Professional Documents
Culture Documents
Planning An Audit of Financial Statements
Planning An Audit of Financial Statements
Planning An Audit of Financial Statements
INTRODUCTION
Planning an audit involves establishing the overall audit strategy for the engagement and developing a detailed audit plan, in order
to reduce audit risk to an acceptably low level.
D. IDENTIFY RELATED PARTY – in relation to BIR 1709 form, need to report on a separate return during submission of AFS
• AUDIT PROGRAM is a list of procedures (tests of controls or substantive tests) used to gather sufficient appropriate audit
evidence.
• For INITIAL ENGAGEMENTS, preliminary audit programs are prepared after the client’s control structure has been reviewed and
documented
• In CONTINUING ENGAGEMENTS, preliminary audit programs can be drafted in advance of fieldwork, based on the auditor’s prior
knowledge of the client’s control structure and the results of previous assessments of control risk.
1. Control Environment
2. Risk Assessment Process
3. Control Activities- Information System and Related Business Processes Relevant to Financial Reporting and Communication
4. Monitoring of Controls
o The control environment sets the tone of an organization, influencing the control consciousness of its people.
o It is the foundation for all other components of internal control, providing discipline and structure.
o It includes the governance and management functions and the attitudes, awareness, and actions of those
charged with governance
COMMITMENT TO COMPETENCE
-Competence should reflect the knowledge and skills needed to accomplish tasks that define the individual’s job.
-How well these tasks need to be accomplished generally is a management decision which should be made considering
the entity’s objectives and management’s strategies and plans for achievement of the objectives.
Risk assessment is the identification and analysis of relevant risks to achievement of the company’s objectives, forming
a basis for determining how the risks should be managed.
Changes in economic, industry, regulatory and operating conditions should be identified and the risks associated with
changes should be assessed.
1. Internal Control cannot ensure that all frauds will be detected; people have fertile minds.
2. Internal control will not change a stupid manager into a genius.
3. Risk assessment and the establishment of internal control is EXPENSIVE.
4. Some situations do not allow effective controls to be implemented.
5. Most internal controls tend to be directed at routine rather than non-routine transactions.
6. The potential for human error due to carelessness, distraction, mistakes of judgment and the misunderstanding
of instructions.
7. The possibility that a person responsible for exercising an internal control could abuse that responsibility (i.e.,
management override).
PLACEMENT OF CONTROLS
Controls should be positioned where they are most effective. They should be installed:
1. Before an expensive part of the project.
2. Before points of no (or difficult) return.
3. Where one phase of an operation ends and another starts.
4. Where corrective action is easier to take.
5. Where accountability for resources change.
STEPS IN THE STUDY AND EVALUATION OF INTERNAL CONTROLS
1. Obtain and DOCUMENT your Understanding of the Control Structure
2. ASSES the Level of Control Risk.
3. Perform TEST OF CONTROL
4. Determine the NATURE, TIMING AND EXTENT of SUBSTANTIVE TEST.
Control risk should be assessed as. . . HIGH.. for some or all assertions if:
a. Policies and procedures are NOT PERTAINING to an assertion.
b. Policies and procedures are NOT EFFECTIVE.
c. Obtaining enough or proper evidence is NOT EFFICIENT in relation to audit of the financial statements.
When the auditor’s assessment of risks of material misstatement at the assertion level includes an EXPECTATION THAT
CONTROLS ARE OPERATING EFFECTIVELY (I.E., LESS THAN HIGH), the auditor should perform tests of controls to
obtain sufficient appropriate audit evidence that the controls were operating effectively at relevant times during the period
under audit.
Irrespective of the assessed risk of material misstatement, the auditor should design and perform substantive procedures for
each material class of transactions, account balances, and disclosures
The higher the assessment of control risk, the more audit evidence the auditor should obtain from performance of
substantive procedures
COMMUNICATION OF WEAKNESSES
The auditor should make management aware, as soon as practicable and at an appropriate level of responsibility, of
material weaknesses in the design or operation of the internal control system, which have come to the auditor’s attention.