Professional Documents
Culture Documents
PICPA Audit Guide
PICPA Audit Guide
The Philippine Institute of Certified Public Accountants (PICPA) is committed to supporting its
members engaged in public practice by providing them with guidelines to help them perform their
professional engagements in accordance with auditing standards.
In this context, PICPA developed this Guide for small and medium-sized practitioners (SMPs) for
their use as reference in conducting high quality and cost-effective audits. This Guide was developed using
the current Philippine Standards on Auditing (PSAs); the Philippine Standards on Quality Control 1; the
IFAC’s Guide to Using ISAs in the Audits of Small-and Medium-Sized Entities, Volumes 1 and 2; the IFAC’s
Guide to Quality Control for Small-and Medium-Sized Practices; and sample work programs and audit
documentation formats adopted from the practices of established audit practitioners.
This Guide provides guidance on applying PSAs and is not a substitute for reading the PSAs. These
are only audit guidelines intended to help the SMPs in their audit practice contributing to their skills
development and for building sustainable capacity for audits. Practitioners should solely be responsible
for their own continuing professional development in studying and applying the prescribed auditing
standards in the PSAs for application and use in their professional practice.
In utilizing this Guide, the practitioner is expected to apply professional judgment and consider
the facts and circumstances that could be unique to a particular audit. PICPA disclaims any responsibility
or liability that may occur, directly or indirectly, as a consequence of the use and application of this Guide.
The Guide does not address all aspects of the PSAs and should not be used for the purpose of determining
or demonstrating compliance with the PSAs.
This Guide is currently undergoing review and evaluation by the PICPA Technical Working Group,
VQAR Committee and the Auditing and Assurance Standards Council (AASC), which will issue authoritative
guidance for its usage considering current developments on professional standards and best practices of
SMPs.
This Guide may be downloaded for individual non-commercial use from the PICPA website:
www.picpa.com.ph.
Table of Contents
Sec. 100 – Introduction 100-1 - 100-9
Organization of the Guide
Overview of the PICPA Audit Methodology
Pre-engagement Procedures
Audit Planning
Study and Evaluation of Client’s Internal Control System
Perform Audit Tests
Substantive Tests
Completing the Audit Engagement
Issuance of the Audit Report
Post-audit Responsibilities
Audit Risk Management
List of Exhibits
100.2 The PICPA Audit Guide (the “Guide”) was developed using the Philippine Standards on
Auditing (“PSAs”) which is the benchmark in conducting financial statement audits; the
Philippine Standards on Quality Control 1, which deals with the practitioner’s
responsibilities for its system of quality control for audits of financial statements; and
the IFAC’s Guide to Using ISAs in the Audits of Small-and Medium-Sized Entities Volumes
1 and 2 (the “IFAC Guides”). Relevant PSAs and the specific paragraph numbers (e.g.,
PSA 300.4) are quoted in bold letters enclosed in a box.
100.3 The Guide defines the standards and procedures to be used as guidelines in the audits
of financial statements of small and medium-sized entities. The Guide would provide
the audit team with a tool to consistently provide quality service to clients.
100.4 In certain instances, it may be necessary to deviate from the standards set in this Guide.
In such instances, the judgment of the engagement partner and the team has to be used
with the end in mind of providing better set of procedures in performing the audit
service.
100.5 The Sections of the Guide contain excerpts from the PSAs which are used as the policy
statement on the subject matter being covered and, from IFAC Guide as illustration of
the practical application of the statements.
100.6 The sample work programs, audit documentation formats and illustrative reports
presented as exhibits for each section are for illustration purposes only. They were
adopted from related PSAs, illustrations from “IFAC Guides” and patterned from the
practices of well-established audit practitioners and, are intended only as reference for
the users of this Guide. As such, they shall be modified depending on the specific
conditions and situations of the auditor.
Overview of the PICPA Audit Methodology
100.7 The Audit Process described in this Guide is divided into seven phases, as follows:
▪ Pre-engagement Procedures
▪ Audit Planning
▪ Study and Evaluation of Client’s Internal Control System
▪ Substantive Tests
▪ Completing the Audit Engagement
Introduction 100 - 1
▪ Issuance of the Audit Report
▪ Post-audit responsibilities
100.8 The seven-phase audit process defines, in chronological order, the major activities being
done for each audit of the financial statements. This means that major activities in each
phase have to be performed before the next phase could be started. Also, output from
the activities previously done becomes the input to the next phase activities.
100.9 Note, however, that there are certain activities in each phase which may be performed
not necessarily sequentially depending on the circumstances. Also, there are certain
audit administration and management activities which are performed throughout the
audit engagement.
Pre-engagement Procedures
100.10 Before a new client or a recurring engagement is accepted, appropriate information is
gathered and evaluated as a basis for deciding whether to accept a new client or retain
an existing client. Auditors shall avoid associating with clients whose management lacks
integrity and with questionable reputation in evaluating a prospective client or in
deciding to continue servicing an existing client.
The engagement partner should be satisfied that appropriate procedures regarding the
acceptance and continuance of client relationships and specific audit engagements have
been followed and that conclusions reached in this regard are appropriate and have been
documented.
The engagement partner shall initiate the decision-making process for acceptance or
continuance regarding the audit engagement. Regardless of whether the engagement
partner initiated that process, the partner determines whether the most recent decision
of accepting an existing client remains appropriate.
The engagement partner shall determine who to accept or retain as a client. A poor
decision can lead to unbillable time, unpaid fees, additional stress on members of the
engagement team, loss of reputation, or – worst of all – potential lawsuits. Philippine
Standard on Quality Control (PSQC 1) and Philippine Standard on Auditing (PSA) 220
require firms and individual practitioners to develop, implement, and document their
quality control procedures in regard to client acceptance and retention policies.
Audit Planning
PSA 300.4
The objective of the auditor is to plan the audit so that it will be performed in an effective
manner.
Introduction 100 - 2
100.11 Planning an audit involves establishing the overall audit strategy for the engagement and
developing an audit plan. Adequate planning benefits the audit of financial statements in
several ways, including the following:
▪ Helping the auditor to devote appropriate attention to important areas of the audit.
▪ Helping the auditor identify and resolve potential problems on a timely basis.
▪ Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.
▪ Assisting in the selection of engagement team members with appropriate levels of
capabilities and competence to respond to anticipated risks, and the proper
assignment of work to them.
▪ Facilitating the direction and supervision of engagement team members and the
review of their work.
▪ Assisting, where applicable, in coordination of work done by auditors of components
and experts.
The nature and extent of planning activities will vary according to the size and complexity
of the audit client, the key engagement team members’ previous experience with the
audit client, and changes in circumstances that occur during the audit engagement.
Audit planning involves obtaining an understanding of the client and its environment,
determining the need for experts, establishing materiality and audit risk, assessing the
possibility of non-compliance, identifying related parties, performing preliminary
analytical procedures, and the development of the overall audit strategy, the detailed
audit plan, and preliminary audit programs.
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatements,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity’s internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
100.12 The auditor shall obtain an understanding of the client’s internal control structure. There
are five steps in the study and evaluation of client’s internal controls:
1. Obtain and document an understanding of client’s internal control system.
2. Make a preliminary assessment of control risk.
3. Determine the auditor’s response to the risk assessment.
4. Reassess control risk.
5. Determine the nature, extent and timing of substantive tests.
Introduction 100 - 3
The output of consideration of client’s internal controls would be finalized versions of
the audit strategy, audit plan and audit programs previously developed during audit
planning.
On a recurring engagement, the auditor should focus on aspects of the control structure
that have been added, changed or assumed increased importance since the previous
audit.
100.13 This phase describes the auditor’s approach in understanding and evaluating the client’s
internal control structure as they relate to accounting processes. The purposes of the
evaluation are:
▪ identify where errors and irregularities could occur
▪ determine whether there appears to be potential for reliance on internal controls
▪ design appropriate direct tests of transactions and balances.
100.14 The auditor should evaluate the control environment and obtain a general understanding
of the accounting processes. Based on evaluation and understanding, the auditor should
decide whether or not to rely on client’s internal controls.
100.15 When an auditor evaluates the accounting system to establish reliance on controls, the
auditor identifies and documents both key attributes that provide reasonable assurance
that the system design achieves control objectives, and system deficiencies that result in
objectives not being achieved. Significant internal control deficiencies are summarized
and reported to management on a timely basis.
100.16 The system evaluation allows us to capitalize on our understanding of the accounting
system and the related control procedures to design the most efficient and effective
combination of audit procedures responsive to the risk of material misstatement.
100.17 The evaluation of the client’s accounting system and the related internal control
structure must be performed with the end in view of determining its effect on the
nature, extent and timing of the direct test to be performed in auditing the accounts.
100.18 The auditor integrates and interprets the information gathered during the earlier stages
of the audit and designs an approach to audit each significant account or group of
accounts in the client’s financial statements, including the significant information in the
notes and any supplemental financial information.
100.19 The auditor designs an audit approach - a strategy by which the auditor intends to
achieve the overall audit objective of acquiring sufficient, competent and reliable
evidential matter to be able to express an opinion on the financial statements.
100.20 An approach plan is prepared whether reliance is to be placed (i.e., reliance approach)
on any or all of a client’s controls or whether satisfaction regarding the reliability of the
relevant data and judgments is to be sought (i.e., no-reliance approach) by more
extensive tests of transactions and account balances. The auditor considers the audit
Introduction 100 - 4
approach each year to determine whether the prior approach continues to be effective
and efficient.
Test of Controls
100.21 When the auditor intends to rely on a client’s controls (i.e., reliance approach) for one or
more audit objectives, the auditor satisfies himself/herself that those controls were in
use and functioning effectively as intended throughout the period of reliance. The
auditor shall test the effectiveness of those controls he/she intends to rely. The audit
procedures used to achieve this satisfaction are referred to as "tests of controls.”
100.22 The objectives in performing tests of controls is to have a basis in making a conclusion
that the preliminary assessment of control risk, being less than high is well supported;
and also, to assist the auditor in determining whether or not, for the period of reliance, it
is likely that the controls being tested:
▪ Operated effectively.
▪ Was applied throughout the period covered by the audit.
▪ Was performed on a timely basis.
▪ Covered all applicable transactions.
100.23 When the auditor tests controls, the auditor uses professional judgment to determine
the extent of testing. The auditor considers a number of factors in deciding the extent of
tests of controls, including: how frequent the control procedure is performed, the
degree to which the auditor intends to rely on the control as a basis for limiting the
substantive tests, the persuasiveness of the evidence produced by the control, and the
existence of a combination of controls that may reduce the level of assurance that might
be needed from any one of the controls.
100.24 If the tests of controls confirm that the client’s internal controls are operating effectively,
the nature, extent and timing of the substantive test procedures selected to test the
related account balances are those that were initially decided upon when the reliance
approach was planned. If the test results do not confirm the initial assessment of control
risk, we revise the risk assessment and the planned audit approach. For example, if the
tests of controls indicate that certain controls are not as effective as originally believed or
have not functioned as prescribed and compensating controls are not available or were
not effective, we revise our risk assessment, reduce or eliminate our intended reliance,
and design more extensive substantive test procedures to detect misstatements in the
related account balances.
100.25 Control exceptions are investigated to determine, to the extent practical, their causes
(e.g., whether they may be indicative of a pattern or similar exceptions), the monetary
Introduction 100 - 5
amounts involved, the financial statement accounts affected, and their potential effect
on other audit procedures.
100.26 If the auditor decided, based on the study and evaluation of the client’s internal control
structure, that control risk is assessed to be high and therefore there is a risk of
significant misstatement in the financial statements, and a no-reliance audit approach is
more appropriate, then the auditor performs a direct test of the account balance (i.e.,
direct substantive test procedures)
Substantive Tests
100.27 Substantive test procedures are audit procedures designed to obtain direct evidence as
to the completeness, accuracy, and validity of data and as to the reasonableness of the
estimates and other information contained in the financial statements. Substantive
procedures include inquiry, observation, inspection, confirmation, re-performance tests,
analyses of many types, and analytical reviews.
100.28 The nature, timing, and extent of substantive test procedures are responsive to the
auditor’s risk assessments for each of the relevant sources of information affecting a
significant account.
100.29 The auditor selects the substantive test procedures that, in the auditor’s judgment and
based on the auditor’s risk assessments, are required by the specific circumstances.
The above procedures require the exercise of considerable professional judgment and
thus are generally performed by the more senior members of the engagement team.
At this stage, the auditor communicates the updated list of findings to management
and, depending on the circumstances, to those charged with governance.
Introduction 100 - 6
PSA 265.5
The objective of the auditor is to communicate appropriately to those charged with
governance and management deficiencies in internal control that the auditor has identified
during the audit and that, in the auditor’s professional judgment, are of sufficient importance
to merit their respective attention
100.31 The auditor shall promptly communicate to management and to those charge with
governance, the following:
▪ The auditor’s views about significant qualitative aspects of the entity’s accounting
practices, including accounting policies, accounting estimates and financial statement
disclosures. When applicable, the auditor shall explain to those charged with
governance why the auditor considers a significant accounting practice, that is
acceptable under the applicable financial reporting framework, not appropriate to
the particular circumstances of the entity;
▪ Significant difficulties, if any, encountered during the audit;
▪ Material weaknesses, if any, in the design, implementation or operating effectiveness
of internal control that have come to the auditor’s attention and have been
communicated to management;
▪ Significant matters, if any, arising from the audit that were discussed, or subject to
correspondence with management.
100.32 In deciding to whom within the entity to report the auditor’s findings, consider the
circumstances. If there are irregularities, the auditor should consider the likelihood of
management involvement. In most cases, it is appropriate to report the matter to a level
in the client’s organization above that responsible for the persons we believe are
implicated. If the auditor doubts those persons ultimately responsible for the
preparation and presentation of the entity’s financial statements and, for the overall
direction of the entity, the auditor normally seeks legal advice to determine the
procedures to follow.
100.33 The auditor discusses audit differences with the client and encourages adjustment of the
financial statements for known errors and other misstatements, unless the auditor finds
them clearly insignificant. The auditor encourages the client to investigate probable
errors to determine the appropriate adjustment.
100.34 The auditor prepares a summary of unadjusted differences (ie., adjusting journal entries
passed on to the client) and evaluates the over-all impact of these adjustments. See
discussion on materiality paragraphs 300.49 to 300.59.
Introduction 100 - 7
Post-audit Responsibilities
100.36 This phase of the audit process involves assessing and evaluating the quality of delivery
of the auditor. An assessment is made regarding the audit team’s performance in the
current year to identify successes, areas where improvements are possible and
recommendations for the following year’s audit.
100.37 The engagement process begins with briefing, where members of the audit team are
appraised of the specific output of each phase; and ends on debriefing where members
of the audit team review the conduct of the audit to identify areas for improvement – all
for purposes of enhancing the quality of services to clients.
Introduction 100 - 8
Philippine Institute of Certified Public Accountants
Audit Methodology Framework
• Gather information about prospective client
• Perform client acceptance and continuance procedures
• Agree with the client on the terms of engagement
Pre-engagement
A • Brief engagement team members E
U N
D • Set the audit scope G
• Schedule timing and deadlines
I • Identify and assign audit team A
Audit Planning • Set audit time and cost budgets
T • Review and approve audit plan G
• Communicate audit plan
E
• Understand and evaluate:
R - Internal control structure
M
Study & - Accounting processes (routine, non-routine, accounting estimates)
I Evaluation of • Test of controls
E
Internal Control
S N
K T
• Design work programs
• Perform substantive test procedures
• Consider other audit procedures
M Substantive M
Testing
A A
N • Perform final analytical procedures N
• Summarize and evaluate audit differences and findings
A • Review audit documentation A
Completing the • Review subsequent events
G Audit G
E E
M • Discuss and agree with client on audit conclusions
M
•
E Issuance of the •
Review financial statement presentation and disclosures
Prepare audit report
E
Audit Report
N N
T T
• Perform engagement quality control review
• Assemble final audit files
Post-audit • Debrief engagement team members
Responsibilities
Introduction 100 - 9
200 Concepts and Principles
PSA 200.3
The purpose of an audit is to enhance the degree of confidence of intended users in the
financial statements. This is achieved by the expression of an opinion by the auditor on
whether the financial statements are prepared, in all material respects, in accordance with an
applicable financial reporting framework. In the case of most general purpose frameworks,
that opinion is on whether the financial statements are presented fairly, in all material
respects, in accordance with the framework. An audit conducted in accordance with PSAs and
relevant ethical requirements enables the auditor to form that opinion.
200.1 The auditor obtains sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the auditor’s audit opinion after performing the phases of
the audit process: pre-engagement procedures, audit planning, study and evaluation of
internal control, substantive testing, audit completion, issuance of the audit report, and
post-audit responsibilities.
200.2 This section provides a description of some audit concepts that the auditor uses
throughout the audit process to help the auditor plan and perform the audit in
accordance with PSAs.
Audit Risks
200.4 Audit risk is the possibility that the auditor expresses an inappropriate audit opinion
when the financial statements are materially misstated. The objective of the audit is to
reduce this audit risk to an acceptably low level.
Inherent risk
200.6 Inherent risk is the susceptibility of an assertion about a class of transaction, account
balance or disclosure to a misstatement that could be material, either individually or
when aggregated with other misstatements, because of absence of controls. Inherent
risk results from various external and internal factors, pressures and forces brought to
bear on the entity. Factors at the financial statement level include the integrity of
management; management experience and knowledge; and changes in management
during the period. It also includes factors at the account balance level, such as the
presence of financial statement accounts likely to be susceptible to misstatement.
Examples:
▪ The inexperience of new management may affect the preparation of the financial
statements of the entity.
▪ A company selling perishable goods has a higher risk of loss due to spoilage as
compared to a company selling construction materials.
▪ A sales clerk has to decide what price to charge for a product that is on sale.
Although clearly marked P500.00, the clerk is uncertain if the item is part of a 10
percent off sale. If the clerk grants the discount when the item is not really on sale, a
pricing error occurs. This is an example of inherent risk. [Auditing, Assurance and
Risk by W. Robert Knechel]
▪ A company with accounts which require adjustment in the prior period, or which
involve a high degree of estimation has considerable inherent risk.
Control risk
200.7 Control risk is the possibility that a misstatement that could occur in an assertion about
a class of transaction, account balance or disclosure and that could be material, either
individually or when aggregated with other misstatements, will not be prevented, or
detected and corrected, on a timely basis by the entity’s internal control.
Examples:
▪ Controls may be circumvented by collusion involving managerial level and employee
level personnel.
200.8 The PSAs do not ordinarily refer to inherent risk and control risk separately, but rather to
a combined assessment of the “risks of material misstatement.” However, the auditor
may make separate or combined assessments of inherent and control risk depending on
preferred audit techniques or methodologies and practical considerations. The
assessment of the risks of material misstatement may be expressed in quantitative
terms, such as in percentages, or in non-quantitative terms. In any case, the need for the
auditor to make appropriate risk assessments is more important than the different
approaches by which they may be made.
Detection risk
200.9 Detection risk is the possibility that the procedures performed by the auditor (i.e.,
substantive procedures) to reduce audit risk to an acceptably low level will not detect a
misstatement that exists and that could be material, either individually or when
aggregated with other misstatements.
Examples:
▪ An auditor frequently uses sampling in performing audit procedures, giving rise to
the risk that the misstatement that should have been detected is not included in the
samples selected.
▪ An auditor performing inventory counts at a client’s warehouse is rarely able to
count or observe everything so it is possible that he or she may not notice that some
inventory listed on the financial statements may not actually exist. [Auditing,
Assurance and Risk by W. Robert Knechel]
200.11 One focus area in assessing the residual risk of material misstatement is the remaining
business risks which are mainly relating to the risks that the entity’s accounting
estimates and presentation and disclosure decisions may lead to material misstatement
in the financial statements and could mislead the users of the financial statements
despite the proper functioning of business controls.
The above factors may adversely affect the achievement of the entity’s business
objectives and, may give rise to audit risk. Hence, necessary assessment of which
should be considered.
Accounting Processes
200.13 Companies enter into transactions to pursue its business objectives. A transaction is an
event involving the exchange of value between the company and an external party. The
more common transactions are purchases of goods or services from suppliers, sale of
goods or services to customers, borrowing from financial institutions, or payment of
salaries to employees.
200.14 The transactions are passed through the accounting system of the companies to come
up with financial statements. These transactions and the related accounting processes
are usually grouped into classes according to common features, properties or qualities
as follows:
▪ Routine transactions
▪ Non-routine transactions
▪ Accounting estimates
Routine transactions
200.15 Routine transactions are those transactions that are usually conducted to pursue the
entity's day-to-day business with the outside world, such as sales or revenue, purchases,
cash payments and cash receipts. Routine transactions are likely to be:
▪ numerous;
▪ recurring;
▪ objectively measurable, requiring little or no judgment in determining the amount
to be recorded;
▪ processed in a similar way each time they occur.
200.16 Despite these characteristics, in the absence of effective controls, the risk of material
misstatement for many routine transactions may be high.
Management usually establishes effective controls over the recording, processing and
reporting of routine transactions to provide reasonable assurance regarding the
200.17 The characteristics of routine transactions often permit highly automated processing by
the computer information systems with little or no manual/human intervention. These
characteristics may also permit incorporating business rules into the system to the end
that each transaction entered into the system for processing is compared to established
criteria and subjected to a number of tests. Moreover, reporting may be designed to
highlight exceptions for follow-up, and identify matters such as changes in size, volume
and amounts of transactions.
Non-Routine transactions
200.18 Non-routine transactions are transactions that occur infrequently. Non-routine
transactions may:
❑ be relatively few in number;
❑ be unusual and in some cases unpredictable;
❑ require judgment to determine amounts and the accounting period for recording;
❑ involve questions of intent or economic substance.
Accounting Estimates
200.20 An accounting estimate is an approximation of the amount of an item in the absence of
a precise means of measurement.
PSA 540.6
The objective of the auditor is to obtain sufficient appropriate audit evidence about whether:
(a) accounting estimates, including fair value accounting estimates, in the financial
statements, whether recognized or disclosed, are reasonable, and
(b) related disclosures in the financial statements are adequate, in the context of the
applicable financial reporting framework.
200.21 In financial statements, accounting estimates measure the effects of business risks, past
business transactions or other events, or the present status of an asset or liability.
Examples:
❑ the allowance for uncollectible accounts
❑ write-downs of inventories to net realizable value
❑ recoverable amounts included in the computation of impairment losses on
property, plant and equipment
❑ provisions for probable loss due to lawsuits
❑ pension liabilities and expense
200.23 Accounting estimates originate as accounting entries within the entity and therefore are
different from transactions. Some accounting estimates are routine and some are non-
routine.
For example, routine accounting estimates include those for deferred income taxes and
depreciation expense allocating the cost of fixed assets over their estimated useful lives.
Non-routine accounting estimates may include those for environmental clean-up costs,
provision for losses from pending lawsuits and allowances to reduce inventory and
receivables to their estimated realizable value.
200.25 To determine whether management has identified the accounting estimates that may be
significant to the financial statements the auditor may:
❑ ask management about the need to make accounting estimates;
❑ review the assertions in the financial statements to determine the need for
accounting estimates;
❑ consider information obtained from other audit procedures.
200.26 Accounting estimates are often based on data derived from routine transactions
processed by the entity's computer information systems. Controls may be effective with
respect to the completeness, accuracy and validity (existence) of such underlying data.
200.28 Even though it may be difficult for management to implement effective controls for
aspects of accounting estimates, it may be important for management to do so, for
instance for those accounting estimates that are material in the financial statements.
For example, assumptions used in calculations of the liability and cost of retirement
plans may be approved by appropriate committees of those charged with governance
which may utilize independent specialists for advice, such as professional actuaries.
200.29 The auditor is responsible for evaluating the reasonableness of accounting estimates
made by management in the context of the financial statements taken as a whole. If the
auditor believes there are material weaknesses, the auditor reports them to
management and, if appropriate, to those charged with governance.
200.30 A difference between the outcome of an accounting estimate and the amount originally
recognized or disclosed in the financial statements does not necessarily represent a
misstatement of the financial statements. This is particularly the case for fair value
accounting estimates, as any observed outcome is invariably affected by events or
conditions subsequent to the date at which the measurement is estimated for purposes
of the financial statements. (IFAC Guide, Vo. 1, Second Edition, page 138)
PSA 200.5
As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance
about whether the financial statements as a whole are free from material misstatement,
whether due to fraud or error. Reasonable assurance is a high level of assurance. It is obtained
when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk (i.e.,
the risk that the auditor expresses an inappropriate opinion when the financial statements are
materially misstated) to an acceptably low level. However, reasonable assurance is not an
absolute level of assurance, because there are inherent limitations of an audit which result in
most of the audit evidence on which the auditor draws conclusions and bases the auditor’s
opinion being persuasive rather than conclusive.
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity’s internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
200.33 The auditor makes preliminary assessments of the risk of material misstatement in the
understanding and evaluating internal control structure phase and accounting processes
of the audit process.
200.34 The risk of material misstatement may be higher for audit objectives relating to
accounting estimates for one or more of the following reasons:
❑ accounting principles for accounting estimates may be unsettled, unclear or subject
to wide interpretation;
❑ required judgments may be subjective, complex and require assumptions about the
effects of future events;
For example, pension expense and warranty liabilities judgments may either overlook or
misinterpret current developments. Another example, judgments may overlook effects
of a rapidly changing technological environment on the estimates of useful lives
required in calculations of depreciation expense.
200.35 Management may establish the following types of controls to help reduce this risk:
❑ develop accounting estimates using qualified and experienced personnel, including
external experts;
❑ review and approval by higher levels of management of the relevant factors and the
development of assumptions;
❑ periodic review of methods of developing the factors and the assumptions;
❑ comparison of accounting estimates made in prior periods with results in
subsequent periods;
❑ consideration by appropriate levels of management of whether the accounting
estimates are consistent with the operational plans of the entity.
The risk of material misstatement for non-routine transactions is usually higher than for
routine transactions, due to factors such as:
❑ greater management intervention to specify accounting;
❑ greater manual intervention for data collection and processing;
❑ greater judgment required in determining amounts;
200.36 Even though it may be difficult for management to implement effective controls for
non-routine transactions, management may do so. For example:
❑ controls may include policies and procedures for authorization and approval of non-
routine transactions. These activities may include consideration by the board of
directors for transactions such as acquisitions, disposals and related party
transactions.
❑ When the entity has entered into an unusual or complex transaction and the risk of
material misstatement is high, the auditor obtains an understanding of the
substance of the entity's arrangements and transactions with third parties.
❑ The auditor considers whether to confirm the terms of the transactions with the
other parties in addition to examining documentation held by the entity. For
example, the auditor may confirm terms such as side agreements or terms that, in
effect, allow for return of the merchandise.
❑ The auditor also considers whether there may be side agreements between the
entity and its customers. When appropriate, in addition to confirming account
balances and material revenue transactions, the auditor may also confirm relevant
contract terms with customers to obtain assurance that side agreements do not
exist. The auditor confirms such terms with the contract signer.
200.39 Assertions about classes of transactions and events for the period under audit include:
Audit Objectives
200.40 An audit objective is the auditor’s goal of obtaining sufficient appropriate audit evidence
about one or more of these financial statement assertions.
200.41 The auditor shall develop audit objectives to address the financial statement assertions
relating to the financial statement implications of business risks and classes of
transactions. A financial statement implication relates, for example, to a:
❑ Class of transactions
❑ Accounting estimate
❑ Presentation and disclosure decision
200.44 Critical audit objectives usually relate more to the material financial statement
implications of business risks and classes of non-routine transactions than to material
classes of routine transactions.
200.45 This may be the case when the auditor’s understanding of business risks is based on
highly uncertain factors as it may be more difficult for us to obtain sufficient
appropriate audit evidence for related audit objectives. One possible reason for this is
that management needs to apply a higher degree of judgment to predict the financial
statement implications of these business risks.
200.46 The judgment as to what are designated as critical audit objectives often depends on
the surrounding circumstances, such as the nature of the business, its usual profitability,
disclosure requirements and other issues the auditor considers.
200.47 The auditor or the engagement partner, in the case of partnership, is responsible for
providing overall direction for the audit approach to critical audit objectives, including:
❑ the nature, timing and extent of audit procedures;
❑ the involvement of more experienced audit staff and specialists. A partner may
consult an actuarial specialist on aspects of the pension liability, or an
environmental specialist on aspects of environmental liabilities.
200.48 The audit or the engagement partner, in the case of partnership, is responsible for
reviewing audit working papers relating to critical audit objectives.
200.49 The auditor sets out the critical audit objectives, including his/her approach to them and
the conclusions thereof.
PSA 320.8
The objective of the auditor is to apply the concept of materiality appropriately in planning
and in performing the audit.
200.50 Information is material if its omission or misstatement could influence the economic
decisions of users taken on the basis of the financial statements. Materiality depends on
the size of the item or error judged in the particular circumstances of its omission or
misstatement. Thus, materiality provides a threshold or cut-off point rather than being
a qualitative characteristic which information must have if it is to be useful.
200.51 Financial statements may be materially misstated due to the effect of:
❑ an individual omission or misstatement (a material misstatement); or
❑ the cumulative effect of a number of misstatements (significant misstatements) that
are not individually considered material.
200.52 A material misstatement is a misstatement that, when accumulated with others, could
cause the financial statements to be materially misstated. The auditor considers the
cumulative effect of material misstatements.
200.53 Financial statements may be materially misstated as a result of fraud or error. Fraud is
an intentional act by one or more individuals among management, employees or third
parties. An error is an unintentional misstatement.
For more on the use of materiality in planning an audit, see Section 300 – Audit
Planning, topic on Materiality.
200.56 The amount of a misstatement by itself, without taking account of the nature of the
misstatement and the surrounding circumstances, is not usually a sufficient basis for a
judgment of materiality.
200.58 Surrounding circumstances that can affect the auditor’s professional judgment of
materiality include, but are not limited to, whether the misstatement:
❑ changes a loss into profit or vice versa;
❑ is intentional or unintentional;
❑ affects the entity's compliance with applicable laws and regulations;
❑ affects the entity's compliance with debt covenants or other contractual
requirements;
❑ has the effect of increasing management's compensation;
❑ may result in a significant positive or negative market reaction;
❑ arises from an item capable of precise measurement or whether it arises from an
estimate and, if so, the degree of imprecision inherent in the estimate;
❑ involves concealment of an unlawful transaction.
200.59 The auditor determines materiality based on his/her perception of the needs of users. In
applying his/her professional judgment, it is reasonable for the auditor to assume that
users of the financial statements:
▪ Understand that financial statements are prepared and audited to levels of materiality;
▪ Recognize the uncertainties inherent in the measurement of amounts based on the use
of estimates,
judgment, and the consideration of future events; and
▪ Make reasonable economic decisions on the basis of the information in the financial
statements. (IFAC Guide, Vol. 1, Second Edition, page 86)
200.61 Materiality is not an absolute number. It represents a grey area between what is very
likely not material and what is very likely material. Consequently, the assessment of
what is material is always a matter of professional judgment.
PSA 500.4
The objective of the auditor is to design and perform audit procedures in such a way as to
enable the auditor to obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base the auditor’s opinion.
200.63 The auditor obtains audit evidence as he/she performs the phases of the audit process.
Audit evidence is obtained for each of the audit objectives to:
❑ support the assessment of the risk of material misstatement
The auditor may obtain this evidence by supporting the his/her understanding of
residual business risks and performing tests of control.
❑ respond to the auditor’s assessment of the risk of significant misstatement.
The auditor obtains this evidence by performing analytical procedures and tests of
details.
200.64 The auditor obtains audit evidence by performing an appropriate mix of audit
procedures, including tests of control, analytical procedures and tests of details, as
well as risk assessment procedures.
Nature
200.67 The auditor judges the nature of the required audit procedures by considering the
following generalizations:
❑ audit evidence obtained from outside the entity is more persuasive than that
obtained from within the entity;
❑ audit evidence obtained from or created by unrelated third parties is more
persuasive than that obtained from related parties;
❑ audit evidence obtained from inside the entity is more persuasive when related
controls are effective;
❑ audit evidence obtained directly through performing an inspection, observation or
computation is more persuasive than that obtained indirectly by inquiry of others;
❑ audit evidence in the form of documents and written representations is more
persuasive than oral representations;
❑ audit evidence obtained from several sources that suggest the same conclusion is
more persuasive than that obtained from only one source.
200.68 When the auditor obtains consistent evidence from different sources or from
performing different techniques the auditor may obtain a cumulative degree of
evidence higher than that which attaches to the individual items by themselves.
200.69 Conversely, when audit evidence from one source is inconsistent with that from
another, the auditor usually performs additional audit work to resolve the
inconsistency.
Timing
200.70 The auditor may perform tests of control or substantive procedures before or after the
period-end covered by the financial statements.
200.71 Timing refers to when audit procedures are performed, or the period or date to which
the audit evidence applies.
200.73 When the auditor performs audit work before the period-end, he/she recognizes the
potentially increased risk that a material misstatement that may exist at the period-end
may not be detected.
200.74 The auditor reduces this potentially increased audit risk by performing additional audit
work to cover the remaining period in a way that provides a reasonable basis for
extending the audit conclusions to the period-end. The auditor usually compares
information at the period-end date with comparative information at the date of the
auditor’s earlier audit work to identify unusual amounts or trends. The auditor
investigates such unusual matters.
200.76 Such audit work involves one or more of the following techniques:
❑ inspection
❑ observation
❑ inquiry
❑ confirmation
❑ recalculation
❑ analytical procedures
❑ re-performance
200.77 The auditor may use the computer as an audit tool to apply some of the above audit
techniques. The use of the computer as an audit tool is known as computer-assisted audit
techniques (CAATS).
Inspection
200.78 Inspection involves examining records or documents, whether internal or external, in
paper form, electronic form, or other media, or a physical examination of an asset.
Inspection of records and documents provides audit evidence of varying degrees of
reliability, depending on their nature and source and, in the case of internal records and
documents, on the effectiveness of the controls over their production. An example of
inspection used as a test of controls is inspection of records for evidence of
authorization.
Observation
200.79 Observation consists of looking at a process or procedure being performed by others,
for example, the auditor’s observation of inventory counting by the entity’s personnel,
or of the performance of control activities. Observation provides audit evidence about
the performance of a process or procedure, but is limited to the point in time at which
the observation takes place, and by the fact that the act of being observed may affect
how the process or procedure is performed.
Inquiry
200.80 Inquiry consists of seeking information of knowledgeable persons, both financial and
nonfinancial, within the entity or outside the entity. Inquiry is used extensively
throughout the audit in addition to other audit procedures. Inquiries may range from
formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an
integral part of the inquiry process.
200.81 Responses to inquiries may provide the auditor with information not previously
possessed or with corroborative audit evidence. Alternatively, responses might provide
information that differs significantly from other information that the auditor has
obtained, for example, information regarding the possibility of management override
of controls. In some cases, responses to inquiries provide a basis for the auditor to
modify or perform additional audit procedures.
200.83 In respect of some matters, the auditor may consider it necessary to obtain written
representations from management and, where appropriate, those charged with
governance to confirm responses to oral inquiries.
External confirmation
200.84 An external confirmation represents audit evidence obtained by the auditor as a direct
written response to the auditor from a third party (the confirming party), in paper form,
or by electronic or other medium. External confirmation procedures frequently are
For example, the auditor may request confirmation of the terms of agreements or
transactions an entity has with third parties; the confirmation request may be designed
to ask if any modifications have been made to the agreement and, if so, what the
relevant details are. External confirmation procedures also are used to obtain audit
evidence about the absence of certain conditions, for example, the absence of a “side
agreement” that may influence revenue recognition.
200.85 As the risk of significant misstatement increases, the auditor selects substantive
procedures to obtain more or different audit evidence about a financial statement
assertion. In these situations, the auditor may use external confirmation procedures
rather than, or in conjunction with, tests directed toward documents or parties within
the entity.
200.86 Examples of situations where the auditor may use external confirmations are:
❑ receivable balances and terms
❑ bank balances and other information relevant to banking relationships
❑ inventories held by third parties at bonded warehouses for processing or on
consignment
❑ property title deeds held by lawyers for safe custody or as security
❑ investments purchased from stockbrokers but not delivered at the period-end date
❑ unsecured loans from lenders
❑ payables balances and terms
Recalculation
200.87 Recalculation consists of checking the mathematical accuracy of documents or records.
Recalculation may be performed manually or electronically.
Analytical Procedures
200.89 Analytical procedures used as risk assessment procedures help to identify matters that
have financial statement and audit implications. Some examples are unusual
transactions or events, amounts, ratios, and trends.
▪ Ratio analysis
▪ Trend analysis
▪ Break-even analysis
▪ Pattern analysis, and
▪ Regression analysis
Re-performance
200.91 Re-performance involves the auditor’s independent execution of procedures or controls
that were originally performed as part of the entity’s internal control.
200.92 Risk assessment procedures are the audit procedures performed to obtain an
understanding of the entity and its environment, including the entity’s internal control,
to identify and assess the risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels.
200.93 The auditor shall perform risk assessment procedures to provide a basis for the
identification and assessment of risks of material misstatement at the financial
statement and assertion levels. Risk assessment procedures by themselves, however,
do not provide sufficient appropriate audit evidence on which to base the audit
opinion.
200.95 Test of controls are audit procedures designed to evaluate the operating effectiveness
of controls in preventing, or detecting and correcting, material misstatements at the
assertion level.
200.96 Typical tests of controls include the selection of a representative sample of transactions
or supporting documentation to:
200.97 There are five steps in the Study and Evaluation of Internal Controls phase of the audit:
1. Obtain and document an understanding of internal control.
2. Make a preliminary assessment of control risk.
3. Determine the auditor’s response to the risk assessment.
4. Reassess control risk.
5. Determine the nature, extent and timing of substantive tests.
It is during step 3 that tests of controls are performed.
200.98 Tests are applied only to those controls on which the auditor intends to rely when
designing substantive tests of account balances. An auditor would not rely on, and
therefore not test, a particular control if the audit effort required to test the control
exceeded the reduction in year-end audit effort that could be achieved by reliance.
200.99 Tests of control activities are necessary to support a less-than-high risk assessment
because control activities and related accounting procedures are applied in more
detailed levels and have more direct effects on specific audit objectives and account
balances within transaction cycles than do controls that are part of the other
components of internal control.
200.100 The tests generally consist of one, or a combination of, the following procedures:
❑ Observation; and inquiry of client personnel;
❑ Observation of the application of policies and procedures;
Substantive procedures
200.102 Substantive procedures are tests performed to obtain audit evidence to detect
material misstatements in the financial statements. There are two types of
substantive procedures:
❑ analytical procedures
❑ tests of details of transactions and account balances.
PSA 330.18
Irrespective of the assessed risks of material misstatement, the auditor shall design and
perform substantive procedures for each material class of transactions, account balance and
disclosure.
PSA 330.20
The auditor’s substantive procedures shall include the following audit procedures related to
the financial statements closing process:
a) Agreeing or reconciling the financial statements with the underlying accounting records;
and
b) Examining material journal entries and other adjustments made during the course of
preparing the financial statements.
PSA 330.22
If substantive procedures are performed at an interim date, the auditor shall cover the
remaining period by performing:
a) substantive procedures, combined with tests of controls for the intervening period; or
b) if the auditor determines that it is sufficient, further substantive procedures only, that
provides a reasonable basis for extending the audit conclusions from the interim date to
the period end.
200.103 The auditor gathers audit evidence by performing substantive procedures regardless of
the auditor’s assessment of the risk of significant misstatement. However, the auditor
may obtain this audit evidence for individual audit objectives by performing analytical
procedures or tests of details only. The nature, timing and extent of the auditor’s
substantive procedures depend upon his/her assessment of the risk of material
misstatement.
200.105 Relationships may exist among different types of financial information or between
financial and non-financial information.
For example, the auditor may develop an expectation about an entity's gross profit
based on its product revenue. The auditor may develop an expectation about an
entity's revenue based on the auditor’s understanding of industry trends and market
research reports.
Subsequent Events
PSA 560.4
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence about whether events occurring between
the date of the financial statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in
those financial statements in accordance with the applicable financial reporting
framework; and
b) To respond appropriately to facts that become known to the auditor after the date of the
auditor’s report, that, had they been known to the auditor at that date, may have caused
the auditor to amend the auditor’s report.
PSA 560.6
The auditor shall perform audit procedures designed to obtain sufficient appropriate audit
evidence that all events occurring between the date of the financial statements and the date
of the auditor’s report that require adjustments of, or disclosures in, the financial statements
have been identified. The auditor is not, however, expected to perform additional audit
procedures on matters to which previously applied audit procedures have provided
satisfactory conclusions.
200.111 The auditor shall perform audit procedures to identify any subsequent events that
would require adjustments of, or disclosures in, the financial statements. This would
include:
▪ Reading minutes, if any, of the meetings (management and those charged with
governance) held after the date of the financial statements, and inquiring about
matters discussed at meetings for which minutes are not yet available; and
▪ Reading financial reports produced after the period end, if any.
(IFAC Guide, Volume I, Second edition, page 158)
PSA 560.10
The auditor has no obligation to perform any audit procedures regarding the financial
statements after the date of the auditor’s report. However, if, after the date of the auditor’s
report but before the date the financial statements are issued, a fact becomes known to the
auditor that, had it been known to the auditor at the date of the auditor’s report, may have
caused the auditor to amend the auditor’s report, the auditor shall:
a) Discuss the matter with management and, where appropriate, those charged with
governance.
b) Determine whether the financial statements need amendment and, if so,
c) Inquire how management intends to address the matter in the financial statements.
200.112 When facts become known to the auditor after the date of the auditor’s report but
before financial statements are issued, the auditor shall consider the following:
▪ Discuss the matter with management (and those charged with governance);
▪ Determine whether the financial statements need amendment and if so:
o Inquire how management intends to address the matter in the financial
statements,
o Perform any further audit procedures required, and
o Issue a new auditor’s report on the amended financial statements. This
could also include dual dating of the report, restricted to the amendment or
inclusion of an emphasis of matter paragraph; and
▪ Where management does not amend the financial statements, the auditor would
issue a modified auditor’s opinion.
▪ If the auditor’s report has already been released, notify management (and those
charged with governance) not to issue the financial statements to third parties
before the necessary amendments have been made.
Concepts and Principles 200 - 24
▪ If the financial statements are released despite the notification, take appropriate
action (after consulting with legal counsel) to prevent reliance on the auditor’s
report.
Going Concern
PSA 570.9
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence regarding the appropriateness of
management’s use of the going concern assumption in the preparation of the financial
statements;
b) To conclude, based on the audit evidence obtained, whether a material uncertainty exists
related to events or conditions that may cast significant doubt on the entity’s ability to
continue as a going concern; and
c) To determine the implications for the auditor’s report
200.114 Events or conditions that, individually or collectively, may cast significant doubt about
the going-concern assumption may include the following:
200.115 The significance of the above events or conditions often can be mitigated by other
factors. For example, the effect of an entity being unable to make its normal debt
repayments may be counterbalanced by management’s plans to maintain adequate
cash flows by alternative means, such as disposing of assets, rescheduling loan
repayments, or obtaining additional capital. Similarly, the loss of a principal supplier
may be mitigated by the availability of a suitable alternative source of supply.
(IFAC Guide, Volume 1, Second edition, page 164)
PSA 300.5
The engagement partner and other key members of the engagement team shall be
involved in planning the audit, including planning and participating in the discussion
among engagement team members.
PSA 300.7
The auditor shall establish an overall audit strategy that sets the scope, timing and direction of
the audit, and that guides the development of the audit plan
300.1 Planning an audit involves establishing the overall audit strategy for the engagement
and developing an audit plan, in order to reduce audit risk to an acceptably low level.
Planning involves the engagement partner and other key members of the engagement
team to benefit from their experience and insight and to enhance the effectiveness and
efficiency of the planning process.
300.2 Audit Planning includes important scoping and coordination decisions appropriate to
the requirements of the audit engagement. It is the second major phase of the audit
process as defined in the PICPA’s Audit Methodology Framework.
300.6 Development of the overall audit strategy begins at the commencement of the
engagement, and is completed and then updated based on the information obtained from:
▪ Previous experience with the entity;
▪ Preliminary (client acceptance and continuation) activities;
▪ Discussions with the client on changes since last period and recent operating results;
▪ Other engagements performed for the client during the period;
▪ Audit team discussions and meetings;
▪ Other external sources such as newspaper and Internet articles; and
▪ New information obtained, failed audit procedures, or new circumstances encountered
during the audit that will change previously planned strategies.
(IFAC Guide, Volume 2, Third edition, page 46)
300.7 The overall audit strategy sets the scope, timing and direction of the audit, and guides the
development of the more detailed audit plan. The establishment of the overall audit
strategy involves:
1. Determining the characteristics of the engagement that define its scope;
2. Ascertaining the reporting objectives of the engagement to plan the timing of the
audit and the nature of the communications required; and
3. Considering the important factors that, in the auditor’s professional judgment, will
determine the focus or direction of the engagement team’s efforts.
300.8 To determine engagement characteristics, the auditor shall consider the following:
300.9 The auditor shall document key decisions considered necessary to properly plan the audit
and to communicate significant matters to the engagement team. The overall strategy
documents the following relevant actions:
300.10 Many audits of small entities involve the audit engagement partner working with one
engagement team member. With a smaller team, coordination and communication
between team members are easier. Establishing the overall audit strategy for the audit of
a small entity need not be a complex or time-consuming exercise. A brief memorandum
prepared at the completion of the previous audit, based on a review of the working papers
and highlighting issues identified in the audit just completed, updated and changed in the
current period based on discussions with the owner-manager, can serve as the basis for
planning the current audit engagement.
PSA 300.9
The auditor shall develop an audit plan that shall include a description of:
a) The nature, timing and extent of planned risk assessment procedures, as determined under
PSA 315.
b) The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under PSA 330
c) Other planned audit procedures that are required to be carried out so that the engagement
complies with PSAs.
300.11 The auditor documents the audit plan in the Audit Planning Memorandum. The audit
team refers to this document to get a full understanding of the activities that will be
PSA 300.10
The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.
300.12 As the need arises, the auditor may revise the planning document to adopt to the
requirements of a specific audit job.
300.13 A detailed audit plan addresses the various matters identified in the overall audit strategy,
taking into account the need to achieve the audit objectives through the efficient use of
the auditor’s resources. Although the auditor ordinarily establishes the overall audit
strategy before developing the detailed audit plan, the two planning activities are not
necessarily discrete or sequential processes but are closely inter-related since changes in
one may result in consequential changes to the other.
300.14 The audit plan includes a description of the nature, timing and extent of risk assessment
procedures, further audit procedures (tests of controls and substantive tests) and other
audit procedures required to be carried out for the engagement in order to comply with
PSAs.
300.15 Documentation of the audit plan also serves as a record of the proper planning and
performance of the audit procedures that can be reviewed and approved prior to the
performance of further audit procedures.
300.16 Planning takes place over the course of the audit as the audit plan for the engagement
develops. For example, planning of the auditor’s risk assessment procedures ordinarily
occurs early in the audit process. However, planning of the nature, timing and extent of
specific further audit procedures depends on the outcome of those risk assessment
procedures.
300.17 In addition, the auditor may begin the execution of further audit procedures for some
classes of transactions, account balances and disclosures before completing the more
detailed audit plan of all remaining further audit procedures.
PSA 240.10
The objectives of auditor are:
a) To identify and assess the risk of material misstatement of the financial statements due to
fraud;
b) To obtain sufficient appropriate audit evidence regarding the assessed risk of material
misstatement due to fraud, through designing and implementing appropriate responses;
and
c) To respond appropriately to fraud or suspected fraud identified during the audit.
PSA 315.3
The objective of the auditor is to identify and assess the risks of material misstatement,
whether due to fraud or error, at the financial statement and assertion levels, through
understanding the entity and its environment, including the entity’s internal control, thereby
providing a basis for designing and implementing responses to the assessed risks of material
misstatement.
PSA 315.5
The auditor shall perform risk assessment procedures to provide a basis for the identification
and assessment of risks of material misstatement at the financial statement and assertion
levels. Risk assessment procedures by themselves, however, do not provide sufficient
appropriate audit evidence on which to base the audit opinion.
300.18 The purpose of risk assessment procedures is to identify and assess risks of material
misstatement. This is achieved through understanding the entity and its environment,
including internal control. Information may be obtained from external sources, such as
the Internet and trade publications, and from internal sources such as discussions with
key personnel. This understanding of the entity becomes a continuous, dynamic
process of gathering, updating and analyzing information throughout the audit.
(IFAC Guide, Volume 1, Second edition, page 95)
300.19 Risk assessment procedures provide audit evidence to support the assessment of risks
at the financial statement and assertion levels. However, this evidence does not stand
alone. Evidence obtained from risk assessment procedures is supplemented by further
audit procedures (that respond to the risks identified) such as tests of controls and/or
substantive procedures. (IFAC Guide, Volume 1, Second edition, page 95)
300.20 The auditor uses professional judgment to determine the risk assessment procedures to
be performed, and the scope or depth of understanding of the entity that is required. In
the first year that the auditor conducts the audit for an entity, the work required to
obtain and document this information will often require a significant amount of time.
However, if the information obtained is well documented in the first year, the time
required to update the information in subsequent years should be considerably less
than that required in the first year. (IFAC Guide, Volume 1, Second edition, page 95)
300.22 Each of the three risk assessment procedures should be performed during the audit, but
not necessarily for each aspect of the understanding required. In many situations, the
results from performing one type of procedure may lead to performing another. For
example, in an interview with the sales manager, an unusual but significant sales
contract might be identified. This could be followed up by an inspection of the actual
sales contract and an analysis of the impact on sales margins. Alternatively, findings
from performing analytical procedures on preliminary operating results may trigger
some questions for management. The answers to these questions may then lead to
requests to inspect certain documents or observe some activities.
(IFAC Guide, Volume 1, Second edition, page 97)
300.23 Inquiry is used by the auditor in conjunction with other risk assessment procedures to
assist in identifying risks of material misstatement. The focus of the questions is to
obtain an understanding of each of the required aspects as set in PSA 315. Examples of
areas of inquiry include the following:
▪ Environment in which the financial statements are prepared
▪ Oversight of management’s processes for identifying and responding to the risks of
fraud or error in the entity, and the internal control that management has establish to
mitigate these risks.
▪ Knowledge of any actual, suspected, or alleged fraud affecting the entity.
▪ Management’s assessment of the risk that the financial statements may be materially
misstated due to fraud or error, including the nature, extent, and frequency of such
assessments.
▪ Management’s communication, if any, to employees regarding its views on business
practices and ethical behavior.
▪ The entity’s culture (values and ethics).
▪ Management incentive plans.
▪ How estimates are prepared.
▪ Business trends and unusual events.
▪ The initiating, processing, or recording of complex or unusual transactions.
▪ Marketing strategies and sales trends.
▪ Contractual arrangements with customers.
▪ The extent of management override (i.e., have these employees ever been asked to
override internal controls or revenue recognition accounting policies?). (IFAC Guide,
Volume 1, Second edition, page 99)
300.26 If a possible fraud involving senior management or those charged with governance is
discovered, consult immediately with the engagement partner, and consider obtaining
legal advice on how to proceed. The information should also be kept confidential to
ensure that privacy and confidentiality requirements are properly followed. Also check
the code of ethics for any additional requirements and guidance.
(IFAC Guide, Volume 1, Second edition, page 100)
300.30 Analytical procedures used as risk assessment procedures help to identify matters that
have financial statement and audit implications. In addition to being a risk assessment
procedure, analytical procedures can also be used as further audit procedures in:
▪ Obtaining evidence about a financial statement assertion. This would be a substantive
analytical procedure and is discussed further in Section 400 of this Manual.
▪ Performing an overall review of the financial statements at, or near, the end of the
audit.
300.31 Most analytical procedures are not very detailed or complex. They often use data
aggregated at a high level, which means the results can only provide a broad initial
indication about whether a material misstatement may exist.
(IFAC Guide, Volume 1, Second edition, page 100)
300.32 The steps involved in performing analytical procedures as part risk assessment
procedures are as follows:
▪ First, develop expectations about plausible relationships among the various types of
information that could reasonably be expected to exist. Where possible, seek to use
independent (i.e., not internally generated) sources of information. The financial and
non-financial information could include: financial statements for comparable previous
periods; budgets, forecasts, and extrapolations from interim or annual data; and
information regarding the industry in which the entity operates and current economic
conditions.
▪ Next, compare expectations with recorded amounts or ratios developed from recorded
amounts
▪ Then, evaluate the results. Where unusual or unexpected relationships are found,
consider potential risks of material misstatement.
300.34 The auditor should obtain knowledge about the general economic factors and industry
conditions affecting the entity’s business; important characteristics of the entity, its
business, its financial performance and its reporting requirements including changes
since the date of the prior audit; and the general level of competence of management.
Exhibit 300-03 shows the Sources of Understanding of the Client and Its Environment
Checklist.
300.35 Understanding the entity and its environment and using this information appropriately
assists the auditor in assessing risk and identifying problems and in planning and
performing the audit effectively and efficiently.
300.36 The auditor’s understanding of the entity and its environment consists of an
understanding of the following:
▪ Industry, regulatory, and other external factors, including the applicable financial
reporting framework.
Examples of other external factors affecting the entity that the auditor may consider
include the general economic conditions, interest rates and availability of financing,
and inflation or currency revaluation.
▪ The entity’s selection and application of accounting policies, including the reasons
for changes thereto.
An understanding of the entity’s selection and application of accounting policies
may encompass such matters as:
o The methods the entity uses to account for significant and unusual
transactions.
o The effect of significant accounting policies in controversial or emerging
areas for which there is a lack of authoritative guidance or consensus.
▪ Objectives and strategies and the related business risks that may result in risks of
material misstatement.
Examples of matters that the auditor may consider when obtaining an
understanding of the entity’s objectives, strategies and related business risks that
may result in a risk of material misstatement of the financial statements include:
o Industry developments (a potential related business risk might be, for
example, that the entity does not have the personnel or expertise to deal
with the changes in the industry).
o New products and services (a potential related business risk might be, for
example, that there is increased product liability).
o Expansion of the business (a potential related business risk might be, for
example, that the demand has not been accurately estimated).
o New accounting requirements (a potential related business risk might be,
for example, incomplete or improper implementation, or increased costs).
o Regulatory requirements (a potential related business risk might be, for
example, that there is increased legal exposure).
o Current and prospective financing requirements (a potential related
business risk might be, for example, the loss of financing due to the entity’s
inability to meet requirements).
o Use of IT (a potential related business risk might be, for example, that
systems and processes are incompatible).
o The effects of implementing a strategy, particularly any effects that will lead
to new accounting requirements (a potential related business risk might be,
for example, incomplete or improper implementation).
External parties may also measure and review the entity’s financial performance.
For example, external information such as analysts’ reports and credit rating agency
reports may represent useful information for the auditor. Such reports can often be
obtained from the entity being audited.
The way in which internal control is designed, implemented and maintained varies
with an entity’s size and complexity. Smaller entities may use less structured means
and simpler processes and procedures to achieve their objectives.
Exhibit 300-04 shows the audit form for Understanding of the Client and its
Environment.
The difference between business risk and fraud risk is that fraud risk results from a
person’s deliberate actions. In many instances, a risk can be both a business and a fraud
risk. For example, the introduction of a new accounting system creates uncertainty (errors
could be made as personnel learn the new system) and would be classified as a business
risk. However, it could also be classified as a fraud risk, because someone could take
advantage of the uncertainty to misappropriate assets or manipulate the financial
statements. (IFAC Guide, Volume 2, Third edition, page 83)
300.38 The term “business risk” encompasses more than just the risks of material misstatement in
the financial statements. Business risks result from significant conditions, events,
circumstances, actions, or inactions that could adversely affect the entity’s ability to
achieve its objectives and executes its strategies.
300.39 Business risk also includes events that arise from change, complexity, or the failure to
recognize the need for change. Change may arise, for example, from:
300.40 Fraud risk relates to events or conditions that indicate an incentive or pressure to commit
fraud or provide an opportunity to commit fraud.
300.43 As can be determined from the above, the most effective anti-fraud internal control would
be a strong commitment by those in governance and senior management positions to
doing the right thing. This is evidenced through articulated entity values and a
commitment to ethics that are modeled on a day-to-day basis. This is true for any size of
organization. (IFAC Guide, Volume 2, Third edition, pages 89-90)
▪ Pressure
This is often generated by immediate needs (such as having significant personal debts or
meeting an analyst’s or bank’s expectations for profit) that are difficult to share with
others.
▪ Opportunity
A poor corporate culture and a lack of adequate internal control procedures can often
create confidence that a fraud could go undetected.
▪ Rationalization
300.46 Fraud is always intentional. It involves concealment of information from the auditor and
deliberate misrepresentations. Consequently, fraud is discovered by looking for patterns,
oddities, and exceptions, often in what might be considered very small monetary amounts.
Fraud is unlikely to be detected through substantive procedures alone. For example, an
auditor is unlikely to identify a missing transaction or determine that a transaction is
invalid unless there is some additional “understanding of the entity” that can be used as a
frame of reference. (IFAC Guide, Volume 2, Third edition, page 93)
300.47 The term “noncompliance” as used in PSAs refers to acts of omission or commission by the
entity being audited, either intentional or unintentional, which are contrary to the
prevailing laws or regulations. Such acts include transactions entered into by, or in the
name of, the entity or on its behalf by its management or employees. Some laws and
regulations may give rise to business risks that have a fundamental effect on the
operations of the entity, or on its ability to continue as a going concern. In order to plan
the audit, the auditor should obtain a general understanding of the legal and regulatory
framework applicable to the entity and the industry and how the entity is complying with
that framework.
300.48 The relevant laws and regulations would be well established and known to the entity and
within the industry; they would be considered on a recurring basis each time financial
statements are issued. These laws and regulations, may relate to among others:
▪ The form and content of financial statements, including industry specific requirements;
▪ accounting for transactions under government contracts;
▪ or the accrual or recognition of expenses for income taxes or pension costs.
Exhibit 300-06 shows the work program for Assessment of Non-Compliance with Relevant
Laws and Regulations.
300.50 The auditor shall determine performance materiality for purposes of assessing the risks of
material misstatement and determining the nature, timing and extent of further audit
procedures.
300.51 Planning the audit solely to detect individually material misstatements overlooks the fact
that the aggregate of individually immaterial misstatements may cause the financial
statements to be materially misstated, and leaves no margin for possible undetected
misstatements.
300.52 Performance materiality is set to reduce to an appropriately low level the probability that
the aggregate of uncorrected and undetected misstatements in the financial statements
exceeds materiality for the financial statements as a whole. Similarly, performance
materiality relating to a materiality level determined for a particular class of transactions,
account balance or disclosure is set to reduce to an appropriately low level the probability
that the aggregate of uncorrected and undetected misstatements in that particular class of
transactions, account balance or disclosure exceeds the materiality level for that particular
class of transactions, account balance or disclosure.
300.53 PSA 320 – Materiality in Planning and Performing an Audit, clearly requires the auditor to
determine three different levels of materiality, as follows [AASC Bulletin 001 Series of 2010
Philippine Standard on Auditing 320 (Revised and Redrafted), Materiality in Planning and
Performing an Audit]:
Materiality for the financial statements as whole (hereinafter referred to as the “overall
materiality”) is the materiality determined at the overall financial statement level. This
materiality level helps the auditor determine whether the proposed audit adjustments are
significant or not. If the audit adjustments exceed this level, the auditor may need to
adjust the financial statements.
In practice, the benchmark commonly used for profit-oriented companies is profit from
continuing operations before tax. However, the auditor should also take into account
whether there are circumstances that give rise to an exceptional increase or decrease
affecting the chosen benchmark (i.e. non-recurring gain or loss). In such case, the auditor
may use a benchmark based on a normalized profit before tax from continuing operations.
B. Performance materiality
▪ laws and regulations (e.g. related party transactions) – SEC Memorandum Circular No. 8,
Series of 2009, states that related party transactions as required under PAS 24, Related
Party Transactions, are considered significant regardless of amount involved if the
company is a public company, a listed companies, issuers of securities to public or
secondary licensee of the SEC.
▪ financial reporting framework
If the auditor becomes aware of information during the audit that would have caused the
determination of a different amount of the benchmark, the auditor should revise the overall
materiality and the auditor should assess the need to revise performance materiality and
specific materiality, and whether the nature, timing and extent of further audit procedures
remain appropriate.
Documentation requirements
PSA 320, paragraph 4 states that the auditor is required to include in the audit
documentation the amounts and the factors considered in the determination of the
materiality levels prescribed by this standard including the basis for any revisions to those
materiality levels. Audit documentation should demonstrate the judgment and rationale
used by the auditor in determining these materiality levels.
The illustrative examples and the percentages used below are only for illustration purposes, and
do not in any way provide guidance or to be used as a standard practice. The auditor should use
his/her professional judgment in setting and determining the materiality levels in an audit of
financial statements. For illustration purposes, consider the following financial information of
an entity:
1) Overall materiality
Assuming that the entity is a profit-oriented company, the materiality levels which the auditor
may consider are as follows:
Consideration
Profit before tax Sales
Benchmark P150,000 P800,000
The above amounts are the assessment of materiality on the financial statements as a whole.
They also serve as a basis in determining if identified uncorrected misstatements are already
material in the aggregate to the financial statements and therefore required to be adjusted.
Although the above amounts are acceptable, appropriate overall materiality will depend on the
factors [PSA 320.A3] considered in determining the correct benchmark.
2) Performance materiality
Based on the above overall materiality levels, the auditor may consider the overall engagement
risk and the history of booked audit adjustments in determining the percentage for performance
materiality.
Assuming based on the auditor’s judgment, the following rationale and percentages have been
determined:
As calculated above, all financial statement line items above performance materiality are
required to be included in the scope of the audit. This means that for a high risk audit
engagement, a lower level of performance materiality is appropriate in order to respond to a
higher risk of material misstatement. Conversely, for a low risk audit engagement, a higher level
of performance materiality is appropriate as there is a lower risk of materiality misstatement.
However, it is not appropriate to automatically exclude all balances below the performance
materiality level from the audit testing. The auditor should ensure that the total amount of the
excluded financial statement line items should not be above overall materiality. Otherwise, the
3) Specific materiality
Assume further that the auditor has assessed that there are specific users who expect a lesser
level of misstatement in management compensation; the auditor may consider setting a specific
materiality lower than performance materiality in order to obtain higher comfort on the audit
procedures performed over management compensation. Assuming that based on the auditor’s
assessment, adopting a 50% threshold below performance materiality is appropriate to address
the risk, the specific materiality will be computed as follows:
As an extreme case, assume that tolerable misstatement for accounts payable is zero. This
means that any amount of misstatement in accounts payable, even a one centavo
misstatement, can affect the decision of users of financial statements. Consequently, the
auditor would have to test every transaction making up the account.
300.55 The concept of materiality recognizes that auditors work within constraints of time and
cost. Thus, the auditor (and financial statement users) must permit a reasonable allowance
for error in the financial statement accounts.
300.56 Toward the end of an engagement, after all audit evidence has been gathered and
evaluated, an auditor again considers materiality by comparing the combined
misstatements for all accounts with the preliminary (or revised) estimate for the entire set
of financial statements taken as a whole.
300.57 In evaluating whether the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework, the auditor should assess
300.59 If the aggregate of the uncorrected misstatements that the auditor has identified
approaches the performance materiality level, the auditor would consider whether it is
likely that undetected misstatements, when taken with aggregate uncorrected
misstatements could exceed materiality level. Thus, as aggregate uncorrected
misstatements approach the materiality level the auditor would consider reducing audit
risk by performing additional audit procedures or by requesting management to adjust the
financial statements for identified misstatements.
300.60 If the audit involves consolidated financial statements, the auditor uses the consolidated
amounts. If a separate audit opinion is issued on the financial statements of a component
included in the consolidated financial statements, a separate audit materiality calculation
is made for the audit of the financial statements of the component.
300.61 Audit materiality for a component included in consolidated financial statements may not
exceed audit materiality calculated for the consolidated financial statements.
300.62 When work is performed by more than one auditor, i.e. multinational companies with
subsidiary in the Philippines, the originating office specifies the audit materiality amount
(usually based on consolidated assets and revenues).
300.63 However, if the auditor is to issue a separate audit report stating an audit opinion on the
separate financial statements of the subsidiary being audited, , a separate audit materiality
amount need to be calculated and used.
300.64 The auditor specifies one or more amounts below which the auditor considers
misstatements, if they exist, to be insignificant. Amounts stated as insignificant represent
the professional judgment of the audit team. Specifically, the judgment is that a material
300.65 Amounts stated as insignificant need not be the same across the entire audit; qualitative
factors may be involved. Misstatements that the auditor detects below these amounts are
not summarized in a summary of unadjusted audit differences. However, the auditor
considers their qualitative aspects.
1. Identify risks by considering the understanding of the entity and its environment,
(including relevant controls), and by considering the classes of transactions, account
balances, and disclosures in the financial statements.
2. Relate the identified risks to what can go wrong at the assertion level; and
3. Consider whether the risks are of a magnitude that could result in a material
misstatement of the financial statements.
300.68 Management often reacts to inherent risk situations by designing internal control systems
to prevent or detect and correct misstatements.
300.69 The amount of substantive test procedures and related audit work in an engagement often
depends on the extent of reliance that the auditor places on the internal control system of
the company.
300.70 During audit planning, the auditor obtains an overall “feel” of the situation by determining,
on a preliminary basis, the major areas where the audit work will place reliance on internal
controls. Specifically, this means identification of major transaction cycles (e.g., revenue
and receipts, purchasing and disbursement, payroll, conversion, investing and financing
cycles), and the controls put in place to reduce the risks of material misstatements.
Generally, the more reliable internal controls are, the lesser the substantive test
procedures to apply in auditing year-end account balances. See also Appendix 2 of PSA
315 – Conditions and Events That May Indicate Risks of Material Misstatement.
See Section 400 for more discussion on the assessment of control risk.
Significant Risks
300.72 The assessment of inherent risk and control risk may be expressed quantitatively or
qualitatively. Of concern to the auditor is the presence of significant risks, since these
require special audit consideration.
300.73 Determination and assessment of significant risks, which arise on most audits, is a matter
of the auditor’s professional judgment. In exercising this judgment, the auditor should
consider the following:
1. Whether the risk is a risk of fraud.
2. Whether the risk is related to recent significant economic, accounting or other
developments and, therefore, requires specific attention.
3. The complexity of transactions.
4. Whether the risk involves significant transactions with related parties.
5. The degree of subjectivity in the measurement of financial information related to
the risk especially those involving a wide range of measurement uncertainty.
6. Whether the risk involves significant transactions that are outside the normal course
of business for the entity, or that otherwise appear to be unusual.
300.74 Significant risks often relate to significant non-routine transactions and judgmental
matters. Non-routine transactions are transactions that are unusual, either due to size or
nature, and that therefore occur infrequently. Judgmental matters may include the
development of accounting estimates for which there is significant measurement of
uncertainty.
300.75 If management has not appropriately responded by implementing controls over significant
risks and if, as a result, the auditor judges that there is material weakness in the entity’s
internal control, the auditor communicates this matter to those charged with governance
and also considers the implications for the auditor’s risk assessment.
300.76 The higher the combined assessments of inherent and control risks, the lower the amount
of detection risk that can be accepted. The lower the acceptable detection risk, the greater
the amount of audit procedures to be performed in order to reduce the chances of not
detecting misstatements.
300.77 When planning the audit, the auditor considers what would make the financial statements
materially misstated. The auditor’s understanding of the entity and its environment
establishes a frame of reference within which the auditor plans the audit and exercises
professional judgment about assessing the risks of material misstatement of the financial
statements and responding to those risks throughout the audit. It also assists the auditor
to establish materiality and in evaluating whether the judgment about materiality remains
appropriate as the audit progresses. The auditor’s assessment of materiality, related to
classes of transactions, account balances, and disclosures, helps the auditor decide such
questions as what items to examine and whether to use sampling and substantive
analytical procedures. This enables the auditor to select audit procedures that, in
combination, can be expected to reduce audit risk to an acceptably low level.
300.78 There is an inverse relationship between materiality and the level of audit risk, that is, the
higher the materiality level, the lower the audit risk and vice versa. The auditor takes the
inverse relationship between materiality and audit risk into account when determining the
nature, timing and extent of audit procedures.
For example, if, after planning for specific audit procedures, the auditor determines that
the acceptable materiality level is lower, audit risk is increased. The auditor would
compensate for this by either:
1. Reducing the assessed risk of material misstatement, where this is possible, and
supporting the reduced level by carrying out extended or additional tests of control;
or
2. Reducing detection risk by modifying the nature, timing and extent of planned
substantive procedures.
300.79 The auditor’s assessment of materiality and audit risk may be different at the time of
initially planning the engagement from at the time of evaluating the results of audit
procedures. This could be because of a change in circumstances or because of a change in
the auditor’s knowledge as a result of performing audit procedures. For example, if audit
procedures are performed prior to period end, the auditor will anticipate the results of
operations and the financial position. If actual results of operations and financial position
are substantially different, the assessment of materiality and audit risk may also change.
Additionally, the auditor may, in planning the audit work, intentionally set the acceptable
materiality level at a lower level than is intended to be used to evaluate the results of the
audit. This may be done to reduce the likelihood of undiscovered misstatements and to
provide the auditor with a margin of safety when evaluating the effect of misstatements
discovered during the audit.
The party is a post-employment benefit plan for the benefit of employees of the entity, or
of any entity that is a related party of the entity.
300.83 While the existence of related parties and transactions between such parties are
considered ordinary features of business, the auditor needs to be aware of them because:
▪ The applicable financial reporting framework may require disclosure in the financial
statements of certain related party relationships and transactions, such as those
required by PFRS for SME and PFRS for SE;
▪ The existence of related parties or related party transactions may affect the
financial statements. For example, the entity’s tax liability and expense may be
affected by the tax laws in various jurisdictions which require special consideration
when related parties exist;
▪ The source of audit evidence affects the auditor’s assessment of its reliability.
Generally, a greater degree of reliance may be placed on audit evidence that is
obtained from or created by unrelated third parties; and
▪ A related party transaction may be motivated by other than ordinary business
considerations, for example, profit sharing or even fraud.
300.84 Related parties may be identified by inquiries of management and predecessor auditors
and by reviews of stockholder listings, and material investment transactions.
See Exhibit 300-09, for sample Related Parties and Related Party Transactions work
program.
300.86 The primary objective in performing analytical procedures in the planning stage of the
audit, is to enhance the auditor’s understanding of the client, its business and the industry
in which the client operates and to identify areas of potential risk.
300.89 The basic premise underlying the application of analytical procedures is that relationships
among data may reasonably be expected to exist and to continue to exist in the absence of
known conditions to the contrary. Particular conditions that can cause variations in these
300.90 Analytical procedures may be helpful in identifying the existence of unusual transactions
or events, and amounts, ratios, and trends that might indicate matters that have financial
statement and audit implications.
300.91 Precise and powerful analytical procedures may involve obtaining and analyzing detailed
data ensuring that the data is reliable and corroborating management representations.
300.92 For most of the audit clients, internally generated information may be obtained and
analyzed. In addition, data external to the clients may be obtained for benchmarking
purposes.
300.93 In performing analytical procedures as risk assessment procedures, the auditor develops
expectations about plausible relationships that are reasonably expected to exist.
The auditor considers the most appropriate method to perform based on the precision
required.
300.95 Analytical procedures are the preferred choice for obtaining audit evidence. It is usually
considered before performing tests of details. Evidence is only obtained solely from tests
300.97 Situations which may warrant the use of an auditor’s expert include the following:
▪ Valuations of certain types of assets, for example, land and buildings, plant and
machinery, works of art, and precious stones.
▪ Determination of quantities or physical condition of assets, for example, minerals
stored in stockpiles, underground mineral and petroleum reserves, and the remaining
useful life of plant and machinery.
▪ Determination of amounts using specialized techniques or methods, for example, an
actuarial valuation.
▪ The measurement of work completed and to be completed on contracts in progress.
▪ Legal opinions concerning interpretations of agreements, statutes and regulations.
300.98 When determining the need to use the work of an auditor’s expert, the auditor would
consider:
▪ The engagement team’s knowledge and previous experience of the matter being
considered;
▪ The risk of material misstatement based on the nature, complexity, and materiality of
the matter being considered; and
▪ The quantity and quality of other audit evidence expected to be obtained.
300.99 When planning to use the work of an auditor’s expert, the auditor should evaluate the
professional competence of the expert. This will involve considering the expert’s
professional certification or licensing by, or membership in, an appropriate professional
body. It also involves considering the expert’s experience and reputation in the field in
which the auditor is seeking audit evidence.
300.100 The auditor should evaluate the objectivity of the expert, since the risk that an expert’s
objectivity will be impaired increases when the expert is:
▪ Employed by the entity; or
▪ Related in some other manner to the entity, for example, by being financially
dependent upon or having an investment in the entity.
See Exhibit 300-11, Audit Program for the Use of the Auditor’s Expert, for the related
work program.
300.103 For initial engagements, preliminary audit programs are not usually prepared until the
client’s control structure has been reviewed and documented, since the auditor has no
prior information about the client’s internal control structure. In continuing engagements,
preliminary audit programs can be drafted in advance of fieldwork, based on the auditor’s
prior knowledge of the client’s control structure and the results of previous assessments of
control risk.
300.104 Firms usually have already pre-printed audit programs. Auditors would normally modify
these printed programs to suit the client’s conditions, situations and peculiarities. There
are two types of audit programs:
1. Tests of controls audit program (compliance test audit program) – prepared when
the auditor has identified controls which he/she plans to rely on (reliance
approach). See Exhibit 300-12 for sample Test of Controls – Purchasing Cycle
program.
2. Substantive test audit program – prepared regardless of the approach taken by the
auditor (reliance or no reliance). See Exhibit 300-13 for sample Substantive Test –
Trade Payable program.
300.105 The overall audit plan and the audit program should be revised as necessary during the
course of the audit.
300.106 As the audit team implements the audit plan, it may be necessary to adjust or revise the
plan and as appropriate the audit programs to adopt to circumstances that the audit team
encounter when implementing the audit plan. For example:
• Preliminary assessment of audit materiality may have been set high during planning and
may need to be reduced
• Tests of controls may have resulted to a lot of exception that affects full reliance on the
control system and would thus necessitate corresponding adjustment to the
substantive testing procedures initially set
300.108 Efficient scheduling of audit work is the key to maximizing the effectiveness and monetary
return of an accounting firm. This fact becomes clear when considering the economics of a
public accounting practice.
300.109 Not all audit procedures must be performed after the end of the period being audited, and
most accounting firms strive to perform as much work at an interim date as possible. This
practice allows the accounting firm to reduce staff requirements and the clients to issue
financial statements and annual reports at an earlier date.
300.110 The timing of significant phases of the audit and tentative deadline dates for completion
should be determined, agreed upon with the client and documented in an engagement
timetable.
PSA 240.15
PSA 315 requires a discussion among the engagement team members and a determination by
the engagement partner of which matters are to be communicated to those team members
not involved in the discussion. This discussion shall place particular emphasis on how and
where the entity’s financial statements may be susceptible to material misstatement due to
fraud, including how fraud might occur. The discussion shall occur setting aside beliefs that
the engagement team members may have that management and those charged with
governance are honest and have integrity.
PSA 315.10
The engagement partner and other key engagement team members shall discuss the
susceptibility of the entity’s financial statements to material misstatement, and the
application of the applicable financial reporting framework to the entity’s facts and
circumstances. The engagement partner shall determine which matters are to be
communicated to engagement team members not involved in the discussion.
300.112 A critical element in the success of any audit engagement is good communication among
the audit team members. Communication starts with the assignment of team members,
arranging the team meeting to plan the engagement, and then continues throughout the
engagement. The benefits of good communication include:
▪ Each person on the team will understand the entity being audited, the financial
reporting framework to be used, what his/her specific role will be in the audit, and the
expectations about how and when work will be performed.
▪ Potential for over-and under-auditing will be significantly reduced.
▪ Staff is provided insights into the client and audit expectations directly from senior
personnel such as the engagement partner.
▪ Team discussions on the susceptibility of the financial statements to material
misstatements will help determine the business and fraud risks that need to be
addressed.
▪ Staff will be encouraged to ask questions and reconsider the effectiveness of the
previous period’s responses to assessed risks.
(IFAC Guide, Volume 2, Third edition, page71)
300.113 On larger engagements, a planning meeting should be scheduled well in advance of the
commencement of fieldwork. This will provide the time necessary to prepare or make
changes in the detailed audit plan. On very small engagements, planning may best be
achieved through brief discussions at the start of the engagement and as the audit
progresses. (IFAC Guide, Volume 2, Third edition, page 72)
300.114 Team members should be encouraged to come to the meeting with a questioning mind,
and be prepared to participate and share information with an attitude of professional
300.115 Emphasize the importance for staff to be alert for indications of dishonesty, but also to be
careful not to jump to any conclusions, particularly when discussing findings with the
entity’s management or staff. Indicate possible circumstances (red flags) that, if
encountered, might indicate the possibility of fraud.
300.117 The extent of assistance to be provided by the company during the audit should be
determined and arranged as early as possible. A listing of schedules and analyses to be
provided by the client, with indication of the dates and by whom they are to be completed
should be prepared. Only useful items should be listed and completion dates should be
realistic and consistent with the timing of the audit plan and the company’s year-end
scheduling. Suggested formats for the schedules or analyses, showing the column
headings, may be given to the accountant of the company.
300.118 These schedules may also be accessed by the auditor electronically, from the client’s
computer information system, depending on the access level granted to the auditors.
300.119 The following are examples of schedules that the client company can provide:
▪ Lead schedules or trial balance
▪ Bank reconciliation statements
▪ Schedule of accounts receivable, with remarks as to collectability
▪ Inventory listings
▪ Schedule of fixed assets and related accumulated depreciation
▪ Analyses of prepaid and deferred charges
▪ Schedule of accounts, notes and vouchers payable
▪ List of stockholders with corresponding number of shares held
▪ Insurance policies in force
▪ Stock options granted, terminated, exercised and exercisable
▪ Schedule of unmatched delivery receipts with sales invoices
300.120 The scope of work and principal findings of the internal auditors during the current year
and for the remainder of the year should be determined, including their availability for
coordination or direct assistance, if any. The effect of the internal audit function on the
nature, timing, and extent of the auditor’s own audit procedures should be determined in
due course by reviewing and evaluating the objectivity and competence of the internal
auditors and the effectiveness of their procedures.
300.121 In areas where the work of internal auditors is effective, the independent auditor may
arrange for coordination of the internal auditors’ effort with this work in such areas as:
▪ Observation of inventory count
▪ Confirmation of receivables
▪ Review of fixed assets additions and disposals
▪ Review of depreciation provisions
▪ Bank reconciliation preparation
▪ Review of loss events
300.122 Supervision involves directing the efforts of assistants who are involved in accomplishing
the objectives of the examination and determining whether those objectives were
accomplished. Elements of supervision include the following activities:
▪ Coordinating staff assignments and ascertaining that staff with appropriate
capabilities is performing the work.
▪ Assigning work to assistants.
▪ Reviewing all fieldwork to conclude that the engagement is satisfactorily completed.
▪ Conducting on the job training.
▪ Resolving significant accounting, auditing and similar matters relative to the
engagement, including necessary consultation thereon.
300.123 The extent of supervision appropriate in a given instance depends on many factors,
including the complexity of the subject matter and the qualifications of persons
performing the work.
300.124 Assistants should be informed of their responsibilities and the objectives of the procedures
that they are to perform. They should be informed of matters that may affect the nature,
extent and timing of procedures they are to perform, such as the nature of the entity’s
business as it relates to their assignments and possible accounting and auditing problems.
300.126 The auditor and assistants should be aware of the procedures to be followed when
differences of opinion concerning accounting and auditing issues exists among firm
personnel involved in the examination. Such procedures should enable an assistant to
document this disagreement with the conclusions reached if, after appropriate
consultation, he believes it necessary to disassociate himself from the resolution of the
matter. In this situation, the basis for the final resolution should be documented.
300.127 Supervision and review are essential parts of managing an engagement. The partner is
ultimately responsible for forming and expressing an opinion on the financial statements
and cannot delegate this responsibility. The manager or other experienced individual is
usually responsible for supervising and monitoring the work done to ensure that it is in
accordance with the audit-testing plan.
300.128 Supervision also entails comparing the completed work with established timetables and
budgets, training and coaching, and identifying differences in professional judgment
among personnel and referring them to the appropriate level for resolution, as well as
directly reviewing the work performed.
300.129 The work done by each member of the audit team is supervised, reviewed, and approved
by another, more experienced member. Queries raised during the review process should
be followed up and resolved before completing the engagement and issuing the audit
opinion.
Refer to Section 600 for more discussion on Direction, Supervision and Review.
400.2 The study and evaluation of client’s internal control system includes the following sub-
topics:
▪ Definition of internal control
▪ Purpose of internal control
▪ Limitations of internal control
▪ Pervasive and specific internal controls
▪ Division of internal control into components
▪ Internal control in smaller entities
▪ Absence of internal controls
▪ Controls to prevent fraud (anti-fraud controls)
▪ Controls relevant to audit
▪ Steps in evaluating internal control
▪ Characteristics of manual and automated elements of internal control
▪ Auditing in an IT environment
▪ Communicating deficiencies in internal control
400.4 The completing the audit engagement includes the following sub-topics:
▪ Performs final analytical procedures;
▪ Reads minutes of recent board and committee meetings;
▪ Inquiry of entity’s legal counsel;
▪ Inquiry of client to identify commitments and contingencies;
▪ Makes final materiality judgments;
▪ Summarizes and evaluates the audit findings;
▪ Reviews the working papers;
▪ Reviews the financial statement presentation and disclosures for adequacy;
Internal Control
400.5 As defined in paragraph 4.c of PSA 315, internal control is the process designed,
implemented and maintained by those charged with governance, management and other
personnel to provide reasonable assurance about the achievement of an entity’s
objectives with regard to reliability of financial reporting, effectiveness and efficiency of
operations, and compliance with applicable laws and regulations.
The term “controls” refers to any aspects of one or more of the components of internal
control.
The way in which internal control is designed, implemented and maintained varies with
an entity’s size and complexity. Smaller entities may use less structured means and
simpler processes and procedures to achieve their objectives.
For example, there may be an error in the design of, or in the change to, a control. Equally,
the operation of a control may not be effective, such as where information produced for
the purposes of internal control (for example, an exception report) is not effectively used
because the individual responsible for reviewing the information does not understand its
purpose or fails to take appropriate action. [PSA315.A42]
400.8 Additionally, controls can be circumvented by the collusion of two or more people or
inappropriate management override of internal control. For example, management may
enter into side agreements with customers that alter the terms and conditions of the
entity’s standard sales contracts, which may result in improper revenue recognition. Also,
400.9 Further, in designing and implementing controls, management may make judgments on
the nature and extent of the controls it chooses to implement, and the nature and extent
of the risks it chooses to assume. [PSA315.A44]
400.10 Smaller entities often have fewer employees which may limit the extent to which
segregation of duties is practicable. However, in a small owner-managed entity, the
owner-manager may be able to exercise more effective oversight than in a larger entity.
This oversight may compensate for the generally more limited opportunities for
segregation of duties. [PSA315.A45]
On the other hand, the owner-manager may be more able to override controls because
the system of internal control is less structured. This is taken into account by the auditor
when identifying the risks of material misstatement due to fraud. [PSA315.A46]
400.12 Pervasive controls address governance and general management and serve to establish
the overall control environment or “tone at the top.” Typical control processes include
human resources, fraud, risk assessment (management override), general IT
management, preparation of financial information (including financial statements and
underlying estimates, etc.), and the ongoing monitoring of operations. In small entities,
these controls will refer primarily to management’s attitudes toward integrity and
control. (IFAC Guide, Vol. II, Fourth Edition, page 112)
400.13 A solid understanding of the pervasive elements of internal control provides an important
foundation for assessing relevant controls over financial reporting at the transactional
(business process) level. For example, if there are poor controls over data integrity, this
will impact the reliability of all information produced by systems such as sales, purchases,
and payroll. (IFAC Guide, Vol. II, Fourth Edition, page 112)
400.14 Transactional (business process) controls are specific processes/controls that are
designed to ensure that:
• Transactions are appropriately recorded for the preparation of financial statements;
• Accounting records are maintained in reasonable detail to accurately and fairly reflect
all the transactions and dispositions of assets;
• Receipts and expenditures are made only in accordance with the authorizations of
management; and
• Unauthorized acquisition, use, or disposition of assets would be prevented or
detected on a timely basis. (IFAC Guide, Vol. II, Fourth Edition, page 112)
The division does not necessarily reflect how an entity designs, implements and maintains
internal control, or how it may classify any particular component. The firm may use
different terminology or frameworks to describe the various aspects of internal control,
and their effect on the audit than those used in this Audit Manual, provided all the
components described in this Audit Manual are addressed. [PSA315.A47]
PSA 315.A65
The control environment includes the governance and management functions and the
attitudes, awareness, and actions of those charged with governance and management
concerning the entity’s internal control and its importance in the entity. The control
environment sets the tone of an organization, influencing the control consciousness of its
people.
400.17 Elements of the control environment that may be relevant when obtaining an
understanding of the control environment include the following:
(a) Communication and enforcement of integrity and ethical values – These are essential
elements that influence the effectiveness of the design, administration and
monitoring of controls.
(b) Commitment to competence – Matters such as management’s consideration of the
competence levels for particular jobs and how those levels translate into requisite
skills and knowledge.
(c) Participation by those charged with governance – Attributes of those charged with
governance such as:
- Their independence from management.
400.18 The control environment within small entities will differ from larger entities, but is just as
important. This is particularly true when the entity does not have the staff or resources
to implement traditional control activities such as segregation of duties. (IFAC Guide, Vol.
I, Fourth Edition, page 44)
400.20 In smaller entities, there will typically be less documentation available to support control
environment controls. Consequently, the attitudes, awareness, and actions of
management (such as owner-managers) will often form the basis for evaluating control
design and implementation. For example, larger entities are likely to provide staff with a
code of conduct that outlines acceptable behaviors and consequences for violating codes
or rules. Smaller entities may communicate similar values and acceptable behaviors
through oral communications and by management example. (IFAC Guide, Vol. I, Fourth
Edition, page 44)
PSA 315.A75
The entity’s risk assessment process forms the basis for how management determines the risks
to be managed.
400.22 The entity’s risk assessment process includes the identification and treatment by
management (and those charged with governance) of business and fraud risks that could
impact on the achievement of financial reporting objectives. (IFAC Guide, Vol. II, Fourth
Edition, page 110)
400.23 If that process is appropriate to the circumstances, including the nature, size and
complexity of the entity, it assists the auditor in identifying risks of material misstatement.
Whether the entity’s risk assessment process is appropriate to the circumstances is a
matter of judgment. [PSA 315.A75]
400.24 In smaller entities where a formal risk assessment process is unlikely to exist, the auditor
would discuss with management how business risks are identified and how they are
addressed. Matters the auditor should consider are how management:
• Identifies risks relevant to financial reporting;
• Estimates the significance of the risks;
• Assesses the likelihood of their occurrence; and
• Decides upon actions to manage them.
(IFAC Guide, Vol. I, Fourth Edition, page 48)
400.25 The auditor is also required to evaluate whether the absence of a documented risk
assessment process is appropriate in the circumstances, or determine whether it
represents a significant deficiency in internal control. (IFAC Guide, Vol. I, Fourth Edition,
page 48)
400.26 If the auditor identifies risks of material misstatement that management failed to identify,
he/she should consider:
• Why did management’s processes fail?
• Are the processes appropriate to the circumstances?
(IFAC Guide, Vol. I, Fourth Edition, page 48)
PSA 315.A77
The information system relevant to financial reporting objectives, which includes the
accounting system, consists of the procedures and records designed and established to:
• Initiate, record, process, and report entity transactions (as well as events and conditions) and
to maintain accountability for the related assets, liabilities, and equity;
• Resolve incorrect processing of transactions, for example, automated suspense files and
procedures followed to clear suspense items out on a timely basis;
• Process and account for system overrides or bypasses to controls;
• Transfer information from transaction processing systems to the general ledger;
• Capture information relevant to financial reporting for events and conditions other than
transactions, such as the depreciation and amortization of assets and changes in the
recoverability of accounts receivables; and
• Ensure information required to be disclosed by the applicable financial reporting framework
is accumulated, recorded, processed, summarized and appropriately reported in the financial
statements.
400.28 An entity’s systems and communication includes identifying the significant classes of
transactions in the entity's operations, the information captured and processed in the
accounting records, (including information obtained from outside of the general and
subsidiary ledgers), the control activities in place over financial reports and financial
statements prepared for management and outsiders, and control activities in place over
the use of technology such as the operation of accounting applications, data storage and
data security. (IFAC Guide, Vol. II, Fourth Edition, page 110)
400.29 An entity’s information system typically includes the use of standard journal entries that
are required on a recurring basis to record transactions. Examples might be journal entries
to record sales, purchases, and cash disbursements in the general ledger, or to record
accounting estimates that are periodically made by management, such as changes in the
estimate of uncollectible accounts receivable. [PSA315.A78]
400.30 An entity’s financial reporting process also includes the use of non-standard journal
entries to record non-recurring, unusual transactions or adjustments. Examples of such
entries include consolidating adjustments and entries for a business combination or
disposal or nonrecurring estimates such as the impairment of an asset. In manual general
ledger systems, non-standard journal entries may be identified through inspection of
ledgers, journals, and supporting documentation. When automated procedures are used
to maintain the general ledger and prepare financial statements, such entries may exist
only in electronic form and may therefore be more easily identified through the use of
computer-assisted audit techniques (CAATs). [PSA315.A79]
400.32 Information systems and related business processes relevant to financial reporting in
small entities are likely to be less sophisticated than in larger entities, but their role is just
as significant. Small entities with active management involvement may not need
extensive descriptions of accounting procedures, sophisticated accounting records, or
written policies. Understanding the entity’s systems and processes may therefore be
easier in an audit of smaller entities, and may be more dependent on inquiry than on
review of documentation. The need to obtain an understanding, however, remains
important. [PSA315.A81]
400.33 Communication by the entity of the financial reporting roles and responsibilities and of
significant matters relating to financial reporting involves providing an understanding of
individual roles and responsibilities pertaining to internal control over financial reporting.
It includes such matters as the extent to which personnel understand how their activities
in the financial reporting information system relate to the work of others and the means
of reporting exceptions to an appropriate higher level within the entity. Communication
may take such forms as policy manuals and financial reporting manuals. Open
communication channels help ensure that exceptions are reported and acted on.
[PSA315.A82]
400.34 Communication may be less structured and easier to achieve in a small entity than in a
larger entity due to fewer levels of responsibility and management’s greater visibility and
availability. [PSA315.A83]
400.35 Smaller entities may have less sophisticated and less thoroughly documented information
and communication systems. If management does not have extensive descriptions of
accounting procedures, sophisticated accounting records, or written policies, the
understanding required by the auditor will be obtained more by inquiry and observation
than by review of documentation. (IFAC Guide, Vol. I, Fourth Edition, page 52)
PSA 315.A84
Control activities are the policies and procedures that help ensure that management directives
are carried out.
400.36 Control activities, whether within IT or manual systems, have various objectives and are
applied at various organizational and functional levels. Examples of specific control
activities include those relating to the following:
▪ Authorization;
▪ Performance reviews;
▪ Information processing;
▪ Physical controls; and
▪ Segregation of duties. [PSA315.A84]
400.38 The auditor’s judgment about whether a control activity is relevant to the audit is
influenced by the risk that the auditor has identified that may give rise to a material
misstatement and whether the auditor thinks it is likely to be appropriate to test the
operating effectiveness of the control in determining the extent of substantive testing.
[PSA315.A86]
400.39 The auditor’s emphasis may be on identifying and obtaining an understanding of control
activities that address the areas where the auditor considers that risks of material
misstatement are likely to be higher. When multiple control activities each achieve the
same objective, it is unnecessary to obtain an understanding of each of the control
activities related to such objective. [PSA315.A87]
400.40 The auditor’s knowledge about the presence or absence of control activities obtained
from the understanding of the other components of internal control assists the auditor in
determining whether it is necessary to devote additional attention to obtaining an
understanding of control activities. [PSA315.A88]
400.41 The concepts underlying control activities in small entities are likely to be similar to those
in larger entities, but the formality with which they operate may vary. Further, small
entities may find that certain types of control activities are not relevant because of
controls applied by management. For example, management’s sole authority for granting
credit to customers and approving significant purchases can provide strong control over
important account balances and transactions, lessening or removing the need for more
detailed control activities. [PSA315.A89]
Control Techniques
400.43 The client’s internal control system utilizes variety and combination of control techniques
to achieve the objective set by management. Many control techniques fit into specific
categories based on similarities of how tests of design and operating effectiveness would
be conducted. Each control technique is grouped into controls categories. These are:
▪ Authorization
▪ Configuration/Account mapping controls
▪ Exception/Edit report
▪ Interface/Conversion controls
▪ Key performance indicator
▪ Management review
▪ Reconciliation
▪ Segregation of duties
▪ System access
Authorization
400.45 System configuration and account mapping includes “switches” that can be set by turning
them on or off to secure data against inappropriate processing, based on the
organization's business rules. If the switch is turned on, the checking can be customized
for the particular organization to be very robust or very permissive. The more specific
definition of each is as follows:
▪ Configurable controls - specific “switches” that can be set by turning them on or off
to secure data against inappropriate processing.
▪ Account mapping - specific “switches” that can be set related to how a transaction is
posted to the general ledger and then to the financial statements.
System configuration and account mapping includes standard (comes with the application
or system) and customized (developed or changed by the client) controls that have been
In addition, the system access, authorization and segregation of duties controls (see the
separate control categories) must be appropriately designed and implemented to support
the controls provided by configuration and account mapping.
Exception/Edit report
400.46 Controls that fall into the exception/edit report category relate to when a report is
generated by an entity to monitor something and followed-up on through to resolution.
In most instances, the reports are focused on exceptions/edits as defined below, however
in some instances it may just be a report. For example, if an aging report is generated by
the system and followed up, the content does not necessarily represent edits or
exceptions, but the control would fall into this category for test of exception and test of
edit considerations.
▪ Exception - a violation of a set standard (e.g. customer sales exceed credit limit;
3-way match does not reconcile)
▪ Edit - a change to a master file (e.g. addition of a new employee; changes in wage
rates)
Interface/Conversion controls
400.48 Data interfaces transfer specifically defined portions of information (data) between two
computer systems, using either manual or automated means or a hybrid of both, and
should ensure accuracy, completeness and integrity of the data being transferred.
400.49 The job of a data interface is to transfer the data securely, once and only once,
completely, accurately, with integrity, and to highlight any exceptions.
400.50 Interfaces can be two-way (back and forth between two systems) or one-way (from one
system to another) and can link new systems to old/Legacy systems or old/Legacy systems
to new systems.
400.51 If the interfaced data originates in an old/Legacy system, it is important to consider the
extent of testing to be done on data quality/integrity controls from the “old” system since
Garbage In = Garbage Out.
400.52 Data conversion is the process of migrating data from a Legacy system (which may have
old, duplicate, inaccurate, incomplete data, which reside in several places within the
system) to a new system.
400.53 To perform this process, the data needs to be cleansed, reviewed and synchronized prior
to conversion (a critical step), then mapped (which may include parsing or other
manipulation), reformatted, translated, consolidated and loaded into the new system
(which may include a time lag or delay during which new data is created). Once the data
has been converted and loaded into the new system, it must be maintained to ensure its
completeness, existence, accuracy and integrity.
400.54 Interfaces require a detailed understanding of the technical and business issues related
to the interfaces.
▪ Business issues include: the business need for the interface, when is the system able
to perform the interface, how often is the interface run, how much data or how many
transactions are processed, impact of interface procedures on normal business
operations, and synchronization of legacy and new systems.
▪ Technical issues include method used to interface (import/export features of the old
and/or new package, custom programs that were developed, intermediate
system/utility (holding place), manual entry of the interfaced data), technical
approach (batch, real time, parallel) and content of what exactly is interfaced (master
file updates, detail/summary transactions, balances).
400.58 For purposes of the audit, when carrying out test of design and test of operating
effectiveness on interfaces, the specific interface that relates to managing a specific risk
should be identified and the focus of test work (versus performing test work on all
interfaces to every system).
400.59 Key performance indicators (“KPIs”) are the financial and non-financial quantitative
measurements that are:
▪ collected by the entity, either continuously or periodically; and
▪ used by management to evaluate the extent of progress toward meeting the entity's
defined objectives.
400.60 The auditor selects only those KPIs that are both relevant to the financial statement
assertions being audited and possess the following qualities:
▪ they are strong and valid;
▪ they are expected to produce reliable results; and
▪ they are at an appropriate level of precision to detect significant misstatement (as
defined by the auditor).
Management review
400.61 Management review is the activity of a person different than the preparer analyzing and
performing oversight of activities performed. In many instances, it will be a manager
reviewing the work of a subordinate. However, it is not limited to this. It may include co-
workers reviewing each others work.
Reconciliation
400.62 A reconciliation is a control designed to check whether two items/computer systems, etc.
are consistent.
400.64 System access is the ability that individual users or groups of users have within a computer
information system processing environment, as determined and defined by access rights
configured in the system. The access rights in the system agree to the access in practice.
PSA 315.A94
Monitoring of controls is a process to assess the effectiveness of internal control performance
over time. It involves assessing the effectiveness of controls on a timely basis and taking
necessary corrective actions. Management accomplishes monitoring of controls through
ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring
activities are often built into the normal recurring activities of an entity and include regular
management and supervisory activities.
400.65 In many entities, internal auditors or personnel performing similar functions contribute
to the monitoring of an entity’s activities. Management’s monitoring activities may also
include using information from communications from external parties such as customer
complaints and regulator comments that may indicate problems or highlight areas in need
of improvement. [PSA315.A95]
400.67 Much of the information used in monitoring may be produced by the entity’s information
system. If management assumes that data used for monitoring are accurate without
having a basis for that assumption, errors that may exist in the information could
potentially lead management to incorrect conclusions from its monitoring activities.
Accordingly, an understanding of:
▪ The sources of the information related to the entity’s monitoring activities; and
▪ The basis upon which management considers the information to be sufficiently
reliable for the purpose, is required as part of the auditor’s understanding of the
entity’s monitoring activities as a component of internal control. [PSA315.A97]
400.69 Internal control in such entities often derives from the control environment
(management’s commitment to ethical values, competence, attitude toward control, and
its day-to-day actions) as opposed to specific controls over transactions. Evaluating the
control environment is quite different from traditional control activities, as it involves an
assessment of the behavior, attitudes, competence, and actions of management. Such
assessments are often documented in a memo or with a questionnaire. (IFAC Guide, Vol.
II, Fourth Edition, page 114)
400.70 The presence of a highly involved owner-manager is often an internal control strength
and a control weakness. The control strength is that the person (assuming his/her
competence) will be knowledgeable about all aspects of operations, and it is highly
unlikely that material misstatements will be missed. The control weakness is the
opportunity provided for that person to override the internal control for his/her own
benefit. (IFAC Guide, Vol. II, Fourth Edition, page 114)
400.72 Where there are not many control activities that can be identified, the auditor would
consider whether:
▪ It is possible to address the relevant assertions by performing further audit
procedures that are primarily substantive procedures; or
▪ The absence of control activities or of other components of control (in rare cases)
makes it impossible to obtain sufficient appropriate audit evidence.
400.73 Other matters that would raise questions as to whether the audit should be conducted
would include:
▪ Concerns about management’s integrity, non-ethical behavior, or a poor attitude
toward internal control. Deficiencies in the control environment tend to undermine
controls that exist in other control components. It also raises the risk of management
misrepresentation and fraud; and
▪ Concerns about the condition and reliability of an entity’s records that make it
unlikely that sufficient appropriate audit evidence will be available to support an
unqualified opinion.
400.76 Controls that address compliance with regulations that are not relevant to the audit
(where noncompliance would not result in a material misstatement in the financial
statements) do not need to be addressed in the audit. (IFAC Guide, Vol. II, Fourth Edition,
page 115)
PSA 315.12
The auditor shall obtain an understanding of internal control relevant to the audit. Although
most controls relevant to the audit are likely to relate to financial reporting, not all controls that
relate to financial reporting are relevant to the audit. It is a matter of the auditor’s professional
judgment whether a control, individually or in combination with others, is relevant to the audit.
400.77 There is a direct relationship between an entity’s objectives and the controls it
implements to provide reasonable assurance about their achievement. The entity’s
objectives, and therefore controls, relate to financial reporting, operations and
compliance; however, not all of these objectives and controls are relevant to the auditor’s
risk assessment. [PSA315.A56]
400.78 Controls that are scoped out of the audit includes those controls:
▪ Do not drive financial reporting (such as operational controls and controls that
address compliance with regulations); and
▪ Even if non-existent, a material misstatement in the financial statements would be
unlikely. (IFAC Guide, Vol. II, Fourth Edition, page 115)
400.79 Controls that would always be relevant to the audit include those that mitigate:
▪ Significant risks - significant risks are identified and assessed risks of material
misstatement that, in the auditor’s judgment, require special audit consideration.
400.81 Controls over the completeness and accuracy of information produced by the entity may
be relevant to the audit if the auditor intends to make use of the information in designing
and performing further procedures. Controls relating to operations and compliance
objectives may also be relevant to an audit if they relate to data the auditor evaluates or
uses in applying audit procedures. [PSA315.A58]
400.82 Internal control over safeguarding of assets against unauthorized acquisition, use, or
disposition may include controls relating to both financial reporting and operations
objectives. The auditor’s consideration of such controls is generally limited to those
relevant to the reliability of financial reporting. [PSA315.A59]
400.83 An entity generally has controls relating to objectives that are not relevant to an audit
and therefore need not be considered. For example, an entity may rely on a sophisticated
system of automated controls to provide efficient and effective operations (such as an
airline’s system of automated controls to maintain flight schedules), but these controls
ordinarily would not be relevant to the audit. Further, although internal control applies
to the entire entity or to any of its operating units or business processes, an
understanding of internal control relating to each of the entity’s operating units and
business processes may not be relevant to the audit. [PSA315.A60]
PSA 315.29
If the auditor has determined that a significant risk exists, the auditor shall obtain an
understanding of the entity’s controls, including control activities, relevant to that risk.
PSA 315.32
The auditor shall include in the audit documentation:
(a) The discussion among the engagement team where required by paragraph 10, and the
significant decisions reached;
(b) Key elements of the understanding obtained regarding each of the aspects of the entity and
its environment specified in paragraph 11 and of each of the internal control components
specified in paragraphs 14–24; the sources of information from which the understanding was
obtained; and the risk assessment procedures performed;
(c) The identified and assessed risks of material misstatement at the financial statement level
and at the assertion level as required by paragraph 25; and
(d) The risks identified, and related controls about which the auditor has obtained an
understanding, as a result of the requirements in paragraphs 27–30.
400.84 The auditor’s approach to understanding internal control should be from the top down.
The first step is to identify the relevant pervasive and transactional risks, and then
determine whether management’s response is appropriate. (IFAC Guide, Vol. II, Fourth
Edition, page 116)
400.85 A solid understanding of entity-level controls provides an important basis for assessing
relevant controls over financial reporting at the transactional (business process) level. For
example, if there are poor controls over data integrity at the entity level, this will impact
the reliability of all information produced by systems such as sales, purchases, and payroll.
(IFAC Guide, Vol. II, Fourth Edition, page 116)
400.86 The top-down and risk-based approach to understanding internal control involves:
▪ Identifying the business processes involved (including accounting) for each significant
account balance;
▪ Determining for each process identified whether a material misstatement in the
financial statements could possibly occur, or whether other factors exist that would
make it relevant; and
▪ Scoping out of the audit those processes and controls that are not relevant.
For example, a biscuit production company may have the following processes that drive
the sales revenue figure:
In this situation, the window sales are unlikely to result in a material misstatement in the
financial statements and may therefore be scoped out of the audit. However, before this
decision is made, it would still be prudent to either:
▪ Inquire about the existence of controls over the window sales to ensure that all such
sales are recorded, and that there is no deliberate breaking of biscuits for sale at
reduced prices to related parties; or
▪ Perform an analytical review of the breakdown of sales to ensure that window sales
have not deviated from the expected 2% of sales. (IFAC Guide, Vol. II, Fourth Edition,
page 116)
See Exhibit 400-1, Checklist for Evaluation of Internal Control Components, for the
related audit form.
400.87 Regardless of whether tests of controls will ultimately be performed to gather audit
evidence, it is still necessary for the auditor on every engagement to evaluate control
design and implementation. This involves a five-step process, which can be summarized
as follows.
1. Obtain and document an understanding of client’s internal control system.
2. Make a preliminary assessment of control risk.
3. Determine the auditor’s response to the risk assessment.
4. Reassess control risk.
5. Determine the nature, extent and timing of substantive tests.
Please refer to Section 100.11 to Section 100.19 for the concepts and principles of studying
and evaluating internal control.
The auditor uses the understanding of internal control to identify types of potential
misstatements, consider factors that affect the risks of material misstatement, and design
the nature, timing, and extent of further audit procedures.
400.90 In obtaining an understanding of internal controls, the auditor may use the following
procedures:
▪ Inquiries of appropriate company personnel;
▪ Inspection documents and records;
▪ Observation of the company's activities and operations; and
▪ Performing walk-through.
Inquiry alone will not usually provide sufficient appropriate evidence to support a
conclusion about the effectiveness of design of a control. The auditor also considers the
evidence obtained from previous experience with the client.
400.91 The auditor should identify the significant and other risk factors that are present and
determine whether related controls are present to mitigate those risk factors. The auditor
should identify:
1. What can go wrong?
2. Sources of risk
3. Mitigating controls
400.92 When a listing of risk factors by business process has been prepared, it would be useful
(but not required) to:
▪ Eliminate any risk factor that would be unlikely to result in a material misstatement
even if it was not mitigated at all. Controls that address such risks would not be
relevant to the audit;
▪ Customize the wording of the risk factors to make it relevant for the particular entity;
▪ Ensure that all relevant assertions have been addressed; and
▪ Consider whether there are any additional pervasive risks (financial statement-level)
and transactional risks (assertion level) that could result in a material misstatement if
not mitigated. (IFAC Guide, Vol. II, Fourth Edition, page 122)
400.93 Evaluating whether a control has been designed properly by management involves an
assessment of whether the controls identified (individually or in combination with other
controls) will actually mitigate the risk factor. This involves considering whether the
control(s) is capable of effectively:
▪ Preventing material misstatements from occurring in the first place; or
▪ Detecting and correcting material misstatements after they have occurred. (IFAC
Guide, Vol. II, Fourth Edition, page 123)
400.94 Implementation of controls provides evidence about whether a control was actually in
operation at a particular point in time. It does not address operating effectiveness
400.95 Only when it has been established that the internal control relevant to the audit has been
properly designed and implemented is it worth considering:
▪ What tests of the operating effectiveness of controls (if any) will reduce the need for
other substantive testing; and
▪ What controls require testing because there is no other way of obtaining sufficient
appropriate audit evidence. (IFAC Guide, Vol. II, Fourth Edition, page 129)
400.96 In documenting the understanding of internal controls, the auditor should consider the
following:
▪ How significant transactions are initiated, authorized, recorded, processed, and
reported;
▪ The flow of transactions in sufficient detail to identify the points at which material
misstatements caused by error or fraud could occur; and
▪ Internal controls over the period-end financial reporting process, including significant
accounting estimates and disclosures. (IFAC Guide, Vol. II, Fourth Edition, page 131)
400.97 The most common forms of documentation prepared by management or the auditor are:
▪ Narrative descriptions or memoranda;
▪ Flow charts;
▪ A combination of flow charts and narrative descriptions; and
▪ Questionnaires and checklists. (IFAC Guide, Vol. II, Fourth Edition, page 131)
400.98 The nature and extent of the documentation required is a matter of professional
judgment. Factors to consider include:
▪ The nature, size, and complexity of the entity and its internal control;
▪ Availability of information from the entity; and
▪ Audit methodology and technology used in the course of the audit. (IFAC Guide, Vol.
II, Fourth Edition, page 131)
400.99 The extent of documentation may also reflect the experience and capabilities of the audit
team. An audit undertaken by a less experienced team may require more detailed
documentation to assist them in obtaining an appropriate understanding of the entity
than a team composed of more experienced individuals.
400.101 The auditor ordinarily assesses control risk at a HIGH level or MAXIMUM level for some
or all assertions when:
▪ the entity's accounting and internal control systems are not effective; or
▪ evaluating the effectiveness of the entity's accounting and internal control systems
would not be efficient.
400.102 The auditor ordinarily assesses control risk at a LESS THAN HIGH level or BELOW
MAXIMUM level for some or all assertions when:
▪ Is able to identify internal controls relevant to the assertion which are likely to
prevent or detect and correct a material misstatement; and
▪ Plans to perform tests of control to support the assessment.
400.103 In order to reduce audit risk to an acceptably low level, the auditor should determine
overall responses to assessed risks at the financial statement level, should design and
perform further audit procedures to respond to assessed risk at the assertion level. Such
responses include:
1. Control Risk is HIGH / MAXIMUM LEVEL- the auditor relies on substantive testing. This
is called substantive approach or no-reliance approach.
2. Control Risk is LESS THAN HIGH/BELOW MAXMIMUM LEVEL – the auditor performs
test of control. This is called reliance or systems-based approach.
400.104 If the auditor assesses control risk at less than high or below maximum, the auditor
should:
1. Identify key controls the auditor plans to rely
2. Test the operating effectiveness of the controls.
400.105 The objectives in performing tests of controls are to assist the auditor in determining
whether or not, for the period of reliance, it is likely that the control being tested:
▪ Operated as the auditor understood that it would operate.
▪ Was applied throughout the period of reliance.
▪ Was performed on a timely basis.
▪ Encompassed all applicable transactions.
Using one technique may not, by itself, provide sufficient appropriate audit evidence as:
▪ an observation provides audit evidence about the operation of a control only at the
time it is observed;
▪ individuals being interviewed may provide the answers they think we want to hear;
▪ inspecting written evidence of operation, such as initials on documents, does not
necessarily mean a control was performed.
400.107 In a continuing engagement, the auditor will be aware of the controls through work
carried out previously. It may be necessary to test different controls at different occasions
throughout the period under review.
400.108 If substantially different controls were in use at different times during the period, the
auditor considers each separately. A breakdown in controls for a specific portion of the
period requires separate consideration of the nature, extent and timing of audit
procedures.
400.109 In designing the work program for control testing, the auditor incorporates in the test
procedures, the following:
▪ nature of the testing
▪ extent of the testing.
▪ timing of the testing
The following should be considered when determining the nature of test work to
perform:
▪ errors detected by the control;
▪ actions taken relating to errors found; and
▪ whether the level of errors /exceptions / reconciling items is reasonable or high.
The auditor remains alert for inconsistencies between responses and actions.
The auditor should consider whether the internal controls were in use throughout the
period. The auditor considers whether relevant aspects of the business control
environment and the controls were in use throughout the period. The auditor usually
400.110 Based on the results of the tests of control, the auditor evaluate whether the controls are
designed and operating as contemplated in the preliminary assessment of the risk of
significant misstatement for related audit objectives.
400.111 For each of the controls tested, the auditor documents in the working papers:
▪ the nature, timing and extent of the tests of control;
▪ the auditor’s findings.
400.112 If the findings support the preliminary assessments of the risk of significant misstatement,
the auditor proceeds with the substantive procedures as planned. The auditor can only
support an assessment of the risk of significant misstatement below the maximum level
if the auditor has obtained audit evidence about the effectiveness of both the design and
operation of a control.
400.113 If the auditor identifies conditions that suggest controls may not be operating effectively,
the auditor investigates the nature and cause of the conditions. The auditor also considers
whether other controls may provide the evidence required.
400.115 As tests of control tend to include observation and inquiry techniques, the auditor’s
working papers may include minutes of meetings which include:
▪ the date of the meeting
▪ the names of the meeting participants
▪ the matters discussed
▪ significant matters raised
▪ a description of the follow-up procedures
▪ a summary of audit findings.
400.116 The auditor may ask a member of the entity who was present at the meeting to sign a
copy of minutes where the matters raised are significant to the audit.
400.117 Note however that in small entities, majority of the approach is substantive or no-reliance
approach since it is expected that they may not have comprehensive controls as
compared to large entities.
See Exhibit 400-2 Sample Test of Control for the related audit form.
400.118 Based on the results of the tests of control, the auditor should evaluate whether the
internal controls are designed and operating as contemplated in the preliminary
assessment of control risk. The evaluation of deviations may result in the auditor
concluding that the assessed level of control risk needs to be revised. In such cases, the
auditor would modify the nature, timing and extent of planned substantive procedures.
400.119 Irrespective of the assessed risk of material misstatement, the auditor should design and
perform substantive procedures for each material class of transactions, account balance
and disclosures. The auditor should determine the nature, extent and timing of
substantive testing by combining the assess inherent and control risk (i.e., risk of material
misstatement).
RISK OF MATERIAL MISSTATEMENT
SUBSTANTIVE HIGH OR MAXIMUM LESS THAN HIGH OR BELOW
PROCEDURE MAXIMUM
Nature More effective Less Effective
Timing Year-end or closer to year-end Interim
Extent More extensive Less extensive
Please refer to the substantive testing section for a more detailed discussion.
400.120 An entity’s system of internal control contains manual elements and often contains
automated elements. The characteristics of manual or automated elements are relevant
to the auditor’s risk assessment and further audit procedures based thereon.
[PSA315.A49]
400.121 The use of manual or automated elements in internal control also affects the manner in
which transactions are initiated, recorded, processed, and reported:
▪ Controls in a manual system may include such procedures as approvals and reviews
of transactions, and reconciliations and follow-up of reconciling items. Alternatively,
an entity may use automated procedures to initiate, record, process, and report
transactions, in which case records in electronic format replace paper documents.
▪ Controls in IT systems consist of a combination of automated controls (for example,
controls embedded in computer programs) and manual controls. Further, manual
400.123 IT also poses specific risks to an entity’s internal control, including, for example:
▪ Reliance on systems or programs that are inaccurately processing data, processing
inaccurate data, or both.
▪ Unauthorized access to data that may result in destruction of data or improper
changes to data, including the recording of unauthorized or non-existent
transactions, or inaccurate recording of transactions. Particular risks may arise where
multiple users access a common database.
▪ The possibility of IT personnel gaining access privileges beyond those necessary to
perform their assigned duties thereby breaking down segregation of duties.
▪ Unauthorized changes to data in master files.
▪ Unauthorized changes to systems or programs.
▪ Failure to make necessary changes to systems or programs.
▪ Inappropriate manual intervention.
▪ Potential loss of data or inability to access data as required. [PSA315.A52]
400.124 Manual elements in internal control may be more suitable where judgment and discretion
are required such as for the following circumstances:
▪ Large, unusual or non-recurring transactions.
▪ Circumstances where errors are difficult to define, anticipate or predict.
▪ In changing circumstances that require a control response outside the scope of an
existing automated control.
400.125 Manual elements in internal control may be less reliable than automated elements
because they can be more easily bypassed, ignored, or overridden and they are also more
prone to simple errors and mistakes. Consistency of application of a manual control
element cannot therefore be assumed. Manual control elements may be less suitable for
the following circumstances:
▪ High volume or recurring transactions, or in situations where errors that can be
anticipated or predicted can be prevented, or detected and corrected, by control
parameters that are automated.
▪ Control activities where the specific ways to perform the control can be adequately
designed and automated. [PSA315.A54]
400.126 The extent and nature of the risks to internal control vary depending on the nature and
characteristics of the entity’s information system. The entity responds to the risks arising
from the use of IT or from use of manual elements in internal control by establishing
effective controls in light of the characteristics of the entity’s information system.
[PSA315.A55]
400.127 The use of IT affects the way that control activities are implemented. From the auditor’s
perspective, controls over IT systems are effective when they maintain the integrity of
information and the security of the data such systems process, and include effective
general IT-controls and application controls. [PSA315.A91]
400.128 General IT-controls are policies and procedures that relate to many applications and
support the effective functioning of application controls. They apply to mainframe, mini-
frame, and end-user environments. General IT-controls that maintain the integrity of
information and security of data commonly include controls over the following:
▪ Data center and network operations.
▪ System software acquisition, change and maintenance.
▪ Program change.
▪ Access security.
▪ Application system acquisition, development, and maintenance. [PSA315.A92]
400.129 Application controls are manual or automated procedures that typically operate at a
business process level and apply to the processing of individual applications. Application
controls can be preventive or detective in nature and are designed to ensure the integrity
of the accounting records. Accordingly, application controls relate to procedures used to
initiate, record, process and report transactions or other financial data. These controls
help ensure that transactions occurred, are authorized, and are completely and
accurately recorded and processed. Examples include edit checks of input data, and
numerical sequence checks with manual follow-up of exception reports or correction at
the point of data entry. [PSA315.A93]
400.132 The risk that computer information systems may not be reliable may increase when:
▪ the entity has developed its own computer information system (rather than
purchasing standard package computer information systems);
▪ management has manipulated business data using spreadsheets and databases
before using the information for control purposes.
400.133 The auditor may obtain an understanding of the reliability of computer information
systems by performing various tasks, for example:
▪ passing data through a copy of the computer information system in a test
environment;
▪ considering the testing undertaken by management before the system was
implemented;
▪ inquiring about problems, if any, encountered by the users;
▪ reviewing the computer programs;
▪ reviewing system design documentation to verify that the control was properly
designed and considering the process for systems development.
400.134 The effectiveness of application controls is greatly affected by the effectiveness of general
controls. Accordingly, it may be more efficient to review the design of the general
controls before reviewing the application controls.
400.135 Application controls which the auditor may wish to test include manual controls exercised
by the user, controls over system output, and programmed control procedure.
400.136 The auditor’s tests of controls vary depending on whether audit evidence generated by
the computer is
▪ External to the computer, and therefore directly observable
o Procedures involved are usually inquiries, observation and inspection of
documents
o Auditing around the computer technique is applied
▪ Internal to the computer, and therefore not directly observable
400.139 Before using CAATs in auditing through the computer, the following are the factors
considered:
▪ Degree of technical competence in IT
▪ Availability of CAATs and appropriate computer facilities
▪ Impracticability of manual tests
▪ Effectiveness and efficiency
▪ Timing of tests
PSA 265.6
For purposes of the PSAs, the following terms have the meanings attributed below:
(a) Deficiency in internal control — This exists when:
(i) A control is designed, implemented or operated in such a way that it is unable to
prevent, or detect and correct, misstatements in the financial statements on a timely
basis; or
(ii) A control necessary to prevent, or detect and correct, misstatements in the financial
statements on a timely basis is missing.
(b) Significant deficiency in internal control — A deficiency or combination of deficiencies in
internal control that, in the auditor’s professional judgment, is of sufficient importance to merit
the attention of those charged with governance. (Ref: Para. A5)
400.140 During the course of the audit, deficiencies in internal control may be identified. This may
occur as a result of understanding and evaluating internal, in making risk assessments,
performing audit procedures, or from other observations made at any stage of the audit
process. (IFAC Guide, Vol. II, Fourth Edition, page 144)
400.142 If the auditor has identified one or more deficiencies in internal control, the auditor shall
determine, on the basis of the audit work performed, whether, individually or in
combination, they constitute significant deficiencies. [PSA265.8]
400.143 The auditor shall communicate in writing significant deficiencies in internal control
identified during the audit to those charged with governance on a timely basis. [PSA265.9]
400.145 The auditor shall include in the written communication of significant deficiencies in
internal control:
(a) A description of the deficiencies and an explanation of their potential effects; and
(b) Sufficient information to enable those charged with governance and management to
understand the context of the communication. In particular, the auditor shall explain
that:
i. The purpose of the audit was for the auditor to express an opinion on the financial
statements;
ii. The audit included consideration of internal control relevant to the preparation
of the financial statements in order to design audit procedures that are
appropriate in the circumstances, but not for the purpose of expressing an
opinion on the effectiveness of internal control; and
iii. The matters being reported are limited to those deficiencies that the auditor has
identified during the audit and that the auditor has concluded are of sufficient.
[PSA265.11]
400.146 The auditor may use Management Letter in communicating deficiencies in internal
control. Contents may include the following:
See Exhibit 400-10 Sample Management Letter for the related audit form.
400.147 The auditor should consider whether the entity or the auditor will opt to communicate
key audit matters under PSA 701 Key Audit Matters. Matters communicated to those
charged with governance, especially those significant deficiencies, can be considered a
key audit matter (KAM). Note, however, that KAM is required only for listed entities and
voluntary for non-listed entities.
Substantive Testing
PSA 330.18
Irrespective of the assessed risks of material misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance and disclosure.
400.148 Substantive test procedures are audit procedures designed to obtain direct evidence as
to the completeness, accuracy, and validity of data and as to the reasonableness of the
estimates and other information contained in the financial statements. Substantive
procedures include inquiry, observation, inspection, confirmation, re-performance tests,
analyses of many types, and analytical reviews.
400.149 The nature, timing, and extent of substantive test procedures are responsive to the
auditor’s risk assessments for each of the relevant sources of information affecting a
significant account.
400.150 The auditor selects the substantive test procedures that, in the auditor’s judgment and
based on the auditor’s risk assessments, are required by the specific circumstances.
400.152 Analytical procedures are the analysis of plausible relationships among both financial and
non-financial information. They include the investigation of fluctuations and relationships
that are inconsistent with the auditor’s expectations.
400.153 Relationships may exist among different types of financial information or between
financial and non-financial information. For example, the auditor may develop an
expectation about an entity's gross profit based on its product revenue. The auditor may
develop an expectation about an entity's revenue based on the auditor’s understanding
of industry trends and market research reports.
400.154 When analytical procedures are used in substantive testing, the auditor identifies
differences by comparing the expected amount with the actual amount. The auditor
considers the nature and cause of identified differences. Differences exist because the
amount being audited:
▪ may contain a misstatement
▪ may not contain a misstatement but the auditor’s prediction may be imprecise.
400.155 When considering the nature and cause of differences, the auditor takes into account the
methods used and the planned precision.
400.156 The auditor develops expectations with the aim of identifying a significant misstatement.
The auditor recognizes that a significant misstatement has both qualitative and
quantitative aspects. When developing expectations the auditor uses the consideration
of planned audit precision as a guide for the quantitative aspects.
400.157 When analytical procedures identify significant fluctuations or relationships that are
inconsistent with other relevant information or that deviate from predicted amounts, the
auditor should investigate and obtain adequate explanations and appropriate
corroborative evidence.
400.158 The auditor seeks explanations from management and corroborate significant matters. If
there are no reasonable explanations, the auditor reconsiders the data and assumptions
used to calculate the prediction and the consequent range of acceptable values. The
auditor may perform a computation again to see if the difference is acceptable. The
auditor evaluates the impact of the deviation with respect to the planned audit precision.
400.159 The auditor develops an expectation with a precision in mind. Precision is a measure of
how close the auditor’s expectation will be to the actual amount. The required precision
400.160 For example, the auditor may perform an analytical procedure in response to a high risk
of significant misstatement for a related audit objective. The auditor therefore develops
a relatively precise expectation.
Forming expectations
400.162 Expectations are the auditor’s prediction of amounts based on relationships among both
financial and non-financial information. For example, the auditor may predict the level of
revenue based on a plausible relationship between store square footage and retail
revenue.
400.164 The auditor considers the most appropriate method to perform based on the precision
required.
Trend analysis
400.165 The auditor obtains information to identify and understand trends. This may include:
▪ financial information
▪ changes in the general business environment and specific industry characteristics.
400.166 For example, the auditor may identify that an entity is operating in a stable business
environment. The auditor may determine that current period revenue is likely to follow
400.167 Trend analysis is the analysis of a change in financial or non-financial information over
time.
400.168 A simple trend analysis may compare last period's account balance to the current period's
account balance. A more precise trend analysis may encompass multiple accounting
periods and disaggregated data.
400.169 Trend analysis is appropriate when the relationship is predictable and stable. It is
important to understand the reasons why the auditor believes a trend to be stable and
therefore predictable, based upon the relationship of the variable in question to an
underlying aspect of the entity's business. For example, the relationship between
previous period and current period revenue may be predictable in a stable environment.
400.170 It may be possible that financial information may appear related when in reality no
relationship exists. For example, there may be no reason to expect expenditure for legal
fees in one period to be indicative of expenditure for the next period.
400.171 Trend analysis is less effective when the entity has experienced significant operating
changes or when the base data is highly aggregated. For example, trend analysis by
component, product or location, and monthly or quarterly rather than annually may be
more precise than an analysis of consolidated operating units.
Ratio analysis
400.173 Ratio analysis is appropriate when relationships are predictable and stable. Ratio analysis
is often more effective than trend analysis as the auditor analyzes relationships between
different types of information.
400.175 Trend and ratio analyses assume stable relationships. Reasonableness testing differs, as
the auditor uses identified plausible relationships to develop an explicit prediction of an
amount.
400.176 Reasonableness testing may build upon the relationship among financial and non-
financial information established by trend and ratio analyses.
400.177 The models used in reasonableness testing range from simple mathematical formulae to
complex regression techniques.
400.178 The auditor identifies the variables that are used to develop expectations. These variables
include:
▪ key performance indicators
▪ non-financial information
▪ financial information
▪ changes in the entity's general business environment and specific industry
characteristics.
400.179 For example, the auditor identifies a key performance indicator measuring the number of
units an entity's stores sell. The auditor also identifies the unit price by product line and
differing price structures used for different products. The auditor also considers industry
trends and the demand for the entity's products. The auditor performs a reasonableness
test for revenue by considering these factors.
Precision required
400.180 Usually, trend analysis provides the least precision and reasonableness testing provides
the highest precision. This is because when developing the auditor’s prediction using
ratio or trend analysis methods, the auditor assumes, to some extent, that appropriate
relationships are stable. With reasonableness testing the auditor incorporates more data
to lessen the reliance on assumed stable relationships.
400.183 Tests of details are usually applied on certain significant account balance or transactions
where the team has not identified by applying test of controls related to the transactions
giving rise to the account balance that the account balance is properly stated. It is also
applied on such significant accounts which are not tested through analytical or other test
procedures.
400.185 Tests of details are the application of one or more of the following techniques to
individual items or transactions that make up an account balance or class of transactions:
▪ Inspection;
▪ Observation;
▪ Inquiry;
▪ Confirmation;
▪ Re-computation.
400.187 When defining the population, the auditor considers the following statements:
▪ The auditor cannot conclude on the completeness of a population based on the audit
evidence obtained by examining items drawn from that population, because omitted
items have no chance of selection.
400.188 The auditor defines what constitutes a difference requiring investigation and follow-up.
400.189 The auditor judges whether to select the entire population, specific items or to apply audit
sampling. If the auditor chooses specific items or a sample, the auditor accepts some
uncertainty in the audit evidence obtained because:
▪ what was obtained was persuasive rather than conclusive audit evidence;
▪ even if individual items were audited, there may still remain some uncertainty;
▪ the cost of examining items, especially routine transactions, is usually not cost
beneficial.
400.190 The following general factors may affect the choice between selecting specific items and
audit sampling:
▪ Selecting specific items is likely to be more effective when:
- the auditor assesses the risk of significant misstatement as low and the auditor
already have audit evidence from analytical procedures for the population. The
auditor therefore requires relatively little audit evidence from the test of details.
- the population contains a small number of individually significant items.
Therefore, testing a relatively small number of specific items efficiently addresses
a relatively high proportion of the audit risk.
- the population mainly contains non-routine transactions or accounting estimates.
Therefore, the population is unlikely to consist of similar items that could be
sampled.
▪ Audit sampling is likely to be more effective when:
400.191 Based on the results of the tests of account balance or details, the auditor evaluates
whether the accounts are properly stated. In cases of exceptions noted in the substantive
test, the auditor determines whether the misstatement may be material or significant for
these to be adjusted in the financial statements under audit.
400.192 For each account balance tested, the auditor documents in the working papers:
▪ the nature, timing and extent of the substantive tests done;
▪ audit findings and conclusion specifically related to the objectives set at the work
programs.
Accounting Estimates
PSA 540.7(a)
An approximation of a monetary amount in the absence of a precise means of measurement.
This term is used for an amount measured at fair value where there is estimation uncertainty,
as well as for other amounts that require estimation.
Please refer to Section 200.20 to Section 200.30 for the concepts and principles of accounting
estimate.
400.194 The auditor should obtain sufficient appropriate audit evidence as to whether an
accounting estimate is:
▪ reasonable in the circumstances
▪ properly accounted for and
▪ when required, is appropriately disclosed.
400.196 The auditor should adopt one or a combination of the following approaches in the audit
of an accounting estimate:
▪ review and test the process used by management to develop the estimate;
▪ use an independent estimate for comparison with that prepared by management; or
▪ review subsequent events which confirm the estimate made
400.198 The auditor may compare accounting estimates made for a prior period with actual
results of that period to:
▪ obtain audit evidence about the past reliability of management's accounting
estimates;
▪ consider the entity's accounting for the differences between the result and the earlier
accounting estimates.
See Exhibit 400 – 3 for Audit Work Program for Accounting Estimates for the related
audit form.
The above procedures require the exercise of considerable professional judgment and
thus are generally performed by the more senior members of the engagement team.
400.200 The auditor should perform final analytical procedure to determine the reasonableness
of the amounts presented in the financial statement.
400.201 If the analytical procedures provide evidence of items that were not previously identified,
it is necessary to perform additional procedures.
400.202 The auditor should read minutes of board and committee meetings up to the date of the
report to determine matters that may require disclosure or recording of a provision.
400.203 The auditor usually sends letters of audit inquiry to client’s legal counsel or attorneys who
provided services to the client on significant exposure items during the year. Based on
the reply of the legal counsel or attorneys, the auditor determines if there are matters of
significant financial statement implications that need to be adjusted or disclosed before
finalizing the audit report on the financial statements.
400.204 Inquire of the client as to the existence of commitments and contingencies. For example,
the auditor discusses, among others, the following items:
400.205 Evaluate whether the contingent losses are given appropriate accounting treatment and
are disclosed when required by financial reporting standards;
See Exhibit 400-4, Provisions, Contingencies and Commitments Audit Program for the
related audit form.
400.206 The auditor should determine the final materiality (i.e., tolerable materiality). The final
materiality judgment will be used in evaluating the audit findings.
400.207 Tolerable misstatement is used in sampling tests of details to address the risk that the
aggregate of individually immaterial misstatements may cause the financial statements
to be materially misstated, and to provide a margin for possible undetected
misstatements. Tolerable misstatement is the application of performance materiality to
a particular sampling procedure. Tolerable misstatement may be the same amount as or
an amount lower than performance materiality.
400.208 Tolerable rate of deviation is used for tests of controls where the auditor sets a rate of
deviation from prescribed internal control procedures to obtain an appropriate level of
assurance. The auditor seeks to obtain an appropriate level of assurance that the set rate
of deviation is not exceeded by the actual rate of deviation in the population.
400.209 The significant issues identified during the audit, the decisions made to address these
issues and audit conclusions are brought together in one document.
400.210 In particular, this document includes as a minimum, the identification of, and approach
to, critical audit objectives. It also includes a discussion of important and unusual
accounting, auditing and reporting matters. The document includes a description of, or
reference to other working papers that describe the:
▪ issue and the potential audit implications
▪ approach we plan to take to address the issue
▪ findings and disposition
400.211 Preparation of this document is best begun when the auditor first identifies a significant
issue. At the conclusion of the audit, the audit team has to ensure that the issues included
in this document are all resolved properly before the engagement partner signs the audit
report. The engagement partner, manager and concurring reviewer, if any, need to sign
and date this document to confirm that all issues were resolved, or if not in certain
instances, appropriate audit report is issued.
See Exhibit 400-5 Audit Issues and Resolution Worksheet for the related audit form.
Audit Differences
400.212 In completing the auditor’s procedures relating to individual audit objectives, the auditor
may identify audit differences. Audit differences are audit findings for which the auditor
does not agree with the amount, classification, presentation or disclosure of items or
totals in the financial statements, including related notes.
400.213 Such findings represent a misstatement of the financial statements and can be caused by
error or fraud. The primary factor that distinguishes fraud from error is whether the
underlying cause (action that results in the misstatement) is intentional or unintentional.
400.218 The auditor discusses audit differences coming to the auditor’s attention with
management during the audit, and evaluate their nature and cause. The auditor expects
management to investigate identified errors to determine appropriate adjustments.
400.219 If the auditor is not satisfied with management's investigation or its result, the auditor
considers the precision of the audit estimate of most likely error. The auditor continues
an investigation of the audit difference and performs additional audit procedures as
described in the next section.
400.220 Audit differences from prior periods that the client did not adjust may affect current
period's earnings or opening net assets. Such audit differences can usually be described
as those that reverse in the current period and those that accumulate in the balance
sheet.
400.221 Reversing audit differences are those that reverse in the current period with an equal and
opposite effect on the profit or loss to that in the prior period, such as a cut-off error in
recording a sale. Reversing audit differences are sometimes described as those that
reverse during the normal course of operations without any direct interaction by
management.
400.222 Prior period unadjusted audit differences that do not reverse in the current period usually
result from the use of estimates. When a prior period unadjusted audit difference
reverses in the current period, its effect is considered when evaluating the effect of
current period audit differences on the profit or loss portion of the statement of
comprehensive income.
400.223 Accumulating audit differences are those that tend to increase an error in the balance
sheet such as the recording of depreciation on property, plant and equipment over
estimated lives that the auditor believes to be too long or too short, or the consistent
over-accrual(or under-accrual) of warranty expense by amounts that tend to increase the
over-accrual (or under-accrual) of the warranty obligation.
400.225 There are circumstances where unadjusted audit differences from prior periods may
affect the current period financial statements but do not easily fall into one of the above
general categories. For example:
▪ those made consistently each period that tend to have, more or less, a constant effect
on the balance sheet and little or no effect on profit or loss, such as a consistent
overstatement of the allowance for doubtful accounts by the same amount;
▪ those that may add a new error in the current period's profit or loss and balance
sheet, such as the overstatement of an allowance for inventory obsolescence in the
prior period and the understatement in the current period.
400.226 Qualitatively and quantitatively immaterial audit differences that have accumulated in
the balance sheet (e.g., those related to warranty obligations or allowances for loan
losses, and similar accounts) may become material to a current period's equity or income.
400.227 When evaluating the effect of such audit differences on equity, the auditor compares the
total difference to equity at the end of the current period. When evaluating the effect of
immaterial balance sheet audit differences on income, the auditor considers the net
difference, that is, the auditor considers the effect of prior period audit differences. Such
practice, if used, is consistently applied.
400.228 If the effect on equity is immaterial and current and prior period audit differences are
netted in reaching a conclusion that the income statement effect is immaterial, the
summary of unadjusted audit differences reflects both the current and prior period
effects.
400.229 The auditor encourages management to record audit differences in the current period. If
that is not practicable, the auditor encourages them to record non-reversing audit
differences in the first period following the current balance sheet date. Amortizing the
adjustments over several periods usually is not appropriate.
400.230 The auditor specifies one or more amounts below which the auditor considers
misstatements, if they exist, to be insignificant. Misstatements the auditor detects below
these amounts are not compiled. However, the auditor considers their qualitative
aspects.
400.233 To summarize the audit differences noted during the audit, the auditor uses the
Unadjusted Differences Summary worksheet.
See Exhibit 400-6 Unadjusted Differences Worksheet for the related audit form.
400.234 The auditor discusses audit differences with management noted during the audit and
evaluates their nature and cause. The auditor also evaluates audit differences to
determine whether they are material, individually or in the aggregate, consider whether
audit differences are indicative of fraud or an illegal act, and reconsider the risk of
significant misstatement.
400.235 The auditor usually expects management to record audit differences determined to be
individually material and to correct the financial statements for other audit differences
considered material in the aggregate.
400.236 If management refuses to adjust the financial statements and the results of extended
audit procedures do not enable the auditor to conclude that the aggregate of uncorrected
misstatements is not material, the auditor should consider the appropriate modification
to the auditor’s report in accordance with PSA 700.
400.237 The auditor encourages management to correct audit differences not determined to be
quantitatively or qualitatively material individually, or in the aggregate, in the current
period. The auditor would not object, however, if management decides to correct them
or allow them to self-correct (i.e., items that reverse) in a subsequent period. In some
cases, an entity may elect to correct some but not all of the immaterial audit differences
in the current or subsequent period.
400.238 The auditor should apply analytical procedures at or near the end of the audit when
forming an overall conclusion as to whether the financial statements as a whole are
consistent with knowledge of the business.
400.239 After effecting all the adjustments to the financial statements, the auditor performs final
analytical procedures to determine internal consistency of the amounts presented and
whether the figures make sense in relation to the understanding of the company’s
business and level of operation.
400.240 The results of final analytical procedures may lead the auditor to recommend changes in
presentation or disclosure, make additional inquiries, perform other procedures or
modify the opinion.
400.241 Working paper review during the completion phase of the audits involves a review by the
manager or partner whether the conclusions reached is consistent with the opinion to be
issued.
400.242 The auditor should check the appropriateness of financial presentation and review of
adequacy of disclosures using the disclosure checklist that lists all specific disclosures
required by PFRS and the SEC, if appropriate. Please refer to the website of FRSC and SEC
for the most recent pronouncements.
400.243 It is an integral part of management’s responsibility for the fair presentation of the
financial statements in conformity with financial reporting standards. As such,
management has to make appropriate decisions regarding presentation and disclosure to
ensure that:
▪ the financial statements are prepared in accordance with acceptable accounting
policies consistently applied, or, if changed, the changes in accounting are presented
appropriately;
▪ appropriate information is disclosed, classified and described in accordance with
acceptable accounting policies and, if applicable, legal requirements.
400.244 It is the auditor’s responsibility to review and determine the propriety of the financial
statements presentation and adequacy of disclosures vis-a-vis the applicable financial
reporting and legal framework.
400.245 If on reading the other information, the auditor identifies a material inconsistency, the
auditor should determine whether the audited financial statements or the other
information needs to be amended.
400.246 If an amendment is necessary in the audited financial statements and the entity refuses
to make the amendment the auditor should express a qualified or adverse opinion. If an
amendment is necessary in the other information and the entity refuses to make the
amendment, the auditor should consider including in the report an emphasis of matter
paragraph describing the material inconsistency or taking other actions.
400.247 In certain instances, client’s management requests the auditor’s assistance in drafting the
financial statements and disclosures or notes to the financial statements. While so, the
auditor should ask management to sign the final draft of the financial statements and
disclosures to document their agreement and responsibility over it.
See Exhibit 400-7 Other Information Issued with Audited FS for the related audit form.
PSA 570.2
Under the going concern assumption, an entity is viewed as continuing in business for the
foreseeable future. General purpose financial statements are prepared on a going concern basis,
unless management either intends to liquidate the entity or to cease operations, or has no
realistic alternative but to do so. Special purpose financial statements may or may not be
prepared in accordance with a financial reporting framework for which the going concern basis
is relevant (e.g., the going concern basis is not relevant for some financial statements prepared
on a tax basis in particular jurisdictions). When the use of the going concern assumption is
appropriate, assets and liabilities are recorded on the basis that the entity will be able to realize
its assets and discharge its liabilities in the normal course of business.
400.248 The auditor considers audit evidence obtained throughout the engagement concerning
the entity’s ability to continue as a going concern for a reasonable period of time following
the balance sheet date.
400.249 When planning and performing audit procedures and in evaluating the results thereof,
the auditor should consider the appropriateness of the going concern assumption
underlying the preparation of the financial statements.
400.250 An entity's continuance as a going concern for the foreseeable future, generally a period
not to exceed one year after period end, is assumed in the preparation of financial
statements in the absence of information to the contrary.
400.251 Accordingly, assets and liabilities are recorded on the basis that the entity will be able to
realize its assets and discharge its liabilities in the normal course of business. If this
assumption is unjustified, the entity may not be able to realize its assets at the recorded
amounts and there may be changes in the amounts and maturity dates of liabilities. As a
consequence, the amounts and classification of assets and liabilities in the financial
statements may need to be adjusted.
400.252 The auditor should consider the risk that the going concern assumption may no longer be
appropriate.
400.253 During the course of the audit, the auditor carries out audit procedures designed to obtain
audit evidence as the basis for the expression of an opinion on the financial statements.
400.254 When a question arises regarding the going concern assumption, certain of these
procedures may take on additional significance or it may be necessary to perform
additional procedures or to update information obtained earlier. Procedures that are
relevant in this connection may include:
▪ Analyze and discuss cash flow, profit and other relevant forecasts with management.
▪ Review events after period end for items affecting the entity's ability to continue as a
going concern.
▪ Analyze and discuss the entity's latest available interim financial statements.
400.255 When analyzing cash flow, profit and other relevant forecasts, the auditor would consider
the reliability of the entity's system for generating such information. The auditor would
also consider whether the assumptions underlying the forecast appear appropriate in the
circumstances. In addition, the auditor would compare the prospective data for recent
prior periods with historical results and would compare the prospective data for the
current period with results achieved to date.
400.256 The auditor would also consider and discuss with management its plans for future action,
such as plans to liquidate assets, borrow money or restructure debt, reduce or delay
expenditures, or increase capital. The relevance of such plans to an auditor generally
decreases as the time period for planned actions and anticipated events increases.
Particular emphasis is ordinarily placed on plans that might have a significant effect on
the entity's solvency within the foreseeable future.
400.257 The auditor would obtain sufficient appropriate audit evidence that these plans are
feasible, are likely to be implemented and that the outcome of these plans will improve
the situation. The auditor would ordinarily seek written representations from
management regarding these plans.
400.258 After the procedures considered necessary have been carried out, all the information
required has been obtained, and the effect of any plans of management and other
mitigating factors have been considered, the auditor would decide whether the question
raised regarding the going concern assumption has been satisfactorily resolved.
400.259 If, in the auditor's judgment, sufficient appropriate audit evidence has been obtained to
support the going concern assumption, the auditor would not modify the auditor's report.
400.260 If, in the auditor's judgment, the going concern assumption is appropriate because of
mitigating factors, in particular management's plans for future action, the auditor would
consider whether such plans or other factors need to be disclosed in the financial
statements. If adequate disclosure is not made, the auditor should express a qualified or
adverse opinion, as appropriate.
400.261 If, in the auditor's judgment, the going concern question is not satisfactorily resolved, the
auditor would consider whether the financial statements:
400.262 If adequate disclosure is made in the financial statements, the auditor should ordinarily
express an unqualified opinion and modify the auditor's report by adding Material
Uncertainty Related to Going Concern paragraph that highlights the going concern
problem by drawing attention to the note in the financial statements that discloses the
matters. The following is an example of such a paragraph:
"Without qualifying our opinion, we draw attention to Note XX in the financial statements.
The Company incurred a net loss of XXX during the year ended December 31, 20XX and, as
of that date, the Company's current liabilities exceeded its current assets by XXX and its
total liabilities exceeded its total assets by XXX. These factors, along with other matters
as set forth in Note XX, raise substantial doubt that the Company will be able to continue
as a going concern."
400.263 As provided under SRC Rule 68, if a company has incurred a capital deficiency, the auditor
shall provide in the audit report an emphasis paragraph indicating the following
information:
(a) The fact that the company has incurred a capital deficiency that raises an issue on its
going concern status;
(b) A brief discussion of a concrete plan of the company to address the capital deficiency
and reference to the note to financial statements that provides a complete disclosure
of the said plan;
(c) A statement that the auditor conducted sufficient audit procedures to verify the
validity of the aforementioned plan. [SRC Rule 68 1.E.v]
400.264 If adequate disclosure is not made in the financial statements, the auditor should express
a qualified or adverse opinion, as appropriate. The following is an example of the
explanation and opinion paragraphs when a qualified opinion is to be expressed:
"The Company has been unable to renegotiate its borrowings from its bankers. Without
such financial support there is substantial doubt that it will be able to continue as a going
concern. Consequently, adjustments may be required to the recorded asset amounts and
classification of liabilities. The financial statements (and notes thereto) do not disclose
this fact.
In our opinion, except for the omission of the information included in the Basis for Qualified
Opinion, the financial statements give a true and fair view of ('present fairly, in all material
respects,') the financial position of the Company at December 31, 20XX and the results of
its operations and its cash flows for the year then ended in accordance with ..."
400.265 If, on the basis of the additional procedures carried out and the information obtained,
including the effect of mitigating circumstances, the auditor's judgment is that the entity
will not be able to continue in operation for the foreseeable future, the auditor would
conclude that the going concern assumption used in the preparation of the financial
statements is inappropriate. If the result of the inappropriate assumption used in the
preparation of the financial statements is so material and pervasive as to make the
financial statements misleading, the auditor should express an adverse opinion.
400.266 The auditor is not precluded from expressing a disclaimer of opinion for a going concern
uncertainty.
See Exhibit 400-8, Going Concern Audit Program for the related audit form.
PSA 560.4
The objectives of the auditor are:
a) To obtain sufficient appropriate audit evidence about whether events occurring between
the date of the financial statements and the date of the auditor’s report that require
adjustment of, or disclosure in, the financial statements are appropriately reflected in
those financial statements in accordance with the applicable financial reporting
framework; and
b) To respond appropriately to facts that become known to the auditor after the date of the
auditor’s report, that, had they been known to the auditor at that date, may have caused
the auditor to amend the auditor’s report.
400.267 The auditor should perform procedures designed to obtain sufficient appropriate audit
evidence that all events up to the date of the auditor's report that may require adjustment
of, or disclosure in, the financial statements have been identified. These procedures are
in addition to routine procedures which may be applied to specific transactions occurring
400.268 When performing the procedures, the auditor’s objective in mind is to ascertain whether
events subsequent to the date of the financial statements are appropriately adjusted to
or disclosed in the financial statements and related notes. In reviewing subsequent
events, the auditor considers two periods subsequent to the financial statement date.
400.269 For this period to be reviewed, the auditor performs among others, the following major
procedures:
▪ Obtain the latest available interim financial information and compare it with the
information in the financial statements being reported on and make other
comparisons considered appropriate. Determine the current status of items that
were accounted for on the basis of tentative or incomplete data. Ascertain whether
unusual adjustments were made.
▪ Inquire of responsible officials about the existence of matters that may indicate
subsequent events requiring further investigation. These matters may refer to events
of plans that only management is aware of, where such plan may have significant
impact on the business and financial statements of the client.
▪ Review minutes of meetings of those charged with governance. Investigate
significant and unusual transactions and events.
▪ Document in the work papers the subsequent events identified by the auditor’s
review that are required to be reflected or disclosed in the financial statements and
audit procedures performed.
▪ Document audit conclusions regarding the appropriateness of accounting treatment
and adequacy of disclosure, and the effect of subsequent events, if any, on the
auditor ‘s report
400.270 If considerable length of time has elapsed, (e.g. more than 15 business days), between
the date of our audit report and the date the report is delivered to the client, the auditor
usually updates the subsequent events review.
See Exhibit 400-8, Subsequent Events Review Audit Program for the related audit form.
Management report
400.271 In concluding the audit, the auditor prepares certain report to management to
communicate the following, if any:
▪ non-compliance with laws and regulations
400.272 Depending on the mode of reporting to be agreed by the audit team, the management
reports may be communicated to management through a formal written report or a
formal slide presentation and written report at the same time.
See Exhibit 400-10 Sample Management Letter for the related audit form.
Written representations
PSA 580.7
Written representation is a written statement by management provided to the auditor to
confirm certain matters or to support other audit evidence. Written representations in this
context do not include financial statements, the assertions therein, or supporting books and
records.
400.273 The auditor shall request written representations from management with appropriate
responsibilities for the financial statements and knowledge of the matters concerned.
[PSA 580.9]
400.274 The auditor obtains evidence that management acknowledges its responsibility for the
fair presentation of the financial statements in accordance with the relevant financial
reporting framework, and has approved the financial statements. The evidence of
management's acknowledgment of such responsibility and approval may be in the
relevant minutes of meetings of those charged with governance or similar body or by
obtaining a written representation from management or a signed copy of the financial
statements.
400.275 The auditor should obtain written representations from management on matters material
to the financial statements when other sufficient appropriate audit evidence cannot
reasonably be expected to exist. The possibility of misunderstandings between the
auditor and management is reduced when oral representations are confirmed by
management in writing. Written representations requested from management may be
limited to matters that are considered either individually or collectively material to the
financial statements. Regarding certain items it may be necessary to inform management
of the auditor's understanding of materiality.
400.276 During the course of an audit, management makes many representations to the auditor,
either unsolicited or in response to specific inquiries. When such representations relate
to matters which are material to the financial statements, the auditor will need to:
▪ seek corroborative audit evidence from sources inside or outside the entity;
▪ evaluate whether the representations made by management appear reasonable and
consistent with other audit evidence obtained, including other representations; and
400.277 Matters which might be included in a letter from management or in a confirmatory letter
to management are contained in the example of a written representation letter in Exhibit
400 - 10.
400.278 Representations by management cannot be a substitute for other audit evidence that the
auditor could reasonably expect to be available. For example, a representation by
management as to the cost of an asset is not a substitute for the audit evidence of such
cost that an auditor would ordinarily expect to obtain. If the auditor is unable to obtain
sufficient appropriate audit evidence regarding a matter which has, or may have, a
material effect on the financial statements and such evidence is expected to be available,
this will constitute a limitation in the scope of the audit, even if a representation from
management has been received on the matter.
400.279 In certain instances, a representation by management may be the only audit evidence
which can reasonably be expected to be available. For example, the auditor would not
necessarily expect that other audit evidence would be available to corroborate
management's intention to hold a specific investment for long-term appreciation.
400.281 When requesting a written representation letter, the auditor would request that it be
addressed to the auditor, contain specified information and be appropriately dated and
signed.
400.282 A written representation letter would ordinarily be dated the same date as the auditor's
report. However, in certain circumstances, a separate representation letter regarding
specific transactions or other events may also be obtained during the course of the audit
or at a date after the date of the auditor's report, for example, on the date of a public
offering.
400.284 If management refuses to provide a representation that the auditor considers necessary,
this constitutes a scope limitation and the auditor should express a qualified opinion or a
disclaimer of opinion. In such circumstances, the auditor would evaluate any reliance
See Exhibit 400-11, Sample Written Representation Letter for the related audit form.
PSA 700.6
The objectives of the auditor are to:
(a) To form an opinion on the financial statements based on an evaluation of the conclusions
drawn from the audit evidence obtained; and
(b) To express clearly that opinion through a written report.
500.3 The auditor shall form an opinion on whether the financial statements are prepared, in
all material respects, in accordance with the applicable financial reporting framework.
[PSA 700.10]
500.4 The auditor’s opinion on the financial statements will be made in the context of an
applicable “general purpose” framework. This is a financial reporting framework designed
to meet the common financial information needs of a wide range of users. Acceptable
frameworks for small and medium entities include:
▪ Philippine Financial Reporting Standard for Small and Medium-sized Entities (PFRS for
SMEs);
▪ Philippine Financial Reporting Standards (PFRS); and
▪ Philippine Financial Reporting Standard for Small Entities (PFRS for SEs).
There are two types of general-purpose frameworks: the “fair presentation framework”
and the “compliance” framework.”
500.5 The term “fair presentation framework” is used to refer to a financial reporting
framework that requires compliance with the requirements of the framework and:
500.6 The term “compliance framework” is used to refer a financial reporting framework that
requires compliance with the requirements of the framework, but does not contain the
acknowledgements in (i) or (ii) above for “fair” presentation. [PSA 700.7b]
500.7 The auditor shall evaluate whether the financial statements are prepared, in all material
respects, in accordance with the requirements of the applicable financial reporting
framework. This evaluation shall include consideration of the qualitative aspects of the
entity’s accounting practices, including indicators of possible bias in management’s
judgments. [PSA 700.12]
500.8 In particular, the auditor shall evaluate whether, in view of the requirements of the
applicable financial reporting framework:
▪ The financial statements adequately disclose the significant accounting policies
selected and applied;
▪ The accounting policies selected and applied are consistent with the applicable
financial reporting framework and are appropriate;
▪ The accounting estimates made by management are reasonable;
▪ The information presented in the financial statements is relevant, reliable,
comparable and understandable;
▪ The financial statements provide adequate disclosures to enable the intended users
to understand the effect of material transactions and events on the information
conveyed in the financial statements; and
▪ The terminology used in the financial statements, including the title of each financial
statement, is appropriate. [PSA 700.13]
See Exhibit 500 – 2 for the Illustrative Unqualified Opinion of an Individual Practitioner
Title
PSA 700.21
The auditor’s report shall have a title that clearly indicates that it is the report of an independent
auditor.
500.10 The phrase “Independent Auditor’s Report” appears above the body of the audit report.
A title indicating the report is the report of an independent auditor, affirms that the
auditor has met all of the relevant ethical requirements regarding independence and,
therefore, distinguishes the independent auditor’s report from reports issued by others.
Addressee
PSA 700.22
The auditor’s report shall be addressed as appropriated, based on the circumstances of the
engagement.
500.11 The auditor’s report should be addressed as required by the circumstances of the
engagement. Ordinarily, the auditor’s report on general purpose financial statements is
addressed to those for whom the report is prepared, often either to the shareholders or
to those charged with governance of the client.
Opinion Section
PSA 700.23
The first section of the auditor’s report shall include the auditor’s opinion, and shall have the
heading “Opinion.”
500.13 The auditor’s report shall include a section, directly following the Opinion section, with
the heading “Basis for Opinion,” that:
(a) States that the audit was conducted in accordance with Philippine Standards on
Auditing;
(b) Refers to the section of the auditor’s report that describes the auditor’s
responsibilities under the PSAs;
(c) Includes a statement that the auditor is independent of the entity in accordance with
the relevant ethical requirements relating to the audit, and has fulfilled the auditor’s
other ethical responsibilities in accordance with these requirements. The statement
shall identify the jurisdiction of origin of the relevant ethical requirements [Code of
Ethics for Professional Accountants in the Philippines (Philippine Code of Ethics)] or
refer to the International Ethics Standards Board for Accountants’ Code of Ethics for
Professional Accountants (IESBA Code); and
(d) States whether the auditor believes that the audit evidence the auditor has obtained
is sufficient and appropriate to provide a basis for the auditor’s opinion. [PSA 700.28]
Going Concern
500.14 Where applicable, the auditor shall report in accordance with PSA 570 (Revised).
See Exhibit 500 – 3 for the Illustrative Material Uncertainty Related to Going Concern
PSA 700.31
For audits of complete sets of general purpose financial statements of listed entities, the auditor
shall communicate key audit matters in the auditor’s report in accordance with PSA 701.
PSA 700.31
When the auditor is otherwise required by law or regulation or decides to communicate key
audit matters in the auditor’s report, the auditor shall do so in accordance with PSA 701.
500.15 KAM is defined as those matters that, in the auditor’s professional judgment, were of
most significance in the audit of the financial statements of the current period. KAM are
selected from matters communicated with TCWG. [PSA 701.8]
500.18 The description of individual matters in the auditor’s report and how the matter was
addressed in the audit includes the following:
▪ Describe each KAM
o Why the matter was considered to be a KAM.
o How the matter was addressed in the audit.
o Reference to the related financial statement disclosure(s), if any.
▪ Describe how each matter was addressed in the audit
o Aspects of the auditor’s response or approach that were most relevant to the
matter or specific to the assessed risk of material misstatement.
o Brief overview of procedures performed.
o Indication of the outcome of the auditor’s procedures.
o Key observations with respect to the matter.
(IFAC Guide, Vol. I, Fourth Edition, page 217)
See Exhibit 500 – 4 for the Illustrative Key Audit Matter Section
PSA 700.33
The auditor’s report shall include a section with a heading “Responsibilities of Management for
the Financial Statements.” The auditor’s report shall use the term that is appropriate in the
context of the legal framework in the particular jurisdiction and need not refer specifically to
“management.” In some jurisdictions, the appropriate reference may be to those charged with
governance.
500.19 This section of the auditor’s report shall describe management’s responsibility for:
(a) Preparing the financial statements in accordance with the applicable financial
reporting framework, and for such internal control as management determines is
necessary to enable the preparation of financial statements that are free from
material misstatement, whether due to fraud or error; and
500.21 When the financial statements are prepared in accordance with a fair presentation
framework, the description of responsibilities for the financial statements in the auditor’s
report shall refer to “the preparation and fair presentation of these financial statements”
or “the preparation of financial statements that give a true and fair view,” as appropriate
in the circumstances. [PSA 700.36]
PSA 700.37
The auditor’s report shall include a section with the heading “Auditor’s Responsibilities for the
Audit of the Financial Statements.”
500.23 The Auditor’s Responsibilities for the Audit of the Financial Statements section of the
auditor’s report shall further:
500.24 The Auditor’s Responsibilities for the Audit of the Financial Statements section of the
auditor’s report also shall:
(a) State that the auditor communicates with those charged with governance regarding,
among other matters, the planned scope and timing of the audit and significant audit
findings, including any significant deficiencies in internal control that the auditor
identifies during the audit;
(b) For audits of financial statements of listed entities, state that the auditor provides
those charged with governance with a statement that the auditor has complied with
relevant ethical requirements regarding independence and communicate with them
all relationships and other matters that may reasonably be thought to bear on the
auditor’s independence, and where applicable, related safeguards; and
(c) For audits of financial statements of listed entities and any other entities for which
key audit matters are communicated in accordance with PSA 701, state that, from the
matters communicated with those charged with governance, the auditor determines
those matters that were of most significance in the audit of the financial statements
of the current period and are therefore the key audit matters. The auditor describes
these matters in the auditor’s report unless law or regulation precludes public
disclosure about the matter or when, in extremely rare circumstances, the auditor
determines that a matter should not be communicated in the auditor’s report
because the adverse consequences of doing so would reasonably be expected to
outweigh the public interest benefits of such communication. [PSA 700.40]
500.25 If other reporting responsibilities are presented in the same section as the related report
elements required by the PSAs, the auditor’s report shall clearly differentiate the other
reporting responsibilities from the reporting that is required by the PSAs. [PSA 700.43]
500.26 If the auditor’s report contains a separate section that addresses other reporting
responsibilities, the previous sections should include a heading “Report on the Audit of
the Financial Statements.” The “Report on Other Legal and Regulatory Requirements”
shall follow the “Report on the Audit of the Financial Statements.” [PSA 700.44]
PSA 700.45
The name of the engagement partner shall be included in the auditor’s report for audits of
complete sets of general purpose financial statements of listed entities unless, in rare
circumstances, such disclosure is reasonably expected to lead to a significant personal security
threat. In the rare circumstances that the auditor intends not to include the name of the
engagement partner in the auditor’s report, the auditor shall discuss this intention with those
charged with governance to inform the auditor’s assessment of the likelihood and severity of a
significant personal security threat.
PSA 700.46
The auditor’s report shall be signed.
500.28 The auditor’s signature is either in the name of the audit firm, the personal name of the
auditor or both.
500.29 As provided in SRC Rule No. 68, auditor’s report on financial statements required to be
filed with the Securities and Exchange Commission (SEC) shall contain the following:
▪ Manual signature of the signing auditor/partner’s
▪ Signing auditor/partner’s License, Tax Identification and PTR numbers
▪ Registration number with BOA including its expiration date
▪ Signing auditor/partner’s accreditation number, category and expiration of
accreditation with SEC
Auditor’s Address
PSA 700.47
The auditor’s report shall name the location in the jurisdiction where the auditor practices.
PSA 700.48
The auditor’s report shall be dated no earlier than the date on which the auditor has obtained
sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial
statements, including evidence that:
(a) All the statements that comprise the financial statements, including the related notes, have
been prepared; and
(b) Those with the recognized authority have asserted that they have taken responsibility for
those financial statements.
These sections are normally found in each auditor’s report, except for the “Key Audit
Matters” and “Name of the Engagement Partner” which is required for listed entities and
for “Material Uncertainty Related to Going Concern” which is case to case.
PSA 700.53
If supplementary information that is not required by the applicable financial reporting
framework is not considered an integral part of the audited financial statements, the auditor
shall evaluate whether such supplementary information is presented in a way that sufficiently
and clearly differentiates it from the audited financial statements. If this is not the case, then
the auditor shall ask management to change how the unaudited supplementary information is
presented. If management refuses to do so, the auditor shall identify the unaudited
supplementary information and explain in the auditor’s report that such supplementary
information has not been audited.
500.30 Management and those charged with governance may be required (by law, regulation or
national standards) or may voluntarily choose to include supplementary information with
the financial statements that is not required by the applicable financial reporting
framework. Such information is normally presented in either supplementary schedules or
as additional notes. For example, additional information may include a schedule of
manufacturing costs, summary of effective standards and interpretations under
Philippine Financial Reporting Standards and reconciliation of retained earnings for
dividends declaration. Note however, that SMEs are not required to present the SRC
Annex 68-E Schedules.
500.33 If the auditor concludes that, based on the audit evidence obtained, the financial
statements as a whole are not free from material misstatement; or is unable to obtain
sufficient appropriate audit evidence to conclude that the financial statements as a whole
are free from material misstatement, the auditor shall modify the opinion in the auditor’s
report. [PSA 700.17]
500.36 An unqualified opinion implies that the auditor is satisfied that the financial statements
present fairly, in all material respects, an entity’s financial position, results of operations,
See Exhibit 500 – 1 and Exhibit 500 – 2 for the Illustrative Unqualified Opinion.
Modified Opinions
500.37 The auditor should express a modified opinion if the auditor cannot express an
unmodified opinion. A modified opinion is a qualified opinion, an adverse opinion or a
disclaimer of opinion on the financial statements.
500.39 Uncorrected material misstatements may arise due to disagreements between the
auditor and management, on matters such as:
▪ the acceptability of accounting policies selected,
▪ the method of their application, or
▪ the adequacy of disclosures in the financial statements.
500.40 If such disagreements are material to the financial statements, the auditor should express
a qualified opinion (if material but not pervasive) or an adverse opinion (if material and
pervasive).
Qualified Opinion
PSA 705.7
The auditor shall express a qualified opinion when
a. The auditor, having obtained sufficient appropriate audit evidence, concludes that
misstatements, individually or in the aggregate, are material, but not pervasive, to the financial
statements; or
b. The auditor is unable to obtain sufficient appropriate audit evidence on which to base the
opinion, but the auditor concludes that the possible effects on the financial statements of
undetected misstatements, if any, could be material but not pervasive.
500.41 When the auditor expresses a qualified opinion, the auditor shall, in addition to the
specific elements required by PSA 700:
(a) Amend the heading “Basis for Opinion” to “Basis for Qualified Opinion, and
(b) Within this section, include a description of the matter giving rise to the modification.
500.42 When the auditor expresses a qualified opinion due to a material misstatement in the
financial statements, the auditor shall state that, in the auditor’s opinion, except for the
effects of the matter(s) described in the Basis for Qualified Opinion section:
(a) When reporting in accordance with a fair presentation framework, the accompanying
financial statements present fairly, in all material respects [...] in accordance with [the
applicable financial reporting framework]; or
(b) When reporting in accordance with a compliance framework, the accompanying
financial statements have been prepared, in all material respects, in accordance with
[the applicable financial reporting framework].
When the modification arises from an inability to obtain sufficient appropriate audit
evidence, the auditor shall use the corresponding phrase “except for the possible effects
of the matter(s) ...” for the modified opinion. [PSA 705.17]
See Exhibit 500 – 6 for Illustrative Qualified Opinion Due to Material Misstatement of
Financial Statements.
See Exhibit 500 – 7 for Illustrative Qualified Audit Opinion Due to the Auditor’s Inability
to Obtain Sufficient Appropriate Audit Evidence
Adverse Opinion
PSA 705.8
The auditor shall express an adverse opinion when the auditor, having obtained sufficient
appropriate audit evidence, concludes that misstatements, individually or in the aggregate, are
both material and pervasive to the financial statements.
500.43 When the auditor expresses an adverse opinion, the auditor shall, in addition to the
specific elements required by PSA 700:
500.44 When the auditor expresses an adverse opinion, the auditor shall state that, in the
auditor’s opinion, because of the significance of the matter(s) described in the Basis for
Adverse Opinion section:
(a) When reporting in accordance with a fair presentation framework, the accompanying
financial statements do not present fairly [...] in accordance with [the applicable
financial reporting framework]; or
(b) When reporting in accordance with a compliance framework, the accompanying
financial statements have not been prepared, in all material respects, in accordance
with [the applicable financial reporting framework].
[PSA 705.18]
Disclaimer of Opinion
PSA 705.9
The auditor shall disclaim an opinion when the auditor is unable to obtain sufficient appropriate
audit evidence on which to base the opinion, and the auditor concludes that the possible effects
on the financial statements of undetected misstatements, if any, could be both material and
pervasive.
PSA 705.10
The auditor shall disclaim an opinion when, in extremely rare circumstances involving multiple
uncertainties, the auditor concludes that, notwithstanding having obtained sufficient
appropriate audit evidence regarding each of the individual uncertainties, it is not possible to
form an opinion on the financial statements due to the potential interaction of the uncertainties
and their possible cumulative effect on the financial statements.
500.45 When the auditor disclaims an opinion, the auditor shall, in addition to the specific
elements required by PSA 700:
(a) Amend the heading “Basis for Opinion” to “Basis for Disclaimer of Opinion, and
(b) Within this section, include a description of the matter giving rise to the modification.
500.46 When the auditor disclaims an opinion due to an inability to obtain sufficient appropriate
audit evidence, the auditor shall:
(a) State that the auditor does not express an opinion on the accompanying financial
statements;
(b) State that, because of the significance of the matter(s) described in the Basis for
Disclaimer of Opinion section, the auditor has not been able to obtain sufficient
appropriate audit evidence to provide a basis for an audit opinion on the financial
statements; and
(c) Amend the statement required by PSA 700 (Revised), which indicates that the
financial statements have been audited, to state that the auditor was engaged to
audit the financial statements. [PSA 705.19]
500.48 The auditor’s inability to obtain sufficient appropriate audit evidence (also referred to as
a limitation on the scope of the audit) may arise from:
▪ Circumstances beyond the control of the entity, such as when the entity’s accounting
records have been destroyed (such as through fire, water, theft, or computer-data
loss) or seized by a government authority;
▪ Circumstances relating to the nature or timing of the auditor’s work. This could occur
where the auditor’s appointment is such that the auditor is unable to observe the
counting of the physical inventories, the accounting records are not complete at the
time of the audit, or where the auditor determines that performing substantive
procedures alone is not sufficient but the entity’s controls are not effective; or
▪ Limitations imposed by management, such as not allowing external confirmation of
certain receivables or restricting access to key personnel, accounting records, or
operating locations. Where this occurs, there may be other audit implications, such
as the assessment of fraud risks and whether to continue with the engagement. If the
limitation is known before the engagement is accepted, the auditor would ordinarily
not accept such a limited engagement.
(IFAC Guide, Vol. II, Fourth Edition, page 260)
500.49 Before concluding that a modified opinion is required, the auditor would:
▪ Attempt to obtain sufficient appropriate audit evidence by performing alternative
procedures; and
▪ Discuss the matter with management and those charged with governance to
determine if the issue can be resolved. If the matter cannot be resolved, the auditor
would then communicate the intention to modify the audit opinion and the proposed
wording.
(IFAC Guide, Vol. II, Fourth Edition, page 261)
PSA 706.6
The objective of the auditor, having formed an opinion on the financial statements, is to draw
users’ attention, when in the auditor’s judgment it is necessary to do so, by way of clear
additional communication in the auditor’s report, to:
(a) A matter, although appropriately presented or disclosed in the financial statements, that is
of such importance that it is fundamental to users’ understanding of the financial statements;
or
PSA 706.7
For the purposes of the ISAs, the following terms have the meanings attributed below:
(a) Emphasis of Matter paragraph — A paragraph included in the auditor’s report that refers to
a matter appropriately presented or disclosed in the financial statements that, in the auditor’s
judgment, is of such importance that it is fundamental to users’ understanding of the financial
statements.
(b) Other Matter paragraph — A paragraph included in the auditor’s report that refers to a
matter other than those presented or disclosed in the financial statements that, in the auditor’s
judgment, is relevant to users’ understanding of the audit, the auditor’s responsibilities or the
auditor’s report.
500.51 When the auditor includes an Emphasis of Matter paragraph in the auditor’s report, the
auditor shall:
(a) Include the paragraph within a separate section of the auditor’s report with an
appropriate heading that includes the term “Emphasis of Matter”;
(b) Include in the paragraph a clear reference to the matter being emphasized and to
where relevant disclosures that fully describe the matter can be found in the financial
statements. The paragraph shall refer only to information presented or disclosed in
the financial statements; and
(c) Indicate that the auditor’s opinion is not modified in respect of the matter
emphasized. [PSA 706.9]
500.53 When the auditor expects to include an Emphasis of Matter, the auditor would
communicate with management and those charged with governance on:
▪ The need for the paragraph; and
▪ The proposed wording.
500.54 PSA 570 (Revised) also includes requirements for a separate section in the auditor’s report
related to the going concern basis of accounting and any related issues. Any inclusion
500.55 There is no required placement, but the one suggestion is to follow the basis of opinion
section. The paragraph is headed “Emphasis of Matter” or other appropriate heading.
(IFAC Guide, Vol. II, Fourth Edition, page 269)
500.56 PSA 706 (Revised) provides the following examples of circumstances where the auditor
may consider it necessary to include an Emphasis of Matter paragraph:
▪ An uncertainty relating to the future outcome of exceptional litigation or regulatory
action.
▪ A significant subsequent event that occurs between the date of the financial
statements and the date of the auditor’s report.
▪ Early application (where permitted) of a new accounting standard that has a material
effect on the financial statements.
▪ A major catastrophe that has had, or continues to have, a significant effect on the
entity’s financial position. [PSA 706.A4]
See Exhibit 500 – 10 for Illustrative Audit Report with Emphasis of a Matter
500.58 When the auditor includes an Other Matter paragraph in the auditor’s report, the auditor
shall include the paragraph within a separate section with the heading “Other Matter,”
or other appropriate heading. [PSA 706.11]
500.59 When the auditor expects to include an Other Matter paragraph, the auditor would
communicate with management and those charged with governance on:
▪ The need for the paragraph; and
▪ The proposed wording.
500.60 Other Matter paragraphs can be used to highlight matters such as:
▪ Restriction on distribution of the auditor’s report—Since financial statements (using
a general purpose framework) are sometimes prepared for a specific purpose, an
Other Matter paragraph could state that the auditor’s report is intended solely for
the intended users and should not be distributed to or used by other parties;
500.61 The paragraph may be included in the Report on Other Legal and Regulatory
Requirements section or may be included as a separate section following the report on
the Audit of the Financial Statements and the Report on Other Legal and Regulatory
Requirements section.
See Exhibit 500 – 11 for Illustrative Audit Report with Other Matter
Comparative Information
PSA 710.5
The objectives of the auditor are:
(a) To obtain sufficient appropriate audit evidence about whether the comparative information
included in the financial statements has been presented, in all material respects, in accordance
with the requirements for comparative information in the applicable financial reporting
framework; and
(b) To report in accordance with the auditor’s reporting responsibilities.
500.62 The auditor shall determine whether the comparatives comply in all material respects
with the financial reporting framework applicable to the financial statements being
audited.
500.63 Comparative information includes the amounts and disclosures included in the financial
statements in respect of one or more prior periods in accordance with the applicable
financial reporting framework. There are two broad approaches taken with respect to
comparative information.
(a) Corresponding figures – Comparative information where amounts and other
disclosures for the prior period are included as an integral part of the current period
financial statements, and are intended to be read only in relation to the amounts and
other disclosures relating to the current period (referred to as “current period
figures”). The level of detail presented in the corresponding amounts and disclosures
is dictated primarily by its relevance to the current period figures.
(b) Comparative financial statements – Comparative information where amounts and
other disclosures for the prior period are included for comparison with the financial
statements of the current period but, if audited, are referred to in the auditor’s
opinion. The level of information included in those comparative financial statements
is comparable with that of the financial statements of the current period.
Corresponding Figures
500.65 The auditor’s opinion would not refer to the corresponding figures except when the
auditor’s report on the prior period included an unresolved modification. The auditor
would modify the current period’s opinion by:
▪ Referring to both the current period’s figures and the corresponding figures when the
effects or possible effects of the matter on the current period’s figures are material;
or
▪ Explaining that the current audit opinion has been modified because of the effects or
possible effects of the unresolved matter on the comparability of the current period’s
figures and the corresponding figures.
500.66 A qualified or adverse opinion on the current period financial statements is required
where a material misstatement exists in the prior period financial statements on which:
▪ An unmodified opinion has been previously issued; and
▪ The corresponding figures have not been properly restated or appropriate disclosures
have not been made.
500.67 If the financial statements of the prior period were audited by a predecessor auditor and
the auditor is permitted by law or regulation to refer to the predecessor auditor’s report
on the corresponding figures and decides to do so, the auditor shall state in an Other
Matter paragraph in the auditor’s report:
500.68 If the prior period financial statements were not audited, the auditor shall state in an
Other Matter paragraph in the auditor’s report that the corresponding figures are
unaudited. Such a statement does not, however, relieve the auditor of the requirement
to obtain sufficient appropriate audit evidence that the opening balances do not contain
misstatements that materially affect the current period’s financial statements.
500.69 If such a restatement or disclosure is not possible, the audit opinion would be modified
in respect of any corresponding figures included.
500.70 If the auditor is unable to obtain sufficient appropriate audit evidence regarding the
opening balances, the auditor is required by PSA 705 (Revised) to express a qualified
opinion or disclaim an opinion on the financial statements, as appropriate.
500.71 The auditor’s opinion would refer to each period for which financial statements are
presented and on which an audit opinion is expressed.
500.72 If the auditor’s opinion on prior period financial statements differs from the opinion
previously expressed, disclose the substantive reasons for the different opinion in an
Other Matter paragraph.
500.73 If the financial statements of the prior period were audited by a predecessor auditor, in
addition to expressing an opinion on the current period’s financial statements, the auditor
shall state in an Other Matter paragraph:
a. That the financial statements of the prior period were audited by a predecessor
auditor;
b. The type of opinion expressed by the predecessor auditor and, if the opinion was
modified, the reasons therefore; and
c. The date of that report.
500.74 If the auditor concludes that a material misstatement exists that affects the prior period
financial statements on which the predecessor auditor had previously reported without
modification, the auditor shall communicate the misstatement with the appropriate level
of management and those charged with governance and request that the predecessor
auditor be informed. If the prior period financial statements are amended, and the
predecessor auditor agrees to issue a new auditor’s report on the amended financial
statements of the prior period, the auditor shall report only on the current period.
PSA 600.8
The objectives of the auditor are:
(a) To determine whether to act as the auditor of the group financial statements;
(b) To communicate clearly with component auditors about the scope and timing of their work
on financial information related to components and their findings; and
(c) To obtain sufficient appropriate audit evidence about the financial information of the
components and the consolidation process to express an opinion whether the group financial
statements are prepared, in all material respects, in accordance with the applicable financial
reporting framework.
500.76 The group engagement partner is responsible for the direction, supervision and
performance of the group audit engagement in compliance with professional standards
and regulatory and legal requirements, and whether the auditor’s report that is issued is
appropriate in the circumstances. [PSA 600.11]
500.77 The auditor’s report on the group financial statements shall not refer to a component
auditor, unless required by law or regulation to include such reference. If such reference
is required by law or regulation, the auditor’s report shall indicate that the reference does
not diminish the group engagement partner’s or the group engagement partner’s firm’s
responsibility for the group audit opinion. [PSA 600.11]
500.78 The group engagement partner shall evaluate the effect on the group audit opinion of any
uncorrected misstatements (either identified by the group engagement team or
communicated by component auditors) and any instances where there has been an
inability to obtain sufficient appropriate audit evidence.
PSA 620.5
The objectives of the auditor are:
(a) To determine whether to use the work of an auditor’s expert; and
(b) If using the work of an auditor’s expert, to determine whether that work is adequate for the
auditor’s purposes.
500.79 The auditor shall not refer to the work of an auditor’s expert in an auditor’s report
containing an unmodified opinion unless required by law or regulation to do so. If such
reference is required by law or regulation, the auditor shall indicate in the auditor’s report
500.80 If the auditor makes reference to the work of an auditor’s expert in the auditor’s report
because such reference is relevant to an understanding of a modification to the auditor’s
opinion, the auditor shall indicate in the auditor’s report that such reference does not
reduce the auditor’s responsibility for that opinion. In these circumstances, the auditor
would obtain the permission of the expert before making such a reference. If permission
is refused and the auditor believes a reference is necessary, the auditor may need to seek
legal advice. [PSA 620.15]
PSA 510.3
In conducting an initial audit engagement, the objective of the auditor with respect to opening
balances is to obtain sufficient appropriate audit evidence about whether:
(a) Opening balances contain misstatements that materially affect the current period’s financial
statements; and
(b) Appropriate accounting policies reflected in the opening balances have been consistently
applied in the current period’s financial statements, or changes thereto are properly accounted
for and adequately presented and disclosed in accordance with the applicable financial
reporting framework.
500.81 “Opening balances” means those account balances which exist at the beginning of the
period. Opening balances are based upon the closing balances of the prior period and
reflect the effects of transactions of prior periods and accounting policies applied in the
prior period. [PSA 510.4.b]
500.82 If the auditor is unable to obtain sufficient appropriate audit evidence concerning opening
balances, the auditor may issue a qualified or disclaimer of opinion depending on the
materiality and pervasiveness of the effect of the scope limitation. [PSA 510.10]
500.83 If the opening balances contain misstatements which could materially affect the current
period’s financial statements and the effects of the misstatements are not properly
accounted for and adequately disclosed, the auditor may issue a qualified or adverse
opinion depending on the materiality and pervasiveness of the effect of misstatements.
[PSA 510.11]
500.84 If the current period’s accounting policies have not been consistently applied in relation
to opening balances and the change has not been properly accounted for and adequately
disclosed, the auditor may issue a qualified or adverse opinion depending on the
materiality and pervasiveness of the effect of misstatements. [PSA 510.12]
500.85 If the prior period auditor gave a modified report, and the modification remains relevant
and material to the current period, the auditor shall modify the opinion as appropriate.
PSA 720.4
The objective of the auditor is to respond appropriately when documents containing audited
financial statements and the auditor’s report thereon include other information that could
undermine the credibility of those financial statements and the auditor’s report.
500.86 Other information refers to financial and non-financial information (other than the
financial statements and the auditor’s report thereon) which is included, either by law,
regulation or custom, in a document containing audited financial statements and the
auditor’s report thereon. [PSA 720.5a]
500.87 The auditor should read the other information to identify material inconsistencies, if any,
with the audited financial statements. A material inconsistency exists when other
information contradicts information contained in the audited financial statements. A
material inconsistency may raise doubt about the audit conclusions drawn from audit
evidence previously obtained and, possibly, about the basis for the auditor’s opinion on
the financial statements. [PSA 720.6
500.88 An entity ordinarily issues on an annual basis a document which includes its audited
financial statements together with the auditor’s report thereon. This document is
frequently referred to as the annual report. In issuing such a document, an entity may
also include, either by law or custom, other financial and non-financial information.
500.89 In certain circumstances, the auditor has a statutory or contractual obligation to report
specifically on other information. In other circumstances, the auditor has no such
obligation. However, the auditor needs to give consideration to such other information
when issuing a report on the financial statements, as the credibility of the audited
financial statements may be undermined by inconsistencies which may exist between the
audited financial statements and other information.
500.90 When there is an obligation to report specifically on other information, the auditor’s
responsibilities are determined by the nature of the engagement and by local legislation
and professional standards. When such responsibilities involve the review of other
information, the auditor will need to follow the guidance on review engagements in the
appropriate PSAs.
500.91 In order that an auditor can consider other information included in the annual report,
timely access to such information will be required. The auditor therefore needs to make
appropriate arrangements with the entity to obtain such information prior to the date of
the auditor’s report. In certain circumstances, all the other information may not be
available prior to such date.
Material Inconsistencies
500.93 If, on reading the other information, the auditor identifies a material inconsistency, the
auditor should determine whether the audited financial statements or the other
information needs to be amended.
500.94 If an amendment is necessary in the audited financial statements and the entity refuses
to make the amendment, the auditor should express a qualified or adverse opinion.
500.95 If an amendment is necessary in the other information and the entity refuses to make the
amendment, the auditor should consider including in the auditor’s report an emphasis of
matter paragraph describing the material inconsistency or taking other actions.
The actions taken, such as not issuing the auditor’s report or withdrawing from the
engagement, will depend upon the particular circumstances and the nature and
significance of the inconsistency. The auditor would also consider obtaining legal advice
as to further action.
500.96 While reading the other information for the purpose of identifying material
inconsistencies, the auditor may become aware of an apparent material misstatement of
fact.
500.97 A material misstatement of fact in other information exists when such information, not
related to matters appearing in the audited financial statements, is incorrectly stated or
presented.
500.98 If the auditor becomes aware that the other information appears to include a material
misstatement of fact, the auditor should discuss the matter with the entity’s
management. When discussing the matter with the entity’s management, the auditor
may not be able to evaluate the validity of the other information and management’s
responses to the auditor’s inquiries and would need to consider whether valid differences
of judgment or opinion exist.
500.99 When the auditor still considers that there is an apparent misstatement of fact, the
auditor should request management to consult with a qualified third party, such as the
entity’s legal counsel and should consider the advice received.
500.100 If the auditor concludes that there is a material misstatement of fact in the other
information which management refuses to correct, the auditor should consider taking
further appropriate action. The actions taken could include such steps as notifying those
PSQC 1.26
The firm shall establish policies and procedures for the acceptance and continuance of client
relationships and specific engagements, designed to provide the firm with reasonable
assurance that it will only undertake or continue relationships and engagements where the
firm:
a) is competent to perform the engagement and has the capabilities, including time and
resources, to do so;
b) can comply with relevant ethical requirements; and
c) has considered the integrity of the client, and does not have information that would lead it
to conclude that the client lacks integrity.
600.2 Client relationships are fundamental to our professional practice. We aim to build on
our strengths and enhance the nature of our client relationships so that we consistently
add value and exceed our clients' expectations. Before accepting a specific client
engagement, the auditor should consider whether acceptance would create any threats
to compliance with the fundamental principles. For example, a self-interest threat to
professional competence and due care is created if the auditor does not possess, or
cannot acquire, the competencies necessary to properly carry out the engagement.
600.3 Before a firm decides to accept or retain an engagement, the auditor is required to:
▪ Establish the acceptability of the proposed financial reporting framework;
▪ Assess whether the firm can comply with relevant ethical requirements;
▪ Obtain the agreement of management that it acknowledges and understands its
responsibility for:
- The preparation of the financial statements in accordance with the applicable
financial reporting framework;
600.4 The auditor evaluates the suitability of an audit engagement before it is accepted and
contracted. When we accept an audit, we are making a business decision to act as
auditor of that entity in return for an appropriate fee. Certain matters need to be
assessed before decision could be reached whether to accept or not a prospective audit
engagement. These are:
▪ Engagement risks
▪ Threat to auditor’s independence
Engagement Risks
600.5 We evaluate whether the overall engagement risk associated with our appointment as
auditor exceeds the level of risk that the auditor is prepared to accept.
600.8 There must be evidence that the engagement partner has formed a conclusion on
compliance with independence requirements including:
▪ Identifying and evaluating circumstances that create threats to independence.
▪ Evaluating identified threats.
Taking action to eliminate threats or reduce them to an acceptable level by applying
safeguards, or declining the appointment.
600.9 At least annually, before the start of every engagement, the firm shall obtain written
confirmation from its professional staff that they have complied with the independence
requirements.
600.10 In addition to the above considerations, engagements may need to be declined where:
▪ An entity is operating in a specialized industry in which the auditor lacks the
required expertise, and expert assistance is not available.
▪ An entity operates a significant operation where the auditor is not represented, and
there are no alternative audit procedures that can be adopted to cover these
operations.
▪ The entity reporting deadlines coincide with existing client pressures.
▪ An Engagement Quality Control Review is required and no suitably qualified and
objective reviewer is available.
600.11 A partner, designated as the Engagement Quality Control Reviewer, is responsible for
evaluating the prospective audit engagement. While retaining overall responsibility, the
evaluating partner may delegate some of the evaluation procedures. For example,
gathering certain background information may be delegated.
600.12 The evaluating partner does not delegate discussions with predecessor auditors and
only delegates enquiries of third parties to another partner.
600.14 Before contacting third parties and collecting information on a prospective client, take
steps to ensure that all partners and staff are aware of:
▪ The firm’s policies to protect confidential information maintained on clients;
▪ Requirements of any privacy legislation; and
▪ Requirements of the applicable code of ethics.
(IFAC Guide, Volume 2, Fourth edition, page 25)
600.15 The evaluation of the prospective audit client must be completed prior to accepting an
appointment as auditor. If the evaluation is not completed prior to the deadline for
submitting a proposal, we include comments in the proposal stating that it is subject to
completion of required professional enquiries.
600.16 We document the collection of information, the evaluation process and the conclusion
reached regarding acceptance or rejection of the prospective audit client. An evaluation
of prospective client form should be completed to document the basis for the
conclusion reached. The evaluating partner signs on the form.
600.17 Out of the existing audit engagements of the auditor, it is important for the engagement
partners to identify for each audit period which are the clients that need formal re-
evaluation.
600.18 The identification activity focuses on significant changes in the circumstances of the
entity or in the terms or conditions of our audit. The following factors may be
considered:
▪ new legal, regulatory or professional requirements that alter our reporting
responsibilities and the nature, timing, or extent of our audit procedures;
▪ a significant change in the nature, size, or structure of the entity's business;
Engagement Management 600 – 4
▪ a significant change in principal owners, management or other personnel;
▪ audit findings which indicate that management may be providing misleading or
incomplete information or there is material weakness in controls and no steps are
being taken to correct the deficiencies.
600.19 In considering continuance of the audit engagement for identified audit client, the
following needs to be considered:
▪ updating our understanding of the entity's business risks and the related audit risks;
▪ obtaining an acceptable level of confidence that the entity's management and
principal owners have the integrity to provide us with meaningful representations
and full disclosure in connection with our audit;
▪ considering our ability to address the audit risks;
▪ considering the business risk that we face in continuing with the audit.
600.20 When the engagement partner concludes that the auditor's relationship with an existing
client requires formal re-evaluation we follow the process for acceptance of prospective
audits, adapting it as necessary.
600.21 We document the formal re-evaluation process and conclusions reached. The
evaluation needs to describe the reasons for the formal re-evaluation, the methods
used to conduct the formal re-evaluation and the conclusions reached. The
engagement partner approves the re-evaluation.
600.23 Before discussing client information with a proposed auditor, we consider the following:
▪ legal or ethical requirements
▪ whether we have obtained the entity's permission
▪ other unusual circumstances, for example, impending, threatened, or potential
litigation or disciplinary proceedings.
In the context of the above, we respond promptly and fully to reasonable enquiries
made by the successor auditor.
600.24 It is vital that the auditor is not exposed to the risk of its reputation or future
profitability by accepting new clients without proper evaluation procedures. To adhere
to the aspect of client confidentiality, the firm should inform the entity that it will seek
information from certain persons as noted above.
PSA 210.3
The objective of the auditor is to accept or continue an audit engagement only when the basis
upon which it is to be performed has been agreed, through:
a) Establishing whether the preconditions for an audit are present; and
b) Confirming that there is a common understanding between the auditor and management,
and, where appropriate, those charged with governance of the terms of the audit
engagement.
600.25 The auditor and the client should agree on the terms of the engagement. The agreed
terms and conditions shall be recorded in an audit engagement letter or other suitable
form of contract. The objective of the auditor is to accept or continue an audit
engagement only when the basis upon which it is to be performed has been agreed,
through:
▪ Establishing whether the preconditions for an audit are present; and
▪ Confirming that there is a common understanding between the auditor and
management and, where appropriate, those charged with governance of the terms
of the audit engagement
600.26 In order to establish whether the preconditions for an audit are present, the auditor
shall: (Refer to PSA 210.6)
600.27 On recurring audits, the auditor shall assess whether circumstances require the terms of
the engagement to be revised and whether there is a need to remind the client of the
existing terms of the engagement.
600.28 An engagement letter is a contract between the auditor and the client. The use and
value of such engagement contract, and the risks posed by not having one, is frequently
demonstrated in litigation.
600.30 On new audit engagement for which we have submitted a successful proposal, we also
issue a separate engagement letter.
600.34 The engagement partner at the originating location is responsible for ensuring that all
components are appropriately bound to the terms and conditions of the engagement.
600.35 For joint audit with another auditor, we obtain the agreement of the other auditor with
respect to a joint engagement letter that includes a description of the responsibilities of
the participating auditors.
600.36 If we are providing services to companies that are currently subject to, or are expected
to be subject to, litigation or regulatory investigation, we generally include a paragraph
indicating that additional fees are assessed for services provided in connection with
these matters. We consider a similar paragraph when providing assurance services on
financial statements that we believe the client may use in subsequent merger
negotiations.
600.38 The engagement letter contains the terms and conditions of the audit and sets forth the
respective responsibilities of the auditor and the client and defines the limitations of our
responsibilities. It reduces or minimizes the risk that the client may rely on us
inappropriately to protect the entity against certain risks or to perform certain functions
that we consider to be the client's responsibility.
600.40 If applicable, the engagement letter covers the following additional subjects:
▪ arrangements regarding the planning of the audit;
▪ arrangements concerning the involvement of other auditors and external experts in
some aspects of the audit;
▪ arrangements concerning the involvement of internal auditing and other entity
staff;
▪ arrangements to be made with the predecessor auditor, if any, in the case of an
initial audit;
▪ any restriction of our liability when such possibility exists;
▪ a reference to any further agreements between the auditor and the client.
600.42 When no changes have occurred, the auditor is required to assess whether there is a
need to remind the entity of the existing terms of the audit engagement. The terms of
engagement may be reconfirmed at the time of the auditor’s reappointment without
the need to obtain a new letter each year.
600.43 The engagement letter is required to be revised when the circumstances change.
Matters that may constitute a change in circumstances include:
▪ Any revised or special terms of the engagement, e.g., reporting KAM (key audit
matters) where this was not previously the case;
▪ A recent change in senior management;
▪ A significant change in the nature or size of the entity’s business;
▪ A change in the financial reporting framework adopted in the preparation of the
financial statements;
▪ A change in other reporting requirements; and
▪ Some indication that management misunderstands the objective and scope of the
audit.
(IFAC Guide, Volume 2, Fourth edition, page 29)
600.44 Where management does not agree to and acknowledge its responsibilities as set out in
PSA 210.6 (b) as set out in paragraph 600.26 (b) of this section, or the financial reporting
framework is not acceptable, the auditor is required by PSA 210.8 to decline the
engagement unless required by law or regulation.
PSA 210.15
If prior to completing the audit engagement, the auditor is requested to change the audit
engagement to an engagement that conveys a lower level of assurance, the auditor shall
determine whether there is reasonable justification for doing so.
600.45 For example, if there is a change in the circumstances of the entity affecting the need
for an audit, we may consider this to be a reasonable basis for requesting a change in
the engagement. However, if information is incorrect, incomplete or otherwise
unsatisfactory, we may not consider this to be a reasonable basis for requesting a
change in the engagement.
PSA 210.16
If the terms of the audit engagement are changed, the auditor and management shall agree
on and record the new terms of the engagement in an engagement letter or other suitable
from of written agreement.
600.46 For example, if the auditor is unable to obtain sufficient appropriate audit evidence
regarding receivables and management asks the auditor to change the engagement to a
review engagement to avoid a qualified audit opinion or a disclaimer of an opinion, the
auditor does not consider this a reasonable justification to change the terms of
engagement.
600.48 The engagement letter generally is silent regarding access to our working papers unless
we are specifically required to make them available. For example, regulatory authorities
who require access to working papers, in which case the engagement letter conforms to
those requirements.
600.49 The engagement partner signs or approves the engagement letter to indicate his overall
responsibility over the audit. The client’s acceptance and approval of the engagement
letter shall be obtained before the commencement of the audit, to avoid
misunderstanding and confusion of the terms and conditions of the engagement.
600.50 The letter has to be addressed to the entity that engages the auditor and is marked for
the attention of the client official (such as Chief Executive Officer or chairman of the
audit committee) or group (such as, board of directors or audit committee) responsible
for engaging the services of the auditor. For multi-location audits separate engagement
letters may be required for some or all of the components.
600.51 The auditor obtains written confirmation of the terms of the audit, generally by asking
the client to sign and return a copy of the engagement letter. In case it is a recurring
audit, a letter may be sent to the client to re-consider the engagement for the
succeeding audits.
600.52 As part of the auditor’s administrative tasks over audit engagements, the Firm needs to
implement policies to prevent conflict of interest and ensure compliance with auditing
standards and code of ethics in the audit of financial statements of clients.
600.53 Also, it is part of an effective risk management program to succeed as a professional
services organization to keep professional practice staff and other members of the Firm
understand and implement the Firm’s policies on the following:
▪ Independence
▪ Professional ethics
▪ Professional skepticism
Independence
600.54 Each auditor is required to affirm his or her independence at the time of employment
and annually thereafter. He should report apparent independence violations involving
him, his spouse, and dependents and the corrective action taken or proposed to be
taken on a timely basis when identified.
600.55 As required by independence rules, generally, the auditor personnel are not permitted
to serve an organization or entity included in the auditor’s restricted entity list as a
director, officer, voting trustee, employee, adviser, promoter, or underwriter or in any
other capacity that might raise questions as to the auditor’s present or future
independence.
600.56 Certain factors that are evaluated to determine impairment of independence are:
▪ Financial interests
▪ Personal or employment relationships
▪ Other auditor services conflicting with audit engagements
▪ Past due fees from client
600.57 We should comply with the "Philippine Code of Ethics for Professional Accountants" at
all times.
600.58 In addition to independence which is maintained by all professional staff of the Firm, the
ethical principles governing our professional responsibilities include:
▪ Integrity - We are straightforward and honest in performing our professional
services.
▪ Objectivity - We are fair and do not allow prejudice or bias, conflict of interest or
influence of others to override our objectivity.
▪ Professional competence and due care - We plan and perform our work and
prepare our report with due care, competence and diligence.
Professional Skepticism
600.59 The auditor shall plan and perform an audit with professional skepticism recognizing
that circumstances may exist that cause the financial statements to be materially
misstated. [PSA 200.15]
600.60 The auditor shall exercise professional judgment in planning and performing an audit
of financial statements [PSA 200.16]
600.61 Professional skepticism includes being alert to the following: [PSA 200.A18]:
▪ Audit evidence that contradicts other audit evidence obtained
▪ Information that brings into question the reliability of documents and responses to
inquiries to be used as audit evidence
▪ Conditions that may indicate possible fraud
▪ Circumstances that suggest the need for audit procedures in addition to those
required the auditing standards
600.62 Maintaining professional skepticism throughout the audit is necessary so that the
auditor can reduce the risks of
▪ Overlooking unusual circumstances
▪ Over generalizing when drawing conclusions from audit observations
▪ Using inappropriate assumptions in determining the nature, timing, and extent of
the audit procedures and evaluating the results thereof
600.63 When we plan our audit, we consider management's integrity and the likely effect on
the financial statements. For example, we consider the reasons for, and implications of,
conditions such as:
▪ Transactions selected for testing are not supported by proper documentation or are
not appropriately authorized.
▪ Supporting records or files, which should be readily available, are not promptly
produced when requested.
▪ Audit procedures detect errors apparently known to entity personnel, but not
voluntarily disclosed to us.
600.64 When such conditions exist, we reconsider the planned audit procedures and may apply
additional or other audit procedures focused on the condition observed. We consider
the number of differences from expectations or the frequency with which we are unable
Engagement Management 600 – 12
to obtain satisfactory explanations, when reconsidering the risk of significant
misstatement for related audit objectives.
600.65 Such conditions may also cause us to question management's integrity. If we are
concerned about management's integrity, we consider the risk that management may
intentionally distort the financial statements, perhaps through the manner in which
significant accounting policies are applied.
600.66 Accounting policies relating to revenue recognition, asset valuation, capitalization and
accounting estimates may be particularly prone to abuse because they involve judgment
or may be difficult to substantiate.
600.67 When our audit findings raise concerns about management's integrity, a fundamental
concern is to consider whether we can continue acting as auditor for the entity.
Resource management
600.69 When planning for each audit engagement, we ensure that the resources to be used
match the required level of effort that has to be spent. Significant aspect of the
resource to use in such engagements are people – professional staff.
600.70 The Firm attracts and retains talented people enough for the requirement of the
engagements or jobs. The Firm provides an environment in which people thrive, where
they want to stay, and where they can achieve their full potential. To achieve this
objective, the Firm’s Human resource Department takes on a vital role.
600.71 The Firm shall maintain and use a staff scheduling system that systematically considers
the allocation of the Firm’s human resource to the different audit and other related
services to be provided to the clients.
Briefing
600.72 The audit team leader (partner, manager, senior associate) conducts orientation
meetings, initially during planning, in accordance with the guidelines described in
Section 300 of this Manual on Audit Team Discussions, paragraphs 112 to 116, and
subsequently during the phasing of the audit process.
600.73 During the performance of the audit activities, we determine whether changes are
required in our timetable and/or overall audit plan. The audit team assesses whether
the objectives set during planning are still applicable.
Engagement Management 600 – 13
600.74 Corrective action includes changes in the timing and/or nature of the planned activities
as well as changes in resources. In these cases, the team leader conducts additional
briefing to communicate the required changes.
De-briefing
600.75 At the conclusion of the audit engagement, the team leader conducts a de-briefing
session with the audit team to determine whether the team:
▪ has complied with applicable Firm policies and other required activities for audits;
▪ has obtained sufficient appropriate audit evidence to form audit opinion;
▪ has delivered our audit report and other communications on a timely basis.
600.76 During this session, the team also seeks to identify best practice points and lessons
learnt and input them into an appropriate compilation of knowledge. Generally, the
team discusses:
▪ what went well in the audit
▪ what went not so well
▪ what were the benefits of the approach adopted
▪ what are the matters that need to be addressed in the next period's audit.
600.78 Proceedings and matters discussed in the debriefing session shall be documented and
approved by the team leader. The notes of debriefing meetings are discarded once the
relevant points have been incorporated into the planning of the following period's audit.
600.79 Part of managing an audit engagement is to allocate appropriately the staff resource
required of each client. The Firm maintains a client and staff scheduling system that
supports the Firm’s policy of allocation of staff resources to all audit and other
engagements considering the internal staff availability and urgency of the job
engagement.
600.80 To support such scheduling system for staff forecast on each audit client, the audit
senior associate needs to prepare the staff assignment forecast. The staff forecast
should be supported by the Audit Budget before such is submitted to the designated
Staff Scheduler for inclusion in the client and staff forecast database.
600.82 Audit assistants assigned to an audit engagement shall obtain sufficient knowledge of
the business to enable them to carry out the audit work delegated to them.
600.83 This is achieved by documenting the auditors’ knowledge of the entity in the business
understanding documents, risk analysis document and process analysis documents.
600.84 The following sections discusses the sources and type of information gathered for the
audit and how these are secured and shared, if required, with other parties other than
the engagement team concerned.
600.86 Auditors obtain much of the information from the entity through meetings with
management or other personnel. Sources of information from the client which are
necessary for the audit include:
▪ minutes of the meetings of the board of directors;
▪ organization charts that identify management and their areas of responsibility;
▪ key performance indicators monitored by management;
▪ strategic plans, including mission and objectives;
▪ operating plans and budgets;
▪ product, process and technology literature;
▪ key customer and vendor information;
▪ strategic business improvement initiatives planned or in progress.
600.87 With regard to the auditor’s knowledge bases, the following information may be
obtained:
▪ industry and country specific information
▪ general economic information
▪ best practices
▪ experience from other engagements.
PSA 230.2
Audit documentation that meets the requirements of PSA 230 and the specific documentation
requirements of other relevant PSAs provides:
a) Evidence of the auditor’s basis for a conclusion about the achievement of the overall
objective of the auditor; and
b) Evidence that the audit was planned and performed in accordance with PSAs and
applicable legal and regulatory requirements.
600.89 Working papers are records kept by the auditor of the procedures applied, and the tests
performed, the information obtained and the pertinent conclusions reached. Examples
include: schedules, transcripts, analyses, notes and other memoranda (including
computer files) prepared and accumulated in connection with an audit.
600.90 Managing the audit working papers is important in providing evidence that the audit
was performed appropriately (in relation to standards of auditing and other legal
requirements)
PSA 230.05
The objective of the auditor is to prepare documentation that provides:
a. A sufficient and appropriate record of the basis for the auditor’s report; and
b. Evidence that the audit was planned and performed in accordance with PSAs and
applicable legal and regulatory requirements.
600.91 Auditors design working papers to suit the needs of each audit, taking account of the
auditor’s policies and legal and professional requirements. Overall guidelines in
preparing the working papers are:
▪ use of standard working papers is recommended
▪ working papers should be clear and concise
▪ working papers use professional language
▪ all outstanding points are cleared to finalize the working papers
▪ discard review points once cleared.
600.92 The form and content of working papers are affected by matters such as the:
▪ Nature of the engagement.
▪ Nature of the audit procedures to be performed.
▪ Form of the auditor's report.
600.93 Also, to improve audit efficiency, the auditor may utilize schedules, analyses and other
documentation prepared by the entity. In such circumstances, the auditor would need
to be satisfied that those materials have been properly prepared.
600.95 The Firm shall adopt and use standard working papers to facilitate the audit supervision
and review while providing a means to control its quality. The auditors need to consider
the factors stated in statement 600.92 when applying the use of standard working
papers. While certain portion of the standard working paper may not be applicable to
certain clients, especially the small and owner-managed clients, the auditor need not
remove such portion but just to indicate that it is not applicable.
600.96 The table below lists standard working papers auditors may consider.
600.97 Audit working papers may be printed or retained electronically. To determine that
electronic documents are maintained by the one who is conversant with the contents of
the document and that extraneous information is not being retained, the following
guidance applies to electronic media:
600.98 Well organized working papers facilitate the review of the audit and provide efficient
access to audit evidence supporting the audit conclusion. Much of audit working papers
apply to either the period under audit or to one period to the next. As such, working
papers may be grouped generally into current files and permanent files,
correspondingly.
600.99 In the case of recurring audits, some working paper files may be classified as
"permanent" audit files which are updated with new information of continuing
importance, as distinct from current audit files which contain information relating
primarily to the audit of a single period.
Current files
600.100 Current files contain working papers relating primarily to the audit of a specific period.
Each period's current audit working papers include all the appropriate information
needed to support the opinion for specific audit.
600.101 These working papers may need to be newly created each period, or they may be
continuous, updating working papers from the prior period. If information is brought
forward, we retain a copy on the previous audit current file. For example, analytical
procedures, analyses of trends and ratios, calculations of important accounting
estimates.
600.103 When we issue our audit opinion we retain a copy of current working papers that
support our opinion. Where these working papers may be useful for the succeeding
period's audit, we retain a copy as of the date of our audit report. We then update the
original during the succeeding period's audit.
Engagement Management 600 – 20
Permanent files
600.104 These continuing use working papers do not need to be recreated each period. Instead,
we update them, primarily by adding new information and by discarding information
that is no longer relevant. Permanent files usually consist of working papers and
documents relating to or containing:
▪ Information concerning the legal and organizational structure of the entity.
▪ Extracts or copies of important legal documents, agreements and minutes.
▪ Information concerning the industry, economic environment and legislative
environment within which the entity operates and any updates thereto.
▪ audit programs template as tailored to specific audit engagement and any changes
thereto.
▪ Evidence of the auditor's understanding of the accounting and internal control
systems and any changes thereto.
Report files
600.105 To better organize the working papers and facilitate access to these, it may be
recommended that a separate file for reports related to an engagement be maintained.
This file may contain the following:
▪ Auditor’s report and audited financial statements
▪ Report on the review of internal control system, if required as part of the audit
▪ Management report
▪ Other reports issued in relation to the audit engagement
Other files
600.106 All other working papers used by the audit team that may not be classified under the
above grouping may be filed under other files. Most of the documents included in this
file are engagement administration and management related files.
600.107 In order to facilitate the access to and review of working papers, the auditor implements
a standard working paper indexing system. Such system also allows common
understanding to all members of the audit team and the audit division staff when
locating for specific files in the working papers.
600.108 The standard working papers indexing system recommends the following as the
standard index numbers when indexing working papers.
Planning P
Trial Balance TB
Cash A-10
Receivables A-20
Inventory A-30
Revenue R-10
600.109 We should adopt appropriate procedures for maintaining the confidentiality and safe
custody of the working papers and for retaining them for a period sufficient to meet the
needs of the practice and in accordance with legal and professional requirements or
record retention.
600.111 The engagement partner considers requests to provide working papers or other
documents for inspection. We provide access to working papers only with the prior
approval of the engagement partner.
600.112 In considering a request, the engagement partner may decide to consult with the
Practice Risk Manager or a designated firm officer before deciding which working papers
may be inspected.
600.114 We retain control at all times over our own working papers and documents. If we
permit a third party to inspect our working papers, a representative of the firm usually
supervises the review.
600.115 If a client requests access to or copies of our audit working papers, we apply the
following guidelines:
▪ we may provide copies of audit working papers to clients at the discretion of the
engagement partner after considering the reasons for the request and the likely use
of the copies;
▪ except in unusual circumstances, we do not give audit programs to client personnel
other than internal auditing, and then only to the extent necessary to facilitate their
involvement with the audit.
600.116 The effectiveness of an audit in which each auditor is jointly and severally responsible
for the whole audit depends on co-operation and communication between the joint
auditors. Generally, we permit joint auditors full access to review working papers.
600.117 When we audit the financial statements of a subsidiary or related entity, the principal
auditors may wish to consult us. In some countries, there are statutory or professional
obligations for other auditors to comply with requests for information from principal
auditors. If there is a statutory requirement, we comply with it and as a matter of
600.118 Where we are the auditors of a related entity, we may wish to obtain an
acknowledgement by the principal auditor that they acquire no rights against us as a
result of gaining access to our working papers.
600.119 When another auditor replaces the current auditor, the current auditor may receive a
request to permit the successor auditors to review his/her working papers. The current
auditor considers these requests and may grant access, provided the client gives
permission to do so, in writing.
600.120 The current auditor also obtain the successor auditors' agreement and acceptance of a
letter that states:
▪ the purpose and limitations of the successor auditors' review;
▪ that the successor auditors will not provide specialist testimony or provide litigation
support services concerning the quality of our audit.
600.121 Generally, the letter also addresses the limits on the successor auditors' ability to use
the current auditor’s working papers as audit evidence and the successor auditors'
obligations regarding copies or information otherwise derived from the current
auditor’s working papers. The current auditor provides a copy of this letter to the
former client.
600.122 The engagement partner decides the extent to which working papers are made
available. Generally, the current auditor responds to the successor auditors' specific
enquiries and make available working papers relating to matters of continuing
accounting significance.
600.123 Certain working papers concerning the conduct of the audit, such as those relating to
the assessments of the risk of a significant misstatement and audit program, do not
generally contain information of continuing accounting significance. Successor auditors
are professionally responsible for forming their own judgments about the risk of a
significant misstatement occurring and selecting appropriate audit procedures. They are
not entitled to substitute the current auditor judgment for their own. Consequently,
the current auditor do not generally make available working papers relating to these
aspects.
600.124 Access need not include information related to engagement administration, such as
administrative materials, time summaries, interoffice arrangements and billing
information. The current auditor resolves problems with the former client, such as
unpaid fees, before giving the successor auditors access to our working papers.
600.125 As a general guideline, auditors are discouraged from photocopying, although the
reviewers are free to make notes. If the engagement partner permits photocopying, the
firm’s representative controls it, reviewing the working papers before they are copied.
600.126 Auditors do not allow copying of working papers related to the performance of the audit
work, such as:
▪ audit programs;
▪ the working papers that express conclusions, judgments, and explain annotations
and similar working papers;
▪ documents relating to computer assisted audit techniques, such as record layouts of
an entity's files, listings of file interrogation programs and printouts;
▪ documents relating to non-audit services.
600.127 Regulators may also request photocopies of working papers. Auditors generally provide
regulators with photocopies of working papers that are pertinent to the objectives of
their review. If photocopies are provided, they are generally marked to request
confidential treatment by the regulator.
600.128 Auditors generally do not provide photocopies of working papers to other third parties.
Auditors may, at the client's request, provide copies of client documents that are more
readily obtained from our working papers.
600.129 Auditors do not generally supply copies of the client's documents to successor auditors,
who may obtain them directly from the client.
PSA 230.14
The auditor shall assemble the audit documentation in an audit file and complete the
administrative process of assembling the final audit file on a timely basis after the date of the
auditor’s report.
PSA 230.A21
An appropriate time limit within which to complete the assembly of the final audit file is
ordinarily not more that 60 days after the date of the auditor’s report.
PSA 230.A22
The completion of the assembly of the final audit file after the date of the auditor’s report is an
administrative process that does not involve the performance of new audit procedures or the
drawing of new conclusions. Changes may, however, be made to the audit documentation
during the final assembly process if they are administrative in nature.
PSA 230.A23
PSQC No. 1 requires firms to establish policies and procedures for the retention of
engagement documentation. The retention period for audit engagement ordinarily is not
shorter than five years from the date of the auditor’s report, or, if later, the date of the group
auditor’s report.
700.1 A system of quality control consists of policies designed to provide reasonable assurance
that engagements are performed in accordance professional standards, and the
procedures necessary to implement and monitor compliance with those policies.
700.2 The objective of the auditor is to implement quality control procedures at the
engagement level that provide the auditor with reasonable assurance that:
▪ The audit complies with professional standards and applicable legal and regulatory
requirements; and
▪ The auditor’s report issued is appropriate in the circumstances.
700.3 Within the context of the firm’s system of quality control, audit engagement teams have
a responsibility to implement quality control procedures that are applicable to the audit
engagement and provide the firm with relevant information to enable the functioning of
that part of the firm’s system of quality control relating to independence.
700.4 Engagement teams are entitled to rely on the firm’s system of quality control, unless
information provided by the firm or other parties suggests otherwise.
Quality control
700.5 The firm shall ensure that it fully complies with the quality control requirements as
stipulated in PSQC 1 and PSA220. Each partner and each of the firm’s personnel has a
personal responsibility for quality and is expected to comply with the firm’s
requirements in respect to quality as stipulated in this Manual and those stipulated in
PSQC 1 and PSA 220.
700.6 The firm should establish a system of quality control designed to provide it with
reasonable assurance that:
▪ the firm and its personnel comply with professional standards and regulatory and
legal requirements, and
▪ that reports issued by the firm or engagement partners are appropriate in the
circumstances.
700.8 The Firm promotes an internal culture based on the recognition that quality is essential
in performing engagements. The firm’s managing board of partners, assumes ultimate
responsibility for the firm’s system of quality control.
700.9 The firm shall achieve quality in all the engagements that the firm performs. Promoting
such an internal culture includes: (PSQC1. A5)
700.10 The firm’s leadership and the examples it sets significantly influence the internal culture
of the firm. The promotion of a quality-oriented internal culture depends on clear,
consistent and frequent actions and messages from all levels of the firm’s management
emphasizing the firm’s quality control policies and procedures.
700.11 The Firm’s policies and procedures are designed to provide reasonable assurance that
the firm and its personnel comply with relevant ethical requirements. Emphasis is made
on the fundamental principles, which are reinforced in particular by the leadership of
the firm, education and training, monitoring, and a process for dealing with non-
compliance.
Independence Requirements
700.12 The Firm’s policies and procedures are designed to provide reasonable assurance that
the firm, its personnel and, where applicable, others subject to independence
700.13 At least annually, the firm shall obtain written confirmation of compliance with its
policies and procedures on independence from all firm personnel required to be
independent by the Code and national ethical requirements. Written confirmation may
be in paper or electronic form.
Familiarity Threats
PSQC1.25
The firm shall establish policies and procedures:
a) Setting out criteria for determining the need for safeguards to reduce the familiarity threat
to an acceptable level when using the same senior personnel on an assurance engagement
over a long period of item; and
b) Requiring, for audits of financial statements of listed entities, the rotation of the
engagement partner and the individuals responsible for engagement quality control
review, and, where applicable, others subject to rotation requirements, after a specified
period in compliance with relevant ethical requirements.
700.14 A familiarity threat occurs when, by virtue of a close relationship with an assurance
client, its directors, officers or employees, a firm or a member of the assurance team
becomes too sympathetic to the client’s interests.
700.15 The Firm sets out criteria for determining the need for safeguards to reduce familiarity
threats to an acceptable level when using the same senior personnel on an assurance
engagement over a long period of time; and the rotation of the engagement partner
after a specified period.
700.16 The Firm’s policies and procedures for the acceptance and continuance of client
relationships and specific engagements are designed to provide the Firm with
reasonable assurance that it will only undertake or continue relationships and
engagements where it:
▪ Has considered the integrity of the client and does not have information that would
lead it to conclude that the client lacks integrity;
▪ Is competent to perform the engagement and has the capabilities, time and
resources to do so; and
▪ Can comply with ethical requirements.
700.18 Matters that the Firm considers regarding client integrity include:
▪ Identity and business reputation of the client’s principal owners, key management,
related parties and those charged with its governance.
▪ The nature of the client’s operations, including its business practices.
▪ Information concerning the attitude of the client’s principal owners, key
management and those charged with its governance towards such matters as
aggressive interpretation of accounting standards and the internal control
environment.
▪ Whether the client is aggressively concerned with maintaining the firm’s fees as low
as possible.
▪ Indications of an inappropriate limitation in the scope of work.
▪ Indications that the client might be involved in money laundering or other criminal
activities.
700.19 In considering whether the firm has the capabilities, competence, time and resources to
undertake a new engagement from a new or an existing client, the firm reviews the
specific requirements of the engagement and existing partner and staff profiles at all
relevant levels.
700.20 Some factors to consider in determining Firm capability, competence, time and
resources include:
▪ Firm personnel knowledge of relevant industries or subject matters, and experience
with relevant regulatory or reporting requirements, or the ability to gain the
necessary skills and knowledge effectively;
▪ Sufficient personnel with the necessary capabilities and competence;
▪ Experts are available, if needed;
▪ Individuals meeting the criteria and eligibility requirements to perform engagement
quality control review are available, where applicable; and
▪ Ability to complete the engagement within the reporting deadline
700.21 Where the Firm obtains information that would have caused it to decline an
engagement if that information had been available earlier, the Firm should consider the
following:
▪ applicable professional and legal responsibilities, including whether there is a
requirement for the Firm to report to the person or persons who made the
appointment or, in some cases, to regulatory authorities; and
▪ the possibility of withdrawing from the engagement or from both the engagement
and the client relationship.
700.22 Policies and procedures on withdrawal from an engagement or from both the
engagement and the client relationship shall include the following:
a. Discussing with the appropriate level of the client’s management and those charged
with its governance regarding the appropriate action that the Firm might take based
on the relevant facts and circumstances.
b. If the Firm determines that it is appropriate to withdraw, discussing with the
appropriate level of the client’s management and those charged with its governance
withdrawal from the engagement or from both the engagement and the client
relationship, and the reasons for the withdrawal.
c. Considering whether there is a professional, regulatory or legal requirement for the
Firm to remain in place, or for the Firm to report the withdrawal from the
engagement, or from both the engagement and the client relationship, together
with the reasons for the withdrawal, to regulatory authorities.
d. Documenting significant issues, consultations, conclusions and the basis for the
conclusions.
Human Resources
700.23 The Firm’s policies and procedures are designed to provide the Firm with reasonable
assurance regarding sufficiency of personnel with the capabilities, competence, and
commitment to applicable ethical principles.
700.24 The policies and procedures address the following personnel issues: recruitment,
performance evaluation, capabilities, competence, career development, promotion,
compensation; and the estimation of personnel needs. (PSQC1.A24)
700.25 The Firm emphasizes in its policies and procedures the need for continuing training for
all levels of Firm personnel, and provides the necessary training resources and
assistance to enable personnel to develop and maintain the required capabilities and
competence.
Performance Evaluation
700.26 The Firm’s performance evaluation, compensation and promotion procedures give due
recognition and reward to the development and maintenance of competence and
commitment to ethical principles.
700.28 The Firm should assign responsibility for each engagement to an engagement partner.
700.29 The Firm’s policies and procedures on assignment of engagement teams require that:
▪ The identity and role of the engagement partner should be communicated to key
members of client management and those charged with governance.
▪ The engagement partner should have the appropriate capabilities, competence,
authority and time to perform the role.
▪ The responsibilities of the engagement partner should be clearly defined and
communicated to that partner.
▪ The firm should assign appropriate staff with the necessary capabilities, competence
and time to perform engagements in accordance with professional standards and
regulatory and legal requirements, and to enable the firm or engagement partners
to issue reports that are appropriate in the circumstances.
▪ The capabilities and competence are considered when assigning engagement teams,
and in determining the level of supervision required.
Engagement Performance
700.30 The Firm shall establish consistency in the quality of engagement performance. This is
often accomplished through written or electronic manuals, software tools or other
forms of standardized documentation, and industry or subject matter-specific guidance
materials.
Consultation
700.32 The Firm’s policies and procedures are designed to provide the firm with reasonable
assurance that:
▪ Appropriate consultation takes place on difficult or contentious matters;
700.33 Consultation includes discussion, at the appropriate professional level, with individuals
within or outside the firm who have specialized expertise, to resolve a difficult or
contentious matter. Consultation uses appropriate research resources as well as the
collective experience and technical expertise of the firm. Consultation helps to promote
quality and improves the application of professional judgment.
700.34 The Firm seeks to establish a culture in which consultation is recognized as a strength
and encourages personnel to consult on difficult or contentious matters. Those
consulted should be given all the relevant facts that will enable them to provide
informed advice on technical, ethical or other matters.
700.35 Consultation should be with those having appropriate knowledge, seniority and
experience within the firm (or, where applicable, outside the firm) on significant
technical, ethical and other matters.
External consultants
700.36 A Firm needing to consult externally, may take advantage of advisory services provided
by other firms, professional and regulatory bodies, or commercial organizations that
provide relevant quality control services. Before contracting for such services, the Firm
considers whether the external provider is suitably qualified for that purpose.
Documentation of Consultations
Differences of Opinion
700.38 There shall be policies and procedures for dealing with and resolving differences of
opinion within the engagement team, with those consulted and, where applicable,
between the engagement partner and the engagement quality control reviewer.
Conclusions reached should be documented and implemented.
700.39 There shall be policies and procedures that would encourage identification of
differences of opinion at an early stage, provide clear guidelines as to the successive
steps to be taken thereafter, and require documentation regarding the resolution of the
differences and the implementation of the conclusions reached. The report should not
be issued until the matter is resolved.
700.40 Supervision and review responsibilities are determined on the basis that more
experienced engagement team members, including the engagement partner, supervise
and review the work performed by less experienced team members.
Review
700.42 Work performed is reviewed by a team member who is generally senior to the preparer,
to consider whether:
▪ the work has been performed according to the plan;
▪ the work performed and the results obtained have been adequately documented;
▪ all important audit matters have been resolved or are reflected in audit conclusions;
▪ the objectives of the audit procedures have been achieved;
▪ the conclusions expressed are consistent with the results of the work performed
and support the audit opinion.
700.43 The output of the audit activities are documented in the working papers for each audit
engagement. The review and supervision activities in such audits are also documented
in the working papers or alternative documentations. The review aims to accomplish
the following:
▪ support the opinion on the financial statements
▪ show that the audit complies with professional and Firm’s requirements
700.44 Someone other than the preparer reviews the working papers. Working papers subject
to review include those maintained solely on computer media. The reviewer, who is
generally senior to the preparer, considers a variety of matters including whether:
▪ the audit work has been performed in accordance with our Firm’s policies and
professional standards;
▪ the objectives of the audit procedures are achieved and conclusions expressed are
consistent with the results of the audit work performed and support the audit
opinion on the financial statements;
700.45 The engagement partner is responsible for reviewing audit working papers relating to
critical audit objectives. The manager is responsible for the review of the work
performed. In case the working papers were already reviewed by the audit in-charge,
the manager's review may be limited to the extent reliance could be placed on the in-
charge capability and experience.
700.46 Reviews are generally more effective, result in more efficient follow-up and improve
communication with management if they are performed at the entity's premises and
done continuously throughout the audit and promptly upon completion of the audit
work.
700.47 Reviewers may write down questions, for example, about work performed or
documentation of the work, to facilitate follow-up. We document follow-up procedures
in the relevant working paper.
700.48 Completed working papers are self-sufficient without reference to reviewers' questions.
They contain neither pending matters nor reviewers' notes. Points raised during the
review of working papers are cleared, and where appropriate, the working papers are
revised. Review notes are not retained after the audit report has been signed.
700.49 Differences of opinion may arise between people involved in an audit engagement due
to the extent of professional judgment required in the resolution of complex accounting
and auditing issues. Such differences of opinion may be resolved by consulting a team
member who is generally at a higher level of responsibility.
700.50 If the manager and engagement partner disagree, the concurring reviewer and/or other
designated partner, such as the Practice Risk Management Partner or designee is
consulted.
700.52 An engagement quality control review is required for all audits of financial statements of
listed entities.
700.53 The Firm’s policies and procedures shall require the completion of the engagement
quality control review before the report is issued.
700.55 Criteria that a firm considers when determining which engagements other than audits of
financial statements of listed entities are to be subject to an engagement quality control
review include the following: (PSQC1.A41)
▪ The nature of the engagement, including the extent to which it involves a matter of
public interest.
▪ The identification of unusual circumstances or risks in an engagement or class of
engagements.
▪ Whether laws or regulations require an engagement quality control review.
700.57 An engagement quality control review ordinarily involves discussion with the
engagement partner, a review of the financial statements or other subject matter
information and the report, and, in particular, consideration of whether the report is
appropriate.
700.58 It also involves a review of selected working papers relating to the significant judgments
the engagement team made and the conclusions they reached.
700.59 The extent of the review depends on the complexity of the engagement and the risk
that the report might not be appropriate in the circumstances. The review does not
reduce the responsibilities of the engagement partner.
700.60 The engagement quality control reviewer conducts the review in a timely manner at
appropriate stages during the engagement so that significant matters may be promptly
resolved to the reviewer’s satisfaction before the report is issued.
700.61 Where the engagement quality control reviewer makes recommendations that the
engagement partner does not accept and the matter is not resolved to the reviewer’s
satisfaction, the report is not issued until the matter is resolved by following the firm’s
procedures for dealing with differences of opinion.
700.62 The Firm’s policies and procedures should address the appointment of engagement
quality control reviewers and establish their eligibility through the technical
qualifications required to perform the role, including the necessary experience and
authority and the degree to which an engagement quality control reviewer can be
consulted on the engagement without compromising the reviewer’s objectivity.
700.63 The Firm’s policies and procedures on the technical qualifications of engagement quality
control reviewers address the technical expertise, experience and authority necessary to
perform the role.
700.64 The engagement quality control reviewer for an audit of the financial statements of a
listed entity is an individual with sufficient and appropriate experience and authority to
act as an audit engagement partner on audits of financial statements of listed entities.
Sufficient and appropriate technical expertise, experience and authority depends on the
circumstances of the engagement.
700.65 The Firm’s policies and procedures are designed to maintain the objectivity of the
engagement quality control reviewer.
700.66 The engagement quality control reviewer is not selected by the engagement partner
and does not otherwise participate in the engagement during the period of review;
700.67 The engagement quality control reviewer does not make decisions for the engagement
team; and is not subject to other considerations that would threaten the reviewer’s
objectivity.
700.68 The engagement partner may consult with the engagement quality control reviewer
during the engagement. Such consultation need not compromise the engagement
quality control reviewer’s eligibility to perform the role.
700.69 Where the nature and extent of the consultations become significant, however, care is
taken by both the engagement team and the reviewer to maintain the reviewer’s
objectivity. Where this is not possible, another individual within the firm or a suitably
qualified external person is appointed to take on the role of either the engagement
quality control reviewer or the person to be consulted on the engagement.
700.71 Suitably qualified external persons may be contracted where sole practitioners or small
firms identify engagements requiring engagement quality control reviews.
Alternatively, some sole practitioners or small firms may wish to use other firms to
facilitate engagement quality control reviews.
700.72 The Firm should establish policies and procedures for engagement teams to complete
the assembly of final engagement files on a timely basis after the engagement reports
have been finalized.
700.73 Law or regulation may prescribe the time limits by which the assembly of final
engagement files for specific types of engagement should be completed. Where no such
time limits are prescribed in law or regulation, the firm establishes time limits
appropriate to the nature of the engagements that reflect the need to complete the
assembly of final engagement files on a timely basis.
700.74 In the case of an audit, for example, such a time limit is ordinarily not more than 60 days
after the date of the auditor’s report.
700.75 Where two or more different reports are issued in respect of the same subject matter
information of an entity, the firm’s policies and procedures relating to time limits for the
assembly of final engagement files address each report as if it were for a separate
engagement.
700.76 The Firm’s policies and procedures are designed to maintain the confidentiality, safe
custody, integrity, accessibility and retrievability of engagement documentation.
700.77 The Firm’s personnel must observe at all times the confidentiality of information
contained in engagement documentation, unless specific client authority has been given
to disclose information, or there is a legal or professional duty to do so.
700.80 For practical reasons, original paper documentation may be electronically scanned for
inclusion in engagement files. In that case, the Firm implements appropriate procedures
requiring engagement teams to:
▪ Generate scanned copies that reflect the entire content of the original paper
documentation, including manual signatures, cross-references and annotations;
▪ Integrate the scanned copies into the engagement files, including indexing and
signing off on the scanned copies as necessary; and
▪ Enable the scanned copies to be retrieved and printed as necessary.
700.81 The Firm’s policies and procedures for the retention of engagement documentation for
a period shall be sufficient to meet the needs of the firm or as required by law or
regulation.
700.82 The needs of the Firm for retention of engagement documentation, and the period of
such retention, will vary with the nature of the engagement and the firm’s
circumstances, for example, whether the engagement documentation is needed to
provide a record of matters of continuing significance to future engagements.
700.83 The retention period may also depend on other factors, such as whether local law or
regulation prescribes specific retention periods for certain types of engagements, or
whether there are specific legal or regulatory requirements.
700.84 In the specific case of audit engagements, the retention period ordinarily is no shorter
than seven years from the date of the auditor’s report, or, if later, the date of the group
auditor’s report.
700.87 All working papers, schedules and memoranda made by members of the audit team in
the course of an examination, including those prepared and submitted by the client,
incident to or in the course of an examination, by any member of the audit team, except
reports submitted by the auditor to a client shall be treated confidential and privileged
and remain the property of the auditor in the absence of a written agreement between
the auditor and the client, to the contrary, unless such documents are required to be
produced through subpoena issued by any court, tribunal, or government regulatory or
administrative body.
700.88 The Firm’s policies and procedures shall be designed to provide it with reasonable
assurance that the policies and procedures relating to the system of quality control are
relevant, adequate, operating effectively and complied with in practice.
700.89 Such policies and procedures should include an ongoing consideration and evaluation of
the firm’s system of quality control, including a periodic inspection of a selection of
completed engagements.
700.90 The purpose of monitoring compliance with quality control policies and procedures is to
provide an evaluation of:
▪ Adherence to professional standards and regulatory and legal requirements;
▪ Whether the quality control system has been appropriately designed and effectively
implemented; and
▪ Whether the firm’s quality control policies and procedures have been engagement
partners are appropriate in the circumstances.
700.92 Monitoring of the firm’s system of quality control is performed by competent individuals
and covers both the appropriateness of the design and the effectiveness of the
operation of the system of quality control.
Inspections
700.94 The manner in which the inspection cycle is organized, including the timing of selection
of individual engagements, depends on many factors, which include:
▪ The size of the firm.
▪ The number and geographical location of offices.
▪ The results of previous monitoring procedures.
▪ The degree of authority both personnel and offices have (for example, whether
individual offices are authorized to conduct their own inspections or whether only
the head office may conduct them).
▪ The nature and complexity of the firm’s practice and organization.
▪ The risks associated with the firm’s clients and specific engagements.
700.95 The inspection process includes the selection of individual engagements, some of which
may be selected without prior notification to the engagement team.
700.96 In determining the scope of the inspections, the firm may take into account the scope or
conclusions of an independent external inspection program. However, an independent
external inspection program does not act as a substitute for the firm’s own internal
monitoring program.
700.97 The Firm shall evaluate the effect of deficiencies noted as a result of the monitoring
process and shall determine whether they are either:
a. Instances that do not necessarily indicate that the firm’s system of quality control is
insufficient to provide it with reasonable assurance that it complies with
professional standards and regulatory and legal requirements, and that the reports
issued by the firm or engagement partners are appropriate in the circumstances; or
b. Systemic, repetitive or other significant deficiencies that require prompt corrective
action.
700.99 Where the results of the monitoring procedures indicate that a report may be
inappropriate or that procedures were omitted during the performance of the
engagement, the Firm should determine what further action is appropriate to comply
with relevant professional standards and regulatory and legal requirements. It should
also consider obtaining legal advice.
700.100 At least annually, the firm shall communicate the results of the monitoring of its
quality control system to engagement partners and other appropriate individuals within
the Firm, including the Firm’s Managing Board of Partners.
700.101 Such communication shall enable the Firm and these individuals to take prompt and
appropriate action where necessary in accordance with their defined roles and
responsibilities.
700.103 The reporting of identified deficiencies to individuals other than the relevant
engagement partners ordinarily does not include an identification of the specific
engagements concerned, unless such identification is necessary for the proper discharge
of the responsibilities of the individuals other than the engagement partners.
700.104 The Firm shall establish policies and procedures designed to provide the Firm with
reasonable assurance that it deals appropriately with:
a. Complaints and allegations that the work performed by the Firm fails to comply with
professional standards and regulatory and legal requirements; and
b. Allegations of non-compliance with the firm’s system of quality control.
700.105 Complaints and allegations (which do not include those that are clearly frivolous) may
originate from within or outside the Firm. They may be made by Firm personnel, clients
or other third parties. They may be received by engagement team members or other
firm personnel.
700.107 The Firm investigates such complaints and allegations in accordance with established
policies and procedures. The investigation is supervised by a partner with sufficient and
appropriate experience and authority within the Firm but who is not otherwise involved
in the engagement, and includes involving legal counsel as necessary.
700.108 In cases where resources are limited, the Firm uses the services of a suitably qualified
external person or another firm to carry out the investigation. Complaints, allegations
and the responses to them are documented.
700.109 Where the results of the investigations indicate deficiencies in the design or operation
of the Firm’s quality control policies and procedures, or noncompliance with the Firm’s
system of quality control by an individual or individuals, the Firm takes appropriate
action.
Documentation
700.110 The Firm’s policies and procedures require appropriate documentation to provide
evidence of the operation of each element of its system of quality control.
700.111 How such matters are documented is the Firm’s decision. Factors considered when
determining the form and content of documentation evidencing the operation of each
of the elements of the system of quality control include the following:
▪ The size of the firm and the number of offices.
▪ The degree of authority both personnel and offices have.
▪ The nature and complexity of the firm’s practice and organization.
700.112 The Firm retains this documentation for a period of time sufficient to permit those
performing monitoring procedures to evaluate the Firm’s compliance with its system of
quality control, or for a longer period if required by law or regulation.
See Exhibit 700 – 01 for IFAC’s Guide to Quality Control for Small-and Medium-Sized Practices
This publication may be downloaded from the IFAC website:
http://www.ifac.org.
The approved text is published in the English language.
LIST OF EXHIBITS
Exhibit 700 – 01 IFAC’s Guide to Quality Control for Small-and Medium-Sized Practices
Objective: This checklist sets out the items required to be considered in developing the audit strategy.
WP
Factor to Consider Comment
Ref
The financial reporting framework on which
the financial information to be audited has
been prepared, including any need for
reconciliations to another financial reporting
framework.
Industry-specific reporting requirements such
as reports mandated by industry regulators.
The expected audit coverage, including the
number and locations of components to be
included.
The nature of the control relationships
between a parent and its components that
determine how the group is to be
consolidated.
The extent to which components are audited
by other auditors.
The nature of the business segments to be
audited, including the need for specialized
knowledge.
The reporting currency to be used, including
any need for currency translation for the
financial information audited.
The need for a statutory audit of standalone
financial statements in addition to an audit for
consolidation purposes.
The availability of the work of internal auditors
and the extent of the auditor’s potential
reliance on such work.
The entity’s use of service organizations and
how the auditor may obtain evidence
concerning the design or operation of controls
performed by them.
The effect of information technology on the
audit procedures, including the availability of
WP
Factor to Consider Comment
Ref
The coordination of the expected coverage and
timing of the audit work with any reviews of
interim financial information and the effect on
the audit of the information obtained during
such reviews.
The discussion of matters that may affect the
audit with firm personnel responsible for
performing other services to the entity.
The availability of client personnel and data.
The entity’s timetable for reporting with
government agencies, those charged with
governance, and the audit committee, such as
at interim and final stages of the audit.
The organization of meetings with
management and those charged with
governance to discuss the nature, extent and
timing of the audit work.
The discussion with management and those
charged with governance regarding the
expected type and timing of reports to be
issued and other communications, both
written and oral, including the auditor’s report,
management letters and communications to
those charged with governance.
Communication with auditors of components
regarding the expected types and timing of
reports to be issued and other communications
in connection with the audit of components.
The expected nature and timing of
communications among engagement team
members, including the nature and timing of
team meetings and timing of the review of
work performed.
WP
Factor to Consider Comment
Ref
Evidence of management’s commitment to the
design and operation of sound internal control,
including evidence of appropriate
documentation of such internal control.
Volume of transactions, which may determine
whether it is more efficient for the auditor to
rely on internal control.
Importance attached to internal control
throughout the entity to the successful
operation of the business.
Significant business developments affecting
the entity, including changes in information
technology and business processes, changes in
key management, and acquisitions, mergers
and divestments.
Significant industry developments such as
changes in industry regulations and new
reporting requirements.
Significant changes in the financial reporting
framework, such as changes in accounting
standards.
Other significant relevant developments, such
as changes in the legal environment affecting
the entity.
Assessment of prior year audit issues including
audit adjustments.
Terms of engagement
Summarize below the pertinent terms and details under the letter of engagement dated _____________:
The terms of engagement require the team to carry out an audit of financial statements and express an
opinion on whether the financial statements comply, in all material respects, with
____________________ (indicate financial reporting framework, such as PFRS).
Indicate below the recent developments in accounting standards which may impact the engagement:
Indicate any additional matters to be included in the scope of the engagement. For accounting and tax
matters, ensure that the firm is in compliance with independence requirements. Consider also the review
of tax and correspondence files with the client.
Indicate also the nature of documents or other information to be issued together with the audited
financial statements, and the impact of these documents and other information on the audit engagement.
Indicate below the results of review of compliance with independence requirements with respect to the
client.
Summarize the results of obtaining an understanding of the entity and its regulatory environment,
including:
significant changes in industry conditions,
changes in the entity’s operations,
changes in governance structure,
changes in reporting, legal and regulatory requirements, and
changes in accounting and reporting systems
and their impact on the engagement.
Client-Specific Matters
In this section, summarize the details of points forward from prior period engagements, and the results
of review of prior year audit files and permanent files. Include also details of other entity-specific
matters which may have an effect on the engagement.
Extent on reliance on the work of internal audit, any other experts and other auditors and service
organisations
Where the client has internal auditors, or uses a service organization (BPO), indicate the extent of reliance
to be placed on the work of these entities. Where experts are to be engaged, include it also in the space
provided, identifying both the area/account where experts are required (i.e., inventories), and the
possible expert to be contracted (i.e., appraiser/statistician/lawyer).
Include also the nature and timing of reports including specific reporting requirements to regulators
Include in this section the tentative dates and coverage of special audit requirements, such as inventory
counts, multi-location audits, and external confirmations. Include also the consideration of going
concern assumption and specific written representations of management, and their impact on the audit
engagement.
Indicate in this section whether other auditors are involved in the engagement, the extent of
participation, and the agreed terms of coordination with these other auditors, including timetable for
completion of audits and dates of progress meetings.
Materiality
Indicate below the agreed audit materiality levels for this engagement.
Indicate below the results of procedures to identify and assess the risk of material misstatements,
including the risk of fraud and non-compliance with laws and regulations. Include the responses of the
team to the identified risks.
Indicate below the preliminary assessment on reliance on components of the client’s internal controls.
Audit Approach
(The team should state here the basis of the overall assessment based on the results of the previous
section, Consideration of Internal Control)
By selecting this approach, we expect to perform the following major audit procedures:
The selected major procedures supporting either of the approach will have to be stated below. For
example, if reliance approach is identified, the following major audit steps will be included:
Select key business processes
Identify process level controls
Test relevant controls
Perform substantive procedures to address remaining audit objectives after testing controls
Conclude on the audit and report to management results of the audit
Sampling Techniques
Indicate below the planned sampling methods and sample sizes, based on the audit approach to be
used.
Engagement Team
The audit team members, including the involved experts, assembled for the particular client’s audit will
be listed in the table below:
To be listed in the table show below are the different output expected to be derived by the audit team
from their work:
Objective: This checklist sets out the sources of information regarding understanding of the client and
its environment.
Instruction: Before approval of the audit plan, check if the following sources of understanding of the
entity and its environment have been considered, and cross-reference to the relevant working paper:
Discussion with legal and other advisers who provided services to the client
Within the firm [Department/Division: __________________________]
Outside the firm [Name of Law Firm or Consultant:___________________]
Discussion with knowledgeable people outside the entity (see Section 300.34)
Visits to the entity's premises and plant facilities [indicate dates: _________]
Example:
Objective: This checklist summarizes the information to be obtained regarding understanding of the
client and its environment.
Instruction: Fill out the required information on the spaces provided. Use a separate sheet where
necessary. This form should be reproduced in 2 copies: one included in the permanent file for further
update in future engagements, and another to be included in the current audit file.
GENERAL INFORMATION
Complete registered business
name
Date of incorporation
Registered office address
Banking and finance Insurance
Manufacturing Real-estate
Sector Trading/retailing Education
Service Other (please specify
Utilities ________________)
Private
Public, non-listed
Nature of ownership
Public, listed
Other (please specify ________________)
Primary business activities
1. _________________________________
2. _________________________________
Competitors (indicate position if
3. _________________________________
possible)
4. _________________________________
5. _________________________________
Organization Chart
Senior Management
Brief Description of Duties and
Complete Name Position Responsibilities
GENERAL OPERATIONS
Logistics
SALES: Describe the main or key products and services offered, the pricing policies of the client and also
the market segments serviced by the client.
PURCHASES: Describe the main or key sources of supply, the purchasing policies and patterns of the
client. Include also the market segments serviced by the client.
PRODUCTION: Describe below the key phases of the production process employed by the company in
coming up with the goods and services offered.
GENERAL OPERATIONS
GENERAL OPERATIONS
Major Customer Information
Name Estimated Annual Volume of WP Ref.
Transactions (%)
Attitudes
• Management has a known history of violations of laws and regulations,
or allegations of fraud.
• Management exhibits changes in behavior or lifestyle that may indicate
assets have been misappropriated.
• Senior managers demonstrate a poor ethical example (such as in
operating expense accounts and committing petty thefts, etc.).
Attitudes and
Rationalizations • Management has overridden existing controls.
• Management has failed to take appropriate remedial action on known
deficiencies in internal control.
• The owner-manager makes no distinction between personal and
business transactions.
• Inventory items that are small in size, of high value, or in high demand.
Objective: This checklist sets out the procedures required to assess the client’s possible non-compliance
with relevant laws and regulations.
Procedure WP Comment
Ref
For initial audit clients, obtain authorization
from the client to write to and discuss with the
predecessor auditor regarding audit issues
related to compliance with laws and regulation.
If the client denies permission to discuss these
matters with the predecessor auditor, that fact
should be documented.
Obtain or update a general understanding of the
legal and regulatory framework applicable to
the client and the industry and how the client is
complying with that framework.
Obtain a sufficient understanding of these laws
and regulations in order to consider them when
auditing the assertions related to the
determination of the amounts to be recorded
and the disclosures to be made. See Section
300.47 – 300.48.
Consider the existing understanding of the
client and its environment to obtain an
understanding of applicable laws and
regulations.
Inquire with management concerning the
client’s policies and procedures regarding
compliance with laws and regulations.
Procedure WP Comment
Ref
Identify instances of non-compliance with laws
and regulations where non-compliance may be
considered when preparing financial statements.
Procedure WP Comment
Ref
When it is believed that there may be non-
compliance:
document the findings;
determine the effect of non-compliance
with laws and regulation on the
operations of the entity.
discuss the findings with management,
without delay, if non-compliance is
believed to be intentional and material
to the financial statements;
consider the implications of non-
compliance in relation to other aspects
of the audit, particularly the reliability of
management representations;
communicate with the audit committee,
those charged with governance and
senior management regarding the
findings, taking care to ensure that the
parties communicated to are not
involved in the acts of noncompliance.
Seek legal advice if there is suspicion
that members of senior management,
including those charged with
governance, are involved in the acts of
noncompliance.
Procedure WP Comment
Ref
When evaluating the possible effect on the
financial statements, consider:
The potential financial consequences,
such as fines, penalties, damages, threat
of expropriation of assets, enforced
discontinuation of operations and
litigation.
Whether the potential financial
consequences require disclosure.
Whether the potential financial
consequences are so material and
pervasive as to call into question the fair
presentation of the financial statements.
Procedure WP Comment
Ref
When it is not considered appropriate to consult
with the client's lawyer or when the auditor is
not satisfied with the lawyer’s opinion, consult
the firm’s own lawyer as to whether a violation
of a law or regulation is involved, the possible
legal consequences and what further action, if
any, the auditor should take.
Objective: This worksheet is used for determining materiality levels to be used in an audit engagement.
Instruction: Supply the needed information and calculate the materiality levels to be used during the
audit engagement. Refer to Section 300.49 to 300.59 of the Audit Manual for guidance.
Pre-tax profit
If the current year budget is not available, use the prior year financial statements instead.
Objective: This worksheet aims to provide a comprehensive risk assessment of the client, based on the
understanding obtained as a result of risk assessment procedures. Audit areas with higher risk are
highlighted – and are required to be given more priority and attention.
Instructions: Supply the needed information. For each audit area, assess and record the risk(s) [high,
less than high] and determine the appropriate response to the assessed risk:
1. Inherent risk (IR) The susceptibility of an assertion to a misstatement, that could be material,
individually or when aggregated with other misstatements assuming that there were no related
internal controls (Paragraph 200.6 of Sec. 200 of the Manual provides examples that the
engagement team may consider when assessing inherent risk).
2. Control risk (CR) The risk that a material misstatement could occur in an assertion and that could
be material, individually or when aggregated with other misstatements, will not be prevented or
detected and corrected on a timely basis by the entity’s internal controls (Paragraph 200.7 of
Section 200 provides examples that the engagement team may consider in assessing control risk).
Legend:
E Existence VA Valuation and allocation A Accuracy
RO Rights and obligations PD Presentation and disclosure O Occurrence
C Completeness CO Cut-off
RO
VA
PD
Note any items which are of relevance to risk assessment on Intangible Assets:
RO
VA
PD
Note any items which are of relevance to risk assessment on Property, Plant and Equipment:
RO
VA
PD
Note any items which are of relevance to risk assessment on Investment Property,:
RO
VA
PD
Note any items which are of relevance to risk assessment on Investments in Associates:
RO
VA
PD
Note any items which are of relevance to risk assessment on Non-current Financial Assets:
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Inventories and Biological Assets:
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Trade and Other Receivables:
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Cash on Hand and in Bank:
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Trade and Other Payables:
RO
VA
PD
Note any items which are of relevance to risk assessment on Non-current Liabilities and Borrowings:
RO
VA
PD
CO
Note any items which are of relevance to risk assessment on Provisions, Contingencies and
Commitments:
NOMINAL ACCOUNTS
PD
CO
Note any items which are of relevance to risk assessment on Income Accounts:
PD
CO
Note any items which are of relevance to risk assessment on Cost of Goods Sold:
PD
CO
Note any items which are of relevance to risk assessment on Salaries and Wages:
PD
CO
Note any items which are of relevance to risk assessment on Other Expenses:
For each audit area, list the identified risks of material misstatements. Record also any significant risks
identified in the course of audit procedures performed to date. Record the audit approach to each
assessed risk.
Objective: This checklist sets out the audit procedures relevant to related parties and related party
transactions.
The following related parties and related party transactions have been identified and warrant further
investigation:
Cleared by:
Matter Proposed Tests
Initials/Date
Objective: This audit form aims to facilitate the use of analytical review procedures as risk assessment
procedures in the course of the audit engagement.
Objective: This audit form aims to facilitate the use of auditor’s experts in an audit engagement.
Objective: This checklist sets out the procedures required to test controls in the purchasing cycle.
WP Done
Procedure Comment
Ref by
Select inventory analysis reports used by the
client to monitor inventory levels and
determine whether the reports were
prepared on a timely basis and appear
complete.
Perform a walk-through of the client’s
replenishment and allocation system to assess
its effectiveness.
Select a sample of receiving reports and
compare them to the corresponding journal
entries and purchase orders to evaluate the
effectiveness of the systems’ three-way match
control.
Obtain a copy of the findings of the Internal
Audit Department regarding three-way match
control.
Evaluate the findings of Internal Audit.
Perform a walkthrough of the supplier
contract manager’s review of purchase
returns and assess performance.
Evaluate the effectiveness of the client’s
supplier reconciliation process by inspecting a
sample of reconciliation and the client’s
resolution and follow up on any discrepancies.
Assess residual business risk based on results
of control test work. Consider the audit
implications of residual risk and revise
assessments as needed.
Consider the implications of any findings
related to the client’s business while
performing these procedures and report the
findings to management and those charged
with governance, as appropriate.