Professional Documents
Culture Documents
Notes Auditing Theory
Notes Auditing Theory
RA 9298 is PROSPECTIVE in application; not against the The examinations on or before October 2008 can be
prior rules before its effectivity. taken even if not a BSA Graduate
1.) Obtain an 2.) Make Prelim. assessment of 4.) Make Final assesment of CR
understanding of the Control Risk - when controls do not Preliminary Final
internal control system work when needed. Assessment Assessment
Perform risk assessment CR = High/Max ↑CR ↑CR
procedures Missing/Unreliable Controls Proven Unreliable
Unreliable Controls ↓CR = change to ↑CR
Inquiry (Perform Test
Inspection May be reliable but not Proven Reliable =
of Controls)
Observation efficient to test no change (↓CR)
**no analytical procedures in CR = <High/Below Max
Controls may be reliable
IC** 5.) Determine Nature, Extent,
Check the design and and Timing of Substantive Test
the implementation (not 3.) Make Response to RAP ↑CR ↓CR
yet check the Overall Response
N More Less
↑ prof. Skepticism experienced
effectiveness) Effective Effective
member, & unpredictability
Should be documented Specific Response E Larger Smaller
and verified by If ↑CR = no TOC T Year-end YE + Interim
walkthrough procedures. If ↓CR = perform TOC N.E.T. is directly related to CR.
*NATURE* NETWORKS
Local Area Network (LAN) - specific/defined
More Effective ↑Test of Details ↓Analytical Proc. geographic area
Less Effective ↓Test of Details ↑Analytical Proc. Wide Area Network (WAN) - crossing country lines
and regions (Slower than LAN due to distance)
Metropolitan Area Network (MAN) - 3 buildings
TESTS OF CONTROL - effectiveness of controls owned by the same is separated by a public road.
Inquiry - weakest
All throughout
Inspection - with docs. Data Base - 1 copy = multiple access
the period
Observation - without docs. under audit Database Administrator - responsible for monitoring and maintaining
Re-performance - strongest the database’s structure, integrity, security, and performance;
coordinate operations and provide guidance/support.
Significant Human
Minimal Human Intervention Access Controls
Intervention
Inconsistency Consistent Minimize unauthorized access/alterations
Physical Controls (Secured Facility)
With Professional Judgment No Professional Judgment Programmed Access Controls (Passwords)
Best for non-routine Best for recurring/routine
transactions transactions Hardware Controls
**NOT possible to have 100% automated systems Built-in by the manufacturer
Detect Equipment Failure (Echo Check)
Organizational Controls Auditing WITH and THRU the computer (WHITE BOX)
Clear assignment and Segregation of Duties Complex Program/Logic
Segregation within the CIS Department Uses CAATs - inputting series of valid and invalid
System Development and Operations MUST combination of data (if invalid goes thru, the control
be segregated. (Developers cannot use the is ineffective )
ones they have developed) If input is correct and processing has a strong
Segregation of CIS and USER Departments control, then, OUTPUT is correct.
b) Write-off (there should be aging of AR and should To maintain accurate inventory records, the perpetual records
always seek for TREASURER’s Authorization) should be updated/reconciled with conducted periodic counts.
ISSUE: Authorization (thru Treasurer)
SOLUTION: Company Policy PAYROLL CYCLE
ISSUE: Recording (by the Accounting Department
HUMAN RESOURCES DEPARTMENT is concerned with:
SOLUTION: Use Journal Voucher (with JE)
Hiring, screening and recruitment
RISKS/ISSUES SOLUTIONS
DIRECTION OF TESTS:
Hiring those who are not Proper screening
Every source docs/tangible assets, there should be entries/records
qualified Multiple approvals
Source Documents --> Records = COMPLETENESS
Records --> Source Docs = EXISTENCE/OCCURRENCE Labor Relations Contract
Communicate about superiors/subordinates and talk
PURCHASING AND DISBURSEMENT CYCLE with them separately
Does NOT only include inventories but also operating Authorize payroll rates
expenses and repairs and maintenance Termination (End of Contract) WITH documented due
process and prenumbered termination notice
Step 1: Process Purchase Orders (Purchasing Dept.) RISKS/ISSUES SOLUTIONS
a) Request for goods thru Purchase Requisition Form that is Terminated employees Look for existence
might still receive payroll Properly accounted
made for company purposes
beyond contract period termination
ISSUES: Unnecessary purchase or excessive items
SOLUTIONS: SOD, Budget Controls with Approval
TIME KEEPING DEPARTMENT is concerned with:
b) Select Vendor/Provider thru an Authorized Vendor List
Attendance: In/Out
ISSUES: Fraud, Inflated Prices, Kickback
-Bundy Clock -Clock Card -Biometric -DTR
SOLUTIONS: Accredited/ Authorized Vendors,
discourage or monitor related-party transactions Work (Factory)
c) Prepare/Send Purchase Order -Job Time Tickets -Accomplishment Report -Labor Summary
“NO Approval, NO PO” - PO is proof of authorization
RISKS/ISSUES SOLUTIONS
Strong control
Step 2: Receive the Goods (Receiving Dept. with Blind copy Inaccurate time charges environment
of PO --NO quantity-- AND Warehousing Dept.) Overtime Approvals
a) Receive Goods- check the PO (NO PO, do NOT receive)
ISSUES: Did not order ACCOUNTING DEPARTMENT is concerned with:
SOLUTIONS: Segregation of Duties (SOD), Payroll Accounting
Inspection Process - Check orders, automate Updated Alphalist (details of employee & its payroll)
b) Inspect the Goods - After, make a Receiving Report Gross pay is based on the contract and their
ISSUES: Wrong quantity/item, Incomplete Delivery timekeeping records
SOLUTIONS: SOD, Inspection Process, automate Withholding of compensations (taxes, contributions)
c) Store Goods - updates inventory stock record Special Cases (Incentives, vales/advances,)
RISKS/ISSUES SOLUTIONS
Step 3: Record the Liability (Accounting Department) Inaccurate Computations Recomputation
Before recording, it needs to have and reconcile the Terminated employee Reconciliation
might still receive payroll with timekeeping
VOUCHER PACKAGE (VP):
beyond contract period Updated details
PO, Receiving Report, Vendor’s Invoice
ISSUES: Did not Order, Not yet Delivered, Wrong Details
TREASURY is concerned with:
SOLUTIONS: SOD, 3-Way Test (Compare Voucher Payroll Distribution thru:
Package), check with Budget Controls and inspect details -Direct Transfer -Checks -Bills and Coins
TCWG Mgmt. Auditor AUDIT EVIDENCE - all information (accounting and others)
used in arriving at a conclusion on which the auditor’s opinion
Prevent Fraud
is based. Needs to be persuasive only (not 100%)
Detect Fraud Sufficiency (Quantity)
*The “preventor” should also be the detector. 100% testing
**AUDITOR should detect fraud that is directly affecting the and Selective Sampling
material to the FS. Audit Sampling - all have a chance
Appropriateness/Competence (Quality)
Primary Causes of Material Misstatements Relevance - consistent with audit objectives
FRAUD (Irregularities) ERROR Reliability - depends on nature/source/controls
Intentional Unintentional See Generalizations on “Fundamentals of Assurance”
Error of Commission Error of Omission
Of all the audit procedures, INQUIRY is the least reliable and costly;
that is why it is combined with other procedures.
TYPES OF FRAUD: Inquiry + Inspection Inquiry + Observation
Fraudulent Financial Reporting (Management Fraud) -
involves intentional misstatements to deceive FS users ANALYTICAL PROCEDURES (Comptuation) is the 2nd least reliable
Window Dressing - “pinapaganda” and costly procedure. It is OPTIONAL to use it in substantive testing,
↑ assets/income, ↓ liabilities/expenses = ↑ equity depending on reliability of figures and internal control.
COMMON PROCEDURE: Cut-off Test
Kiting - (under window dressing) end of clearing period
**The auditor’s PROFESSIONAL JUDGMENT will
PROCEDURE: Simultaneous Bank Reconciliation
Secret Reserve - opposite of window dressing determine the scope and combination of procedures**
↓ assets/income, ↑ liabilities/expenses = ↓ equity
Inspecting the equipment/asset itself= EXISTENCE;
Assets Misappropriation (Employee Fraud) - Inspecting supporting documents of such assets = RIGHTS
embezzlement of receipt (theft)
FRAUD CHARACTERISTICS (Fraud Triangle +1 - CROPI) What one OBSERVES is a process, not a thing/asset; otherwise it is
an inspection.
Capacity to do it (+1)
Rationalization/Justification of the fact
Opportunity to do so (weak internal control) CONFIRMATION
Pressure/Incentive to commit Verification of transactions, balance, details, etc.
If Management DECLINES to the request of sending confirmation,
Whether suspected or actual fraud, ALWAYS report it to the and this request is the only way to obtain evidence:
client to be able to address it or take action.
Existence of YES Perform Alternative Procedures
CIRCUMSTANCES TO DOUBT CLIENTS: ALTERNATIVE
PROCEDURE Scope Qualified Opinion
Did NOT take remedial action NO
Limitation Adverse Opinion
Pervasive or Systemic Fraud (Involves whole company)
Doubt Management Competent/Integrity Checks existence/occurrence thru external respondents
When any of the following cases is present, WITHDRAW Cash in bank --> bank (manager)
with due notice and reason, and report if with Legal Reqs. Accounts Receivable --> customers
Consignment --> consignee
Accounts Payable --> supplier
SUMMARIZED INVENTORY COUNT PROCEDURE: Litigation -->legal counsel
(Client counts with the supervision of the Auditor) Client prepares & signs the confirmation request; format:
Counting/Tagging -> Transfer to Count Sheet -> Test Count (by Auditor) Positive - respondents always reply
Blank Request - “what is in your record?”; used
RESPONSE TO FRAUD RISKS: when there is HIGH risk of misstatement/fraud
↑ Professional Skepticism Negative - if no difference, no reply (only when disagrees)
↑ Experienced Team Members If did not respond: inspect collections of A/R after balance sheet
↑ Unpredictability of Procedures date; inspect shipping documents for proof of delivery.
Audit Committee - responsible for the set-up of the internal Auditor sends and receive the replies
audit department
↑RMM (Inherent + Control Risk) = ↓ Detection Risk; ↑Sub. Test
HIGHER ST = more test of details, less analytical procedures,
Auditor is NOT responsible for non-prevention/detection of larger sample size, @year-end
fraud/error, but responsible if failed to comply with the the
requirements of PSAs. SPECIFIC AUDIT PROCEDURES
PROCEDURES
NONCOMPLIANCE - NOT a matter of judgment but of Fact. RAPs TOC ST
(I2 OA C RR)
NOT only about violation of law (forgot to submit, remit, etc.) Inquiry
May be intentional or unintentional Inspection
FOCUS: Direct and Material Effect on FS
Observation
It is the responsibility of the management and TCWG to Analytical
ensure that their operations are in accordance with Confirmation
laws/regulations. Re-performance
Recalculation
Audits are not expected to bring all illegal acts to the auditor’s
attention because it is often an operating aspect rather than ACCOUNTING ESTIMATES
accounting. Amount approximation in the absence of precise means of measuring.
**Auditors shall document and communicate non- Management is RESPONSIBLE for making accounting estimates and
disclosures in the FS.
compliance to the management and TCWG**
AUDIT SAMPLING ATTRIBUTE SAMPLING (Used in Test of Controls)
METHODS IN GATHERING AUDIT EVIDENCE Estimate the rate/frequency of occurrence and deviations; it is
100% TESTING - tests everything generally used when the evidence are WITH audit trail.
A lot of evidence, BUT time consuming Factors Affecting Sample Size in TOC:
UNLIKELY for TOC but more COMMON in TOD Expected Population Deviation Rate (↑EPDR, ↑Sample Size)
SELECTIVE SAMPLING - selecting specific items Tolerable Deviation Rate (↓TDR, ↑Sample Size) Inverse
Setting of Criteria or factors relevant Allowance for Sampling Risk (↓ASR, ↑Sample Size) Relationship
EXAMPLE: Inspect supp. docs with expenses Difference of EPDR and TDR
amounting to 1x,xxx and above.
To push thru attribute sampling, TDR ≥ EPDR (may be RELIABLE)
AUDIT SAMPLING - most efficient; contains
characteristics of the two. Sample Deviation Rate = # of Deviations / Sample Size
Tests less than 100% SDR > TDR = ↑Control Risk | SDR ≤ TDR = ↓Control RIsk (Reliable)
All have a chance to be selected
WEAKNESS: samples represent the whole population VARIABLE SAMPLING (Used in Substantive Testing)
which results to sampling risk --> Used to estimate numerical measurement of population such as pesos;
generally used to estimate amount of misstatements.
AUDIT PROCEDURES SAMPLING?
Risk Assessment Procedures - Understanding entity Factors Affecting Sample Size in ST:
Test of Controls - Effectiveness Expected Amount of Misstatement (↑EAM, ↑Sample Size)
a) WITH audit trail Tolerable Misstatement (↓TM, ↑Sample Size)
b) WITHOUT audit trail Allowance for Sampling Risk (↓ASR, ↑Sample Size)
Substantive Testing - detect material misstatements
Test of Details of Balances Projected Misstatement = Audited Value vs Book Value
Test of Details of Transactions (Thru Ratio Estimation, Difference Estimation, Mean-per-Unit, Regression)
Substantive Analytical Procedures PM ≤ TM = Tolerable | PM > TM = Not Tolerable
INDEPENDENCE: Confirmed AT LEAST annually Lack of Time and Experience ↑Detection Risk ↓Quality
ACCEPTANCE AND CONTINUANCE OF CLIENTS
RISK ASSESSMENT PROCESS
Sets out the process in implementing risk-based approach
CONSIDERATIONS:
CLIENT EVALUATION: Accept clients with emphasis on
QUALITY OBJECTIVES
client integrity and ethical values as well as the nature
(anchored with Quality Risk)
and circumstances of the engagement
Human and OTHER
SELF- EVALUATION: Firms ability to provide QUALITY Leadership AND Governance
Resources
audits/engagements
Ethical Requirements Engagement Performance
Availability of resources and access to information
It should NOT compromise relevant ethical requirements Client Acceptance/ Information and
Continuance Communication
REASSESSMENT OF CLIENTS: AT LEAST annually, at the
START of the year, prior to re-appointment ACTION - needed for attainment of objectives and mitigating
quality risks.
Increases level of confidence and competence
More complex/risky audits
INFORMATION AND COMMUNICATION AUDIT REPORTING
The firm must have a way to Obtain, Generate, and Use PARTS OF AN AUDIT REPORT: (TAOB GEKOO MANAD)
information and communicate it within the firm 1) Title - “independent”
2) Addressee/Client - party who appoints auditor (TCWG)
INFORMATION COMMUNICATED: 3) Opinion (PFRS)
Policies a) Introductory Paragraph
Information obtained during audit for EQR i. Name of the Entity
Communication with Group of Component Auditors ii. “We have AUDITED this entity…”
Communication with TCWG and Regulators iii. Enumerates FS audited
iv. Date/Period Covered of the FS
IMPORTANT TO NOTE ON COMMUNICATION: b) Opinion Paragraph
Ethical Requirements i. Mentions of Standards (PFRS)
Policies on Ethics 4) Basis for the Opinion (PSAs)
Training Register and Materials a) Compliance with PSAs
Completed Independence Declarations
b) Independence + Ethical Requirements
Client Acceptance and Continuance
c) Audit Evidence Obtained - basis for opinion
Risk Assessments
Identity documents obtained and stored 5) Going Concern Matters (if necessary)
Engagement Letters 6) Emphasis of Matter Paragraph
Engagement Performance Mentions items which are disclosed in the FS
Audit Programs a) Unacceptable Framework BUT required by law
Role Assignments b) FS is prepared using a special framework
Information obtained during the engagement c) “Pahabol” Subsequent Events -> amended report
Conclusions reached and reports to management and 7) Key audit matters (Required always; XPN: Disclaimed )
TCWG a) Current Year matters
b) Discussed with those charged with governance
ENGAGEMENT QUALITY REVIEW c) “Most Significant” to the audit
Other person (NOT a member of the audit team) will review i. Why significant?
the auditor’s judgments, conclusions & report during the audit; ii. How it was addressed?
DONE PRIOR to issuance of report. iii. Refer to note disclosures
(Auditing the Auditor’s Audit) 8) Other Information
a) Annual Report - focus on consistency
Who can review the work of:
9) Other Matter Paragraph (Not disclosed in FS)
AUD. 1 AUD. 2 AUD. 3 10) Management and TCWG Responsibilities
Auditor 1 - 10 years
a) Prepare and Present FS thru PFRS
Auditor 2 - 15 years FUSION
b) System of Internal Control
Auditor 3 - 20 years c) Going Concern Assumption/Assessment
d) Oversee the Financial Reporting Process
When the EQ Reviewer becomes aware of its impaired 11) Auditor’s Responsibilities
eligibility, such shall give notice and decline/discontinue EQR. a) Obtain Reasonable Assurance; issue the report
12) Name of the Engagement Partner (With exception)
**The EQ Reviewer’s criteria for eligibility extends to their assistants** 13) Auditor’s Signature, Qualification, Location of practice
14) Date of Report (when auditor obtained SA Evidence)
EVALUATION AND REVIEW:
Reviewer has concerns regarding the appropriateness of Unqualified Opinion - fairly stated
judgments/conclusion = notify engagement partner No material Misstatements
NOT resolved = notify firm that the EQR cannot be Obtained Sufficient, Appropriate Evidence
completed (results to consultation)
Material But NOT pervasive Qualified Opinion
If there are NO CONCERNS, the reviewer shall notify the
Misstatement And PERVASIVE Adverse Opinion
engagement partner that the EQR is complete.
Scope Limitation Mat. but NOT Perv. Qualified Opinion
(Inability to Obtain
Inspection is being done AFTER the issuance of report Evidence) Mat. and Pervasive Disclaimer / Withdraw
Format of Report/Opinion:
Consistent in all material respects/Fair summary