3/21/23

AUDIT
AUDIT An audit is a systematic process of
objectively obtaining and evaluating
evidence regarding assertions about
economic actions and events to ascertain the
degree of correspondence between these
assertions and established criteria and
communicating the results thereof.
(AmericaN Accounting Association)

1 2

1 2

Audit process
Pre-engagement procedures

3 4

3 4

5 6

5 6

1
 3/21/23

ENGAGEMENT LETTER
Engagement letter sets forth: - OMS-FFR

1. o bjective of the audit of financial statements

• which is to express an opinion on them
2. m anagement’s responsibility for the fair presentation of the financial statements
3. s cope of the audit
4. f orms or any reports or other communication that the auditor expects to issue
5. f act that there is an unavoidable risk that material misstatements may remain undiscovered

• because of the limitations of the audit

6. r esponsibility of the client to allow the auditor to have unrestricted access to whatever
records, information, or documentation requested in connection with the audit
•

• Engagement letter may also include: - BEAR

1. b illing arrangements
2. e xpectations of receiving management letter

3. a rrangements concerning the involvement of others (experts, other auditors, internal

auditors)

7 4. r equest for the client to confirm the terms of the engagement 8

7 8

Recurring audit
• auditor does not normally send new audit engagement
letter every year
The following factors may cause the auditor to send a new engagement
letter: - LIARS
1. legal requirements and other government agencies’ pronouncements
2. indication that the client misunderstands the objective and scope of the
audit
3. any revised or special terms of the engagement
4. recent change of senior management, BODs, or of ownership
5. significant change in the nature or size of the client’s business

• If the auditor decides not to send a new engagement letter:

• it may be appropriate for the auditor to remind the client of the original
9 10
arrangements

9 10

Definition
AUDIT PLANNING “Planning” means developing a general strategy
and a detailed approach for the expected nature,
timing and extent of the audit. The auditor plans to
perform the audit in an efficient and timely manner.
Related PSAs: PSA 300, 310, 320, 520 and 570

11 12

11 12

2
 3/21/23

Importance of Planning Planning activities

• Planning helps ensure that appropriate attention 1. The auditor shall establish an overall audit
is devoted to important areas of the audit strategy. The overall audit strategy sets the
• It helps identify potential problems scope, timing and direction of the audit, and
• It allows the work to be completed expeditiously guides the development of the more detailed
• It assists in the proper assignment and audit plan.
coordination of work
• It helps ensure that the audit is conducted
effectively and efficiently

13 14

13 14

Planning activities EXTENT OF PLANNING

2. Theauditor shall develop an audit plan that include a The extent of planning will vary according to
description of:
the following:
a. The nature timing and extent of planned risk
assessment procedures, as determined under PSA 315 1) Size of the entity;
b. The nature, timing, and extent of planned further 2) Complexity of the audit; and
procedures at the assertion level as determined under 3) Auditor’s experience with the entity and
PSA 330
knowledge of the business.
c. Other planned audit procedures that are required to be
carried out so that the engagement complies with PSAs

15 16

15 16

AUDIT PLANNING
ASPECTS TO BE CONSIDERED IN THE AUDIT
1. Knowledge of business
PLAN
Ø General economic factors and industry conditions
• Knowledge of business (Slides 3-7)
affecting the entity’s business.
Ø Important characteristics of the entity, its business, its
• Evaluating the internal control structure (Slide 8) financial performance and its reporting requirements
• Risk and materiality (Slide 9) including changes since the date of the prior audit.
• Nature, timing and extent of procedures (Slide 10) Ø The general level of competence of management.
• Coordination, direction, supervision and review (Slide 10)

17 18

17 18

3
 3/21/23

AUDIT PLANNING AUDIT PLANNING

3. Risk and materiality
2. Evaluating the internal control structure
– The expected assessments of inherent and control risks and
– the accounting policies adopted by the entity and changes in the identification of key audit areas
those policies
– the effect of new accounting or auditing pronouncements § Inherent risks- risk associated with the clients
operations as well as the risk attached to the recording
– the auditor's cumulative knowledge of the internal control of transactions in various subsystems
structure
– the relative emphasis expected to be placed on tests of control § Control risk -risk that internal controls are ineffective in
(compliance testing) and substantive procedures (tests of preventing irregularities
transactions and balances) – The setting of materiality levels.

Materiality refers to the significance of a misstatement in the

financial statements. If materiality is increased a more rigorous
audit will be conducted

– The identification of complex transactions

19 20

19 20

ESTABLISHING
ESTABLISHING MATERIALITY MATERIALITY AND
AND ASSESSING RISK ASSESSING RISK
• Auditor should make a preliminary estimate of materiality for use during • Uses of Materiality
the examination
• Materiality may be viewed as:
– Largest amount of misstatement that the auditor could tolerate in the PLANNING STAGE
COMPLETION PHASE
FS -To determine the scope
-To evaluate the effects
– Smallest aggregate amount that could misstate the FS of audit procedures
of misstatements on the
• IMPORTANCE of preliminary estimate of materiality Step 1: Determine the
• Helps in determining the amount of evidence that needs to be FS
Overall Materiality
accumulated Step 3: Compare the
Step 2: Determine the
aggregate amount of
Tolerable Misstatement
uncorrected
misstatements with the
overall materiality

21 22

ESTABLISHING
ESTABLISHING MATERIALITY MATERIALITY AND
AND ASSESSING RISK ASSESSING RISK
• OVERALL MATERIALITY Tolerable
Account Misstatement
– Amount of misstatement that could be material to the FS Cash Php 4,000
taken as a whole Accounts receivable 20,000
• PLANNING MATERIALITY Inventory 36,000

– Allocating overall materiality to the FS account balances Preliminary judgment

– To determine the audit procedures that will be applied to about materiality Php50,000
specific accounts
– The allocated amount is known as TOLERABLE
MISSTATEMENT An allocation is necessary because evidence is accumulated by
segments rather than the financial statements taken as a whole. The
allocation to account balances is known as the tolerable misstatement.

23 24

4
 3/21/23

AUDIT PLANNING
• PERFORMANCE MATERIALITY 4. Nature, timing and extent of procedures
• Set to reduce to an appropriately low level the probability that
• possible change of emphasis on specific audit areas
the aggregate uncorrected and undetected misstatements in
the FS exceeds materiality for the FS as a whole • the effect of information technology on the audit
Performance materiality vs. tolerable misstatements: • the work of internal auditing and its reliability.
• Performance materiality is determined in order to address
the risk that the aggregate of individually immaterial 5. Coordination, direction, supervision and review
misstatements may cause the financial statements to be
materially misstated and provide a margin for possible – the involvement of other auditors in the audit of subsidiaries,
undetected misstatements. Tolerable misstatement is the branches and divisions
application of performance materiality to a particular – the involvement of experts –
sampling procedure. Tolerable misstatement may be the – Valuations
same amount or an amount lower than performance – Superannuation or foreign exchange calculations
– Interpretation of technical requirements e.g. legislation or legal
materiality (for example, when the sample population is documents
lower than the account balance) – the number of locations
– Allocation of resources - staffing requirements, use of experts26

25 26

Set Desired Determine

INTERNAL Level of
Audit Risk
Assess
Inherent Risk
Assess
Control Risk
Acceptable
Level of
Detection Risk

CONTROL
Audit Planning CONSIDERATION Performing
OF INTERNAL Substantive Test
CONTROL

27 28

Components Of Internal Control

CONTROL ENVIRONMENT
According to PSA 315 (CRIME)

• The control environment The control environment includes the

attitudes, awareness, and actions of
• Risk assessment process management and those charged with
governance concerning the entity’s internal
• Information and communication systems control and its importance in the entity.
• Control activities
• Monitoring of controls

29 30

5
 3/21/23

RISK ASSESSMENT
Elements of Control Environment
PROCESS

• Integrity and Ethical Values An entity’s risk assessment process is its

• Management Philosophy and Operating process for identifying and responding
Style to business risks and the results thereof
• Active Participation of those charged with
governance
• Commitment to competence
• Personnel Policies and Procedures

31 32

Risk Assessment Process INFORMATION AND COMMUNICATION

SYSTEM
• Changes in operating environment
• New personnel
An information system consists of
• New or revamped information systems
infrastructure (physical and hardware
• Rapid growth
• New technology components), software, people,
• New business models, products, or activities procedures, and data.
• Corporate restructurings
• Expanded foreign operations
• New accounting pronouncements

33 34

Information System Communication System

The information system relevant to
financial reporting objectives, which
includes the financial reporting system, Communication involves providing an
consists of the procedures and records understanding of individual roles and
established to initiate, record, process, responsibilities pertaining to internal control
and report entity transactions (as well over financial reporting.
as events and conditions) and to
maintain accountability for the related
assets, liabilities, and equity.

35 36

6
 3/21/23

What are the control

CONTROL ACTIVITIES
procedures?
PIPS
Control activities are the policies and • Performance reviews
procedures that help ensure that • Information processing
management directives are carried out.
• Physical controls
• Segregation of duties

37 38

Performance Reviews Information Processing

• reviews and analysis of actual • perform to check accuracy, completeness
performance vs. budgets, forecasts and and authorization of transactions.
prior period analyses
• when computer processing is used in
significant accounting transactions,
• analysis of the relationships and
internal control procedures can be
investigative and corrective actions classified into two:
• General Control
• Application Control

39 40

Physical Controls Segregation of Duties

• physical security of assets • CARE

• authorization for access to computer – Custodianship of Assets
programs – Authorization of transactions
• periodic counting and comparison with – Record of transactions
amounts shown on control records – Execution of transaction

41 42

7
 3/21/23

MONITORING

Management’s monitoring of controls CONSIDERATION

includes considering whether they are
operating as intended and that they are
OF INTERNAL
modified as appropriate for changes in CONTROL
conditions.

43 44

INHERENT LIMITATIONS OF INTERNAL INHERENT LIMITATIONS OF INTERNAL

CONTROLS CONTROLS

1. Management’s usual requirement that the 4. The possibility of circumvention of internal controls
cost of an internal control does not exceed the through the collusion of a member of management or
expected benefits to be derived. an employee with parties outside or inside the entity.
2. Most internal controls tend to be directed at 5. The possibility that a person responsible for
routine transactions rather than non-routine exercising an internal control could abuse that
transactions. responsibility, for example, a member of
3. The potential for human error due to management overriding an internal control.
carelessness, distraction, mistakes of 6. The possibility that procedures may become
judgment and the misunderstanding of inadequate due to changes in conditions, and
instructions. compliance with procedures may deteriorate.

45 46

CONSIDERATION OF INTERNAL
CONTROL
UNDERSTANDING INTERNAL
CONTROL
Obtaining an understanding of internal
1. Obtain and document understanding of control involves :
accounting and internal control system
2. Plan the assessed level of control risk qevaluating the design of a control; and
3. Performance of tests of controls qdetermining whether it has been
4. Document assessed level of control risk implemented

47 48

8
 3/21/23

Understanding internal control Understanding internal control

• the size and complexity of the entity and of
• identify the types of potential material its computer system
misstatements that could occur in the • materiality considerations
financial statements • the type of internal controls involved
• consider factors that affect the risk of • the nature of the entity’s documentation of
material misstatements; and specific internal controls
• design appropriate audit procedures • the auditor’s assessment of inherent risk
(nature, timing, extent)
• experience gained from prior audits

49 50

Procedures in obtaining
Documentation
understanding
A commonly used form of documentation
includes:
1. Make inquiries of appropriate company
personnel
2. Inspect documents and records 1. narrative descriptions
3. Observe the company’s activities and 2. flowcharts and diagrams
operations 3. internal control questionnaires (ICQ)
4. Walk-through 4. checklists

51 52

PRELIMINARY ASSESSMENT OF CONTROL PRELIMINARY ASSESSMENT OF CONTROL

RISK RISK

The preliminary assessment of control risk After obtaining an understanding of the

is the process of evaluating the accounting and internal control systems,
effectiveness of an entity’s accounting and the auditor should make a preliminary
internal control systems in preventing or assessment of control risk, at the assertion
detecting and correcting material level, for each material account balance or
misstatements. class of transactions.

53 54

9
 3/21/23

PRELIMINARY ASSESSMENT OF CONTROL PRELIMINARY ASSESSMENT OF CONTROL

RISK RISK

The auditor ordinarily assesses control The preliminary assessment of control

risk at a high level for some or all risk for a financial statement assertion
assertions when: should be high unless the auditor:
qthe entity’s accounting and internal control q is able to identify internal controls relevant to
systems are not effective; or the assertion which are likely to prevent or
qevaluating the effectiveness of the entity’s detect and correct a material misstatement;
accounting and internal control systems would and
not be efficient. q plans to perform tests of control to support
the assessment.

55 56

PERFORMING TEST OF
CONTROLS Why do we need to perform test of controls?

Tests of control are performed to obtain audit

evidence about the effectiveness of the: According to PSA 400, the auditor should
obtain audit evidence through test of
a. design of the accounting and internal
control systems
controls to support any assessment of
control risk at less than high level.
b. operation of the internal controls
throughout the period.

57 58

NATURE OF TEST OF
CONTROLS

1. Inspection
Greater reliance requires more
extensive test of controls. 2. Inquiry
3. Observation
4. Re performance
5. Walk-through

59 60

10
 3/21/23

Inquiry Inspection

Searching appropriate information Involves examination of documents and

about the effectiveness of internal control records to provide evidence of reliability
from knowledgeable persons inside and depending on their nature and source
outside the entity. and the effectiveness of internal control
over their processing.

61 62

Observation Re performance

Looking at the process being performed by

the others. Involves repeating the activity performed
by the client to determine whether proper
results were obtained.

63 64

DOCUMENTATION

After evaluating the results of tests of

control and assessing the control risk the
auditor should document his assessment
of control risk Audit Evidence

AUDIT EVIDENCE

65 66

11
 3/21/23

Audit Procedures for

• Further Audit Procedures include:
Obtaining Audit Evidence
• Risk assessment procedures – procedures to
– Tests of controls
obtain an understanding of the entity and its - audit procedures designed to evaluate the operating
environment, including its internal control, in effectiveness of relevant controls in preventing, or
order to identify and assess the risks of material detecting and correcting material misstatements at the
misstatement assertion level.
Ø Risk assessment procedures include:
a) Inquiry of management and other personnel
– Substantive procedures
b) Analytical procedures (as a planning tool)
c) Observation and inspection - audit procedures designed to detect
• Further audit procedures – The auditor shall design and material misstatements at the assertion level.
perform audit procedures whose nature, timing, and extent are
based on and are responsive to the assessed RMM at the
assertion level.

67 68

Types of substantive Audit procedures according

procedures to types
Ø Inspection – consists of examining records
• Test of details- examining or obtaining
or documents (whether internal or external, in
audit evidence on the actual details of
account balance, class of transactions, paper form, or other media), or a physical
and disclosure examination of an asset
– Test of details of transactions Ø Observation – consists of viewing/looking at
– Tests of details of balances a process or procedure being performed by
• Substantive analytical procedures – these others
are analytical procedures performed during Ø External confirmation – represents audit
testing phase to substantiate predictable evidence obtained by the auditor as a direct
relationships among both financial and written response to the auditor from a third
non-financial data
party (the confirming g party) in paper form,
or by electronic or other medium

69 70

Audit procedures according

Requirements of Audit Evidence
to types
Ø Recalculation (computation) – consists of checking the mathematical
• The auditor shall design and perform audit
accuracy (manually or electronically) of documents or records
Ø Re-performance – involves the auditor’s independent execution of procedures that are appropriate in the
procedures or controls that were originally performed (by the client’s circumstances for the purpose of obtaining
staff) as part of the entity’s internal control
Ø Analytical procedures – consist of evaluations of financial audit evidence that is:
information made by a study of plausible relationships among both – Sufficient
financial and non-financial data
Ø Inquiry – consists of seeking information of knowledgeable persons, – Appropriate.
both financial and non-financial, within the entity or outside the entity.

71 72

12
 3/21/23

What constitute Audit

Evidence Nature of evidence
1. Accounting records (Underlying data) – accounting
records/data prepared by the client’s personnel and
Accounting from which financial statements are prepared
Records – Records of initial accounting entries
– Supporting records, such as checks and records of
electronic fund transfers, invoices and contracts
– General and subsidiary ledgers
– Journal entries and other adjustments to the financial
statements that are not reflected in formal journal entries
Corroborating – Records such as worksheets and spreadsheets supporting
Evidence cost allocations, computations, reconciliation and
disclosures

73 74

Nature of evidence Types of audit evidence

q Physical evidence – obtained by physical examination of
2. Corroborating evidence – corroborating assets (such as count of stock certificates in support of
information that are used by the auditor to stock investment account or observation of client’s
verify the fairness of the accounting records. processes or procedures)
§ Documents (such as checks, bank statements, contracts and minutes
q Mathematical re-computations – auditor’s re-computation
of meetings) of the accuracy of client’s computations such as
§ Information/evidence from other sources such as: depreciation, amortization, doubtful accounts, etc.
§ Previous audits q Documentation – examination of the supporting documents
§ Quality control procedures for client acceptance and continuance of recorded transactions and balances appearing in the
§ Confirmations from third parties financial statements
§ Industry analysts’ reports q Representation by third parties (or confirmation) – a
§ Comparable data about competitors ( benchmarking) document originating from independent outside party and
sent directly to the auditor

75 76

Audit Evidence sufficiency

Øthe measure of the quantity or amount of
Audit
Evidence audit evidence that the auditor shall
accumulate
ØSufficiency is determined based on the auditor’s
professional judgment.
Sufficient Appropriate
ØAudit evidence is sufficient if there is enough of it to
afford a reasonable basis for an audit opinion on the
financial statements.
Quantity Relevance Reliability

77 78

13
 3/21/23

Factors affecting sufficiency

appropriateness
of audit evidence
• Auditor’s assessment of the risks of misstatement – the higher the
assessed risks, the more audit evidence is likely to be required • measures the quality of audit evidence, that is,
For example, as risk of material misstatement increases in its relevance and its reliability in providing
Accounts Receivable, audit evidence required also increases.
• Quality or competence of audit evidence – the higher the quality, the support for the conclusions on which the
less may be required. Obtaining more audit evidence, however, may
not compensate for its poor quality. auditor's opinion is based
• Materiality of item being examined – more material amounts, more
evidence to support its validity üRelevance - deals with the logical connection
• Experience gained during previous audit may indicate the amount of with, or bearing upon, the purpose of audit
evidence taken before and whether such evidence was enough
• Type of information available procedures and the assertion under
consideration
üReliability- objectivity of evidence

79 80

Categories of Assertions Categories of Assertions

Classes of Presentation and Classes of Account Balances Presentation and

Transactions and Account Balances Disclosure Transactions and Disclosure
Events Events (COCAC) (ERoVAC) (COCA)
• Occurrence • Existence • Occurrence and • Occurrence • Existence • Occurrence and
• Completeness • Rights and Rights and • Completeness • Rights and Rights and
• Accuracy Obligations Obligations • Accuracy Obligations Obligations
• Cutoff • Completeness • Completeness • Cutoff • Completeness • Completeness
• Classification • Valuation and • Classification • Classification • Valuation and • Classification
allocation and allocation and
understandability understandability
• Accuracy and • Accuracy and
valuation valuation

81 82

Reliability of Certain Types of Hierarchy of Evidential

Audit Evidence Matter (as to competence)
RELIABILITY TYPE EXAMPLE 1. An auditor’s direct personal knowledge obtained through
High Physical Inventory Observation physical observation and his own mathematical
computations (most competent)
Documentary 2. Documentary evidence obtained directly from independent
External Cutoff Bank Statement external sources (external)
External/Internal Purchase Invoice 3. Documentary evidence has originated outside the client’s
Internal Sales Invoice data processing system but which has been received and
processed by the client (external-internal)
Low Client Representations Management Representation 4. Internal evidence consisting of documents that are
Letter produced, circulated and finally stored within the client’s
information system (low competence)
5. Verbal and written representations given by the client’s
officers, directors, owners and employees (least competent)

83 84

14
 3/21/23

Inconsistency in, or Doubts over

Reliability of, Audit Evidence Persuasive Evidence
• If: • Audit evidence is persuasive if it is sufficient
– audit evidence obtained from one source is both in quantity and quality to support audit
inconsistent with that obtained from another; or
opinion. Thus, sufficiency and appropriateness
– the auditor has doubts over the reliability of
information to be used as audit evidence, of audit evidence are the determinants of
• the auditor shall determine what persuasiveness of audit evidence. The auditor
modifications or additions to audit procedures may need to rely on audit evidence that is
are necessary to resolve the matter, and shall persuasive rather than conclusive. However, to
consider the effect of the matter, if any, on obtain reasonable assurance, the auditor must not
other aspects of the audit.
be satisfied with audit evidence that is less
than persuasive.

85 86

Cost-benefit considerations
• The auditor should consider the relationship
between the cost of obtaining audit evidence and
the usefulness of the information obtained.
The valid bases for omitting an audit
test/procedure for which there is no alternative are:
q Relative risk (or inherent risk) involved
q Relationship between the cost of obtaining audit evidence and
the usefulness of the information obtained
q Degree of reliance on the relevant internal controls (or
Assessment of control risk at a low level)

87

15