GR OUP 4

PLANNING
PHASE
SEC T IO N 2
Kevin Illeses Fe rnando Limos Angen ette
Agac er

Monsour Jay Sh iela Marie G adayos

Gregorio Content
Department
 INTRODUCTION
• Every activity or undertaking entered into by a person has
certain targets. In order to attain these targets, one of the
first things performed is to plan the courses of action
needed to be taken. Preparing for the future enables people
to consider the impact they would like to have and to find a
way to attain those targets.
• Planning helps people to identify and achieve these targets
through making or carrying out plans and avoiding doing
some random activities. This makes planning a very
necessary and important procedure in any undertaking.
PLANNING
Under ISSAI 1300, planning is not a discrete phase of an audit
but rather a continual and iterative process that often begins
shortly after the completion of the previous and continues
until the completion of the current audits

PLANNING ACTIVITIES INVOLVES

THE FOLLOWING STEPS:

1.Preparing the 2. Conducting 3. Conducting 4. Preparing the

Overall Audit Preliminary Final Risk Audit
Strategy. Risk Assessment Engagement
Assessment Plan
Step 1. Preparing the Overall
Audit Strategy
Establishing the audit strategy involves settings the scope, timing and
The overall audit strategy is prepared
direction of the audit towards the development of an Audit Engagement by the Audit Team Leader
Plan. In establishing the overall audit strategy, the auditor shall:

a. Identify the characteristics of the engagement that define its scope;

b. Ascertain the reporting objectives of the engagement to plan the timing of The Supervising Auditor/Regional
the audit and the nature of the communications required; Supervising Auditor will review it.
c. Consider the factors that, in the auditor's professional judgment, are
significant in directing the engagement team's efforts
d. Consider the results of preliminary engagement activities and, where
applicable, whether knowledge gained on other engagements performed by the The Cluster Director/Regional Director
engagement partner for the entity is relevant will approved it.

e. Ascertain the nature, timing and extent of resources necessary to perform the
engagement.
 Step 2. Conducting Preliminary Risk
Assessment

Risk Agency Risk

MissionAudit Risk
Is the probability TO EXC EED TH E
of an act or event The threat that an IONS OF
EXPECTAT
occurring that event, action
T HE CorUSTOMERSThe risk that the
would have an AND PROVIDE auditor may express
inaction will adversely
adverse effect in T HEM W IT H TH Ean
affect the agency’s inappropriate
the achievement B EST INT ERNET opinion on the FS.
ability to successfully
of an achieve its mandate
S ERVICES AN D T HE
achievement of and objectives M OSTandR ELIABLE
an agency’s S U PPORT SYS TEM .
execute its strategies.
objectives.
 Components of Audit Risk
Inherent risk is the Control risk is the
susceptibility of an risk that a
assertion, about a misstatement that
class
transaction,
of could occur in an
assertion about a Mission Detection risk is the
account balance or class of transaction,
risk that the auditor's
disclosure to a account balanceTOorEXC EED TH E
procedures will not
misstatement that disclosure and EXPECTAT
that IONSdetect
OF a
could be material,
could be material, T HE
either individually or C USTOMERSmisstatement that
either individually exists in an assertion
when AND PROVIDE
aggregated
or when that could be
with other
T HEM W IT H THmaterial,
E
aggregated with individually
misstatements will
B EST INT ERNETor when aggregated
other not be prevented, or
with misstatements.
misstatements, detected S and
ERVICES AN D T HE
before corrected, on a timely
M OST R ELIABLE
consideration of manner by the
entity's S U PPORT SYS TEM .
internal
any related
control
controls
 The factors that may affect inherent risk assessment are:

a Judgment a high degree of judgment is involved in

business transactions.

b Estimates significant estimates are included in

transactions, which make it more likely that an estimation
error will be made.

c Complexity- the transactions in which a business engages

are highly complex, and so are more likely to be
completed or recorded incorrectly.
 Understanding the Audit
Entity
The resident auditors assigned in their respective agencies perform, among
others, financial and compliance audits. Thus, auditors have practically broad
knowledge of agency operations which should be summarized in the UTA
Template.

The UTA template may include the following

a. A general overview of the entity's organization and
operations,
b. The agency's main activities and critical processes;
c. Projects/Programs/Activities
d. Results of previous audit
e. Auditor's notes on any component that may be
significant to the conduct of financial audit
 To enhance Auditor's understanding of the audit entity,
the following steps shall be undertaken

a. Updating information base for financial audit and conducting

preliminary risk assessment,

b. Assessing other matters for consideration, and,

c. Assessing Related Parties transactions

 INTERNAL CONTROL
an integral process that is effected by an agency’s management and
personnel, and is designed to address risks and provide reasonable
assurance that in internal control should provide reasonable assurance
regarding the achievement of agency’s objectives in the following
categories:

Effectiveness and efficiency of operations;

Reliability of financial reporting;

Compliance with applicable laws and regulations; and,

Safeguarding of assets.
 Components of Internal Control
Control Environment
sets the tone of an organization, influencing the control consciousness of
its staff. It is the foundation for all other components of internal control,
providing discipline and structure

 Management and staff demonstrate personal and professional integrity and

ethical values;
 Management sets the “tone at the top” (i.e. management’s philosophy and
operating style);
 Management establishes an appropriate government organizational structure;
 Management and staff exhibit commitment to competence; and,
 Management establishes human resource policies and practices. Risk
Assessment
 Components of Internal Control
Risk Assessment
process of identifying and analyzing relevant risks to the
achievement of the agency’s objectives and determining the
appropriate response.
 Management identifies and defines appropriate objectives and
risk tolerance in specific and measurable terms;
 Management identifies, evaluates and assesses agency’s risks;
and,
 Management determines appropriate response to the identified,
evaluated, and assessed agency’s risks.
 Components of Internal Control
Control Activities
The policies and procedures established to address risks and to achieve
the agency’s objectives. The procedures that an organization puts in place
to treat risk.
 Management designs control activities which are appropriate, function
consistently according to plan throughout the period, cost effective,
comprehensive, reasonable and directly relate to the control objectives
and to address risks;
 Management develops control activities which include a range of diverse
policies and procedures; and,
 Management develops an effective information technology control
activities.
 Components of Internal Control
Information & Communication
effective processes and systems that identify, capture and report
operational, financial and compliance-related information in a form and
timeframe that enable people to carry out their responsibilities.

• Management develops and maintains reliable and relevant

financial and non-financial information;
• Management communicates information throughout the agency;
and,
• Management communicates information with external parties.
 Components of Internal Control
Monitoring
the process that assesses the quality of the internal control
system’s performance over time.
• Management establishes and operates activities to
monitor the internal control system and evaluates the
results; and,
• Monitoring activities ensure that audit findings and
recommendations are adequately and promptly resolved.
 How to test Internal
Control Design
In selecting controls to test, key controls must be considered. Important or key
controls address the risk of a material misstatement. Testing internal control
design determines whether the control is designed in a way that would prevent
or detect an error or fraud.

The Control Design may be tested

in the following manner:
i. Inquiring
ii. Observing
iii. Inspecting relevant documents
 Two types of Controls
1. PRE VE NT IVE CO NTR OL S 2. D ET E CT IVE C O NTR OL S

are designed to discourage errors or irregularities are designed to find errors or irregularities after
from occurring. they have occurred.
Examples of preventive controls are: Examples of detective controls are:
 Segregation of Duties  Review of Performance
 Approvals, Authorizations, and Verifications  Reconciliations
 Security of Assets (Preventive and Detective)  Physical Inventories
 Audits
External Auditor, in this case COA Auditors, can also use the works of
Internal Auditors, when they have determined that the internal audit
function is likely to be relevant to the audit. The guidance on the use
of the works of Internal Auditors and in assessing their objectivity is
provided under ISSAI 1610.
 
 General Accounting Plan

The external audit aims to increase confidence in the

information mentioned in its financial statements and
ensure its integrity. It also aims to improve that
information by detecting its errors, early modification,
and detecting any manipulation that occurs.
 
 Financial Statement Analysis
1. VARIANCE ANALYSIS 2. TIE-IN ANALYSIS

the auditor can compare the
latest set of FS and the
corresponding period of the
preceding year’s FS balances.
the auditor compares the figures
of the accounts or group of
accounts or contra accounts in
the FS and reported in Notes to
FS.
ASSESSING OTHER MATTERS FOR C ONSIDER ATION

Understanding Fraud Risks

Misstatements in the FS can rise from either fraud or error.
Although fraud is a broad legal concept, the auditor is concerned
with fraud that causes a material statement in the FS.

Two types of intentional misstatements:

1. Misstatements resulting from fraudulent financial reporting

2. Misstatements resulting from misappropriation of assets

ASSESSING OTHER MATTERS FOR C ONSIDER ATION

Understanding Risks from Non-compliance with Laws, Rules and

Regulations

Non-compliance by the entity with laws and regulations may result in a material
misstatement of the FS. Detection of non-compliance, regardless of materiality,
may affect other aspects of the audit including, for example, the auditor’s
consideration of the integrity of management or employees.
The auditor should be guided with the requirements under ISSAI 1250 in their
consideration of compliance with laws and regulations.
Transactions, which are non-compliant with existing laws and regulations, are
considered illegal and irregular and, thus, disallowed in audit as required under
existing COA regulations
ASSESSING R ELATED PARTIES
Related parties pertain to
1 Persons or other entities that have control or
significant influence, directly or indirectly through
one or more intermediaries, over the reporting entity.

2 Entities over which the reporting entity has control or

significant influence, directly or indirectly through
one or more intermediaries.

3 Other entities under common control with the

reporting entity through having common controlling
ownership and common key management.
 ASSERTI ONS IN CONSIDERING MISSTATEM ENTS
CATEGORY ASSERTION
Occurrence The potential
Completeness misstatements may
Transaction level assertions Accuracy be groups into three
Cutoff categories
Classification considering the
Existence following assertions
Rights and Obligations
Account balance assertions Accuracy, valuation and
allocation
Classification
Presentation
Understandability
Presentation and other
Accuracy
disclosures
Completeness
 III. Conducting Final Risk Assessment

• Materiality threshold pertains to the amount of

materiality set as benchmark to evaluate the
significance of misstatements or omissions noted
during audit.
• ISSAI 1320 explains that misstatements and omissions are considered to
be material if they, individually or in aggregate, could reasonably be
expected to influence the economic decisions of users of the FS.
• The users are considered as a group of users of FS rather than as
individual users.
• The concept of materiality is applied both in planning and performing the
audit, and also in evaluating the effect of identified misstatement in the
FS.
• While materiality is primarily based on the auditor’s
professional judgment, such judgment should consider both
qualitative and quantitative aspects to reduce the risk of audit
decisions which are either overly liberal or conservative.
• Items of little importance are considered trivial. Clearly trivial
as mentioned in ISSAI 1450, par. A2 does not mean “not
material.” Misstatements that are clearly trivial will be of
wholly different (smaller) order of magnitude, or of a wholly
different nature than those that would be determined to be
material, and will be misstatements that are clearly
inconsequential, whether taken individually or in the
aggregate and whether judged by any criteria of size, nature or
circumstances.
• The Audit Team Leader shall determine
the materiality thresholds particular to
the audited entity, subject to the review
of the Supervising Auditor and to the
approval of the Cluster/Regional Director
concerned.
• In an audit of the financial statements of stand-alone
agencies (not a component/regional/head office), the
Audit Team Leader shall determine and use the overall
materiality, performance materiality, specific materiality
(if applicable), and testing threshold throughout the
audit.
 In an audit of a consolidated/combined FS of groups with
components or agencies with regional offices:

i. The Audit Team Leaders in the head/component/regional

office preparing ML/ SAOR (whichever may be applicable)
shall determine and compute the overall materiality,
performance materiality, specific materiality and testing
threshold using their respective FS. In case of separate FS
for each type of fund (e.g., General Fund, Special Education
Fund, Trust Fund), the auditor shall compute materiality
thresholds using the specific FS for each fund.
 In an audit of a consolidated/combined FS of groups with
components or agencies with regional offices:

ii. The Supervising Auditor (head of audit group) preparing the

CAAR and issuing the IAR shall determine the overall
materiality, performance materiality, specific materiality and
testing threshold (if applicable) based on the
consolidated/combined financial information of the whole
group/agency. The computed overall materiality will be used
in determining whether the consolidated/combined FS is
misstated or not, and in determining the type of audit opinion
to be issued on the consolidated/combined FS.
 Calculating materiality is established through these
steps:

a. selecting an appropriate benchmark;

b. identifying appropriate financial data for the
selected benchmark; and,
c. calculating materiality based on established
percentages.
Step 1. Selecting an Appropriate Benchmark
Step 2. Identifying Appropriate Financial Data for the Selected
Benchmark
Step 3. Calculating Materiality Based on Established Percentages
 The levels of materiality thresholds are set and applied in the following
manner, unless a different materiality benchmark/computation is required
thru the issuance of a materiality circular or guidelines:

a. The overall materiality shall be set at 1 percent of the total selected

benchmark.
b. The performance materiality shall be set at 50 percent of the overall
materiality. Testing threshold for high value items shall be set at 25 percent of
performance materiality.
c. The specific materiality shall be set at 0.20 percent for the chosen class of
transactions, account balances or disclosures.
• The percentage set for overall materiality can be
increased up to 2 percent upon the recommendation
of the SA/RSA and approval by the CD/RD. The
decision to change the rate shall be based on
assessment that the entity has a strong internal control
and has implemented audit recommendations to
address misstatements and ensure reliability of FS.
• The performance materiality and specific materiality
can be decreased upon the recommendation of the
SA/RSA and approval by the CD/RD.
To illustrate how these levels are computed, the following financial
information based on the latest FS are used as sample:
The materiality level set using the financial
information is calculated as:
 Assessing Risks and Determining Risk Responses

The steps are broken into: (a) performing risk assessment; and (b)
determining risk responses.

a. Performing Risk Assessment

• As discussed in the preliminary risk assessment, the SRPIR becomes the initial basis for
further risk assessment. The Auditor shall conduct final risk assessment on each of the
relevant assertions in the SRPIR.
• Risk assessment involves the identification of sources of risk and assessment as to
whether information obtained could result in a material misstatement in the financial
statements. Risk of material misstatement at the assertion level (risk that the financial
statements are materially misstated prior to audit) consists of inherent risks and control
risks which were discussed earlier. (ISSAI 1003)
The following are examples of risks that the entity
may encounter:
The Auditors should, however, not limit their
evaluation on the risks identified during Preliminary
Assessment as there could be intervening events or
circumstances that may need equal attention. This
include material items in the FS even if initially, they
have no risk as these should eventually be included
in the audit plan.
 Steps involve in a risk
assessment
a. Inherent risk identification;

b. Inherent risk assessment;

c. Identification of significant risks;

d. Understanding internal control;

e. Evaluating internal control design and implementation of

internal controls; and

f. Final risk assessment

 Step 1. Inherent Risk Identification

Agency Risk Fraud Risk

Results from significant Related to events or conditions

conditions, events, that indicate an incentive or
circumstances, actions that could pressure to commit fraud.
adversely affect the entity’s
ability to achieve its objectives
and exercise its strategies.
 For identifying risks, the auditor considers factors
like:

i. nature of the operation

ii. accounting policies

iii. agency objectives and strategies and financial implications

iv. review of financial performance

v. relevant controls to mitigate risks at the agency and transactional levels

vi. and laws and rules applicable for the audited entity.
 Step 2. Inherent Risk Assessment

Risk assessment involves consideration of two attributes about

inherent risks:

(i) the likelihood of a misstatement occurring as a result of the

risk with the probability rated as high, moderate or low.;

(ii) the magnitude (monetary impact) if the risk

would occur.
 Step 3. Identification of Significant Risks

Significant Risk
An identified and assessed risk of material misstatement is so
high that in the auditor’s judgement, required special audit
considerations.
a. large non-routine transactions;
b. matters requiring judgment or management
intervention such as changes in accounting
impairment policies;
c. error or fraud is high;
d. non-compliance with laws and regulations; or,
e. unreliable internal control.
 Step 4. Understanding Internal Control

Not all control activities are relevant to the audit, an understanding

of the controls related to the risk of misstatement is necessary to
ensure that the relevant control is identified. This is initially
undertaken during the preliminary risk identification.
S t e p 5 . Evaluation of Internal Control Design and Implementation of Internal Controls

The operating effectiveness of internal control design can be

tested in the following manner, among others:
a. Identifying appropriate controls to be tested.
b. Deciding on the appropriate testing technique.
c. Determining the appropriate documents to be tested.
d. Determining the level of test (period to be covered, representative
sample, extent).
e. Examining evidence/documents to determine whether controls have
been properly implemented.
f. Summarizing and documenting the results of evaluation.
 Step 6. Final Risk Assessment

Review the results of the risk assessment procedures performed,

and assess the risks of material misstatements at the FS level and
the assertion level for classes of transactions and disclosures.
 Assessing Risks and Determining Risk Responses

The steps are broken into: (a) performing risk assessment; and (b)
determining risk responses.
b. Determining Risk Responses
 IV. Preparing the Audit
Engagement Plan.

A. U pdating the Ov era ll A udit Stra te gy

B. Prepa ring the Audit Program

C . Pre paring the E ngagement Pla n Memorandum

 A. Updating the Overall
Audit Strategy
ISSAI 1450 requires the auditor to revise the overall audit strategy if:
(a)the nature of identified misstatements and the circumstances of their occurrence
indicate that other misstatements may exist that, when aggregated with
misstatements accumulated during the audit, could be material; or
(b) the aggregate misstatements accumulated during the audit, approaches the
materiality level determined in accordance with ISSAI 1320.

Audit activities or requirements which no longer form part of the risk

assessment process but must be included in the Strategy. These pertain
to, among others:
a. Special considerations
b. Other accounts determined falling within the performance materiality level not covered in the risk
assessment;
c. In the case of nationwide audits, the Strategy should consider synchronization of timelines for group
planning, execution and reporting; setting materiality thresholds in a uniform manner; scheduling of audit
inspections; confirmations from external parties, among others.
 B. Preparing the Audit
Program

An audit program contains the audit procedures to be performed for

a specific audit objective for the financial account and the risks
identified by assertion. Audit Program for each audit areas included
in the overall audit strategy should be prepared.
 C. Preparing the Engagement Plan Memorandum
Part 1. Audit Coverage, Objective
and Methodology
a. Audit Scope/coverage- should be
clearly described;
b. Audit objectives -should be clearly
defined; and,
c. Audit methodology- should be clearly
established supported with audit
programs.
Part 2 - Significant contents of the
Overall Audit Strategy
a. Materiality thresholds;
b. The number of staff to conduct the audit;
c. The major timelines: entrance conference, exit conference, securing
management representation letter, audit report issuance;
d. Coordination activities relative to a nationwide audit;
e. Inspections to be conducted; and,
f. External confirmations to be performed.
 C. Preparing the Engagement Plan Memorandum

Part 3 – Summary of major accounts and assertions for audit

considerations
a. Accounts and Assertions with high risks of material misstatements and significant
risks identified in the final risk assessment template. (Appendix 2-8)
b. Other Material Accounts (OMA) refer to financial statement accounts above or
equal to the performance materiality but were not considered as significant based on
the results of the Final Risk Assessment.
c. Special Considerations: Related Parties, Litigation and Claims, Segment Reporting
and Subsequent Events

Part 4 – Audit Program

IV. Preparing the Audit
Engagement Plan.
 GR OUP 4

Thank you for

Listening.
To G o d b e a l l t h e g l o r y.