SUMMARY NOTES IN AUDITING THEORY

By: CJB (@CPAriaaa)

Sources: Sir Brad (Pinnacle) + Salogsacol (AT Book)
📌 My notes are not for sale; please use them for personal purposes only.

For any corrections, please feel free to comment or send me a message. Thank you!! 🌼

SUMMARY NOTES IN
AUDITING THEORY
FUNDAMENTALS OF AUDITING
AND ASSURANCE SERVICES
ASSURANCE ENGAGEMENT/SERVICES – a service
in where independent practitioners expresses a conclusion
(thru written communication) designed to enhance credibility
if information and confidence of intended users (for decision
making) & responsible party about the outcome of the
evaluation of a subject matter against the criteria.
Element of Assurance Engagement
1. 3 Party Rule
a. Practitioner (Audit Firm, CPAs)
b. Responsible Party (Client, Management)
c. Intended User
2. Appropriate Subject Matter
It is information to be evaluated or measured
against the criteria.
✓ Identifiable
✓Capable of consistent evaluation and
measurement against suitable criteria
✓Can be subjected to procedures for
gathering evidence to support that
evaluation or measurement.
Forms of subject matter of an assurance
engagement:
✓ Financial performance or conditions -
recognition, measurement, presentation and
disclosure represented in the financial
statements.
✓ Non-financial performance or conditions -
efficiency and effectiveness of operation.
✓ Physical characteristics - capacity of a
facility, specifications document.
✓ Systems and processes – effectiveness of Types of Assurance Engagement based on
control of system STRUCTURE
✓Behavior - corporate governance,
compliance with regulation, human resource
1. Attestation Services (Assertion Based)
Practitioner is engaged to issue a written
practices, statement of compliance or a
communication that expresses a conclusion about
statement of effectiveness.
the reliability of a written assertion that is the
3. Suitable Criteria
➢ Standard or benchmark used to
responsibility of another party.
❖ Audit Engagement
evaluate or measure the subject matter
❖ Review Engagement
of an assurance engagement.
2. Direct Engagement (Direct Reporting)
➢ Five characteristics of suitable criteria:
Practitioner performs the evaluation or
(RUN-CR)
measurement of the subject matter or obtains a
✓ Relevance representation from the responsible party that has
✓Understandability performed the evaluation or measurement that is
✓ Neutrality not available to the intended user. Non-assurance
✓ Completeness engagements.
✓ Reliability Types of Assurance Engagement based on LEVEL OF
ASSURANCE
➢ Types of Criteria
o Established Criteria – laws 1. Reasonable assurance engagements (high-
and regulations level engagements)/ AUDIT ENGAGEMENT
o Specifically Develop Criteria – ❖ high, but not absolute, level of
designed for specific assurance.
engagement ❖ In positive form (In our opinion the
o Formal – PFRS, GAAP, IFRS, internal control is effective)
Frameworks of Control Reasons why assurance cannot be absolute:
o Less Formal – Internal bylaws ✓ Judgement/ Non-sampling risk
4. Sufficient Appropriate Evidence ✓ Testing/Sampling Risk
Information obtained by the practitioner in arriving ✓ Inherent Limitation of internal control
at the conclusions on which the conclusion is ✓ Evidence is persuasive than conclusive.
based: (PSA) ✓ Reliance to management representation
✓ Professional skepticism ✓ Characteristic of subject matter
✓ Sufficiency - quantity of evidence. ✓ Nature of Evidence
2. Limited Assurance Engagement / REVIEW
✓Appropriateness - quality of evidence (relevance
ENGAGEMENT
and its reliability)
❖ “moderate” or “limited” level of
5. Written Assurance Report
assurance.
❖ In negative form (nothing has come to
an attention that cause us to believe
that internal control is not effective)
NON-ASSURANCE ENGAGEMENT INTRODUCTION TO AUDITING LEVEL OF ASSURANCE PROVIDED BY EXTERNAL
AUDITOR
✓ Do not result in the practitioner’s expression of a PSA: to enable the auditor to express an opinion whether the
conclusion that provides a level of assurance. financial statements are prepared, in all materials respects, ✓ High/ Reasonable but not absolute (*Limitation on page
✓ The practitioner does not convey to the intended in accordance with an identified financial reporting 1)
users any assurance as to the reliability of an framework. GENERAL PRINCIPLES GOVERNING THE AUDIT OF
assertion. FINANCIAL STATEMENTS
✓ 2 party contract (Client & Audit Firm) American Accounting Association:
1. “Code of professional Ethics for Certified Public
Types of Non-assurance Engagements: 1. systematic process
Accountants” – standard of ethical conduct
2. objectively obtaining and evaluating evidence
2. Philippine Standards on Auditing – assist auditor in
1. Agreed-upon procedures engagements regarding assertions interpreting and applying auditing standards
2. Compilations of financial or other information 3. Ascertain the degree of correspondence between 3. Professional Skepticism – questioning mind
engagements these assertions and established criteria 4. Professional Judgement
3. Tax services 4. communicating the results to interested users. 5. Sufficient, Appropriate, Evidence
4. Consulting (or advisory)
NEED FOR AN INDEPENDENT FINANCIAL STATEMENT
SUMMARY OF ASSURANCE & NON-ASSURANCE ENGAGEMENTS TYPES OF AUDIT AUDIT
Services Types Level of Report 1. Financial statement audit - financial statements 1. Conflict of interest between management and users of
Assurance financial statements. Difference in expectation of management
Assurance Audit High/Reasonable Audit Report
of an entity are fairly presented in accordance
and intended users = Expectation Gap, Information Risk. Audit firm
(Positive) with an identified financial reporting framework.
resolves this by applying audit procedures.
Review Moderate Review 2. Compliance audit - review of an organization’s 2. Expertise - a qualified person is hired by users to verify the
Report
(Negative) procedures to determine whether the reliability of the financial statements on their behalf.
Services Types Activity Reports organization has adhered to specific procedures, 3. Remoteness - an independent auditor is needed to assist them
Non- Agreed-upon Specific Factual rules or regulations authoritative body. in verifying the reliability of the financial information.
assurance procedures Engagement Evidence 4. Financial consequences - financial statements be audited first
Compilations Preparation of FS, Compilation
3. Operational audit - study of a specific unit of an
organization for the purpose of measuring its before they are used for making important decisions.
etc. reports
Tax Compliance, ITR, Tax performance. Also known as performance audit
planning Advices REGULATOR’S REQUIREMENTS
or management audit.
Consulting Operation Consulting
Input ➢ General Financial Reporting Requirements (the
TYPES OF AUDITOR following shall submit Audited FS to the Securities and
Exchange Commission)
1. External auditors - generally perform financial Entity Threshold
Engagement
statement audits. Stock Corpo Total Asset or Total Liab >=
600k
Assurance
Non- 2. Internal auditors - perform operational audits. Non Stock Corpo Total Asset or Total Liab >=
Assurance
3. Government auditors - conduct compliance 600k
Branch/representative offices of Assigned Capital >= 1M
Attestation Other
Agreed-Upon
Procedure
audits stock foreign corpo
Branch/representative offices of Total Asset >= 1M
Audit
Performance
Compliance RESPONSIBILITY FOR THE FINANCIAL STATEMENTS non-stock foreign corpo
Review Regional Operating Total Revenue >= 1M
Headquarters of foreign corpo
Review
Examination
Tax
✓ Preparation – management/ client
forecast
✓ Express Opinion – auditor ➢ Tax Compliance Requirements (required the books to
Consulting be audited and examined yearly)
✓ Corporation, Companies, Partnership, Individual –
Assurance > Attestation > Audit Gross Annual Sales, earnings, receipts or output > 3M
THEORETICAL FRAMEWORK OF AUDITING (VINE CPP)

1. Audit function operates on the assumption that all

financial data are verifiable.
2. The auditor should always maintain
independence with respect to the financial
statements under audit
3. There should be no long-term conflict between
the auditor and the client management.
4. Effective internal control system reduces the
possibility of errors and fraud affecting the
financial statements.
5. Consistent application of generally accepted
accounting principles (GAAP) or Philippine
Financial Reporting Standards (PFRS) results in
fair presentation of financial statements.
6. What was held true in the past will continue to
hold true in the future in the absence of known
conditions to the contrary.
7. An audit benefits the public.
 a. The firm and its personnel comply with professional Ensures sufficient personnel with capabilities,
SUMMARY NOTES IN
➢
standards (PSA) and regulatory and legal requirements competencies and commitment.
(Code of Ethics, RA 9298)
AUDITING THEORY b. The reports issued by the firm or engagement partners 5. Engagement performance;
are appropriate in the circumstances. ➢ Consultation, Review, Direction, Supervision
➢ In accordance with:
SYSTEM OF QUALITY CONTROL & ELEMENTS OF SYSTEM OF QUALITY CONTROL • Professional Standards
AUDITORS RESPONSIBILITY • Regulatory/Legal Requirements
1. Leadership responsibilities for quality within the
GENERALLY ACCEPTED AUDITING STANDARDS firm; 6. Monitoring
– measures of quality of the auditor’s performance. This is ➢ Partner-in-charge – engagement partner ➢ On-going consideration and evaluation of the firm’s
the minimum standard to follow. ➢ Managing partner – ultimate responsible for the SQC.
firm’s QC. ➢ Engagement Quality Control Review (EQCR) –
required to listed companies.
GAAS 2. Relevant ethical requirements including
• Quality Control Review – required to all
Independence
CPA firms and individual CPA in public
➢ Free from any for of BIAS.
General Standard of Standard of practice to obtain certificate of accreditation
Standards Fieldwork Reporting ➢ Integrity
(valid for 3 yrs – renewable)
➢ Objectivity
• Renewable upon undergoing quality control
Technical ➢ Confidentiality
Training & Planning GAAP review from Quality Review Committee.
➢ Due Care
Proficiency
➢ Professional Competence NATURE / EXTENT OF SQC
Internal Control
➢ Professional Behavior
Independence
Consideration
Inconsistency • Types of Independence ✓ Size of Audit Firm
o In appearance: from public ✓ Nature of Practice
perspective ✓ Operating Characteristics
Professional
Care
Evidential Matter Disclosure
o In mind/fact: Independent ✓ Organization
mindset when engaging in an ✓ Geographical
audit. ✓ Cost-benefit considerations
Opinion ✓ Whether it’s part of network
3. Acceptance and continuance of client
relationships and specific engagements;
PHILIPPINE STANDARD ON AUDITING (PSA) deals ➢ Recurring Client – review integrity AUDITORS RESPONSIBILITY
with the specific responsibilities of the auditor regarding ➢ New Client – review integrity, why is there a change
quality control procedures for an audit of financial in auditor, communicate with predecessor auditor ❖ Management has the responsibility to prepare FS
statements. It also addresses, where applicable, the ➢ Audit firm will only accept client when: ❖ Auditors responsible to design audit that will
responsibilities of the engagement quality control reviewer. • Considered client integrity provide reasonable assurance of detecting
• Capabilities, Resources, Time material misstatements.
SYSTEM OF QUALITY CONTROL o Fraud
• Can comply with ethical standards
✓ Policies (objective/goal) and procedures (steps to o Error
accomplish goal) are the responsibility of the audit 4. Human resources / Assignment of Engagement o Non-Compliance with Laws &
firm. Teams; Regulations
FRAUD ✓ Auditors Responsibility
o Planning Stage – obtain general
✓ Intentional misstatements or omissions of understanding of client legal and
amounts or disclosures in the financial statements. regulatory frameworks
✓ Responsibility to detect and prevent fraud rest with o Testing Stage – identifying non-
management and those charge with governance. compliance and evaluate possible
✓ Two Types of Fraud: effect on FS. Document and discuss
➢ Fraudulent financial reporting (or finding with management.
management fraud) o Effect on Auditors Report
➢ Misappropriation of assets (employee ▪ Request management to
fraud or defalcation) correct / revised FS
✓ Auditors Responsibility ▪ Or, issue quality or disclaimer
• Planning Stage – to assess fraud risk of opinion
factors/ Fraud Risk Triangle (Pressure,
Opportunity, Rationalization)
• Testing Stage – identifying material
misstatements and considering if fraud
or error.
• Completion Stage – obtain client written
representation:
▪ Acknowledgement of
responsibility for fraud and
error
▪ Disclosed to auditor any
significant facts relating to
fraud/ risks.
• Effect on Auditors Report
o Request management to
correct / revised FS
o Or, issue quality or disclaimer
of opinion
✓ Risk of not detecting fraud is higher than error.
✓ Risk of not detecting management fraud is higher
than employee fraud.

NON-COMPLIANCE WITH LAWS AND

REGULATIONS
✓ Non-compliance refers to acts of omission or
commission by the entity being audited, either
intentional or unintentional, which are contrary to
the prevailing laws or regulations.
✓ Responsibility to detect and prevent non-
compliance rest with management.
 SECTION 6: QUALIFICATIONS OF BOA MEMBERS SECTION 14: QUALIFICATION OF APPLICANTS FOR
SUMMARY NOTES IN CPA EXAMINATIONS
➢ Natural-born citizen and a resident of the
AUDITING THEORY Philippines; ➢
➢
Filipino Citizen
Good moral character
➢ Certified Public Accountant with at least ten (10)
years of work experience in any scope of practice ➢ Holder of BSA Degree
PRACTICE AND REGULATION OF of accountancy; ➢ Not convicted of any criminal offense
ACCOUNTANCY PROFESSION ➢ With good moral character and must not have
been convicted of crimes involving moral SECTION 15: SCOPE OF CPALE
PHILIPPINE ACCOUNTANCY ACT OF 2004 turpitude; and
➢ Must not have any pecuniary interest, in any ➢ FAR
➢ May 13, 2004 school, review center. ➢ AFAR
➢ RA 9298 ➢ MAS
SECTION 9: POWERS & FUNCTION OF BOA ➢ AUDITING
SECTION 3: OBJECTIVE ➢ RFBT
➢ Prescribed and adopt RA 9298 ➢ TAXATION
➢ The standardization and regulation of accounting ➢ Supervise the registration, licensure and practice
education; of accountancy SECTION 16: RATINGS IN CPALE
➢ The examination of registration of certified public ➢ administer oath
accountants; and ➢ To issue, suspend, revoke, reinstate the ➢ Passed – Gen Ave of 75%, no grades lower than
➢ The supervision, control, and regulation of the Certificate of Registration 65% in any subject
practice of accountancy in the Philippines. ➢ adopt an official seal of the Board ➢ Conditional – Gen Ave less than 75%, grade less
➢ prescribe and/or adopt a Code of Ethics than 65%, but obtain at least 75% in majority of
SECTION 4: SCOPRE OF PRACTICE ➢ Monitor the conditions affecting the practice of the subject (4/6). Repeat the 2 subject within 2
➢ Public Accountancy accountancy years.
➢ Commerce and Industry ➢ oversight into the quality of audits ➢ Failed
➢ Education/Academe ➢ Investigate violations of this act ➢ Examinee failing 2 exams shall take refresher
➢ Government ➢ Issue a cease or desist order to any person, course of at least 24 units.
associations, partnership or corporation engaged
SECTION 5: BOARD OF ACCOUNTANCY in violation of any provision of this Act
SECTION 20: SUCCESSFUL EXAMINEES
➢ punish for contempt of the Board
➢ prepare, adopt, issue or amend the syllabi
➢ Official government agency empowered to ➢ To ensure the coordination with the Commission ➢ COR (from BOA) – no expiration
enforce RA 9298 of the Higher Education (CHED) ➢ PRC ID (from PRC) – valid for 3 years,
➢ Under supervision and control of PRC renewable)
➢ Composition (appointed by president) ➢ Grounds for refusal to issue COR/ID:
o 1 Chairman & 6 members SECTION 11: GROUND FOR SUSPENSION OR o Criminal Offense
o PICPA nominate 5 candidate then PRC REMOVAL OF MEMBERS OF BOA o Guilty of immoral and dishonorable
select 3/5 and then nominate to conduct
President of Philippines. ➢ Neglect of Duty or incompetence; o Unsound mind
➢ Term of office ➢ Violation of RA 9298
o 3 years ➢ Final judgment of crimes involving moral turpitude; ➢ Continuing Professional Development (CPD) –
o If a member/chairman served for 2 ➢ Manipulation of the certified public accountant's inculcation od advance knowledge, skills and
successive terms shall not be licensure examination results, disclosure of ethical values in a post-licensure specialization.
reappointed until lapse of 1 year. examination questions prior to the conduct of the
o Maximum term of 12 years. said examination or tampering of grades.
SECTION 24: SUSPENSION & REVOCATION OF PRC ID Association of CPAs in Public Practice
i. uniformity of auditing practices and related
(ACPAPP) services throughout the world.
➢ BOA has the power to suspend, revoke COR or ii. Association of CPAs in Education (NaCPAE) e. Auditing and Assurance Standards Council
ID, suspend from practice. Ground: iii. Association of CPAs in Commerce and (AASC)- 14 members + 1 Chairman.
➢ Criminal Offense Industry (ACPACI)
➢ Guilty of immoral conduct iv. Government Association of CPAs (GACP) BOA 1
➢ Unsound mind SEC 1
➢ Malpractice C. Standard Setting Bodies BSP 1
➢ Unprofessional conduct a. International Federation of Accountants Association or 1
➢ Violation of RA 9298 (IFAC)- non-profit, non-governmental, non- organization of CPAs
➢ Violation of Code of Ethics political international organization of in active public
accountancy bodies. Membership in IFAC practice of
SECTION 25: REINSTATEMENT/ REISSUANCES/ automatically includes membership in the accounting
REPLACEMENT OF COR International Accounting Standards COA 1
Committee (IASC). Accredited National Organization of CPAs
b. International Accounting Standards Board Public Practice 6
➢ After 2 years from revocation (IASB)- funded by contributions from the
➢ Upon Application Commerce and 1
major accounting firms, private financial Industry
institutions and industrial companies Academe/Education 1
SECTION 36: PENAL PROVISION throughout the world, central and Government 1
development banks and other international Total 14
➢ Fine >= 50k and professional organizations.
➢ Imprisonment <= 2 yrs c. Financial Reporting Standards Council
(FRSC)- 14 members + 1 Chairman f. ETC – Academe (Chair + 6 mem)
➢ Either or Both

BOA 1 FRAMEWORKS/ STANDARDS

REGULATORY AND PROFESSIONAL
1. Philippine Framework for Assurance Engagement
ORGANIZATIONS INFLUENCING THE SEC 1
(PFAE)– define & describe element & objective of
PROFESSION BSP 1
assurance engagement
BIR 1
2. Philippine Standard on Related Services (PSRS) –
A. Regulatory Government Agencies Major organization 1 non-assurance.
a. Professional Regulation Commission (PRC)- composed of
3. Philippine Standard on Auditing (PAS)– audit
licensing of the various professions prepares and users of
engagement. / international standard on auditing
b. Professional Regulatory Board of financial statements
Accountancy (BOA) COA 1
Accredited National Organization of CPAs 4. Philippines Standard on Review Engagement
c. Securities and Exchange Commission (PSRE)
Public Practice 2
(SEC)- regulate corporations, partnership 5. Generally Accepted Accounting Principles (GAAP) –
Commerce and 2
and other forms of association in the PFRS)
Industry
Philippines. 6. Generally Accepted Auditing Principles (GAAS) –
Academe/Education 2
d. Commission on Audit (COA)- PSA
e. Bureau of Internal Revenue (BIR) Government 2
Total 14 7. Philippine Financial Reporting Standard (PFRS) /
IFRS
B. Professional/ Sectoral Organization
a. Philippine Institute of Certified Public d. International Auditing Practices Committee Accounting Auditing
Accountants (PICPA)- accredited national (IAPC)- responsible for the development of Regulatory International IASB AASB
standards s on a variety of audit and attests Body Local FRSC AASC
professional organization of CPAs.
functions in order to improve the degree of Standard International IFRS ISA
b. Sectoral Organizations
Local PFRS ( PSA
 PRELIMENARY ENGAGEMENT Degree of independence of
SUMMARY NOTES IN
▪
Parent and subsidiary
ACTIVITIES ➢ Client Request for Change of Engagement
AUDITING THEORY 8. Acceptance & Continuance of Client Relationship
• If there is a reasonable justification for the change
– stop the original engagement and agree on the
➢ Integrity of Management new terms of engagement, do not mention the
PRELIMENARY ENGAGEMENT ➢ New Client original engagement.
• Investigate Background • If there is no reasonable justification – refuse the
ACTIVITIES • Communicate predecessor auditor client’s request, and continue to perform the
➢ Recurring Client original engagement and issue the original report.
THE AUDIT PROCESS • Evaluation (change in management, nature If not allowed to continue then withdraw.
of client’s business)
• Audiors Quilification and Auditability of client
• Pre-liminary Understanding of client's business FINANCIAL STATEMENT ASSERTIONS
Prelimenary 9.Evaluate Compliance with Ethical requirements,
Engagment • Accepting an Engagement
including independence ✓ Rights and Obligation
Activities
➢ Auditor’s Independence ✓ Valuation and allocation
➢ Professional Competence ✓ Presentation and disclosure
• Detaled understanding of client's BUSINESS & Industry ➢ Ability to Serve the client ✓ Existence or occurrence
• Preliminary Assessment of Risk & Materiality
Audit Planning ✓ Completeness
10. Establish an understanding of the terms of the a. Assertions about classes of transactions and events for
engagement the period under audit: (T-OCCAC)
➢ Engagement Letter - formal written contract i. Occurrence
• Understanding of Internal Control between client and firm.
• Testing of Internal Control ii. Completeness
Considering
Internal Control • Objective & Scope iii. Accuracy
• Responsibilities of Auditor & management iv.Cutoff
• Other requirement from Government v. Classification
• Testing whether FS is fairly presented • Framework (PFRS) b. Assertions about account balances at the period end: (A-
Subtantive • Highly dependent on result of understanding internal control • References to the expected form and CERV)
Testing content of reports to be issued i. Completeness
• Audit Fees ii. Existence
• Review of subsequent event & Assessing going concern ➢ For recurring Audits iii. Rights and obligations
• Analytical review procedures • May not send another letter unless there iv. Valuation and Allocation
Completing the • Obtaining Written Representation should be revisions, change in client’s c. Assertions about presentation and disclosure: (P-OCCA)
Audit
management/ ownership/ nature or size of i. Occurrence and Rights and obligations
business. ii. Completeness
➢ Auditor is the same auditor for parent and iii.Classification and understandability
• Conclusion / Opinion subsidiary iv. Accuracy and valuation
Issuing a Report
• Factors to consider whether to send separate
engagement letter to the subsidiary/ branch: AUDIT PROCEDURES
▪ Who appoints the auditor Procedures selected should enable the auditor to gather
▪ Legal Requirements sufficient appropriate evidence about particular assertion.
▪ Degree of ownership ✓ Inspection ✓ Confirmation
▪ Whether separate report is to ✓ Inquiry ✓ Computation
be issued to ✓ Observation ✓ Analytical procedures
branch/subsidiary
 2. Compare expectation with FS
SUMMARY NOTES IN
Item Objective Procedure Time
Cash & CE Completeness, Bank Recon, 20 hours
Existence, etc. Proof of cash, 3. Investigate differences
Other Assertions Bank a. Significant – design extensive
AUDITING THEORY Receivable
Confirmation
Aging,
confirmation
AR 5 hours
substantive tests
b. Insignificant – design less
Investment Recomputation, 10 hours extensive substantive test
AUDIT PLANNING, MATERIALITY Inventory
M2M
Inventory Count, 5 hours

& AUDIT RISK LCNRV

recomputation MATERIALITY
AUDIT PLANNING 3. Changes to Audit Plan and Program ➢ Material Information – if omission/
misstatement could influence the economic
➢ Done by partners and Managers decision of users.
➢ Planning is a continuous process throughout
➢ Developing overall audit strategies & detailed the engagement because of changes in ➢ Determining appropriate level of materiality -
plan and program auditor uses professional judgment using his
condition and unexpected result of audit
➢ Understanding entity & it’s environment perception of the needs of reasonable users
procedures.
➢ Understanding Internal control sufficient to plan ➢ Overall audit plan & detailed program should of the financial statements.
the audit ➢ Planning stage
be revised if necessary during the course of
➢ Importance & Benefits of Audit Planning ▪ To identify and assess risks of material
audit.
• Attention to important areas. misstatements.
• Easily identify & resolve potential problems. ▪ To determine the nature, timing and
• Have an effective and efficient audit ANALYTICAL PROCEDURE extent of further audit procedures.
engagement.
➢ Testing stage (materiality levels set during
• Proper selection & assignment of
➢ Testing reasonableness of amounts audit planning are simply updated/revised if
engagement team.
• Direction, supervision & review of ➢ Analyzing significant ratio & trends necessary).
engagement team members. ➢ Example: ratio/trend analysis, regression,
forecasting, variance analysis, benchmarking ➢ Completion stage
1. Establish Overall Audit Strategies ▪ To evaluate the effect of
Required by Objective uncorrected misstatements, if any,
➢ Scope (coverage, annual or interim) PSA?
➢ Timing (timeline of audit, schedule of Planning Yes Identify areas that may represent
on the financial statements and in
fieldwork, schedule of documents risk, and understand the business, forming the opinion in the auditor’s
needed) determine timing, nature, extent of report.
audit ➢ Inverse relationship with evidence:
➢ Directions (areas where there may be
Substantive No To obtain evidence
high risk) ▪ Low Peso Materiality = More
Completion Yes To test the reasonableness of
i. Complex accounting treatment audited amounts Evidence
ii. Major event (ex. Covid) ▪ High Peso Materiality = Less
iii. Foreign transaction Evidence
iv. Change in accounting system ➢ Materiality Threshold (not fix, depending on
➢ Steps in Applying Analytical Procedure
2. Developing more detailed audit plan/program/ the industry)
1. Develop expectation regarding
planned audit procedures ▪ 1%-5% of Asset
Financial Statement (PAINT)
➢ Affected by Materiality & Audit Risk ▪ 1% - 3% of Revenue
a. Prior FS
➢ Example of Detailed Audit Plan: ▪ 5% - 10% of Net Income
b. Anticipated budget or forecast
c. Industry Averages
d. Non-financial information
e. Typical Relationship among
FS and account balance
 MATERIALITY LEVEL AUDIT RISK 4. Detection Risk - as the acceptable level of
detection risk decreases, the assurance directly
Step 1: Determine Overall Materiality (FS Level) ➢ Risk that the auditor expresses an inappropriate provided from the substantive test increases.
opinion when the financial statements are Hence, the auditor should design more effective
➢ Performed in Planning Stage materially misstated. audit procedures in order to achieve the desired
➢ Smallest Aggregated level of misstatement that ➢ Objective is to lower the level of risk to an level of assurance.
could distort any one of the financial statement acceptable level
➢ Auditor should design audit procedure that would ➢ To be able to reduce this, need of proper audit
detect the misstatement aggregating the smallest planning
amount that could materially affect the FS STEPS IN ASSESSING AUDIT RISK
➢ Audit Risk Model:
➢ Statement Base (where auditor multiply the Step 1: Set the desired level of Audit Risk
Materiality Threshold)
Audit Risk = Inherent Control Risk Detection
o Balance Sheet (Total Asset) Risk x x Risk ➢ No specific guideline. Can be 1%, 5% 10%.
o Income Statement (Net Income or Susceptibility Dependent on Risk that
Revenue) of account client’s auditor’s Step 2: Assess the level of Inherent Risk (such as low,
balance to internal substantive medium, or high) – for example, low level if likelihood of
Audit Risk = Inherent Risk x Control Risk x Detection Risk risk control. The procedures misstatement is low.
assuming risk that will not detect
there is no material a material ➢ Sources of assessment include knowledge of
internal misstatement misstatement. entity and its environment and preliminary
control. Not cannot be Dependent on analytical procedures.
Step 2: Determine the Tolerable Misstatement (Account dependent prevented, the
Balance Leve) on internal detected, and effectiveness Step 3: Assess the level of Control Risk (such as low,
control. corrected by of auditor’s
internal substantive
medium, or high) – for example, low control risk if internal
➢ Performed in Planning Stage
control. procedures. control is effective, or high control risk if internal control is
➢ To know which transaction to test
➢ Per line items in the FS not effective.
➢ Determine the audit procedures that will be Controllability x x /
of Auditor ➢ Sources of assessment include knowledge of
applied to specific accounts
➢ The allocated materiality to an account is called Level Assessed Assessed Acceptable internal control and observation and inspection. ✓
tolerable misstatement or performance materiality Stage of Audit Planning Understanding Substantive Combined assessment: The auditor usually
➢ Only the material amounts would be proposed to Internal Testing makes combined assessment of inherent and
Control control risks. If the combined assessment of
adjust to the management
inherent risk and control risk is high, the auditor
Step 3: Compare the aggregated amount of uncorrected should:
Relationship to substantive procedures:
immaterial misstatements with the overall materiality o Place more emphasis on obtaining
1. Audit Risk – as the desired level of audit risk external evidence.
➢ Performed in completion stage decreases, the auditor should design more o Reduce reliance on internal evidence.
➢ Cumulative Immaterial – total all the immaterial effective substantive procedures. o Design more effective substantive
amounts and test is the cumulative immaterial 2. Inherent Risk – as the assessed level of inherent procedures.
amount is still immaterial when aggregated risk increases, the auditor should design more
effective substantive procedures.
3. Control Risk – as the assessed level of control risk
increases, the auditor should design more
effective substantive procedures.
Step 4: Determine/Set the acceptable level of Detection ✓ Timing – performing substantive o Management expert-expertise in a field
Risk: The acceptable level of detection risk depends on the procedures at interim dates. other than accounting or auditing,
assessed level of inherent and control risk (inverse ✓ Extent – decreasing the extent of whose work in that field is used by the
relationship). substantive tests using smaller sample entity to assist the entity in preparing
size. the financial statements
➢ Detection risk is significantly affected by the ➢ The auditor considers the following when using the
nature, timing, and extent of the auditor’s work (assistance) of an expert:
substantive procedures.
✓ Materiality of an item being
➢ Detection risk is a complement of assurance RELATIONSHIP BETWEEN MATERIALITY & RISK
considered
provided by substantive tests (for example, a 10%
detection risk means a 90% assurance of MATERIALITY AUDIT RISK PLANNED AUDIT
✓ Risk of misstatement (nature and
detecting material misstatement).
LEVEL PROCEDURES complexity)
➢ Detection risk can be increased or decreased by
• LOW
• HIGH
• HIGH
• LOW
• More Extensive
• Less Extensive
➢ Consider Expert’s:
the auditor by performing substantive tests but can ✓ Competence
never be reduced to zero. ✓ Objectivity
➢ The lower the detection risk, the more ✓ Scope of work
conservative the audit procedure, and vice versa.
RISK ASSESSMENT PROCEDURES CONSIDERATION FOR THE WORK OF INTERNAL
Detection Risk = Audit Risk ➢ Procedures use to obtain understanding of the AUDITOR
Inherent Risk x Control Risk entities environment & internal control. Use to ➢ Preliminary assessment of client’s internal
assessed the Internal and Control Risk. auditing function.
➢ Inquiry ➢ Evaluation and testing the work of internal auditing
Step 5: Design Substantive Tests ➢ Observation function. If the result it:
➢ Inspection o Rely – Test internal control
➢ Auditor’s reaction to level of detection risk: ➢ Analytical Procedures
o Lower acceptable level of detection risk (high o Not Rely – Need not to test
IR & CR)– higher assurance is to be provided CONSIDERATION FOR THE NEED OF AN EXPERT ➢ When the internal audit function appears relevant,
by substantive tests by changing any or external auditors shall consider the internal
combination of the following: ➢ Expert is a person or firm possessing special skill, auditor’s:
knowledge and experience in a particular field or o Competence
✓ Nature – performing more effective
discipline other than accounting and auditing. o Objectivity (organizational status- line of
substantive procedures.
➢ An expert may be; reporting)
✓ Timing – performing substantive
o Engaged by the entity; o Due professional care
procedures at year-end rather than at
o Engaged by the auditor;
interim dates.
o Employed by the entity;
✓ Extent – increasing the extent of o Employed by the auditor.
substantive tests by using larger sample ➢ Two Kinds of Experts
size. o Auditor’s expert-expertise in a field
o Higher acceptable level of detection risk (low other than accounting or auditing,
IR & CR) – low assurance is to be provided whose work in that field is used by the
by substantive tests by changing any or auditor to assist the auditor in obtaining
combination of the following: sufficient appropriate evidence (Internal
✓ Nature – performing less effective expert or External expert)
substantive procedures.

SUMMARY NOTES IN
AUDITING THEORY
CONSIDERATION OF INTERNAL
CONTROL
INTERNAL CONTROL
1. Process, Policies & procedure
2. Implemented by those charge with governance & top
management
3. Reasonable assurance of achieving entities objective.
• Ensure effectiveness & efficiency of
operation
• Reliability of Financial Statement
• Compliance with laws and regulations
ENTITY’S OBJECTIVE FOR INTERNAL CONTROL
Financial Reporting Objective – most relevant to audit
Operational Objective - relevant only if they relate in eval FS
Compliance Objective – relevant only if they relate in eval
FS
CONSIDERATION OF INTERNAL CONTROL
SYSTEM
1. Obtaining understanding of the internal control
2. Documenting the understanding of accounting and
internal control system
3. Assessing the level of control risk
4. Performing test of controls
5. Documenting the assessed level of control risks
UNDERSTANDING INTERNAL CONTROL
ASSESSMENT OF CONTROL RISK
➢ Understanding internal control design &
implementation with the goal of assessing the
Control Risk.
o CR is below maximum (good IC/low risk)
– use test of control & minimal
substantive testing
o CR is above maximum (weak IC/ high
risk) – intensive substantive testing
o Procedure in understanding IC:
Inquiry
▪
▪ Inspection
▪ Observation
▪ Reperformance (walk-through, pick random
transaction and trace it to the whole process)
➢ Design (should be): obtain manual of process
➢ Implementation (actual): check if the design is being
implemented
Components Of Internal Control (CRIME)
1. Control Environment – level of commitment, attitude,
awareness and action of top management, those
charged with governance and BOD.
➢ Factors affecting:
o Integrity, ethical, philosophy & operating
style
o Active participation
o Commitment to competence
o Personnel policies and procedures
o Assignment of authority/Organizational
structure
2. Risk Assessment – management identification,
assessment and course of action regarding business
risk pertaining to preparation of FS:
➢ Business Risk – risk that entity’s objectives will not
attain as a result of internal and external factors.
➢ Risks can arise or change due to circumstances such
as:
• New personnel.
• New technology
• New or revamped information systems
• New business models, products, or activities.
& • Changes in operating environment.
• Corporate restructurings.
• Rapid growth.
• Expanded foreign operations
• New accounting pronouncements
3. Information and communication system – the
means of recording transactions and communication of
responsibilities.
➢ Information systems - financial reporting
system and maintaining accountability for
related assets and liabilities. It also
consists of infrastructure (physical and
hardware components), software,
people, procedures, and data.
➢ Communication system how personnel
understand how their activities in the
financial reporting information system
relate to the work of others and the
means of reporting exceptions to an
appropriate higher level within the entity.
providing an understanding of individual
roles and responsibilities pertaining to
internal control over financial reporting.
Can be made electronically, verbally and
through actions of management.
4. Monitoring – assessing the quality of internal control
performance over time.
➢ Ongoing monitoring – done by supervisors and
management
➢ Separate evaluation – done by audit committee.
➢ Combination of Ongoing and separate
5. Existing Control Activities - policies and
procedures that ensure management objectives
are carried out.
➢ Physical Control – safeguarding of asset
➢ Information processing – application control
& general control.
➢ Performance Review – analysis of actual
performance versus budget, forecast and prior
period
➢ Segregation of duties – Authorization,
Recording, Custody.
➢ Includes (new categories):
1. Authorization and approvals
2. Reconciliation
3. Verifications
4. Physical or logical controls
5. Segregation of duties
a. Custody of assets
b. Authorization of transactions
c. Recording of transactions
d. Execution of transactions
e. Independent checks or internal audits
DOCUMENTING THE AUDITOR’S ✓ Document the conclusion that control risk is at 3. Cost-Benefit
UNDERSTANDING OF INTERNAL CONTROL less than high level as well as the basis for the 4. Human Errors
➢ Narrative description of the entity’s internal control assessment. 5. Person responsible for internal control may abuse
➢ Flowchart that diagram the flow of transaction Assessed Control Risk responsibility.
➢ Internal control questionnaire providing management 6. Inadequacy of internal control
High (Maximum) Less than High
response to question about IC. (Below Maximum)
➢ Risk and control matrices. Understanding of Required Required CORPORATE GOVERNANCE - system of stewardship
➢ Policy and procedure manuals ICS and control to guide organizations in fulfilling their long-term
➢ PSA 315 requires the auditor to document: Conclusion Required Required economic, moral, legal, and social obligations towards
a. Discussion among the engagement team abs the Basis of Not Required Required shareholders/members and other stakeholders.
significant decisions reached. Conclusion ➢ Governance – BOD – Strategic Control
b. Key elements of understanding obtained ➢ Risk Management – Senior Management –
c. Evaluation of the design of identified controls and COMMUNICATION OF INTERNAL CONTROL Management Control
whether they are implemented. ➢ Internal Control – Risk Owners – Operational
WEAKNESSES
d. Identified assessed risks of material misstatements Control
at FS level and at the assertion level including: ➢ When auditor become aware of the weakness in the
▪ Significant risks IC system, he is required to report it to the appropriate Code of Corporate Governance - intended to raise the
▪Risks of substantive procedures alone cannot level of management. corporate governance standards of the Philippie
provide SAAE. ➢ Ordinarily in writing and should be done in the earliest corporations to a level par with regional and global
▪ Rationale for the significant judgements made. opportunity so that corrective action may be taking as counterparts. It is arranged as follows:
soon as possible. 1. Principles -are high level statements of corporate
TEST OF INTERNAL CONTROL ➢ Auditor is not required to search for internal governance, good practice, and apply to all
➢ Evaluation of effectiveness of Internal Control. weakness, but she must communicate any weakness companies. Are applied in “principle of
➢ Auditor should obtain evidence through test of control that come to her attention during the audit. proportionality.”
that control risk is below maximum/low/internal ➢ Formally documented in management letter. 2. Recommendations-objective criteria that are
control is good. ➢ Management Letter - a formal report that intended to identify specific features of corporate
➢ The lower the control risk the more evidence to communicates internal control deficiencies, together governance good practice.
gather. The greater the reliance on IC the more 3. Explanations -strive to provide companies with
with other matters of concern in an audit.
extensive the test of control. additional information on the recommended best
➢ Deficiency in internal control/Control deficiency-
➢ Procedure in test of control: practice.
▪ Inquiry control is designed and implemented in such a way
▪ Inspection that is unable to prevent, detect and correct TRANSACTION CYCLE
▪ Observation misstatements in the FS on timely basis. Revenue Cycle Sales, cash receipt
▪ Reperformance (walk-through, pick random ➢ Significant deficiency in internal control -a Expenditure Cycle Purchase, AP, cash disbursement
transaction and trace it to the whole process) deficiency or combination of deficiencies that in Inventory Cycle Physical count
➢ Using the result of test of control = assessed level auditor’s professional judgement is of sufficient Payroll Cycle Salaries, deduction
of control risk. importance to merit the attention of TCHWG. PPE Cycle Acquisition, disposal, depreciation
Investment Cycle Debt, Equity
DOCUMENTING THE ASSESSED LEVEL OF PDC CONTROLS Financing Cycle Debt, equity, interest
CONTROL RIKS Preventive – before problem arises
a. If the Control Risk is assessed at a high level: Detection – as problem arise Test of Control Substantive Testing
Correction – remedy to problem discovered Focus on internal control Focus on amount on FS
✓ Document the conclusion that control risk is at
Procedure
a high level.
b. If the Control Risk is assessed at Less than High level: INHERENT LIMITATION OF INTERNAL CONTROL
1. Management override
2. Collusion from employees
 AUDIT EVIDENCE- supports the auditor’s opinion
SUMMARY NOTES IN ➢ Characteristics (based on auditor’s judgement)
SPECIFIC PROCEDURE FOR SUBSTANTIVE
PROCEDURES

AUDITING THEORY o Sufficient - quantity

o Appropriate – quality (relevance, reliability)
Inquiry, Inspection, Observation, Reperformance,
Recalculation, Confirmation, Analytical Procedure
➢ Nature – persuasive rather than conclusive.
PERFORMING SUBSTANTIVE ➢ Types
TEST o FS Record/ Accounting Data – has direct effect DOCUMENTATION/ WORKING PAPERS
on FS (ex. GL, SL, GJ, Worksheets)
➢ Support the auditor’s conclusions on FS, auditor’s
o Corroborating Information/Source Documents
SUBSTANTIVE TESTING – procedure designed to representation as to compliance with PSA, and
– has indirect effects on FS (ex. Bank statements,
substantiate the account balances or to detect material assist auditor in planning, performance, review
purchase order)
misstatement in the financial statements. and supervision of engagements
➢ Cost-Benefit consideration when obtaining evidence
➢ Also held in planning future audit, other services &
➢ Evidence is more reliable if:
litigation
Potential effectiveness of the auditor’s substantive test o Obtain from independent sources outside
➢ Ownership – auditor
is affected by it’s: entity
➢ WP is confidential without client’s permission:
▪ Nature- more/less effective o Internal control is effective
o Except: (1) subpoena by court (2)
▪ Timing – interim or year-end o Obtain directly by the auditor
auditor use to defend himself in the court
▪ Extent.- less/more extensive o Documentary form/written form that obtain
➢ Retention of working paper – GR: 5 years
orally.
➢ Content:
Two types of substantive procedures: o Original documents
o Audit Objectives
a. Test of Details
FINANCIAL STATEMENT/MANAGEMENT o Substantive Procedures (nature, timing,
i. Test of transaction – small volume of extent)
transaction. Tine-test transactions during ASSERTIONS – claims, representation by the
management that is embodied in the FS. o Audit Conclusion & Significant matters arising
the year. during the audit
ii. Test of balances – Large volume of o Signatures
transaction. Tine-test only the ending BALANCE SHEET INCOME
o Estimated Hours
balance. STATEMENT
1. Completeness o Referencing
b. Analytical Procedure – ratio analysis, 2. Existence 1. Cut-off ➢ Classification:
regression (not required by PSA) 3. Rights & 2. Completeness
o Permanent File – continuing significance to
Obligation 3. Occurrence
4. Valuation & 4. Accuracy recurring auditor (ex. Articles of
Develop expectation regarding Allocation 5. Classification incorporation, bylaws, organizational chart,
Financial Statement 5. Presentation & long term accounts, major contracts)
Disclosure
o Current File – relevant to particular audit

DIRECTIONAL TESTING – where to start in comparing AUDITING ACCOUNTING ESTIMATES

Compare expectation with FS
Investigate Difference
1.Significant - conduct further investigation
2.Insignificant - Accept the account as reasonable
documents? ➢ The risk of material misstatement is greater when
➢ Tracing – source documents to accounting accounting estimates are involved.
record (Completeness) ➢ Auditor is responsible for obtaining sufficient
➢ Vouching – accounting records to course appropriate evidence as to whether estimate is
documentation (Existence) properly accounted, disclosed and reasonable.
AUDITING RELATED PARTY TRANSACTION SPECIFIC AUDIT PROCEDURES

➢ persons or entities that may have dealings with 1. Inspection of records.

one another in which one party has the ability to 2. Inspection of tangible assets.
exercise significant influence or control over the 3. Observation.
other party in making financial and operating 4. Inquiry.
decisions 5. Confirmation.
➢ Auditors’ awareness 6. Reperformance.
1. Requirement of disclosure in FS 7. Analytical procedures
2. It may be motivated by profit sharing or 8. Recalculation.
even fraud; and
Specific Procedures RAP Further Audit
3. The nature may give rise to higher risks of Procedures
material misstatement of the financial TOC ST
statement Inspection / / /
➢ Management Responsibility Observation / / /
▪ Identification and disclosure Inquiry / / /
▪ Implement adequate accounting and internal Confirmation /
control systems Recalculation /
➢ Auditor’s Responsibility Reperformance /
▪ Obtains information about related party Analytical / /
relationship and transactions by making Procedure
inquiry from the management regarding;
▪ Obtain sufficient evidence that these are (1) TEST OF CONTROL VS. SUBSTANTIVE TEST
Properly accounted for and (2) Disclosed in
the FS. ➢ Test of control provides evidence that indicates a
➢ If the auditor identifies significant transactions misstatement is likely to occur while substantive
outside the entity’s normal course of business, the test, on other hand, provides evidence about the
auditor should: existence of misstatement in an account.
▪ Obtain understanding of business as well if it ➢ In expressing opinion on the financial
has been properly accounted for and statements, the auditor relies on the results of test
disclosed; and of control and substantive tests.
▪ Obtain audit evidence that the transactions
have been appropriately authorized and *Dual purpose test-test of control is performed
approved. concurrently with the test of details on the same
➢ Obtain Written Representation Letter transaction.

MAJOR AUDIT PROCEDURES

1. Risk Assessment Procedure (RAP)
2. Test of Control
3. Substantive Procedures
 2. Non-Statistical
SUMMARY NOTES IN a. Subjective
CONTROLLING THE RISK
1. In Sampling risks:
b. Professional Judgement ✓ Increasing the sample size; and
AUDITING THEORY TYPES OF STATISTICAL SAMPLING/ SAMPLING PLAN ✓ Using an appropriate sample selection method
AUDIT SAMPLING 1. Attribute Sampling – rate of deviation 2. In Non-sampling risks:
occurrence/ occurrence rate. (Usually use in ✓ Proper planning; and
testing Internal control) ✓ Adequate direction, review and supervision of the
PSA 530 – audit sampling is the application of audit 2. Variable Sampling – numerical quantity such as
procedures to less than 100% of the items within an account audit team.
peso value. (Usually use in substantive tests)
balance or class of transactions such that all sampling units
have a chance of selection.
SAMPLING RISK BASIC STEPS IN AUDIT SAMPLING
• Audit procedures – test of control & substantive
➢ Risk that auditor’s conclusion, based on sample Steps TOC ST
procedures
• Audit sampling is performed with the assumption selected is different from conclusion reached if the 1.Define the Specify the control Specify the
entire population were subjected to the same Objective of the procedure to be purpose of the test
that the sample selected for testing represents Test tested and its
the population. procedures.
relationship to the
➢ Sample selected may not be truly representative of a FS assertions
EVIDENCE GATHERING population. 2.Determine the Appropriate Determine the
• Selecting all items (100% examination) ➢ Must be reduced to acceptable level. procedure to be procedure to appropriate audit
➢ Unlikely in the case of tests of control but more ➢ 3 Ways to Reduce Sampling Risk performed perform to satisfy procedures to be
common for substantive procedures 1. Use proper sample selection methods the objective. performed.
➢ May be appropriate when: 2. Use proper sample size Define population Define population
a. Small volume high value population 3. Use proper projection methods and conditions and its
b. IR & CR is high and no other means to satisfy ➢ Types: that constitute a characteristics.
c. Calculation of computer makes a 100% deviation
examination cost effective Types TOC ST Sacrifice 3.Determine Acceptable Acceptable
• Selecting specific items d Sample Size Sampling Risk Sampling Risk
➢ Selecting specific items from a population based Alpha Risk of Risk of incorrect Efficiency (Inverse) (Inverse)
on such factors as knowledge of the client’s Risk Underreliance rejection
business, preliminary assessments of inherent (Risk of (misstatement Tolerable Tolerable
and control risks, and the characteristics of the assessing doesn’t actually Deviation Rate Misstatement
control risk too exists) (Inverse) (inverse)
population being tested
high)
➢ The judgmental selection of specific items is Beta Overreliance Risk of incorrect Effectiven Expected Expected
subject to non-sampling risk Risk (Risk of acceptance ess Population misstatement and
➢ Specific selected items may include: assessing (misstatement Deviation Rate population
a. High value or key items control risk too actually exists) (Direct) variation (Direct)
b. All items over a certain amount low) 4.Select the Use any one of Use any one of
c. Items to obtain information Sample the techniques: the techniques:
d. Items to test procedures NON-SAMPLING RISK
5.Apply the audit Apply procedure Apply procedure
➢ Refers to the risk that the auditor may draw incorrect procedures to sample items to sample items
APPROACH TO AUDIT SAMPLING conclusion about account balance or class of 6.Evaluate the Decide whether Decide whether to
transactions because of human errors. It arises from sample results the result accept account
1. Statistical
factors that cause the auditor to reach an erroneous (projection) supported the balance as fairly
a. Random Selection planned degree of stated or to
b. Probability conclusion for any reason not related to the size of reliance on require further
c. Mathematical the sample. internal control actions

DETERMINING SAMPLE SIZE
❖ Acceptable Sampling Risk (Inverse) – the smaller
the sampling risk the larger the sample size (vice
versa)
❖ Tolerable Deviation Rate (Inverse) – max rate of
acceptable deviation. Decrease in tolerable deviation
rate will increase sample size (vice versa)
❖ Expected Population Deviation Rate/Expected
Misstatement Rate (Direct) – rate expected to find
the population before testing begins. The larger the
expected population deviation rate the larger the
sample size (vice versa). Should not exceed the
tolerable deviation rate.
❖ Variation in the population (Direct) – measured by
standard deviation. As the degree of variability
increases, the larger the sample size. (Applicable to
substantive testing)
SELECTING THE SAMPLE
1. Random Sampling – random number selection,
equal chances of getting selected.
2. Systematic Sampling – use of sampling interval
(Population / sample size)
3. Haphazard Selection- does not follow any
mathematical/structural approach) (example: all
deposit except deposit from 1-3PM)
4. Stratified Sampling – grouping of items in similar
characteristics.
5. Value-weighted (probability in proportion to size)
(monetary unit) – the higher the amount, the higher
the chance of being selected.
6. Discovery Sampling – use when standard deviation
is 0.
7. Block Selection – by block in selection.
8. Stop or Go sampling/ Sequential – auditor expects
few errors. No limit, only when auditor find it deemed
sufficient.
1,2,3,7,8 – test of control 4,5 – substantive test
In Selecting the sample and applying the appropriate audit
procedures the auditor may encounter:
▪ Voided documents (be replaced by another item)
▪ Missing documents (treated as deviation)
EVALUATING THE RESULT B. SUBSTANTIVE TESTING
A. TEST OF CONTROL Facts:
(Population Size/ value) - 1,000 Withdrawal/1MPhp
Facts: (Sample Size/value) – 100/50kphp
(Population) - 1,000 Deposit (Misstatement) – 10kphp
(Sample Size) – 100 (Acceptable Sampling Risk) – 50kphp
(Deviation Error) – 30
(Acceptable Sampling Risk) – 5 Computation:
Sample Misstatement Rate = M/SV 10kphp/50kphp = 20%
Computation: Upper Occurrence Limit = SDR x PV+ ASR 20% x 1Mphp + 50kphp
Sample Deviation Rate = DE/SZ 30/100 = 30% = 250kphp
Upper Occurrence Limit = SDR + ASR 30% + 5% = 35%
CASE 1: Tolerable Misstatement is 100kphp
CASE 1: Tolerable Detection Risk is 20% 100kphp < 250kphp = material error exists, auditor will make
20% < 35% = control risk is assessed at high level, extensive adjustments by examining additional units, alternative procedures,
substantive test to perform. Sample results do not support the request client to adjust account balance
auditors planned degree of reliance to internal control.
CASE 2: Tolerable Misstatement is 300kphp
CASE 2: Tolerable Detection Risk is 40% 300kphp > 250kphp= control risk is assessed at low level, only
immaterial error exists. The auditor should consider allowance for
40% > 35% = control risk is assessed at low level, lesser
substantive test to perform. The auditor should also consider the sampling risk. The auditor should recognize that the sampling risk
allowance for sampling risk. increases as the projected misstatement approaches the tolerable
misstatement.
If the sample deviation rate is considerably lower than tolerable
deviation rate (e.g. 2% vs. 10%), there is low risk that actual PROJECTION (SUBSTANTIVE TESTING)
population deviation rate will exceed tolerable deviation rate.
Auditor can safely assume that sample results supported the Facts: What is the total misstatement?
planned degree of reliance on the internal control. Population: 10,000 What is the total Audited Value?
BV: 120,000Php
If the sample deviation rate is barely lower than tolerable deviation Sample Size: 100
rate (e.g. 8% vs. 10%), there is a high possibility that the actual Book Value: 1,000
deviation rate will exceed the tolerable deviation rate. Audited: 1,200
Misstatement: 200 (BV-Audited)
a. If non-statistical sampling, the samples do not justify
the auditor’s preliminary assessment of control risk – 1. Mean per unit estimation (MPE)
control risk - high level. a. 200 / 100 = 2 mean/ unit
b. If statistical sampling, the auditor determines the 10,000 x 2 = 20k
maximum population deviation rate as the sum of the b. 1,200/100 = 12 mean/unit
sample deviation rate and allowance for sampling risk. 10,000 x 12 = 120k
i. Maximum deviation rate does not exceed tolerable
2. Ratio Estimation
rate-the auditor can safely rely on the control
a. 200/1,000 = 20%
ii. Maximum deviation rate exceed tolerable rate-the
120k x 20% = 24k
auditor can conclude that sample results do not
b. 1,200/1,000 = 1.20
support the auditor’s preliminary assessment of the
120k x 1.20 = 144,000
control risk and therefore scope of substantive tests
should be increased. 3. Difference Estimation
a. 1,200 – 1,000 = 200 x 10k/100 = 20k
b. 1,200 – 1,000 = 200 x 10k/100 = 20k
120k + 20k = 140,00

SUMMARY NOTES IN
AUDITING THEORY
COMPLETING THE AUDIT
➢ Around March to April
➢ Wrapping up-necessary and required by PSA
➢ Mostly subjected performed by senior/manager
General Procedures:
A. Identifying liability items not given appropriate
accounting treatments.
B. Addressing required disclosures.
C. Wrap procedures.
D. Review of audit engagement and formation of
audit opinion.
A. IDENTIFYING LIABILITY ITEMS NOT GIVEN
APPROPRIATE ACCOUNTING TREATMENTS
❖ Searching for unrecorded liabilities
o Reviewing subsequent cash
disbursements.
o Test of unprocessed invoices or open
purchase orders (PO)
o Analytical procedures that may indicate
understatement in liabilities.
❖ Perform other procedures including inquiry of
entity’s legal counsel, to identify loss
contingencies.
B. ADDRESSING REQUIRED DISCLOSURES
1. REVIEW RELATED PARTY TRANSACTION
❖ IAS 24 requires disclosure of related party
transactions.
❖ Management Responsibility – identify, record,
disclose, designing internal control.
❖ TCWG - understanding about the nature and
business rationale of related party, Monitoring
management
❖ Auditor’s Responsibility – obtain understanding,
check if properly disclosed
o Related to occurrence assertion -
Performing detailed test of transactions
and balances, Reviewing minutes of the
meeting, s, accounting records, unusual
investment transactions, guarantor
relationship, purchase or sale of interest
in a joint venture.
o Related to completeness assertion -
Inquiry to the affiliated director and
officers with other entities and auditors
currently involved in audit.
2. REVIEW SUBSEQUENT EVENTS
❖ Subsequent events are event occurring between
FS date and auditor’s report.
❖ The responsibility of auditor is until the auditors
report.
❖ 2 Types of events:
o Adjusting Event (Type 1) – adjustment
conditions existing as of balance sheet date.
o Non-adjusting Event (Type 2) – requiring
disclosure only, arose only after balance
sheet date
❖ Management Responsibility – identify, record,
disclose.
❖ Auditor’s Responsibility – perform procedures
designed to obtain sufficient appropriate evidence
that all events up to the date of the auditor's report
that may require adjustment of, or disclosure in, the
financial statements have been identified.
Auditor's Report
FS Date (Dec 31) (April 11)
Subsequent Event
❖ Events occurring after the auditor’s report but
before the issuance of FS – auditor does not have
any responsibility to perform procedures, but
should inform the client not to issue the FS.
❖ If material subsequent event requiring adjustment
occurs after auditor’s report but before issuance of
FS, FS should be adjusted and auditors report
should bear Original Date of the Report.
❖ If subsequent event requiring disclosure occurs
after auditor’s report but before issuance of FS,
the date of report is either: (1) as of the date of
subsequent event or (2) Dual Date Report (ex.
March 15, 2015, except for note 10, march 31,
2015) (3) Issue a report that includes an
Emphasis of Matter paragraph or Other Matter
paragraph - auditor's procedures on subsequent
events are' restricted solely to the specific event
referred to in the relevant note to the financial
statements.
❖ If the FS is issued without adjustment, the auditor
should take action to prevent reliance on the FS.
3. REVIEW LITIGATION, CLAIMS AND ASSESSMENT
❖ If the provision is probable and measurable-
disclosed as contingent liability.
❖ Management Responsibility – identify, evaluate,
account litigation as basis of preparing FS. .
❖ Auditor’s Responsibility
o Inquire to management – list of litigation
claims, and management assessment of
outcome.
o Letter of Audit Inquiry – sent to client’s
legal council and ask lawyers regarding
appropriateness and reasonableness of
management assessment
▪ Letter of general inquiry-
assessment of outcome,
estimated financial implications
▪ Letter of Specific inquiry – list
of litigation, reasonableness of
management assessment,
further information, outcome and
possible financial consequences.
o Meeting legal council necessary when:
▪ Significant risk, complex matter,
disagreement between
management and legal council.
 ❖ Management creates the letter to be sent to
auditor and auditor sent to legal council and legal
council send back directly to auditor.
❖ If management refuses to give permission to
communicate with legal council or the lawyer
refuses to reply, considered score limitation
resulting to qualified or disclaimer of opinion.
C. WRAP PROCEDURES
1. PERFORM ANALYTICAL PROCEDURES
❖ To test the reasonableness of the audited amounts,
to test whether the FS as a whole are consistent
with the auditor’s knowledge of the business.
o Assessing the validity of the conclusions
reached
o Identifying unusual fluctuations that were
not previously identified
❖ Required by PSA.
2. ASSESS GOING CONCERN ASSUMPTION
❖ The assumption in preparing FS is to operate in
the foreseeable future.
❖ Concern about the client’s ability to survive.
❖ Management Responsibility – assess the entity’s
ability to continue and disclose the assessment.
❖ Auditor’s Responsibility
o Evaluate the appropriateness of
management use of GCA.
o Check if it’s disclose.
o Identify basis of assessment such as
events and conditions that may give rise to
business risk and mitigation factors.
o Conditions that gives rise to doubt:
▪ Non-compliance with the terms of loan
agreements
▪ Pending major legal preceeding
▪ Changes in legislation or government
policy expected to adversely affect the
entity
▪ Net liability
▪ Substantial operating losses:
▪ Inability to pay creditors on due dates
▪ Loss of major market, franchise, license
or principal supplier.
❖ Effect on the Auditor’s Report:
o Reasonable assurance of going concern –
unqualified opinion
o Uncertainty about ability to continue
▪ Adequately disclosed - unqualified
opinion with emphasis on the matter
"Material Uncertainty Related to Going
Concern”
▪ Not Adequately disclosed – qualified/
adverse opinion
3. EVALUATING AUDIT FINDINGS AND OBTAINING
CLIENT'S APPROVAL FOR THE PROPOSED
ADJUSTING ENTRIES
❖ auditor should decide whether to accept the
financial statements as fairly stated or to
request management to revise the
statements
❖ Material misstatements discovered during
the audit must be corrected by
recommending appropriate adjusting entries
❖ management accepts all the adjusting entries
– unqualified
❖ management refuses to correct – qualified/
adverse
4. OBTAIN MANAGEMENT REPRESENTATION
LETTER
❖ PSA 580 requires auditor to obtain evidence that
entity’s management acknowledges and fulfilled
responsibility for preparation and presentation of
fair FS. And also approved the FS.
❖ Form and contents:
o Management acknowledgement on
responsibility to FS and that FS is
prepared in accordance with reporting
frameworks
o Representation that management
provide all relevant information and all
available FS and records that auditor
needed
o Management approved the FS
o Management acknowledges
responsibility for internal control
o Management believes that uncorrected
misstatement is immaterial
❖ Basic elements of Management Letter
o Letter is addressed to auditor
o Date is near, but not after, the date of
auditors report.
o Signed by appropriate level of
management who has responsibility for
the financial statements.
❖ Refusal to provide MRL – alert auditor to the
possibility of issues, and issue disclaimer of
opinion.
5. REVIEW OF WORKING PAPERS (Final Review)
6. FORMING AN OPINION
DISCOVERY OF OMITTED PROCEDURES
Did it affect the Opinion?
➢ Yes. Is it compensated with other procedures?
o Yes, no more ST needed
o No, performed further ST
➢ No. No more further action needed
LIST OF LETTER
1. Engagement Letter – audit contract
2. Confirmation Letter – substantive testing
3. Management Letter – improvement in IC
4. Letter of Audit Inquiry – inquiry to legal council
5. Management Representation Letter –
responsibility of management
 AUDITOR’S REPORT (the standard)
SUMMARY NOTES IN 1. Title – “Independent Auditor’s Report”
2. Addressee – stockholders and BOD
AUDITING THEORY 3. Opinion Paragraph – client, FS, PFRS, period
4. Basis of Opinion – PSA’s Independence, Code
AUDITOR’S OPINION & REPORT of Ethics, sufficient and appropriate evidence
5. Key Audit Matters:
FOUR TYPES OF OPINION a. Most significant aspects and areas
1. UNQUALIFIED OPINION – FS is fairly presented, encountered during the audit
no material misstatement. The most reliable. b. Reason why those are significant
2. QUALIFIED OPINION – FS is fairly presented, c. Effect to FS
except for d. Auditor’s Response
3. ADVERSE OPINION – worst type of opinion. FS 6. Management Responsibilities – FS, Internal
is not fairly presented. control, ability to continue going concern
4. DISCLAIMER OF OPINION – not an opinion. 7. Auditor’s Responsibilities:
Auditor does not know if fairly presented or not. a. Obtain reasonable assurance
b. Issue Opinion
Material but not Material and c. General Description of Audit
pervasive pervasive 8. Other reporting responsibilities – depends on
Misstatements Qualified Adverse the industry
Scope Limitation Qualified Disclaimer 9. Name of engagement partner
10. Signature – with CPA certification number, SEC
*Material – can affect the decision accreditation number, TIN number, BIR
*Pervasive – widespread effect accreditation number, PTR number.
*Scope Limitation – inability to obtain evidence, due to client 11. Auditor’s Address
impose and other reason 12. Date of Auditor’s Report
*Disclaimer – other reasons for issuing: multiple
uncertainties, auditor has no independence to client.

QUALIFIED, ADVERSE, & DISCLAIMER OF OPINION

➢ Emphasis of Matter – matter presented in FS
o Pending Litigation
o Material Going Concern Issue
o Early adoption of IRS
o Subsequent discovery affecting opinion
o Major catastrophe
➢ Other Matter – those matter not presented in FS
o Restriction on distribution/ use of report
o FS of prior period where audited by
other auditor
o Whenever there are other information
 2. Systems Development and Documentation Control customer b 3,000 #102
SUMMARY NOTES IN (Maintenance) customer c 10,000 #102
➢ System are developed or acquired, 10,000 306 – for IC
AUDITING THEORY implemented and maintained in an authorized purposes
and sufficient manner. 5. Limit Check
AUDITING IN CIS ENVIRONMENT 3. Access Control ➢ Example: Deposit limit 50,000/ day
4. Data Recovery Control ➢ Ensures that data do not exceed a pre-
CHARACTERISTIC OF CIS ENVIRONMENT ➢ Back-up, anti-virus determined limit.
1. Lack of visible audit trail ➢ Disaster recovery plans:
➢ Paperless 1. Internally provided back-up (on site) *Control over processing – transactions properly
➢ Trail only exist for limited period of time ✓ In separate departments processed by the computer
2. Consistency of Performance ✓ Most expensive but less risky *Control over output – results of processing are accurate;
➢ CIS function is programmed 2. Externally provided back-up (off-site) – access to output is restricted to authorized personnel
3. Concentration of Duties mostly used (automated)
➢ A, R, C must be segregated a. Hot Site (recovery operation center) TEST OF CONTROLS IN CIS ENVIRONMENTS
4. Ease of access to data and computer program ✓ Most readily available 1. Auditing around the computer
5. System-generated transactions ✓ Equipped hardware, softwares ➢ Input reconciled with the output
➢ Can easily produce reports ✓ Less risky but costly ➢ Blackbox approach – it does not permit direct
6. Vulnerability of data and program storage b. Warm Site assessment of actual processing of
✓ Not equipped transactions
EFFECT OF CIS IN AUDIT c. Cold Site (empty shell) 2. Auditing with the computer
✓ Same: ✓ Least readily available ➢ Audit segment
o Objective ✓ Least costly 3. Auditing through the computer
o Responsibility 5. Monitoring Controls ➢ Computer Assisted Audit Techniques
o Stages ➢ Ensure that CIS control are effective (CAATs)
✓ Focuses on Test of Control rather than ➢ Whitebox approach
Substantive Testing APPLICATION CONTROLS (control input) ➢ Entity use advance CIS
1. Key Verifications ➢ Auditor will have to audit directly the client’s
INTERNAL CONTROL IN A CIS ENVIRONMENT ➢ Data is to be entered twice. computer program using CAATs
1. Understanding IC 2. Field/ Validity Checks ➢ Commonly used CAATs
a. General Control ➢ Correct input of characters: a. Test Data
b. Application Control o Letter ➢ Auditor gets copy of the program
2. Test of Control o Format ➢ Auditor installs the program
o Accumters ➢ Auditor input erroneous fictitious
GENERAL CONTROLS 3. Check Digit (Self-checking digit) transactions
1. Organization and Management control ➢ Add an extra digit to determine the b. Integrated Test Facility (IFT)
➢ Clear assignment of responsibility authenticity ➢ Auditor uses the actual system
➢ Segregation of duties: ➢ Example: supplies code 7530261 6 used by the client
o Between IT dept and User Dept 24 2+4 = 6 ➢ Risk of contamination
o Within CIS dept (headed by CIS director) 4. Hask Total (control totals) c. Parallel Simulation
▪ Program development ➢ Adding numbers without meaning ➢ Auditor codes the program
▪ Program operation ➢ Example: AR ➢ Compare actual vs. simulated
▪ Program maintenance customer a 5,000 #101
 TEST DATA

Auditor's Test Data

Processed using
client's program

Compares: Auditor's
Output
Expected output

ITF

Auditor's Test Data

& Client's Data

Processed using
client's program

Compares: Auditor's
Output
Expected output

Parallel Parallel

Client's Data Client's Data

Processed using Processed using

client's program auditor's program

Output
Output (actual) Compare Compare (simulated)
 4. Confidentiality Notes on Financial Interest
SUMMARY NOTES IN ✓ Respect the confidentiality and info acquired Financial Allowed
5. Professional Behavior Interest or Not?
AUDITING THEORY ✓ Comply with the relevant laws and regulations Direct Material
Immaterial
x
x
✓ Avoid misconduct that might discredit the
CODE OF ETHICS projection Indirect Material x
Immaterial /
Code of Ethics for Professional Accountants in the Note: all must be complied with
Philippines
➢ Based on the international code of ethics for THREATS TO FUNDAMENTAL PRINCIPLES
professional accountants 1. Self-Interest Threat
➢ Developed by the international ethics standards ✓ Financial or other interest which may
based for accountants (IESBA) influence judgement (e.g. gifts)
➢ Implemented by BOA 2. Self-Review Threat
✓ CPA will not appropriately evaluate the
FOUR PARTS results of a previous judgment made (e.g.
Part 1: Compliance with the code - ability to in public CPA/auditors prepared the FS to be audited)
interest 3. Advocacy Threat
➢ Fundamentals Principles ✓ CPA will promote a client’s position or opinion
1. Integrity (promoting shares, acting in behalf of the
2. Objectivity client)
3. Professional Competence and due care 4. Familiarity Threats
4. Confidentiality ✓ CPA will be too sympathetic to due to long
5. Professional Behavior and close relationships with clients
➢ Conceptual Framework (applies to all CPAs) 5. Intimidation threat
✓ CPA will be threatened from acting
Part 2: CPAs in Business (employees, owners, managers) objectively because of the actual or
Part 3: CPAs in Public Practice (Audit Firms) perceived threats. (threat to change audit
Part 4: Independence firm)
➢ For audit and review engagement
➢ For other assurance engagements Conceptual Framework
Step 1: Identify Threats
FUNDAMENTAL PRINCIPLES Step 2: Evaluate Threats
1. Integrity Step 3: Address Threats
✓ Straight-forward and honest Eliminate
✓ Fair dealing & truthfulness Reduce
2. Objectivity Last Resort: Reject (if there are no safeguards
✓ Fair, intellectual honest available)
✓ Free of conflict of interest
3. Professional Competence and due care
✓ Attain and maintain professional knowledge
(BSA, CPALE, CPD)
✓ Act diligently and in accordance with the
standard (PSA)