes that the internal control did not operate
effectively.

EDR is a rate of control deviation that the auditor expects to find in the population based on the
auditor's knowledge and past experience, or test result of a small number of item from the
population ("pilot testing"). EDR is ordinarily lower than TDR; otherwise, the auditor will
normally decide not to perform TOC.

Tolerable misstatement refers to a monetary amount set by the auditor that if exceeded by the
actual misstatement in the population, the misstatement is material. misstatement is the
application of performance materiality to a particular sampling procedure, which may be the same
amount or lower than performance materiality.

Step 7-Select the Representative Sample Items

The auditor shall select sample items in such a way that each sampling unit in the population has
a chance of selection in order to design a representative sample.

Sample Selection Methods

Sample selection methods may be probabilistic (statistical) or non-probabilistic (non-statistical).

In statistical sampling, samples are selected in a way that each sampling unit has a known
probability of selection. In non-statistical sampling, judgment is used to select samples. 

Probabilistic sample selection methods include random selection, systematic selection, and MUS.
Non-probabilistic sample selection methods include haphazard selection and block selection.
Though PSAs mention only random selection, systematic selection, and haphazard selection as
three principal sample selection methods.

Random Selection. The selection of a sample in such a way that every sampling unit has the same
probability of selection. Random selection, by eliminating selection bias, entails less sampling
risk than the other selection techniques Before using a random number generator (e.g., RAND
functions of MS Excel) or table, the auditor must establish a unique identification number for r
Sampling unit. For example, an inventory listing might be assigned pages or line numbers which
are used to select them. This method is appropriate for both non Statistical and statistical
sampling. every 
Systematic Selection. It involves sample selection using a uniform interval (divide population
size by sample size) with a starting point selected in the first interval. For example, in selecting
100 items (sample size) from a population of 10,000 Items, the interval is every 100th item
(10,000/100). First the auditor selects a Starting point and then selects every 100th item from the
starting point, including the starting point. Hence, it is useful even without identification
numbers; has an advantage of being easy to use. When a random starting point is used, systematic
selection allows every sampling unit an equal chance of selection that Is the same as random
selection. This method is appropriate for both non statistical and statistical sampling.

However, care should be exercised that sampling units are not structured in a way that the interval
corresponds with a particular pattern that may destroy on otherwise representative sample. For
example, a population of check disbursements that requires manually and electronically signed
approvals. A selection of every nth number of checks may occur that only either manually or
electronically signed checks, but not both.

Step 8-Perform the Testing and Evaluate Evidence

The auditor shall perform audit procedures, appropriate to the purpose, on each item selected, and
evaluate the audit evidence obtained. In doing this step, the auditor may encounter a voided
sample, a missing or lost sample, and concluding whether to stop the TOC before completion of
the sampling.

Voided Sample

if the audit procedure is not applicable to the selected item (i.e.. a voided sample), the auditor
shall perform the procedure on a replacement item. For example, a voided check is selected while
testing payment authorization. If the audkor is satisfied that the check has been properly voided
such that it does not constitute a deviation, an appropriately chosen replacement is examined.

Missing or Lost Sample

If the auditor is unable to apply the designed audit procedures, or suitable alternative procedures,
to a selected item, the auditor shall treat that item as a deviation (TOC) or a misstatement (TOD).
For example, the auditor received no response to a positive confirmation request in testing
existence of accounts receivable. Examination of subsequent cash receipts is a suitable alternative
procedure.

Stopping the TOC Before Completion

Occasionally, the auditor may find a large number of deviations in testing part of a sample that
even if no additional errors were to be discovered, the results of the sample would not support the
inside reliance on the effectiveness of control. In such a case, the auditor should reassess ROMM.

Step 9-Evaluate the Test Results and Reach Conclusion

Whether the sampling is statistical or non-statistical, the auditor applies professional judgment in
evaluating the results and reaching an overall conclusion by considering:

• Nature, causes, and effect of deviations and misstatements; and 2. Deviations and
misstatements.
• Nature, Causes and Effect of Deviations and Misstatements:
The auditor shall investigate the nature and cause of any deviations" or misstatements and
evaluate their possible effect on the audit.

The auditor may observe if deviations and misstatements are systematic or indicate the possibility
of fraud, which may require extended audit procedures. In extremely rare circumstances, the
auditor may consider an anomalous error (misstatement or deviation), which does not represent
errors in a population as it arises from an isolated event. For example, an error caused by a
computer breakdown that occurred on only one day. Another example is an error caused by use of
an incorrect formula in calculating all inventory values at one particular branch. 

Deviations and Misstatements

TOC

In TOC, sample deviation rate (SDR) is the rate of deviations detected in the sample. SDR is
calculated by dividing the number of sample deviations by the sample size.

Projected deviation rate (PDR), also called "upper deviation or precision limit," is the rate of
deviation that the auditor estimates to be in the population. This is expressed through: PDR SDR+
allowance for sampling risk. An allowance for sampling risk can only be calculated where the
auditor has used statistical sampling

However, in TOC, unlike in TOD, no explicit projection of deviations is necessary since the SDR
is also the PDR for the population as a whole, as shown below.

TOD

In TOD, the auditor shall project sample misstatements to the population Sample misstatement is
the monetary misstatement detected in the sample. In case of anomalous misstatement, it may be
excluded in the projection. 

Projected misstatement (also called "most likely error" [MLE]) is the misstatement that the
auditor estimates to be in the population and is calculated by adjusting the sample misstatement
by an allowance for sampling risk. An allowance for sampling risk can only be calculated where
the auditor has used statistical sampling. The methods for calculating an allowance for sampling
risk and projecting the sample misstatement differ between classical variables sampling and
MUS, as shown below.

Mean-per-unit approach

EPAA is calculated by an average audited amount in the sample and multiply tha average amount
by the population size. 

Difference approach
EPAA is calculated by the average difference between population. Average difference (in
sample): Average CA- Average AA.

Ratio approach

The auditor calculates the ratio between the sum of the audited amounts and te sum of the
recorded amounts of the sample items and projects this ratio to the population. The auditor
estimates the EPAA by multiplying the recorded atout of population by the same ratio.

MUS

The steps in projecting misstatements using MUS are:

1. Calculate the percentage of misstatement in each item.

2. Add up the misstatement percentages, netting overstatements and understatements.
3. Calculate the average percentage misstatement per item sampled by dividing the total
misstatement percentages by the number of all items sampled.
4. Multiply the average percentage misstatement by the total representation population
monetary value. This results in the projected misstatement for the sample.

Evaluate Test Results and Reach an Overall Conclusion 

In TOC, an unexpectedly high SDR may lead to an increase in assessed ROMM unless further
audit evidence supporting the initial assessment is obtained.

The two general approaches to evaluate the sample results for TOC are:

1. Compare PDR to TDR-If PDR exceeds TDR, the control did not effectively, or
2. Compare SDR to EDR-If SDR exceeds EDR, the control did not operate effectively.

These two approaches are exemplified in the next exhibit. However, the closer the PDR (or SDR)
to TDR (or EDR), the more likely that the actual deviations in the population may exceed the
TDR. 

Overall Conclusion for TOC

The auditor may perform either.

1. Compare PDR to TDR-Increase the level of assessed of control risk (CR is high) because the
TDR (5%) was less than the PDR (7.5%).

2 Compare SDR to EDR-Increase the level of assessed of control risk (CR is high) because the
EDR (1.5%) was less than the SDR (42).

In either case, the auditor concludes that the control did not operate effectively.

In TOD, an unexpectedly high sample misstatement may cause the auditor to believe that a
misstatement is material, in absence of further audit evidence that no material misstatement
exists. 
The projected misstatement plus anomalous misstatement (PM-AM) is the estimated population
misstatement (EPM). When the EPM exceeds tolerable misstatement, the sample does not
provide a reasonable basis for conclusions about the population that has been tested. The closer
the EPM is to tolerable misstatement, the more likely that actual population misstatement (APM)
may exceed tolerable misstatement. Also if the projected misstatement is greater than the
auditor's expectations of misstatement used to determine the sample size, the auditor may
conclude that there is an unacceptable sampling risk that The APM exceeds the tolerable
misstatement.

If the auditor concludes that audit sampling has not provided a reasonable basis for conclusions
about the population that has been tested, the auditor may: 

Request management to investigate misstatements identified and the potential for further
misstatements and necessary adjustments; or

Tailor the nature, timing and extent of FAP to achieve the required assurance. 

Step 10-Complete Documentation

The auditor should document the sampling applied.

Chapter 12: Considering Fraud, Error, And Non-Compliance with Laws And Regulations
(Noclar)

FRAUD - intentional act by one or more individuals among management, TCWG, employees, or
third parties involving the use of deception to obtain an unjust or illegal advantage.

ERROR - unintentional misstatements or omissions in F/S, including the omission of an amount

or disclosure.

Fraud is more difficult to detect than error because fraud is usually concealed by forgery, hot
recording transactions, misrepresentations, or collusion.

Although fraud is a broad legal concept, the auditor is primarily concerned with fraud that causes
material misstatement in the F/S.

Types of Fraud

Embezzlement (defalcation) - involves theft of funds placed in one's trust or care.

Larceny - involves theft of personal property.

Forgery - act of forging or producing a copy of a document, signature, etc.

Bribery - persuading someone to act in one's favor illegally by a gift.

Extortion (blackmail) - obtaining something (e.g., money) through force or threats.

Conspiracy (collusion or connivance) - agreement between two or more people to commit a

crime.
Earnings management - use of accounting to enhance financial performance.

Income smoothing - a form of earnings management in which revenues and expenses are shifted
between periods to reduce fluctuations in earnings.

Fraud as to Intentional Misstatements in the F/S

l Fraudulent financial reporting - involving misstatements, including omissions, of amounts or

disclosures in F/S. This often involves management.

l Misappropriation of assets - involving theft of assets. This is often perpetrated by ordinary

employees in small amounts, though may also involve management.

Fraud as to Perpetrator

l Management fraud -  involves member(s) of management or TCWG. More difficult to detect

that employee fraud as management can easily override controls designed to prevent similar
frauds by other employees.

l Employee fraud - involves only ordinary employees.

RESPONSIBILITIES FOR FRAUD PREVENTION AND DETECTION

Management and TCWG

• The primary responsibility for the prevention and detection of fraud rests with both
TCWG and management.
• Management establishes internal control that prevent and detect fraud, while TCWG,
through its oversight function, ensures integrity of controls.
• The best way to address fraud is to implement controls that are based on core values
embraced by the entity, such as RAP, control environment, information system and
communication, control activities, and monitoring.

Auditor:

• The auditor's responsibility is in F/S audit is to obtain reasonable assurance about

whether the F/S are free from material misstatement, whether due to fraud or error.
• The auditor cannot be held liable for prevention of fraud and errors. Even though
risk of fraud is actively considered in F/S audit, the auditor does not perform a forensic
audit.

AUDITOR'S CONSIDERATION OF FRAUD

Professional judgment - enables the auditor to apply relevant knowledge and experience in
making informed decisions to address circumstances of fraud such as designing and
performing procedures responsive to ROMM due to fraud.

Professional skepticism - enables the auditor to recognize the possibility that a material
misstatement due to fraud could exist, notwithstanding the auditor's past experience of the
honesty and integrity of the management and TCWG.
Identifying and Assessing ROMM due to Fraud

Fraud risks factors - refer to events or conditions that indicate an incentive or pressure to
commit fraud or provide an opportunity to commit fraud.

Fraud Triangle

Attitudes or rationalizations - either the perpetrator's attitude, character, or set of values, or the
entity's weak control environment that does not create a culture of honesty. Enable those involved
in fraud to rationalize committing a dishonest act.

Incentives or pressures - Management and employees who have an incentive (financial or

otherwise) or are under pressure may be motivated to commit fraud.

Opportunities - circumstances that allow execution of fraud possible such as when a person is
generally trusted, internal control is perceived to be easily overridden, or the individual
knows about deficiencies in internal control.

Conclusion and Reporting Relating to Fraud

The auditor shall obtain written representations from management.

Communication of Misstatements from Fraud or Error

Communication with management is made even if the matter might be considered

inconsequential.

Communication with TCWG, due to the nature and sensitivity of fraud involving senior
management, or fraud that results in a material misstatement in the F/S, the auditor reports such
matters on a timely basis and may consider it necessary to also report such matters in writing.

Communications with Regulatory and Enforcement Authorities, the auditor's professional

duty to maintain the confidentiality of client information may preclude reporting fraud to a
party outside.

Withdrawing from Engagement Because Of Fraud

Exceptional circumstances that may arise that may bring into question the auditor's ability to
continue performing the audit include:

a. The entity takes no appropriate action about fraud, even if not material to F/S;
b. The ROMM due to fraud and the results of audit tests indicate a significant risk of
material and pervasive fraud; or
c. Significant concern about the competence or integrity of management or TCWG.

NOCLAR
Laws and regulations applicable to the entity constitute the legal and regulatory framework in
which it operates.

Non-compliance - refers to acts of omission or commission, intentional or unintentional,

committed by the entity, or by TCWG, by management or by other individuals working for or
under the direction of the entity, which are contrary to the prevailing laws or regulations.

Effect of Laws and Regulations

Effect on F/S Direct Indirect

Result of Amounts and Not reported in F/S; instead, primarily operational in

Compliance disclosures are nature. However non- compliance may result in fines,
reported on F/S litigation or other consequences for the entity that
may have a material effect on the F/S.

Examples Tax laws, pension Labor laws, environmental protection laws, health
laws (RA 7641) laws, operating license, regulatory solvency
requirements

Responsibility for Compliance with Laws and Regulations

The responsibility for the compliance, including prevention and detection of non- compliance
thereof, with laws and regulations rests with management and TCWG.

The management, with oversight of TCWG, must institute actions aimed to address risks of non-
compliance with laws and regulations.

Auditor's Consideration of Laws and Regulations

The auditor's considerations of laws and regulations are:

a. Direct effect-obtain sufficient appropriate audit evidence regarding compliance;

b. Indirect effect-limited to undertaking specified audit procedures to help identify non-
compliance; and
c. To respond appropriately to instances of NOCLAR
Difficulty in Detecting Non-compliance and Dependence on Legal Judgment

During the audit, the auditor shall remain alert to the possibility that other audit procedures
applied may bring instances of NOCLAR to auditor's attention. However, non-detection of
material misstatements with non-compliance with laws and regulation are greater, because:

• Operational in nature and not captured in F/S;

• Concealed (e.g. collusion, forgery); and
• Matter of legal determination by a court of law.

As a result, generally, the further removed NOCLAR is from the F/S, the the auditor is to become
aware of it or to recognize the non-compliance.

Chapter 13: Considering Work Of Other Practitioners

Initial Audit Engagements Opening Balances

F/S are usually presented in comparative format. As shown above, an initial audit engagement is
an engagement in which either:

a. The F/S for the prior period were not audited; or

b. The F/S for the prior period were audited by a predecessor auditor.

Opening balances - account balances that exist at the beginning of the period, based upon the
closing balances of the prior period, including disclosure that existed at the beginning of the
period, such as contingencies and commitments.

In an initial audit, the successor auditor expresses an opinion that pertains only to the current
period F/S. However, the auditor should consider prior period balances because they can affect
current period F/S.

Audit Procedures

If audit evidence indicates that the opening balances contain misstatements that could materially
affect the current period's F/S, additional procedures should be performed.

Auditor's Opinion

The auditor's opinion depends on the results of initial audit performed relating to (1) opening
balances, (2) consistency of accounting policies, and (3) modification to the predecessor auditor's
opinion.

Summary of Auditor’s Opinions:

 Result Opinion

Opening Balances  

No material misstatements and with Unmodified

sufficient appropriate audit evidence

No sufficient appropriate audit evidence Qualified or disclaimer; or

Qualified or disclaimed for results of operations

and cash flows, while unmodified for financial
position.

Contain material misstatements Qualified or adverse

Consistency of Accounting Policies  

Consistently applied Unmodified

Not consistently applied Qualified or adverse

Modification to the Opinion in the  

Predecessor Auditor's Report

Modification not relevant and material to Unmodified

current period's F/S

Modification relevant and material to Modified

current period's F/S

 
THE ENTITY'S USE OF A SERVICE ORGANIZATION

The user auditor's considerations, when the entity uses the services of a service organization, are:

a. To obtain an understanding of the nature and significance of the services provided by the
service organization and their effect on the user entity's internal control relevant to the
audit, sufficient to identify and assess the ROMM; and

b. To design and perform audit procedures responsive to those risks.

User auditor-  an auditor who audits the F/S of a user entity.

User entity - an entity that uses a service organization and whose F/S are being audited.

Service organization - third-party org. that provides services to user entities that are part of those
entities' information systems relevant to financial reporting.

Service auditor - an auditor who, at the request of the service organization, provides an
assurance report on the controls of a service organization.

Service auditor's reports are:

a. Type 1 report - Report on the description and design of controls at a service organization.
This type of report is appropriate for RAP purposes.

b. Type 2 report - Report on the description, design, and operating effectiveness of controls
at a service organization. This type of report is appropriate for TOC and RAP purposes.

Before relying on a type 1 or type 2 report, the user auditor shall be satisfied as to:

a. The service auditor's professional competence and independence; and

b. The adequacy of standards under which the report was issued.

Auditing the Entity's Use of a Service Organization

l Risk Assessment

• Understand the services relevant to audit.

• Understand D&I of relevant controls.
• Identify and assess ROMM.
• If the user auditor is unable to obtain such understanding from the user entity, the user
auditor shall perform one or more of the following procedures:
a. Obtain a type 1 or type 2 report, if available;
 b. Contact the service organization, through the user entity, to obtain information,
c. Visit the service organization and perform necessary procedures; or
d. Using another auditor to perform necessary procedures.

Risk Response

Determine where to obtain evidence

a. Determine whether sufficient appropriate audit evidence concerning the relevant F/S
assertions is available from records held at the user entity; and, if not,

b. Perform FAP to obtain sufficient appropriate audit evidence or use another auditor to
perform those procedures at the service organization on the user auditor's behalf

Perform TOC, if necessary.

The user auditor shall perform one or more of the following procedures:

a. Obtain a type 2 report, if available;

b. Perform appropriate TOC at the service organization; or

c. Use another auditor to perform TOC at the service organization on user auditor's behalf.

Make inquiries about significant items.

       User auditor shall inquire of management of user entity whether the service organization has
reported to user entity, or whether the user entity is otherwise aware of, any fraud, NOCLAR
or uncorrected misstatements affecting the F/S of user entity.

Conclusion and Reporting

 No reference to work of a service auditor unless auditor's report has been modified
 If reference is relevant to an understanding of a modification of the user auditor's
opinion, the user auditor's report should indicate such reference does not diminish the
auditor's responsibility.

USING THE WORK OF INTERNAL AUDITORS

Certain works of internal auditors that could address ROMM- assists the external auditor.
However, before the external auditors uses the work of internal auditors, certain
considerations must be performed to evaluate both the internal auditors and their work.
Determining Likely Adequacy of Work of Internal Auditor

The external auditor shall evaluate: (OTDE)

a. The objectivity of the internal audit function (e.g., the reporting of internal audit
results directly to BOD's audit committee);
b. The technical competence of the internal auditors (such as education, experience,
professional certification, etc.);
c. Whether the work of the internal auditors is likely to be carried out with due
professional care (e.g., adequate planning, supervision and documentation); and
d. Whether there is likely to be effective communication between the internal
auditors and the external auditor.

Determining Effect of Reliance on the Work of Internal Auditor

The external auditor shall consider: NAD

a. The nature and scope of work of internal auditors;

b. The assessed ROMM at the assertion level; and
c. The degree of subjectivity involved.

Using the Work of Internal Auditors and Documentation

If the external auditor uses specific work of the internal auditors, the external auditor shall
include in the documentation the conclusions reached regarding the evaluation of the adequacy of
the work of the internal auditors, and the audit procedures performed by the external auditor on
that work.

Reporting

The external auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the external auditor's use of the work of the internal auditors.
Consequently, no reference would be made in the external auditor's report to the work of the
internal auditors.

Using The Work Of An Auditor's Expert

Expert (or specialist) - a person or firm possessing special skill, knowledge, and experience in a
particular field other than accounting and auditing.

An expert may be engaged by the entity or by the auditor, employed by the entity or by the
auditor. PSA 620 classifies experts into the following two categories:
 a. Auditor's expert - An expert whose work is used by the auditor to assist the
auditor in obtaining sufficient appropriate audit evidence. An auditor's expert
may be either an auditor's internal expert or an auditor's external expert.
b. Management's expert - An expert whose work is used by the entity to assist the
entity in preparing the F/S

Determining Nature, Timing, and Extent of Procedures

The auditor shall consider: (NRSKE)

a. The nature of the matter;

b. The ROMM;
c. The significance of expert's work;
d. The auditor's knowledge and experience with work of the expert; and
e. Whether that expert is subject to auditor's quality control.

Determining Competence, Capability, and Objectivity of Auditor's Expert

Determining competence and capability includes professional evaluating education, experience,

sufficiency of personnel and systems, and reputation in the field in which the auditor is
seeking audit evidence.

Auditor's Report

The auditor's report should not refer to the work of an expert. Such a reference might be
misunderstood to be a modification of the auditor's opinion or a division of responsibility. The
auditor maintains sole responsibility for the audit opinion expressed.

If the auditor issues a modified auditor's report as a result of the expert's involvement, it may be
appropriate to refer to the work of the expert to explain the modification, including the expert's
identity and extent of expert's involvement.

The auditor needs to obtain expert's permission before making such a reference. If permission is
refused and the auditor believes a reference is necessary, the auditor may need to seek legal
advice.

Chapter 13: Considering Work of Other Practitioners

Initial Audit Engagements Opening Balances

F/S are usually presented in comparative format. As shown above, an initial audit engagement is
an engagement in which either:

a. The F/S for the prior period were not audited; or

 b. The F/S for the prior period were audited by a predecessor auditor.

Opening balances - account balances that exist at the beginning of the period, based upon the
closing balances of the prior period, including disclosure that existed at the beginning of the
period, such as contingencies and commitments.

In an initial audit, the successor auditor expresses an opinion that pertains only to the current
period F/S. However, the auditor should consider prior period balances because they can affect
current period F/S.

Audit Procedures

If audit evidence indicates that the opening balances contain misstatements that could materially
affect the current period's F/S, additional procedures should be performed.

Auditor's Opinion

The auditor's opinion depends on the results of initial audit performed relating to (1) opening
balances, (2) consistency of accounting policies, and (3) modification to the predecessor auditor's
opinion.

Summary of Auditor’s Opinions:

Result Opinion

Opening Balances  

No material misstatements and with Unmodified

sufficient appropriate audit evidence

No sufficient appropriate audit evidence Qualified or disclaimer; or

Qualified or disclaimed for results of operations

and cash flows, while unmodified for financial
position.

Contain material misstatements Qualified or adverse

 Consistency of Accounting Policies  

Consistently applied Unmodified

Not consistently applied Qualified or adverse

Modification to the Opinion in the  

Predecessor Auditor's Report

Modification not relevant and material to Unmodified

current period's F/S

Modification relevant and material to Modified

current period's F/S

THE ENTITY'S USE OF A SERVICE ORGANIZATION

The user auditor's considerations, when the entity uses the services of a service organization, are:

a. To obtain an understanding of the nature and significance of the services provided by the
service organization and their effect on the user entity's internal control relevant to the
audit, sufficient to identify and assess the ROMM; and

b. To design and perform audit procedures responsive to those risks.

User auditor-  an auditor who audits the F/S of a user entity.

User entity - an entity that uses a service organization and whose F/S are being audited.

Service organization - third-party org. that provides services to user entities that are part of those
entities' information systems relevant to financial reporting.

Service auditor - an auditor who, at the request of the service organization, provides an
assurance report on the controls of a service organization.
Service auditor's reports are:

a. Type 1 report - Report on the description and design of controls at a service organization.
This type of report is appropriate for RAP purposes.

b. Type 2 report - Report on the description, design, and operating effectiveness of controls
at a service organization. This type of report is appropriate for TOC and RAP purposes.

Before relying on a type 1 or type 2 report, the user auditor shall be satisfied as to:

a. The service auditor's professional competence and independence; and

b. The adequacy of standards under which the report was issued.

Auditing the Entity's Use of a Service Organization

Risk Assessment

 Understand the services relevant to audit.

 Understand D&I of relevant controls.
 Identify and assess ROMM.
 If the user auditor is unable to obtain such understanding from the user entity, the user
auditor shall perform one or more of the following procedures:
a. Obtain a type 1 or type 2 report, if available;
b. Contact the service organization, through the user entity, to obtain information,
c. Visit the service organization and perform necessary procedures; or
d. Using another auditor to perform necessary procedures.

Risk Response

Determine where to obtain evidence.

a. Determine whether sufficient appropriate audit evidence concerning the relevant F/S
assertions is available from records held at the user entity; and, if not,
b. Perform FAP to obtain sufficient appropriate audit evidence or use another auditor to
perform those procedures at the service organization on the user auditor's behalf

Perform TOC, if necessary.

The user auditor shall perform one or more of the following procedures:

a. Obtain a type 2 report, if available;

b. Perform appropriate TOC at the service organization; or
c. Use another auditor to perform TOC at the service organization on user auditor's behalf.
 Make inquiries about significant items

User auditor shall inquire of management of user entity whether the service organization has
reported to user entity, or whether the user entity is otherwise aware of, any fraud, NOCLAR
or uncorrected misstatements affecting the F/S of user entity.

Conclusion and Reporting

 No reference to work of a service auditor unless auditor's report has been modified
 If reference is relevant to an understanding of a modification of the user auditor's opinion,
the user auditor's report should indicate such reference does not diminish the auditor's
responsibility.

Using The Work Of Internal Auditors

Certain works of internal auditors that could address ROMM- assists the external auditor.
However, before the external auditors uses the work of internal auditors, certain considerations
must be performed to evaluate both the internal auditors and their work.

Determining Likely Adequacy of Work of Internal Auditor

l The external auditor shall evaluate: (OTDE)

a. The objectivity of the internal audit function (e.g., the reporting of internal audit results
directly to BOD's audit committee);

b. The technical competence of the internal auditors (such as education, experience,

professional certification, etc.);

c. Whether the work of the internal auditors is likely to be carried out with due professional
care (e.g., adequate planning, supervision and documentation); and

d. Whether there is likely to be effective communication between the internal auditors and
the external auditor.

Determining Effect of Reliance on the Work of Internal Auditor

l The external auditor shall consider: NAD

a. The nature and scope of work of internal auditors;

b. The assessed ROMM at the assertion level; and

c. The degree of subjectivity involved.

Using the Work of Internal Auditors and Documentation

l If the external auditor uses specific work of the internal auditors, the external auditor shall
include in the documentation the conclusions reached regarding the evaluation of the
adequacy of the work of the internal auditors, and the audit procedures performed by the
external auditor on that work.

Reporting

l The external auditor has sole responsibility for the audit opinion expressed, and that
responsibility is not reduced by the external auditor's use of the work of the internal auditors.
Consequently, no reference would be made in the external auditor's report to the work of the
internal auditors.

 USING THE WORK OF AN AUDITOR'S EXPERT

Expert (or specialist) - a person or firm possessing special skill, knowledge, and experience in a
particular field other than accounting and auditing.

An expert may be engaged by the entity or by the auditor, employed by the entity or by the
auditor. PSA 620 classifies experts into the following two categories:

a. Auditor's expert - An expert whose work is used by the auditor to assist the auditor in
obtaining sufficient appropriate audit evidence. An auditor's expert may be either an
auditor's internal expert or an auditor's external expert.

b. Management's expert - An expert whose work is used by the entity to assist the entity in
preparing the F/S

Determining Nature, Timing, and Extent of Procedures

l The auditor shall consider: (NRSKE)

a. The nature of the matter;

b. The ROMM;

c. The significance of expert's work;

d. The auditor's knowledge and experience with work of the expert; and

e. Whether that expert is subject to auditor's quality control.

Determining Competence, Capability, and Objectivity of Auditor's Expert

Determining competence and capability includes professional evaluating education, experience,
sufficiency of personnel and systems, and reputation in the field in which the auditor is seeking
audit evidence.

Auditor's Report

The auditor's report should not refer to the work of an expert. Such a reference might be
misunderstood to be a modification of the auditor's opinion or a division of responsibility. The
auditor maintains sole responsibility for the audit opinion expressed.

If the auditor issues a modified auditor's report as a result of the expert's involvement, it may be
appropriate to refer to the work of the expert to explain the modification, including the expert's
identity and extent of expert's involvement.

The auditor needs to obtain expert's permission before making such a reference. If permission is
refused and the auditor believes a reference is necessary, the auditor may need to seek legal
advice.

Audits of Group F/S Including Work of Component Auditors

Group f/s refer to f/s that include the financial information of more than one component. A
component is an entity or business activity for which group or component management prepares
financial information that should be included in the group f/s.

Group audit is the audit of group f/s. Component auditor is defined as an auditor, at the request of
the group auditor, performs work on financial information related to a component for the group
audit.

 Using the Work of Component Auditors

The group auditor shall obtain an understanding of:

• Whether the component auditor understands and will comply with relevant ethical
requirements and, in particular, is independent;
• The component auditor's professional competence;
• Whether the group engagement team will be involved in the work of the component
auditor; and
• Whether the component auditor operates in a regulatory environment that actively
oversees auditors. 

Perform Procedures on Component

The amount and nature of work required of the group auditor relating to component-depends
whether the component is a significant component; a significant component is a component (i)
that is of individual financial significance to the group, or (ii) that is likely to include significant
ROMM of the group F/S.

Perform Procedures on Consolidation Process

 The group auditor shall perform FAP on the consolidation process to respond to the assessed
ROMM of the group F/S arising from the consolidation process. This shall include evaluating
whether all components have been included in the group F/S. 

Communicate Group Audit Requirements to Component Auditor

The group auditor shall communicate its requirements to the component auditor on a timely basis.
This communication shall set out the work to be performed, the use to be made of that work, and
the form and content of the component auditor's communication with the group auditor. This
would include:

·   Confirmation that the component auditor will cooperate; Relevant ethical and independence
requirements;

·   Component materiality;

·   Identified significant ROMM of group F/S relevant to component auditor; and

·   A list of related parties prepared by group management, and the timely communication of
previously unidentified related parties. 

Report on Group F/S

The auditor's report on the group F/S shall not refer to a component auditor, unless required by
law or regulation. If such reference is made, the auditor's report should indicate that the reference
does not diminish the group auditor. 

Complete Audit Documentation

The group auditor shall document:

·   An analysis of components, indicating those significant, and the type of work on components;

·   The nature, timing, and extent of the group auditor's involvement in the work of component
auditors; and

·   Written communications between the group auditor and component auditors

CHAPTER 14: CONSIDERING EFFECT OF INFORMATION TECHNOLOGY 

Effect of Information Technology

The use of computers present both opportunities and risks on the entities and their auditors.
Computers make operations and financial reporting efficient and effective as well as auditing
them. However, entities face risks on the integrity, completeness and availability of financial or
operational data that, which under a risk-based approach, requires auditor’s considerations.
 The effect of IT in audit in:

a.  Risk assessment such as obtaining a sufficient understanding of the entity, including relevant
internal controls, and identifying and assessing ROMM

b.  Risk responses such as TOC and SP

IT Environment Characteristics

The unique characteristics of IT environment include:

a.  Lack of transaction trails

b.  Uniform processing of transactions

c.  Lack of segregation of functions

d.  Potential for errors and irregularities

e.  Initiation or execution of transactions

f.   Dependence of other controls over a computer processing

g.  Potential for increased management supervision

h.  Potential for the use of computer assisted audit techniques

Data Processing Methods

The two basic data processing methods are:

1.  Batch processing – transactions are collected over a certain period of time and submitted to the
computer as a single batch.

2.  Real time processing – the master file is updated upon entry of the transactions. This processing
is useful in IT systems that need latest information.

IT Controls

IT controls are general controls and application controls. The effectiveness of application controls
is often dependent on the effectiveness of general controls.

General IT Controls

Are policies and procedures that relate to many applications and support the effective functioning of
application controls by helping ensure to continued proper operation of information systems.
 General controls include controls over:

1.  IT standards and policies

2.  Data center and network operations

3.  Software acquisition or development, change, and maintenance

4.  Access both physical (hardware) and logical (data and programs)

5.  Monitoring of IT operations

IT Department Organizational Structure

1.  Systems analyst

2.  Programmer (also called software engineer)

3.  Database administrator

4.  Network technician

5.  Webmaster

6.  Computer operator

7.  Data entry operator

8.  Data control group

9.  Librarian

10.   Help desk 

Application IT Controls

1. Apply to the processing of individual applications and are (1) manual or (2) automated
procedures that typically operate at a business process level.
2. It relates to initiation, recording, processing and reporting transactions such as checking
the arithmetical accuracy of records and maintaining and reviewing accounts and trial
balancesand are traditionally classified as:
 Input controls – ensure that data to be processed are properly authorized,
complete, and accurate.
 Process controls – built in controls that ensure data are properly processed.
 Output controls – ensure that processed data are complete and accurate.

Risk Response

CAATs are applications of auditing procedures using computer as an audit tool.

 Advantages

1. More extensive testing enhancing efficiency and effectiveness

2. Less costly in the long run
3. Able to test actual system and applications rather than printouts
4. Reduce risk human error

Disadvantages

1. Costly initial investment, including training cost

2. May not be compatible to certain clients
3. May corrupt client’s system

Performing Substantive Procedures (SP)

Audit software refers to computer programs used in planning and performing the audit, such as
SP. Audit software may be:

a.  Generalized audit software – is used to read, scan, extract, sort, summarize, export, and compare
data from a client’s systems for further testing such as performing calculations on data,
facilitating audit sampling and producing documents and reports.

b.  Customized audit software – refers to programs are written specifically for specific tasks that
cannot be performed in a generalized audit software.

Performing Test of Controls (TOC)

Black-box Approach

a. also known as “auditing around the computer”

b. the auditor manually processes a sample of transactions and compares the results with the
computer outputs
c. its main advantage is its ease of application and does not require a very high level of IT
expertise
d. however, auditor is oblivious of the processes and controls included in the computer program

White-box Approach

a. also known as “auditing through the computer”

b. the auditor evaluates not only the inputs and outputs of the computer system but also its
internal processing
c. this approach can be accomplished using:
o Test Data – involves entering a set of auditor-developed dummy transactions into a
client’s computer system to test operating effectiveness of controls embedded in the
computer program.
o Integrated Test Facility – similar to test data. However, ITF tests actual operation of a
computer program by introducing a dummy unit into a client’s computer system
together with the client’s actual data during the normal processing cycle.
 c.      Parallel Simulation – the auditor reprocesses actual client data using auditor’s
program and compares the results with those of the client. 

Chapter 15. Considering Certain Specific Financial Statement Items

LO1. Reasonableness of accounting estimates

Accounting Estimates

Accounting estimate means an approximation of a monetary amount in the absence of a precise

means of measurement. This term is also used for an amount measured at fair value where there
is estimation uncertainty.

Many items in F/S have to be estimated due to uncertainties inherent in business. Such estimates
range from simple calculations (e.g, net realizable value of inventory and depreciation of
property, plant, and equipment) to complex ones (e.g., calculating fair value of complex
derivative instruments and actuarial valuation of retirement benefits). Hence, accounting estimate
inherently present higher ROMM that could even be considered significant risks.

Responsibility for Accounting Estimates

Management is responsible for making accounting estimates that are reasonable when preparing
and presenting F/S.

The auditor should obtain sufficient appropriate evidence about whether:

a. accounting estimates in F/S are reasonable, and

b. related disclosures in F/S are adequate.

Summary of Auditing Accounting Estimates

1. Risk Assessment Procedures

 Obtain understanding to identify and assess ROMM.

 Review of actual outcome of estimates prepared in previous period.
 Evaluate degree of estimation uncertainty and significant risks.

2. Risk Response

 Perform appropriate responses

 Use work of an auditor's expert
 Perform additional procedures for significant risks relating to accounting
estimates
 Evaluate possible management bias.

3. Conclusion And Reporting

  Obtain written representations about reasonableness of estimates and
management's intent and ability to carry out specific actions.
 Evaluate audit evidence and misstatement for reasonableness of accounting
estimates results.
 Document finding and results.

LO2. Adequate disclosure of related party information.

PAS 24, Related Parties, establishes specific disclosure requirements for related-party
relationships, transactions, and balances. This enables the users of F/S to understand the nature
and effects on the F/S of related parties. Without such disclosures, F/S would potentially be
misleading. Therefore, as related parties are independent of each other, there are often higher
ROMM in related party transactions.

LO3. Appropriateness of going concern assumption.

Going Concern

FS are prepared on a going concern basis, unless management either intends to liquidate the
entity or to cease operations, or has no realistic alternative but to do so. When an entity is no
longer a going concern, its F/S are affected pervasively. That is, its assets and liabilities are
reported at realizable value and settlement.

Amounts, respectively, and are usually no longer classified as current and non- rent. Hence, the
auditor shall determine the appropriateness of going concern assumption. 

Responsibility for Assessment of the Entity's Ability to Continue as a Going Concern

PAS 1, Presentation of Financial Statements, requires management to assess an entity's ability to

continue as a going concern. In performing this assessment, management is required to take into
account all available information about the future, which is at least, but is not limited to, 12
months from the date of F/S.

When management concludes that there are material uncertainties that may cast significant doubt
on an entity's ability to continue as a going concern, the entity is quired to disclose in the F/S
those uncertainties. A material uncertainty exists when the magnitude of its potential impact is
such that, in the auditor's judgement, clear disclosure of the nature and implications of the
uncertainty is necessary for the presentation of the F/S not to be misleading.

LO4. Existence and condition of inventory, completeness of litigation and claims, and
presentation and disclosure of operating segment information. 

Auditor's Objective and Management's Responsibility

The auditor's objective is to obtain sufficient appropriate evidence regarding the

a. Existence and condition of inventory;

b. Completeness of litigation and claims involving the entity, and

Presentation and disclosure of operating segment information. In all the three items above,
management is responsible for identifying evaluating, and ensuring their proper accounting and
disclosures

Chapter 16. Completing the Audit and Considering Post-Audit Responsibilities

LO1. Perform concluding analytical procedures.

Concluding Analytical Procedures

The auditor is required to apply analytical procedures in the audit finalization stage to:

Identify previously unrecognized ROMM; Evaluate conclusions drawn during the audit; and
assist in arriving at the overall conclusion as to the reasonableness of F/S.

In other words, concluding (final or overall) analytical procedures confirm the auditor's
knowledge of F/S based on understanding of the entity and audit evidence obtained.

Concluding analytical procedures often use the same measures and ratios used in RAP.

If new risks or unexpected relationships between data are identified, the auditor may need to re-
evaluate the original procedures.

LO2. Audit subsequent events, including discovery of omitted procedures

Subsequent Events, Including Discovery Of Omitted Procedures

F/S may be affected by certain events that occur after the end of an entity's reporting period. The
auditor should obtain reasonable assurance that F/S are free from material misstatement that may
arise from such events.

Subsequent events refer to those events occurring between the date of F/S and the date of
auditor's report, and facts that become known to the auditor after the date of auditor's report.

 The two types of subsequent events are:

a) Adjusting events (Type 1) are those that provide evidence of conditions that existed at the date
of F/S. b) Non-adjusting events (Type 2) are those that provide evidence of conditions that arose
after the date of F/5.

Responsibility for Subsequent Events

Management is responsible under PAS 10, Events After the Reporting Period, to adjust the
entity's F/S for events after the reporting period, including the related disclosures thereof, up to
the date when the F/S were authorized for issue.

Auditor's Objectives in Auditing Subsequent Events

The objectives of the auditor are:

a. To obtain SAAE about whether events occurring between the date of F/S and the date of
auditor's report that require adjustment of, or disclosure in, the F/5 are appropriately reflected;
and

b. To respond appropriately to facts that become known to the auditor after the date of the
auditor's report, that, had they been known to the auditor at that date, may have caused the auditor
to amend the auditor's report.

Dating of the New Auditor's Report

The auditor shall date the new auditor's report-as a result of auditing facts after he date of original
report or subsequent discovery of omitted procedures either. Single dating-Date of subsequent
event. Dual dating Dates of original auditor's report and of the event.

LO3. Discuss the auditor's considerations in obtaining written representations.

Written Representations

An audit, management's (and, where appropriate, TCWG's) verbal representations to auditor are
best documented in a written representation.

Written representation is a written statement by management provided to auditor to confirm

certain matters or support other audit evidence. Written representations in this context do not
include F/5, the assertions, or supporting books and records.

Written Representations as Audit Evidence

Written representations are an important source of audit evidence. However, written

representations are not to be used as a substitute for other audit procedures; or as the sole source
of evidence on significant audit matters.

If management modifies or does not provide the requested written representations, it may alert the
auditor that one or more significant issues may exist. Further, a request for written, rather than
oral, representations may prompt management to consider matters more rigorously thereby
enhancing the quality of evidence.

Source of Written Representations

The auditor shall request written representations from management with

(1) appropriate responsibilities for the F/S and (2) knowledge of the matters concerned, such as:

 Chief executive officer

 Chief financial officer
 Other equivalent persons (such as owner manager in small entity)
 TCWG, where appropriate.
Dates of Written Representations

The date of written representations shall be as near as practicable to, but not after, the date of the
auditor's report on the F/S to consider the effect of subsequent events. And because written
representations are necessary audit evidence, the auditor's report cannot be dated before the date
of written representations.

Periods Covered by Written Representations

The written representations cover all the F/S and periods referred to in the auditor's report
because management needs to reaffirm that the written representations it previously made with
respect to the prior periods remain appropriate. For example, the written representations cover
F/S for the years 2018 and 2017 if both are referred to in the auditor's report even if the CEO or
CFO have only been employed in 2018.

Chapter 17 - Forming The Auditor’s Opinion and Report Contents

Forming Opinion and Report- An Overview (Learning Objective 1)

The Financial Statements will be considered and evaluated if these are free from material
misstatements to see qualitative and quantitative factors of misstatements. Also, if the auditor has
obtained reasonable assurance whether SAAE is obtained from satisfactory performance of audit. 

Afterwards, the FS will be assessed if the required EQCR has been performed, if the
communications with TCWG, management and other parties have been made. Then, the auditor’s
opinion must be formed and the auditor’s report will be formulated. 

Determining SAAE (Learning Objective 2)

In concluding whether SAAE has been obtained, the auditor shall consider all relevant evidence,
whether it corroborates or contradicts the F/S assertions. The sufficiency and appropriateness of
audit evidence will primarily be based on the satisfactory performance of audit procedures that
address the assessed ROMM. Ultimately, what constitutes SAAE is a matter of professional
judgement.

In practice, auditors often use Summary Audit Memorandum (SAM) to aid in evaluating
sufficiency and appropriateness of audit evidence as well as the materiality of identified
misstatements.

Evaluating Materiality Of Misstatements (Learning Objective 3)

Misstatements can arise from error or fraud; it is a difference between: (1) the amount,
classification, presentation, or disclosure of a reported F/S item; and (2) the amount,
classification, presentation, or disclosure that is required for the item. The next exhibit outlines
the steps in evaluating misstatements.

Steps in Evaluating Misstatements Identify type of misstatement

Step 1. Identify Type of Misstatement

Step 2. Understand and respond to misstatements
Step 3. Accumulate misstatements
Step 4. Evaluate effect of uncorrected misstatements
Step 5. Communicate with Management and TCWG

Performing Engagement Quality Control Review (EQRC) Learning objective 4

The main purpose of EQCR is to ensure audit quality-i.e., compliant with professional standards
and other requirements-so that the report is appropriate to avoid auditor's liability for negligence.

EQCR is a process that provides an objective evaluation, on or before the date of report, of the
significant judgments the engagement team made and the conclusions it reached in formulating
the report.

The EQC reviewer is a partner, other person in the firm, suitably qualified external person, or a
team made up of such individuals, none of whom is part of the engagement team, with sufficient
and appropriate experience and authority to objectively evaluate the significant judgments the
engagement team made and the conclusions it reached in formulating the report.

Examples of significant matters that may be discussed during the EQCR include:

·         Client acceptance and continuance decisions.

·         Conclusions regarding independence.  

·         Entity's business and financial reporting issues and risks.

·         Materiality, misstatements, and control deficiencies.

·         Management written representations.

·         Going concern assumption.

·         Subsequent events.

Communicating w/ TCWG, Management, and Other Parties (learning objective 5)

Significant Audit Findings

The auditor shall communicate in writing (if oral is not adequate) the following significant audit
findings:

1.       Qualitative aspects of accounting practices.

2.       Significant difficulties encountered.

3.       Matters regarding management, unless all of those TCWG are involved in management,
such as: a. Questions regarding management's competence and integrity;

b. Significant transactions with related parties; and

c. Illegal acts and fraud involving management.

4.       Expected modification to the auditor's report.

5.       Significant deficiencies in internal control (in writing).

6.       Audit adjustments and uncorrected misstatements.

7.       Agreed-upon matters documented in engagement letter.

Auditor Independence

In case of listed entities, the auditor shall communicate in writing with TCWG regarding auditor's
independence and safeguards against threats to independence.

The Auditor's Opinions (Learning Objective 6)

The auditor shall form an opinion on whether the F/S are prepared, in all material respects, in
accordance with the AFRF.

Pervasive effects on F/S are those that:

a. Are not confined to specific elements, accounts, or items of F/S (e.g., when multiple
items in F/S are involved);
b. If so confined, represent or could represent a substantial proportion of F/S (e.g., when
inventories represent 80% of the entity's total assets); or
c. In relation to disclosures, are fundamental to users' understanding of the F/S (e.g., when a
liquidating entity still presents F/S on a going concern basis).

If inability to obtain SAAE (i.e., audit scope limitation) is due to management- imposed
limitation and the effect is material and pervasive, the auditor has also an option to resign from
engagement, if appropriate.

The Auditor’s Reports (Learning Objective 7)

The auditor’s report, unmodified or modified, shall be in writing, hardcopy or electronic.

Report Circumstances

Unmodified 1.       Unmodified opinion and without EOM and OM

Modified 1.       Modified opinion

2.       With EOM and/or OM that do not necessarily modify opinion

Unmodified Auditor's Report (Learning Objective 8)

With the exception of Opinion and Basis for Opinion sections, PSA 700 does not establish
requirements for ordering the elements of auditor's report. However, it requires the use of specific
headings, which make auditor's reports more recognizable.

Elements of Unmodified Auditor's Report

1. Title

2. Addressee

3. Report on the Audit of the F/S-Omitted if no ORR

4. Auditor's Opinion

5. Basis for Opinion

6. Material Uncertainty Related to Going Concern-If applicable

7. Key Audit Matters (KAM) Required for listed entities, voluntary for other

8. Other Information If applicable

9. Responsibilities for F/S

10. Auditor's Responsibilities for the Audit of F/S

11. Other Reporting (ORR)-If applicable

12. Name of the Engagement Partner Required only for listed entities

13. Signature of Auditor

14. Auditor's Address

15. Date of Auditor's Report

MODIFIED AUDITOR'S REPORT-MODIFIED OPINION (Learning Objective 9)

The following sections of the report are modified if a modified opinion expressed:

1.       Auditor's opinion;

2.       Basis for opinion;

3.       Description of auditor's responsibilities, in case of disclaimer of opinion; and

4.       4. Omission of KAM and Ol, in case of disclaimer of opinion 

Auditor's Opinion

In case of modified opinion, the auditor shall use the heading "Qualified Opinion," "Adverse
Opinion," or "Disclaimer of Opinion," for the Opinion section with modified opinion wordings.
Basis for Opinion

The auditor shall, in addition to the specific elements of the unmodified report:

a. Amend the heading "Basis for Opinion" to "Basis for Qualified Opinion," "Basis for Adverse
Opinion," or "Basis for Disclaimer of Opinion,"; and

b. Within this section, describe the matter giving rise to the modification.

If there is a material misstatement (including disclosures), the auditor shall describe and quantify
its financial effects, unless impracticable. For example, effects on income tax, income before
taxes, net income and equity if inventory is overstated. If impracticable to quantify, the auditor
shall so state in this section. If the modification results from an inability to obtain SAAE, the
auditor shall include the reasons for that inability. When the auditor expresses a qualified or
adverse opinion, the auditor shall amend the statement about whether the audit evidence obtained
is sufficient and appropriate to provide a basis for the auditor's opinion to include the word
"qualified" or "adverse."

When the auditor disclaims an opinion, the auditor's report shall not include:

a. A reference to the section of the auditor's report where the auditor's responsibilities are
described; and

b. A statement about whether the audit evidence obtained is sufficient and appropriate to
provide a basis for the auditor's opinion.

Description of Auditor's Responsibilities for the Audit of F/S

When the auditor disclaims an opinion, the auditor shall amend the description of the auditor's
responsibilities required to include only the following:

a. A statement that the auditor's responsibility is to conduct-an-audit of the entity's F/S in

accordance with PSAs and to issue an auditor's report,
b. A statement that, however, because of the matter(s) described in the Basis for Disclaimer
of Opinion section, the auditor was not able to obtain SAAE to provide a basis for an
audit opinion on the F/S; and
c. The statement about auditor independence and other ethical responsibilities.

Modified Auditor's Report EOM And OM (Learning Objective 10)

In certain cases, the auditor may modify the auditor's report by drawing users' attention to certain
matters in the report by adding an EOM and/or OM, without necessarily modifying the opinion.

Emphasis of Matter (EOM)

In including an EOM, the auditor shall:

 a. Use an appropriate heading that includes the term "Emphasis of Matter";
b. Include in the paragraph a clear reference to the matter being emphasized and to
where relevant disclosures that fully describe the matter in the F/S.; and
c. Indicate that the opinion is not modified in respect of the matter emphasized.

The following is a list of PSAS containing requirements for EOM:

 PSA 210, Agreeing the of Audit Engagements - paragraph 19(b)

 PSA 560, Subsequent Events - paragraphs 12(b) and 16
 PSA 800, Special Considerations-Audits of Financial Statements Prepared in
Accordance with Special Purpose Frameworks - paragraph 14 

Other Matter (OM)

In including an OM, the auditor shall use the "Other Matter," or other appropriate heading.

The following is a list of PSAS containing requirements for Other Matter paragraphs:

·         PSA 560, Subsequent Events - paragraphs 12(b) and 16

·         PSA 710, Comparative Information-Corresponding Figures and Comparative Financial

Statements - paragraphs 13-14, 16-17 and 19

·         PSA 720, The Auditor's Responsibilities Relating to Other Information in Documents

Containing Audited Financial Statements - paragraph 10(a) 

Comparative Information (Learning Objective 11)

Comparative information pertains to the amounts and disclosures included in the financial
statements in respect of one or more prior periods in accordance with the AFRF. The two broad
approaches to comparative information are:

a. Corresponding figures - amounts and disclosures for prior period included ass an integral part
of current period F/S, and are intended to be read only in relation to "current period figures;" and

b. Comparative F/S - amounts and disclosures for prior period are included for comparison with
the F/S of the current period but, if audited, are referred to in the auditor's opinion. PAS 1,
Presentation of Financial Statements, requires this approach.

Chapter 18: Performing and Reporting On Specialized Audit Engagements

COMPARISON OF VARIOUS F/S AUDITS (Learning Objective 1)

F/S Related Audit Engagements Compared

  Audits of A Audits of A Audits of Single Engagements to

Complete Set Complete Set of F/S and Specific Report (Not to
 of General Special Purpose Elements, Elements, Audit) on
Purpose F/S F/S Accounts, or Summary F/S
Items of a F/S

Subject Matter A complete A complete set A single F/S or Summary of general

set of general of special specific item of a or special purpose
purpose F/S purpose F/S F/S that may be F/S
general or special
purpose

Financial General Special Purpose General purpose Certain applied

Reporting Purpose (e.g., or special purpose criteria used by
Framework PFRSs, PFRS (e.g., cash basis, management to
(FRF) for SMEs) regulatory FRF, prepare summary
contracts) F/S

Auditor’s Whether F/S Whether F/S are Whether F/S (or Whether Summary
Opinion present fairly prepared the specific F/S are consistent
financial with (or a fair
information) summary of) the
present fairly audited F/S

Emphasis of Only when Required in (1) General (1) General purpose-

Matter in the necessary order to alert purpose- only only when necessary
auditor’s users of when necessary or or (2) Special
report specialized (2) Special purpose - required
nature of F/S purpose - required

Report Not restricted May be (1) General (1) General purpose

restriction restricted purpose - not - not restricted or (2)
restricted or (2) Special purpose -
Special purpose - may be restricted
may be restricted

AUDITS OF A COMPLETE SET OF SPECIAL PURPOSE F/S (Learning Objective 2)

Special purpose F/S are F/S prepared in accordance with a special purpose framework designed to
meet the financial information needs of specific users. Special purpose framework refers a FRF
designed to meet the financial information needs of specific users. Examples of special purpose
frameworks are:
  A tax basis of accounting for a set of F/S that accompany an entity's tax return;
 The cash receipts and disbursements basis of accounting for cash flow information that
an entity may be requested to prepare for creditors;
 The reporting provisions by a regulator such as SEC, BSP or IC; or
 The reporting provisions of a contract, e.g., a bond indenture, or a project grant

Audits of Single FS and Specific Elements, Accounts or Items of a FS

It includes audits of the related disclosures. The auditor may or may not be the same auditor of a
complete set of FS. 

Engagements to Report on Summary FS

Summary FS refer to historical financial information that is derived from FS but that contains less
detail than the FS

Form of Opinion on Summary FS

a)       The accompanying summary FS are consistent, in all material respects, with the audited FS
in accordance with the applied criteria

b)      The accompanying summary FS are a fair summary of the audited FS

Date of Auditor’s Report on Summary FS

The auditor shall date the auditor’s report on summary FS no earlier than:

a.       The date on which the auditor has obtained sufficient appropriate evidence on which to
base the opinion

b.       The date of auditor’s report on audited FS

Restriction on Distribution or Use or Alerting Readers to Basis of Accounting

When distribution or use of auditor’s report on audited FS is restricted, or the auditor’s report on
audited FS alerts readers that the audited FS are prepared in accordance with a special purpose
framework, the auditor shall include a similar restriction or alert in the auditor’s report on the
summary FS.

CHAPTER 19- PERFORMING REVIEW ENGAGEMENTS

INTRODUCTION

The typical reasons for review engagements are:

a.       To comply with requirements of a bank loan or a government grant

b.       To confirm a need for partners to invest additional capital

c.       To provide users with some assurance in cases that a FS audit is not required

d.       To obtain limited assurance with regard to not significant components in a group FS audit

Primary benefit- less costly than an audit

Conduct of Review Engagement

Phase 1: Perform preliminary engagement activities- practitioner determines the  

acceptability of a review engagement and agree the terms of the engagement with the client.

Phase 2: Plan the engagement- practitioner determines materiality, obtains understanding of

the client, and designs review procedures.

Phase 3: Perform the planned procedures- practitioner shall perform the following planned
procedures to obtain sufficient appropriate evidence:

a.       Make inquiries of management and other within the entity involved in financial and
accounting matters based on practitioner’s understanding and follow-up questions on responses
received.

b.       Apply analytical procedures

c.       The practitioner shall also perform additional procedures to either confirm or dispel any
matter which the practitioner becomes aware that may cause FS material misstatement.

Phase 4- Form conclusion and report content- practitioner shall perform:

·         Evaluate identified misstatements.

·         Evaluate the sufficiency and appropriateness of evidence.

·         Communicate findings with management and TCWG.

·         Form a conclusion and report content.

Modified Conclusions

Nature of Matter Effects on the FS

   Material but not Material and Pervasive
Pervasive

FS materially misstated Qualified Conclusion Adverse Conclusion

Inability to obtain evidence (scope Qualified Conclusion Disclaimer of

limitation) Conclusion

The Practitioner’s Report- Unmodified

PSRE 2400 PSRE 2410

1.       Title 1.       Title
2.       Addressee 2.       Addressee
3.       Introductory Paragraph 3.       Introductory Paragraph
4. Description of Management’s Responsibility 4.       Scope of Review
5.       Engagement Conclusion 5.       Conclusion
6.       Other Reporting Responsibilities 6.       Signature
7.       Signature 7.       Date
8.       Date 8.       Address
9.       Address

The Practitioner’s Report- Modified

PSRE 2400 PSRE 2410

 1.       Title 1.       Title
2.       Addressee 2.       Addressee
3.       Introductory Paragraph 3.       Introductory Paragraph
4.       Description of Management’s 4.       Scope of Review
Responsibility 5.       Basis for modified
5.       Description of Practitioner’s conclusion
Responsibility 6.       Modified Conclusion
6.       Basis for modified conclusion 7.       Emphasis of Matter
7.       Modified Conclusion 8.       Other Matter
8.       Emphasis of Matter 9.       Signature
9.       Other Matter 10.   Date
10.   Other Reporting Responsibilities 11.   Address
11.   Signature
12.   Date
13.   Address

-END-