3.

1 The Audit Process (Overview)

The Audit Process

 the sequence of different activities involved in an audit.

 The emphasis and order may vary, but they basically include the following activities:

1. Accepting the Engagement

 make a decision whether to accept or reject an engagement based on the

qualification of the auditor and the auditability of the prospective client's background
financial statements considering the client's business and background information.

2. Audit Planning

 the auditor obtains more detailed knowledge about the client's business and
industry, and by understanding the client, the auditor will be able to develop an
overall audit plan.

3. Considering internal Control

 understanding the entity's internal control system and assessing the level of control
risk

4. Performing Substantive Tests

 audit procedures designed to detect material misstatement in the financial

statements based on the results of the audit planning and considering the internal
control.

5. Completing the Audit

 sufficient evidence must be gathered in order to reach a conclusion on the fairness

of the financial statements.
 the auditor performs additional audit procedures until he is satisfied that the
evidence gathered is consistent with the opinion expresses in the auditor's report.

6. Issuing a Report

 the auditor forms a conclusion (opinion) about the financial statements based on the
audit evidence gathered and evaluated. This is communicated to various interested
parties through the audit report.

The General Approach to Auditing the Financial Statements

A. Financial statement assertions

 the primary concern is with the Management assertions made by the information or

presentation in the Financial Statements.
 o explicit assertions -classes of transactions/accounts balances/presentation and
disclosure
o implicit assertions- Use of the GAAP  to arrive at the balances.

Types of Financial Statement Assertions - (AICPA)

 Completeness  - all transactions and accounts are included in the Financial Statement s
presented
 Rights and obligations - at a given date, all the assets are the rights of the entity, and all
the liabilities are the obligations of the entity
 Valuation or allocation - all assets, liabilities, revenues, and expenses of an entity have
been included in the Financial Statements in the appropriate amounts and according to the
appropriate accounting principles.
 Existence of occurrence- assets, and liabilities exist at a given date and recorded
transactions occurred during that period.
 Statement of presentation and disclosure - financial statement components have been
properly classified, described, and disclosed.

B. Audit Procedures are used to gather sufficient/appropriate evidence which includes:

1. Inspection

 consists of confirming the existence or status of records, documents, or physical assets. 

 Three Types of Inspection
o Vouching -examination of documents that support a recorded transaction or amount.
o Tracing - examination of documents intended to determine whether a transaction was
recorded.
o Scanning - critically reviewing accounting records with the aim of detecting errors,
omissions, or unusual entries.

2. Observation

 entails personally verifying or attesting to a process or procedure (actual performance of

the auditee of the transaction)

3. Interviews/Inquiries

 seeking information from knowledgeable persons inside or outside the entity

4. Confirmation

 a response to an inquiry to corroborate information obtained from the client’s accounting

records.

5. Computation

 consist of checking the mathematical accuracy of source documents and accounting

records of performing independent calculations.
6. Analytical Procedure

 consist of an analysis of significant ratios and trends including the resulting investigation of
fluctuations and relationships that are inconsistent with other relevant information or deviate
from predicted amounts.

C. Audit Evidence

 refers to the information obtained by the auditor in arriving at the conclusion on which the
audit opinion was based. comprised of source documents and accounting records
underlying the financial statements and corroborating information from other sources.

D. Audit Opinion

 results of the procedures performed and the audit evidence obtained which were carefully
evaluated to arrive at the appropriate opinion about the fair presentation of the financial
statements

Types of Audit Opinions

Unqualified opinion

 expresses "presents fairly" when the audit examination was conducted without restrictions;
 there are no errors or irregularities that will result to materially misstated financial
statements;
 no uncertainties exist, disclosures are adequate and the presentation of financial statements
are in conformity with generally accepted accounting principles.

Qualified opinion

 expresses "presents fairly except for" or "subject to" when the auditor is precluded from
expressing an unqualified opinion because of :
o existing uncertainties or inconsistencies and
o not very material departure from generally accepted accounting principles or
o failure to apply generally accepted auditing standards, although not very material.

Adverse opinion

 states that the financial statements  are not fairly presented,

 that they are not in conformity with generally accepted accounting principles,
 when the auditor's examination revealed very material departure from generally accepted
accounting principles and
 the auditor was not able to convince the client to make the necessary adjustments or
include material disclosures

Disclaimer of opinion

 states that the auditor is not in a position to express an opinion, so no opinion is expressed
on the financial statements
 when there have been very material restrictions or limitations to the conduct of the audit
examination and
 very material uncertainties exist regarding the financial statements.

3.2 Accepting the Engagement

Accepting the Engagement

     Before an auditor accepts or rejects an audit engagement. the following should be taken into
consideration:

 competence of the auditor

 independence of the auditor
 ability to serve  the client properly
 the integrity of the prospective client's management and
 the adequacy of the accounting records

PSA 210 - Terms of Audit Engagements

 The auditor and the client should agree on the terms of the engagement.
 The agreed terms would need to be recorded in an audit engagement letter or other suitable
forms of contract.
 It is in the interest of both client and auditor that the auditor sends an engagement letter,
preferably before the commencement of the engagement, to help in avoiding
misunderstandings with respect to the engagement.

The engagement letter documents and confirms:

1. the auditor’s acceptance of the appointment;
2. the objective and scope of the audit;
3. the extent of the auditor’s responsibilities to the client; and
4. the form of any reports.
Principal Contents of the Engagement Letter
The form and content of audit engagement letters may vary for each client, but they would
generally include a reference to:
• The objective of the audit of financial statements.
• Management’s responsibility for the financial statements.
• The scope of the audit, including reference to applicable legislation, regulations, or
pronouncements of professional bodies to which the auditor adheres.
• The form of any reports or other communication of results of the engagement.
• The fact that because of the test nature and other inherent limitations of an audit, together with
the inherent limitations of any accounting and internal control system, there is an unavoidable
risk that even some material misstatement may remain undiscovered.
• Unrestricted access to whatever records, documentation, and other information requested in
connection with the audit.
The auditor may also wish to include in the letter:
• Arrangements regarding the planning of the audit.
• Expectation of receiving from management written confirmation concerning representations
made in connection with the audit.
• Request for the client to confirm the terms of the engagement by acknowledging receipt
of the engagement letter.
• Description of any other letters or reports the auditor expects to issue to the client.
• Basis on which fees are computed and any billing arrangements.
When relevant, the following points could also be made:
• Arrangements concerning the involvement of:
- other auditors and experts in some aspects of the audit.
- internal auditors and other client staff.
• Arrangements to be made with the predecessor auditor, if any, in the case of an initial audit.
• Any restriction of the auditor’s liability when such possibility exists.
• A reference to any further agreements between the auditor and the client.
Audits of Components
When the auditor of a parent entity is also the auditor of its subsidiary, branch, or division
(component), the factors that influence the decision whether to send a separate engagement
letter to the component include:
• Who appoints the auditor of the component.
• Whether a separate audit report is to be issued on the component.
• Legal requirements
• The extent of any work performed by other auditors.
• Degree of ownership by a parent.
• Degree of independence of the component’s management.
Recurring Audits

 the auditor should consider whether circumstances require the terms of the engagement to
be revised and whether there is a need to remind the client of the existing terms of the
engagement.
 The auditor may decide not to send a new engagement letter each period. However, the
following factors may make it appropriate to send a new letter:
• Any indication that the client misunderstands the objective and scope of the audit.
• Any revised or special terms of the engagement.
• A recent change of senior management, the board of directors, or ownership.
• A significant change in the nature or size of the client’s business.
• Legal requirements.

Acceptance of a Change in Engagement

 A request from the client for the auditor to change the engagement may result from:

1. a change in circumstances affecting the need for the service;

2. a misunderstanding as to the nature of an audit or related service originally requested; or
3. a restriction on the scope of the engagement, whether imposed by management or caused by
circumstances.

 Items 1 and 2 would ordinarily be considered a reasonable basis for requesting a change in
the engagement.
 In contrast, a change would not be considered reasonable if it appeared that the change
relates to information that is incorrect, incomplete, or otherwise unsatisfactory.

If the Auditor agreed to a change of the Terms of engagement:

• the auditor and the client should agree on the new terms;
• the report issued would be that appropriate for the revised terms of engagement; and
• in order to avoid confusing the reader, the report would not include a reference to:
   (a) The original engagement; or
   (b) Any procedures that may have been performed in the original engagement, except where
the engagement is changed to an engagement to undertake agreed-upon procedures and thus
refers to the procedures performed is a normal part of the report.
If the auditor is unable to agree to a change of engagement and is not permitted to
continue the original agreement:
• the auditor should withdraw; and
• consider whether there is an obligation, either contractual or otherwise, to report to other
parties, such as the board of directors or shareholders, the circumstances necessitating the
withdrawal.

3.3 Audit Planning

AUDIT PLANNING
Related PSAs: PSA 300, 310, 320, 520 and 570
Appointment of the Independent Auditor

 The early appointment enables the auditor to plan his work so that it may be done
expeditiously and to determine the extent to which it can be done before the balance sheet
date.
 Before accepting the engagement, he should ascertain whether circumstances are likely to
permit an adequate audit and expression of an unqualified opinion and, if they will not, he
should discuss with the client the possible necessity for a qualified opinion or disclaimer of
opinion.

PSA 300 - Planning

The first standard of fieldwork (performance standards) states that:
”The work is to be adequately planned and assistants, if any, are to be properly
supervised.”
The auditor should plan the audit work so that the audit will be performed in an effective
manner.
Planning

 refers to developing a general strategy and a detailed approach for the expected nature,
timing, and extent of the audit.
 The auditor plans to perform the audit in an efficient and timely manner.

Importance of Adequate Planning

Adequate planning of the audit work helps to ensure that:
    1) Appropriate attention is devoted to important areas of the audit;
    2) Potential problems are identified; and
    3) The work is completed expeditiously.
Planning also assists in proper:
   1) Assignment of work to assistants; and
   2) Coordination of work done by other auditors and experts.
Extent of Planning
The extent of planning will vary according to the following:
     1) Size of the entity;
     2) Complexity of the audit; and
     3) Auditor’s experience with the entity and knowledge of the business.
The overall Audit Plan
An audit plan is a document describing the expected scope and conduct of the audit.
While the record of the overall audit plan will need to be sufficiently detailed to guide the
development of the audit program, its precise form and content will vary depending on the
following:
     1) Size of the entity;
     2) Complexity of the audit; and
     3) Specific methodology and technology used by the auditor.
 Audit Planning Considerations:
1. Knowledge of the Business (PSA 310)
• General economic factors and industry conditions affecting the entity’s business.
• Important characteristics of the entity, its business, its financial performance, and its reporting
requirements including changes since the date of the prior audit.
• The general level of competence of management.
2. Understanding the Accounting and Internal Control Systems
• The accounting policies adopted by the entity and changes in those policies.
• The effect of new accounting or auditing pronouncements.
• The auditor’s cumulative knowledge of accounting and internal control systems and the
relative emphasis expected to be placed on tests of control and substantive procedures.
3. Assessment of Risk and Materiality (PSA 320)
• The expected assessments of inherent and control risks and the identification of significant
audit areas.
• The setting of materiality levels for audit purposes.
• The possibility of material misstatement, including the experience of past periods, or fraud.
• The identification of complex accounting areas including those involving accounting estimates.
4. Nature, Timing, and Extent of Procedures
• Possible change of emphasis on specific audit areas.
• The effect of information technology on the audit.
• The work of internal auditing and its expected effect on external audit procedures.
 5. Coordination, Direction, Supervision, and Review (PSA 220)
• The involvement of other auditors in the audit of components, for example, subsidiaries,
branches, and divisions.
• The involvement of experts.
• The number of locations.
• Staffing requirements.
6. Other Matters (Critical)
• The possibility that the going concern assumption may be subject to question.
• Conditions requiring special attention, such as the existence of related parties.
• The terms of the engagement and any statutory responsibilities.
• The nature and timing of reports or other communication with the entity that is expected under
the engagement.
The Audit Program
An audit program is a document setting out the nature, timing, and extent of planned audit
procedures required to implement the overall audit plan.
The audit program serves as a:
1) Set of instructions to assistants involved in the audit; and
2) Means to control and record the proper execution of the work.
The audit program also contains:
1) The audit objectives for each area; and
2) A time budget in which hours are budgeted for the various audit areas or procedures.
In preparing the audit program, the auditor would consider the following:
     1) Specific assessments of inherent and control risks and the required level of assurance to
be provided by substantive procedures;
     2) Timing of tests of controls and substantive procedures;
     3) Coordination of any assistance expected from the entity, the availability of assistants and
the involvement of other auditors or experts; and
     4) Other matters considered by the auditor in developing the overall audit plan need to be
considered in more detail during the development of the audit program.
Changes to the Overall Audit Plan and Audit Program
The overall audit plan and the audit program should be revised as necessary during the course
of the audit.
Planning is continuous throughout the engagement because of changes in conditions or
unexpected results of audit procedures. The reasons for significant changes would be recorded.
 

Audit Plan VS Audit Program

Comparison Table

Parameters of
Audit Planning Audit Program
Comparison
 more on the structural plan  start of the work
Definition  laying out all the tools,  shows what steps, procedures and evidence
strategies or techniques are needed to obtain accurate information in
 needed for a specific audit a step by step manner

Rank in the Procedure First Second

Author 1 auditor One or more auditors or another

Audit plan

 is a guideline set when conducting an audit. It is the foundation of the audit.

 a plan to be carried out in an organization that comprises strategy and techniques that will
be followed in carrying out an Audit.
 It determines all the factors needed, making sure that all the critical areas were covered and
potential problems identified and addressed.
 In laying out a plan, an Auditor must consider these foundations below:
o Client Introduction – the client’s information, such as the nature of the business, its
engagement to the community, and meeting with the employees.
o Reviewing Audit documentation – analyzing the previous audits either from a
predecessor auditor or from an accounting firm. It is only applicable if the client provides
such information (which in most cases they do).
o Recent developments – clients' latest progress, such as new ventures or investments,
products, or even merging as this might create a considerable discrepancy from the
previous year.
o Interim Financial statements – It is mandatory to analyze misstated accounts and
those that need to be monitored. 
o Knowing Non- audit personnel – identifying non-audit professionals or services.
o Staff – Engagement, and discussion are needed for a smooth transaction. Still, the
procedures to be discussed are only limited to what is necessary on a designated level.
o Timing/ Schedule – Organization of client management and staff. Checking documents
that need to be corrected or submitted.
o Assistance from other accounting entities – This needs to be determined whether or
not a specialist needs to be in a particular procedure, may it be an IT or a tax
practitioner.
o Accounting Standard Pronouncements – refers to the hierarchy of communications
from the Finance department to the Standard Boards and into all levels. 
o Date with the client – The client needs to be informed when an audit will start and
schedules for the entire audit.  It is to ensure the utmost integrity during the procedure.

Audit Program

 acts as a blueprint of the audit plan.

 It specifies how the audit will go,
 who is going to complete it, and
 what steps are needed in conducting it.
 comprises various steps developed that an auditor needs to follow step by step.
 It has a range of procedures, document verification, and acquiring pieces of evidence to
help the auditor with the information. 
 Although it implies that the Auditor must follow the plan, the Audit program should also be
flexible enough for the changes that need revision while making sure that all important areas
were covered.
3.4 Internal Control

Accounting System

  refers to the series of tasks and records of an entity by which transactions are processed as
a means of maintaining financial records.
 Such systems identify, assemble, analyze, calculate, classify, record, summarize and report
transactions and other events.

Internal Control System

 refers to all the policies and procedures (internal controls) adopted by the management of
an entity to assist in achieving management’s objectives  of ensuring orderly and efficient
conduct of its business, including adherence to management policies which includes:

• safeguarding of assets;
• prevention and detection of fraud and error;
• accuracy and completeness of the accounting records; and
• timely preparation of reliable financial information.

 extends beyond those matters which relate directly to the functions of the accounting
system.

Fundamental Concepts of Internal Control  Related PSAs/PAPSs: PSA 400, 402 and 315

 The auditor should obtain an understanding of the accounting and internal control systems
sufficient to plan the audit and develop an effective audit approach.

Internal Control Components

    (a) The control environment;
    (b) The entity’s risk assessment process;
    (c) The information system (financial reporting system and communication)
    (d) Control activities; and
    (e) Monitoring of controls.
 Inherent Limitations of Internal Controls

 Management’s usual requirement that the cost of internal control does not exceed the
expected benefits to be derived.
 Most internal controls tend to be directed at routine transactions rather than non-routine
transactions.
 The potential for human error due to carelessness, distraction, mistakes of judgment, and
the misunderstanding of instructions.
 The possibility of circumvention of internal controls through the collusion of a member of
management or an employee with parties outside or inside the entity.
 The possibility that a person responsible for exercising an internal control could abuse that
responsibility, for example, a member of management overriding an internal control.
 The possibility that procedures may become inadequate due to changes in conditions and
compliance with procedures may deteriorate.
 Accounting and Internal Control Assessment

 1st Understanding of Accounting and Internal Control System

 2nd Plan the assessed level of control risk
 3rd Performance of tests of controls (if appropriate)
 4th Reassessment of control risk
 5th Final assessment of control risk

Fundamental Concepts of Internal Control

Internal Control

- the process designed and effected by those charged with governance, management, and
other personnel , to provide reasonable assurance about the achievement of the entity's
objectives with regard to the:

 reliability of financial reporting,

 effectiveness, and efficiency of operations, and
 compliance with applicable laws and regulations.

Fundamental Concepts of Internal Control

1. Internal Control is a process

 Setting standards – set the specific goals or objectives by which performance is

compared and classified in terms of:
 Quantity (number of units to be produced)
 Quality (rejects, rework costs)
 Time ( schedules, promised deliveries)
 Cost (the amount of money needed to produce the required number of units)
 Measuring performance – use appropriate measures for the performance of the activity
being monitored.
 Evaluation and Correction – care must be taken in comparing like items

2. Internal Control is effected by people

 Board of Directors - establish and maintain the organization's governance process and
obtain assurances concerning the effectiveness of the risk management and control
processes.
 Senior Management - oversee the establishment, administration, and assessment of the
system of risk management and control processes.
 Organization Managers - assessment of the control processes in their respective areas.
 Unit personnel-execute the control policies and procedures that have been established
 Internal and External Auditors - provide varying degrees of assurances about the state of
the effectiveness of risk management and control processes (selective)

3. Internal control provides only a reasonable assurance - It is not an absolute assurance

because of specific imitations of control
  Human Judgment -controls may fail because of simple errors or mistakes
 Collusion - can result in control deficiencies (when people conspire to conceal an action)
 Management Override - prescribed policies and procedures may be overruled for
legitimate or illegitimate purposes for personal gain.
 Custom, culture, the corporate governance system, and an effective control environment
are not an absolute deterrent to fraud.
 Cost should not exceed the benefits of control - in the absence of control or are too
costly, compensating controls should be in place (example: Supervisory review in place
of segregation of duties)

4. Internal Control is geared to the achievement of objectives (one or more separate but
overlapping categories)

Three Categories of Objectives

 Operations Objectives- pertains to the effectiveness and efficiency of the entity’s

operations including operational and financial performance goals, and safeguarding
assets against loss.
 Reporting Objectives- pertains to the reliability of reporting. Internal and external
financial and non-financial reporting and may encompass reliability, timeliness,
transparency, or other terms as set forth by regulators, standard setters, or the entity’s
policies.
 Compliance Objectives -pertains to adherence to laws and regulations to which the
entity is subject

Internal Control Components

1. The Control Environment

 includes the attitudes, awareness, and actions of management and those charged with
governance concerning the entity’s internal control and its importance in the entity.
 also includes the governance and management functions and sets the tone of an
organization, influencing the control consciousness of its people. It is the foundation for
effective internal control, providing discipline and structure.

Elements of the Control Environment

• Communication and enforcement of integrity and ethical values.

• Commitment to competence.
• Participation by those charged with governance.
• Management’s philosophy and operating style.
• Organizational structure.
• Assignment of authority and responsibility.
• Human resource policies and practices.

2. Entity’s Risk Assessment Process (procedure)

• the process or procedures for identifying and responding to business risks and the
results thereof.
 • For financial reporting purposes, the entity’s risk assessment process includes how
management:
o identifies risks relevant to the preparation of financial statements that are
presented fairly, in all material respects in accordance with the entity’s applicable
financial reporting framework,
o estimates their significance,
o assesses the likelihood of their occurrence, and
o decides upon actions to manage them.
• Risks can arise or change due to circumstances such as:
o Changes in the operating environment.-Changes in the regulatory or operating
environment can result in changes in competitive pressures and significantly
different risks.
o New personnel -New personnel may have a different focus on or understanding
of internal control.
o New or revamped information systems-Significant and rapid changes in
information systems can change the risk relating to internal control.
o Rapid growth -Significant and rapid expansion of operations can strain controls
and increase the risk of a breakdown in controls.
o New technology -Incorporating new technologies into production processes or
information systems may change the risk associated with internal control.
o New business models, products, or activities -Entering into business areas or
transactions with which an entity has little experience may introduce new risks
associated with internal control.
o Corporate restructurings -Restructurings may be accompanied by staff
reductions and changes in supervision and segregation of duties that may
change the risk associated with internal control.
o Expanded foreign operations -The expansion or acquisition of foreign operations
carries new and often unique risks that may affect internal control, for example,
additional or changed risks from foreign currency transactions.
 New accounting pronouncements -Adoption of new accounting principles
or changing accounting principles may affect risks in preparing financial
statements.

3. Information Systems

• consists of infrastructure (physical and hardware components), software, people,

procedures, and data. (Infrastructure and software will be absent, or have less
significance, in systems that are exclusively or primarily manual.)
• Financial Reporting System
o consists of the procedures and records established to initiate, record, process,
and report entity transactions (as well as events and conditions) and to maintain
accountability for the related assets, liabilities, and equity.
o Accordingly, an information system encompasses methods and records that:
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit
proper classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording
their proper monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit the
recording of transactions in the proper accounting period.
 Present properly the transactions and related disclosures in the financial
statements.
• Communication
o involves providing an understanding of individual roles and responsibilities
pertaining to internal control over financial reporting.
o It includes the extent to which personnel understands how their activities in the
financial reporting information system relating to the work of others and
o the means of reporting exceptions to an appropriate higher level within the entity.
o Open communication channels help ensure that exceptions are reported and
acted on.

4. Control Activities

• are the policies and procedures that help ensure that management directives are carried
out, for example, that necessary actions are taken to address risks that threaten the
achievement of the entity’s objectives. They can be manual or automated.
• Generally, control activities that may be relevant to an audit may be categorized as
policies and procedures that pertain to the following:
o Performance reviews (review of actual against budgets, forecast, prior period
performance)
o Information processing (checks for accuracy, completeness, and authorization
transactions)
o Physical controls (physical security or access controls to assets and records)
o Segregation of duties of personnel -assigning different people for every
responsibility
• Control devices can be:
o Quantitative (budgets, quotas, schedules, charts)
o Qualitative (job instructions, quality control standards, and employment criteria)

5. Monitoring of Controls by Management

• includes considering whether they are operating as intended and that they are modified
as appropriate for changes in conditions.
• Types of Monitoring
o ongoing monitoring - monitoring of day to day activities (normal operations)
o periodic monitoring - separate evaluation may be performed periodically by
internal or external auditors.
• Monitoring of controls may include activities such as:
o management’s review of whether bank reconciliations are being prepared on a
timely basis,
o internal auditors’ evaluation of sales personnel’s compliance with the entity’s
policies on terms of sales contracts, and
o a legal department’s oversight of compliance with the entity’s ethical or business
practice policies.
• Deficiencies in internal control should be reported, with the most serious matters
reported to the senior management and the board in writing(Management Letter)
Accounting and Internal Control Assessment

(1st) Understanding of Accounting and Internal Control Systems

In the audit of financial statements, the auditor is only concerned with:

 those policies and procedures within the accounting and internal control systems
that are relevant to the financial statement assertions.
 The understanding of relevant aspects of the accounting and internal control systems,
together with the inherent and control risk assessments and other considerations, will
enable the auditor to:

(a) identify the types of potential material misstatements that could occur in the financial
statements;
(b) consider factors that affect the risk of material misstatements, and
(c) design appropriate audit procedures.

 The nature, timing, and extent of the procedures performed by the auditor to obtain an
understanding of the accounting and internal control systems will vary with, among other
things:
• The size and complexity of the entity and of its computer system.
• Materiality considerations.
• The type of internal controls involved.
• The nature of the entity’s documentation of specific internal controls.
• The auditor’s assessment of inherent risk.
• Experience gained from prior audits.

 Procedures in Obtaining Understanding

1. Make inquiries of appropriate company personnel
2. Inspect documents and records
3. Observe the company’s activities and operations
4. Walk-through

 Documentation of Understanding
The auditor should document his understanding of internal control. The extent of
documentation is a matter of the CPA’s judgment and the form of documentation depends
upon his preference and skills.

1. Narrative descriptions
2. Internal control questionnaires (ICQ)
3. Flowcharts
4. Checklists
(2nd) Preliminary Assessment of Control Risk

 is the process of evaluating the effectiveness of an entity’s accounting and internal

control systems in preventing or detecting and correcting material misstatements.
o There will always be some control risk because of the inherent limitations of any
accounting and internal control system.
 o After obtaining an understanding of the accounting and internal control systems, the
auditor should make a preliminary assessment of control risk, at the assertion level, for
each material account balance or class of transactions.
o The auditor ordinarily assesses control risk at a high level for some or all assertions
when:
 (a) the entity’s accounting and internal control systems are not effective; or
 (b) evaluating the effectiveness of the entity’s accounting and internal control systems
would not be efficient.
o The preliminary assessment of control risk for a financial statement assertion should be
high unless the auditor:
(a) is able to identify internal controls relevant to the assertion which are likely to prevent
or detect and correct a material misstatement; and
(b) plans to perform tests of control to support the assessment.

(3rd) Test of Controls

 If appropriate, tests of control are performed to obtain audit evidence about the
effectiveness of the:
(a) design of the accounting and internal control systems, that is, whether they are suitably
designed to prevent or detect and correct material misstatements; and
(b) operation of the internal controls throughout the period.
 Procedures for Performing Tests of Controls

1. Inspection 
2. Inquiry
3. Observation
4. Reperformance
5. Walk-through
(4th) Reassessment of control risk

 Based on the results of the tests of control, the auditor should evaluate whether the
internal controls are designed and operating as contemplated in the preliminary
assessment of control risk.
o The evaluation of deviations may result in the auditor concluding that the assessed level
of control risk needs to be revised.
o In such cases, the auditor would modify the nature, timing, and extent of planned
substantive procedures.

(5th) Final Assessment of Control Risk

 Before the conclusion of the audit, based on the results of the substantive procedures
and other audit evidence obtained by the auditor, the auditor should consider whether
the assessment of control risk is confirmed.
 Communication of Weaknesses
As a result of obtaining an understanding of the accounting and internal control systems and
tests of control, the auditor may become aware of weaknesses in the systems.
o The auditor should make management aware, as soon as practical and at an
appropriate level of responsibility, of material weaknesses in the design or operation
 of the accounting and internal control systems, which have come to the auditor’s
attention.
o The communication to management of material weaknesses would ordinarily be in
writing.
o However, if the auditor judges that oral communication is appropriate, such
communication would be documented in the audit working papers.
o It is important to indicate in the communication that only weaknesses that have come
to the auditor’s attention as a result of the audit have been reported and that the
examination has not been designed to determine the adequacy of internal control for
management purposes.

PSA 310 - Knowledge of Business

In performing an audit of financial statements, the auditor should have or obtain a knowledge of
the business sufficient to enable the auditor to identify and understand the events, transactions,
and practices that, in the auditor’s judgment, may have a significant effect on the financial
statements or on the examination or audit report.
Required Level of Knowledge
The auditor’s level of knowledge for an engagement would include:
• a general knowledge of the economy and the industry within which the entity operates, and
• a more particular knowledge of how the entity operates.
The level of knowledge required by the auditor would, however, ordinarily be less than that
possessed by management.
Obtaining the Knowledge
Prior to accepting an engagement, the auditor would obtain:
• a preliminary knowledge of the industry and of the ownership,
• management and operations of the entity to be audited, and
• would consider whether a level of knowledge of the business adequate to perform the audit
can be obtained.
Following acceptance of the engagement,
Further and more detailed information would be obtained. To the extent practicable, the auditor
would obtain the required knowledge at the start of the engagement. As the audit progresses,
that information would be assessed and updated and more information would be obtained.
For continuing engagements, the auditor would:
• update and reevaluate information gathered previously, including information in the prior year’s
working papers.
• also perform procedures designed to identify significant changes that have taken place since
the last audit.
The auditor can obtain knowledge of the industry and the entity from a number of sources.
For example:
• Previous experience with the entity and its industry.
• Discussion with people with the entity (for example, directors and senior operating personnel).
• Discussion with internal audit personnel and review of internal audit reports.
• Discussion with other auditors and with legal and other advisors who have provided
services to the entity or within the industry.
• Discussion with knowledgeable people outside the entity (for example, industry economists,
industry regulators, customers, suppliers, competitors).
• Publications related to the industry (for example, government statistics, surveys, texts, trade
journals, reports prepared by banks and securities dealers, financial newspapers).
• Legislation and regulations that significantly affect the entity.
• Visits to the entity’s premises and plant facilities.
• Documents produced by the entity (for example, minutes of meetings, material sent to
shareholders or filed with regulatory authorities, promotional literature, prior years’ annual and
financial reports, budgets, internal management reports, interim financial reports, management
policy manual, manuals of accounting and internal control systems, chart of accounts, job
descriptions, marketing, and sales plans).
 
Using the Knowledge
Knowledge of the business is a frame of reference within which the auditor exercises
professional judgment. Understanding the business and using this information appropriately
assists the auditor in:
• Assessing risks and identifying problems.
• Planning and performing the audit effectively and efficiently.
• Evaluating audit evidence.
• Providing better service to the client.
 
The auditor makes judgments about many matters throughout the course of the
audit where knowledge of the business is important.
For example:
• Assessing inherent risk and control risk.
• Considering business risks and management’s response thereto.
• Developing the overall audit plan and the audit program.
• Determining a materiality level and assessing whether the materiality level chosen remains
appropriate.
• Assessing audit evidence to establish its appropriateness and the validity of the related
financial statement assertions.
• Evaluating accounting estimates and management representations.
• Identifying areas where special audit consideration and skills may be necessary.
• Identifying related parties and related party transactions.
• Recognizing conflicting information (for example, contradictory representations).
• Recognizing unusual circumstances (for example, fraud and noncompliance with laws and
regulations, unexpected relationships of statistical operating data with reported financial results).
• Making informed inquiries and assessing the reasonableness of answers.
• Considering the appropriateness of accounting policies and financial statement disclosures.
The auditor should ensure that assistants assigned to an audit engagement obtain sufficient
knowledge of the business to enable them to carry out the audit work delegated to them.
To make effective use of knowledge about the business, the auditor should consider how it
affects the financial statements taken as a whole and whether the assertions in the financial
statements are consistent with the auditor’s knowledge of the business.

What Is a Related-Party Transaction?

The term related-party transaction refers to a deal or arrangement made between two parties
who are joined by a preexisting business relationship or common interest. Companies often
seek business deals with parties with whom they are familiar or have a common interest.
Although related-party transactions are themselves legal, they may create conflicts of interest or
lead to other illegal situations. Public companies must disclose these transactions.

NOTES (1ST) MIDTERM

Completion of the auditor gathered sufficient evidence not satisfied we can do additional
procedures

In financial audit, 6 process in internal we have 4 process, all stages are included in financial
audit process

AUDIT LETTER INTERNAL AUDITORS NO CHOICE TO ACCEPT OR REJECT DEPENDS

ON MANAGEMENT OR DEPENDS BY CAE.

AUDIT ENGAGEMENT LETTER (7)

1st part of the audit engagement letter- Addressee or the client

2ND, OBJECTIVE AND THE SCOPE

3TH RES OF THE AUDITOR

4TH RESP OF MANAGEMENT- RESPONSIBLE OFR PRESENTATION AND FAIR

REPRESENTATION ACORDIANCE WITH PFRS AND INTERNAL CONTROL,

ACCESS TO ALL INFORMATION

5TH AND OTHER RELEVANT INFORMATION

6TH REPORTING

7TH SIGNATORY.ACK OF THE CLIENT

Complied with ethical engagement

OBJECTIVE OF THE AUDIT- ECXPRESS AN OPINION IN THE F/S

REPRESENTATION LETTER:

General approach in the f/s..

Management assertion

(2 types of assertion)

Expilicit- what we can see in the f/s

Implicit- all closures are based on GAAP , implicit assertion of the mngement.

Types of financial assertions (5)

All source docu should be recorded

Tito or ownership? Obligation or contract to support?

Confirm the obligation thru ext parties

Valuation- assets are properly valued.

TYPES OF AUDIT OPTIONS

Unqualified

Qualified

Adverse

ACCEPTING THE ENGAGEMENT

ACCEPTING/REJECTING AUDIT LETTER- Consider the ff- competence of the auditor

Engagemene should be have the auditor and client.

MAJOR SECTIONS

2ND CONFERENCE

MODULE 4- GATHERING AND EVALUATING AUDIT EVIDENCE

Audit Plan- risk take planning and

Audit Program-

CAE assess the whole audit universe, all auditable deptmnt. Prioritize which dept will be audited for that
yr based on the risk, low high risk.

Audit/accept the engagement based on the ddi considerantios

Internal audit- all is prioritize no choice but to do the audit.

- Risk management processes but in ext auditing we don not focuses on the risk
management process.
- Audit of the balances not on the operations.
External auditor- provide a opnion or conclusion on the f/s (Unadited financial statement bec it
send to reg bodies/internal users, creditors, investors and shareholers.

Follow up audit/compliance audit after the preliminary audit of the dptmnt.

Audit program- step by step guidance of the auditor has to do and do have a corresponding hr
in every procedure
Working paper refe- done by auditor, name or if they have explanations

4.1 Audit Procedures- steps that we need to achieve objectives

What do we mean by ascertain? Discover

When do we do the risk Assessment procedures? In Audit Planning
 Who is the Best Person to Interview in Internal Auditing?
Can you give me an example of any account that we can easily recalculate? DEPRECIATION
How can you validate inventory? What procedure? Physical Inventory
What are the types of Confirmation? Positive and Negative
What are the response that needs confirmation from the client? POSITIVE CONFIRMATION
NEEDS A REPLY!
Accounts that need to reprodecure?
What are your management asserions? EXISTENCE
Can reperform/. Physical inventory
Confirmation pag may mali.

Types
Substantive Testing-check for the accuracy/detect material misstatements
Test controls- compliance test, if ever the ext auditor will notice any of these, it shjpuld not
be included in the audit report but in a seoerate letter.

AUDIT procedures for gathering evidences

1. Interviews- inquiries in internal auditing,
2. Recalculation- depreciation (ex), amortization, inventory, allowance for doubtful
accounts
3. Inspection
4. Observation-
5. Confirmation- CONFIRMATION IS THE PARTNER FOR INSPECTION
6. REPERFORMANCE-

AGEA- What is the

first thing( column) in aging- CUSTOMER/CLIENT

next, AMOUNT OF RECEIVABLE

how many days are delay (1-60, 1-90 they are still on current)

Aging of accounts receivable