Definition of Assurance Engagement Types of Audits

An assurance engagement is an engagement in which a practitioner expresses a

1. Financial Statement Audit - to determine whether an entity’s financial statements are
conclusion designed to enhance the degree of confidence of the intended users other than the
fairly presented in accordance with established criteria
responsible party about the outcome of the evaluation or measurement of a subject matter against
criteria.
2. Compliance Audit - determine whether the organization has adhered to specific
Assurance Engagement Non-Assurance Related Service procedures, rules, or regulations.
 Audit of FS  Agreed Upon Procedures  Reviews
3. Operational Audit - involves the evaluation of an organization or an element thereof for
 Assurance on the  Preparation of tax  Agreed-Upon
efficiency and/or effectiveness
balloting of contests returns where no Procedures
 Reporting on compliance conclusion conveying  Compilations Types of Auditors
with laws, rules and assurance is expressed
 Consulting/advisory 1. External auditors – the ones who generally perform financial statement audits.
regulations
 engagements, such as
management & tax 2. Internal auditors - assist the members of the organization in the effective discharge of
consulting their responsibilities

3. Government auditors - determine whether persons or entities comply with

government laws & regulations. They usually conduct compliance audits.
NOTE: REVIEW provides LESS assurance than AUDIT.
Types of Assurance Engagements  Characteristic of Financial Statement Auditing
1. Assertion-Based Engagements ( attestation engagements )  systematic process
 performed by the responsible party  evidence gathered about assertions
 assertion by the responsible party that’s made available to intended users  conducted objectively
2. Direct Reporting Engagement  ascertain degree of correspondence
 The practitioner either directly performs the evaluation or measurement  communicate the audit results to intended users
 assertion by the responsible party are NOT made available to intended users
 Subject matter information is provided to the intended users in the assurance Subject Matter vs. Subject Matter Info
report
Subject Matter – ngaa ga audit ka? (e.g. to check the level of security of websites, to
3. Reasonable Assurance Engagement
check reliability of FS)
 reduction in assurance engagement risk to an acceptably low level as a basis
for expressing positive opinion Subject Matter Info – anu ang ga support sa imu objectives? (like anu gamiton mo para
4. Limited Assurance Engagement mabal an mo ang reliability?
 reduction in assurance engagement risk to an acceptably low level as a basis
for expressing negative opinion  e.g. internal report, balance sheet, income statement, cash flow and etc.

MANAGEMENT - It is the party responsible for maintaining internal controls in an organization

Principle Governing A Financial Statement Audit MODULE 2
 conduct an audit in accordance w/ Philippine Standards on Auditing (PSAs). Fraud – intentional misstatement of financial statements
 must comply with the Code of Ethics for CPAs promulgated by the Board of Accountancy
Error – unintentional misstatement of financial statements
(BOA).
 must plan & perform the audit with professional skepticism Two Types of Misstatements

Steps In The Audit Process 1. Misappropriation of assets – theft or misuse of an organization’s assets

1. Engagement acceptance 2. Fraudulent financial reporting – intentional manipulation to deceive users

2. audit planning,
3. internal control consideration, Responsibility for the Prevention and Detection of Fraud
4. substantive test performance  The primary responsibility rests with both those charged with governance of the entity and
5. Completing the Audit management
6. Issuing a Report

Responsibilities of the Auditor

 In an assurance engagement, it's possible that the level of assurance provided may be at
a high or at a moderate level, depending on the type of engagement  obtaining reasonable assurance
 In an assurance engagement, the responsible party is NOT always the one who engages  maintaining an attitude of professional skepticism throughout the audit
the practitioner.
NOTE
  In a direct reporting engagement, it's possible that the party who performs the
evaluation or measurement of the subject matter is other than the practitioner.  the risk of not detected material misstatement is HIGHER than the risk of not
 When senior mgt. requests a practitioner to assess the reliability of information provided detecting an error
by a company department, both senior mgt. & the co. department are deemed users and  the risk of auditor not detecting a material misstatement resulting from a
not responsible parties. only the senior mngmt . co-department is a responsible party management fraud is GREATER than for employee fraud.
 An engagement involving agreed-upon procedures is an example of an assurance related
service. NON-ASSURANCE FRAUD RISK FACTORS - are events or conditions that indicate an incentive or pressure
 The financial statement audit is designed to provide absolute assurance that financial to commit fraud or provide an opportunity to commit fraud.
statements are free from material misstatement. REASONABLE
 In an auditing firm, seniors are responsible for overseeing day-to-day activities on a
specific audit.
 When an SEC examiner reviews company practices to verify observance of SEC
regulations, he is performing a compliance audit.
 The use of testing in a financial statement audit implies that the possibility of an
erroneous conclusion by the auditor always exists.
 The attitude of professional skepticism impels the auditor to be determined in finding out
errors in the financial statements. QUESTIONING MIND


 An auditor conducting an audit in accordance with PSAs is responsible for obtaining
reasonable assurance that the financial statements taken individually and separately are
free from material misstatement. AS A WHOLE
  The auditor shall obtain oral representations from management that it has disclosed to the
auditor the results of its assessment of the risk that the financial statements may be
materially misstated as a result of fraud. WRITTEN
  The auditor shall make inquiries of those charged with governance to determine whether
they have knowledge of any actual, suspected or alleged fraud affecting the entity.
COMMUNICATION to Management and with those Charged with Governance
 In some cases, the auditor may consider it appropriate to communicate with those charged
with governance when the auditor becomes aware of fraud involving employees other than
management that does not result in a material misstatement.
 communication with those charged with governance may be made orally or in writing.
 When the auditor has obtained evidence that fraud exists or may exist, it is important that
the matter be brought to the attention of the appropriate level of management only if the
matter is considered consequential. AS SOON AS PRACTICABLE and even if the
matter is INCONSEQUENTIAL
MODULE 3
Planned Scope and Timing of the Audit
 Communicate those charged with governance to understand better the consequences of
the auditor’s work
Independence
 In the case of listed entities, the auditor shall communicate with those charged with
governance a statement that the engagement team has complied with relevant ethical
requirements regarding independence
Matters to be Communicated
 The auditor shall communicate with those charged with governance the responsibilities of
the auditor in relation to the financial statement audit, including
 The audit of the financial statements does not relieve management or those
charged with governance of their responsibilities
 The auditor is responsible for forming and expressing an opinion on the
financial statements that have been prepared by management with the
oversight of those charged with governance
 THOSE CHARGED WITH GOVERNANCE - person with responsibility for overseeing the
strategic direction of the entity and obligations related to the accountability of the entity
 MANAGEMENT - refers to the person(s) with executive responsibility for the conduct
of the entity’s operations.
 When the auditor communicates with a subgroup of those charged with governance, for
example, an audit committee, or an individual, the auditor shall determine whether the auditor
also needs to communicate with the governing body
 In cases where those Charged with Governance are Involved in Managing the Entity, if matters
required by this PSA are communicated with person(s) with management responsibilities, and
those person(s) also have governance responsibilities, the matters need not be communicated
again with those same person(s) in their governance role.
 the difference between a control deficiency and a significant control deficiency lies in the
deficiency’s degree of importance, ie, whether or not it merits the attention of those charged
with governance.
 In communicating control deficiencies to those charged with governance, the auditor explain
the purpose of the audit conducted
 A well-controlled organization has an appropriate structure and clearly defined lines of
responsibility and authority where everyone in the organization has equal responsibility for the
effective operation of internal control. SOME
 A deficiency in design of internal controls exists when an existing control is not properly
designed so that, even if the control operates as designed, the control objective would not be
met.
 Corporate policies designed to attract, train, and evaluate competent employees are
considered to be control activities in the COSO framework for internal controls. CONTROL
ENVIRONMENT
 In addition to controls being specific, they may be broad, such as policies regarding a code of
ethics.
 Controls to monitor results of operations are considered to be transaction controls. ENTITY
WIDE CONTROLS

 An organization's control environment is established and maintained by the internal auditing

department. MANAGEMENT