UNIT A

OVERVIEW OF AUDIT PROCESS

Outline
1. Overview of Auditing
 Auditing Defined
 Objective and General Principles of Auditing (PSA 200)
 Major Steps in the Systematic Process of FS Audit
o Phase I: Pre-engagement and Audit Planning Activities
o Phase II: Gathering and Evaluating Audit Evidence
(a) Interim Audit Phase
(b) Final Audit Phase
o Phase III: Issuing the Audit Report
 The Audit Process
 The Risk Based Audit Model

2. Audit Planning
 Purposes
 Audit Planning Considerations
o Knowledge of business
o Understanding the Internal Control System
o Assessment of Risk and Materiality
o Application of Analytical Procedures
o Coordination, Direction, Supervision, and Review
o Other Critical Matters in Engagement Planning

Objectives:

 At the end of the unit, the student should be able to:

 explain the nature, objectives and general principles
 describe and discuss the audit processes, including the risk based audit model;
 know and appreciate the purpose of audit planning and the different considerations
during audit planning

1
OVERVIEW OF AUDITING
Financial statements are ordinarily prepared and presented annually and are directed toward
the common information needs of a wide range of users (PSA 120, Par 3). Many of those users rely
on the financial statements as their major source of information because they do not have the power to
obtain additional information to meet their specific information needs. There is, however, a risk of
coming up with wrong decisions based on the information presented in the financial statements
prepared by management, with oversight from those charged with governance. Hence, there is a need
for more credible and reliable financial information which may be provided through independent
audit.

An audit is an examination of the financial reports of an organization - as presented in the

annual report - by someone independent of that organization. The financial reports may be a complete
set of financial statements which includes the statement of financial position, statement of
comprehensive income, income statement, statement of changes in equity, cash flow statement, and
notes comprising a summary of significant accounting policies and other explanatory notes. The
examination may also be focused on any of the financial statements, or a component part of the
statement of financial position or income statement.

The purpose of an audit is to form an opinion on whether the information presented in the
financial report, taken as a whole, reflects the financial position of the organization at a given date, for
example:

 Are details of what is owned and what the organization owes properly recorded in the
balance sheet?

 Are profits or losses properly assessed?

Definition and Objectives

Auditing is defined as a systematic process by which a competent, independent person

objectively obtains and evaluates evidence regarding assertions about economic actions and events to
ascertain the degree of correspondence between those assertions and established criteria and
communicating the results to interested users (Cabrera, 2010).

The objective of an audit of financial statements is to enable the auditor to express an opinion
whether the financial statements are prepared, in all material respects, in accordance with an identified
financial reporting framework (PSA 120, “Framework of Philippine Standards on Auditing”). The
phrase used to express the auditor's opinion is “present fairly, in all material respects.” A similar
objective applies to the audit of financial or other information prepared in accordance with
appropriate criteria.

According to PSA 200, the purpose of an audit is to enhance the degree of confidence of
intended users in the financial statements. This is achieved by the expression of an opinion by the
auditor on whether the financial statements are prepared, in all material respects, in accordance with
an applicable financial reporting framework.

Although the auditor’s opinion enhances the credibility of the financial statements, the user
cannot assume that the opinion is an assurance as to the future viability of the entity nor the efficiency
or effectiveness with which management has conducted the affairs of the entity. Neither is an audit a
guarantee that the financial reports are accurate and free from any error or misstatement.

In conducting an audit of financial statements, the overall objectives of the auditor are:

2
 (a) To obtain reasonable assurance about whether the financial statements as a whole are free
from material misstatement, whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are prepared, in all material
respects, in accordance with an applicable financial reporting framework; and

(b) To report on the financial statements, and communicate as required by the PSAs, in
accordance with the auditor’s findings.

As the basis for the auditor’s opinion, PSAs require the auditor to obtain reasonable assurance
about whether the financial statements as a whole are free from material misstatement, whether due to
fraud or error (PSA 200). To be able to provide reasonable assurance, the auditor should obtain
sufficient appropriate audit evidence to reduce audit risk (i.e., the risk that the auditor expresses an
inappropriate opinion when the financial statements are materially misstated) to an acceptably low
level. Reasonable assurance is a high level of assurance but is not an absolute assurance because of
the inherent limitations of an audit. Basically, most of the audit evidence on which the auditor draws
conclusions and bases the auditor’s opinion are persuasive rather than conclusive.

In all cases when reasonable assurance cannot be obtained and a qualified opinion in the
auditor’s report is insufficient in the circumstances for purposes of reporting to the intended users of
the financial statements, the PSAs require that the auditor disclaim an opinion or withdraw from the
engagement, where withdrawal is legally permitted.

It is emphasized that although the auditor’s opinion enhances the credibility of audited
financial statements, there is a clear delineation of responsibilities for the financial statements:

a. The auditor is responsible for expressing an opinion on whether the financial statements,
taken as a whole, are free of material misstatements in accordance with established
criteria;

b. Management and those charged with governance has the primary responsibility of
preparing and presenting the financial statements in accordance with applicable financial
reporting framework;

At all times, the auditor should comply with the “Code of Ethics for Professional Accountants
in the Philippines” promulgated by the Board of Accountancy and approved by the Philippine
Professional Regulation Commission.

In the conduct of audit, the auditor should observe the following ethical principles governing
the auditor’s professional responsibilities:

(a) Integrity;
(b) Objectivity;
(c) Professional competence and due care;
(d) Confidentiality; and
(e) Professional behavior

PSA 200 also requires that the audit should be conducted in accordance with Philippine
Standards on Auditing (PSAs). PSAs contain basic principles and essential procedures together with
related guidance in the form of explanatory and other material.

In addition, the auditor should plan and perform the audit with an attitude of professional
skepticism, recognizing that circumstances may exist which cause the financial statements to be
materially misstated. For example, the auditor would ordinarily expect to find evidence to support

3
management representations and not assume they are necessarily correct. Hence, additional
procedures may be performed to verify and or validate such representations.

To achieve the objectives of an audit, the auditor performs audit procedures deemed
necessary in the circumstances. These are referred to as “scope of an audit.” The procedures required
to conduct an audit in accordance with PSAs should be determined by the auditor having regard to the
requirements of PSAs,relevant professional bodies, legislation, regulations and, where appropriate, the
terms of the audit engagement and reporting requirements.

An audit in accordance with PSAs is designed to provide reasonable assurance that the
financial statements taken as a whole are free from material misstatement. Reasonable assurance is a
concept relating to the accumulation of the audit evidence necessary for the auditor to conclude that
there are nonmaterial misstatements in the financial statements taken as a whole.

The auditor’s ability to detect material misstatements is, however, affected by inherent
limitations in an audit resulting from factors such as:

• The use of testing.

• The inherent limitations of any accounting and internal control system (for example, the
possibility of collusion).

• The fact that most audit evidence is persuasive rather than conclusive.

Also, the work undertaken by the auditor to form an opinion is permeated by judgment, in
particular regarding:

(a) the gathering of audit evidence, for example, in deciding the nature, timing and extent of
audit procedures; and

(b) the drawing of conclusions based on the audit evidence gathered, for example, assessing
the reasonableness of the estimates made by management in preparing the financial
statements.

Fundamental Concepts in Conducting an Audit

The audit of financial statements requires a full understanding of three important basic
concepts (Evangelista and Racazan, 2008):

1. Audit Risk – this is a function of the risk of material misstatement of the financial
statements and the risk that the auditor may not be able to detect such misstatements. It
may range from zero (0.0) to one (1.0). A zero audit risk indicates complete certainty that
no material error or misstatement exists, which is not practicable due to inherent
limitations of an audit. In practice, audit risk is always greater than zero.

2. Materiality – this concept recognizes that certain matters are clearly more important than
others to most investors and other users of the financial statements. According to PSA
320, “Audit Materiality,” the auditor should assess materiality in both financial statement
level and in relation to individual account balance, class of transactions and disclosure.
Materiality is measured in both quantitative and qualitative terms.

3. Evidence – this refers to the information that the auditor gathers in the course of an audit
to be able to form an opinion on management’s assertions embodied in the financial
statements.

4
The Audit Process

The audit process consists of a sequence of activities, depending on the particular audit being
conducted. Basically, however, the process should include the following general steps (Cabrera,
2017):

1. Pre-engagement and Audit Planning Activities

2. Gathering and Evaluating Audit Evidence
3. Issuing the Audit Report and Post-Audit Responsibilities

The Philippine Institute of Certified Public Accountants (PICPA, 2012), on the other hand,
describes the audit process as being composed of seven phases, namely:

1. Pre-engagement procedures
2. Audit planning
3. Study and evaluation of internal controls
4. Substantive tests
5. Completing the audit engagement
6. Issuance of the audit report
7. Post- audit responsibilities

Pre-engagement and Audit Planning Activities

Before the acceptance of an engagement, whether new or recurring, the auditor should gather
and evaluate appropriate information as basis in deciding whether to accept the engagement or not.

In this phase, preliminary arrangements with the client are made. The agreement between the
auditor and the clients should be recorded in an audit engagement letter or other suitable form of
written agreement and shall include (PSA 210 Redrafted, par A22-25):

1. The objective and scope of the audit of the financial statements;

2. The responsibilities of the auditor;
3. The responsibilities of management;
4. Identification of the applicable financial reporting framework for the presentation of the
financial statements; and
5. Reference to the expected form and content of any reports to be issued by the auditor and
a statement that there may be circumstances in which a report may differ from its
expected form and content.

Gathering and Evaluating Audit Evidence

After the auditor has planned the audit the auditor needs to gather sufficient appropriate audit
evidence on which to base his/her audit opinion. The auditor gathers evidence by performing audit
procedures. These audit procedures consists of test of controls and substantive procedures.

Test of Controls

Test of controls are performed either to test the system, because the auditor wants to place
reliance on the controls (combined approach), or when substantive procedures on its own cannot
produce sufficient appropriate audit evidence (e.g. performing an inventory count provides evidence
on the existence of inventory).

5
 The auditor will only test key controls: key controls are controls which contribute to the
reliance the auditor can place on figures in the financial statements. The auditor is, therefore, not
interested in testing controls which only contribute to efficient operations or providing good service to
customers.

When testing controls, the auditor can perform manual tests and/or use computer-assisted
audit techniques (CAATs). These CAATs are referred to as ‘system’ CAATs. Should the auditor
decide to rely on the computer environment when testing internal controls, the auditor should test both
general and application controls.

Substantive Procedures

The auditor needs to perform substantive procedures to obtain sufficient and appropriate audit
evidence to express an audit opinion. The assertions, either per transaction, balance or disclosure,
together with the risks identified during the planning phase guide the auditor in developing
substantive procedures.

When performing substantive procedures, the auditor can perform either manual tests and/or
use computer-assisted audit techniques (CAATs). These CAATs are referred to as ‘data’ CAATs.
Data CAATs can be used to select samples, stratify information, analyze data, extract reports to
identify items that require further investigation and to recalculate totals and calculations.

Issuing the Audit Report and Post-Audit Responsibilities

Once the auditor has completed gathering evidence relating to the financial statement
assertions the audit enters the completion phase. First the sufficiency and appropriateness of the
evidence gathered is evaluated. The preliminary assessments of the risk of material misstatement (as
identified during the planning phase) are used to evaluate the sufficiency and appropriateness of the
evidence collected.

The auditor shall obtain sufficient appropriate evidence in order to reach and justify
conclusion on the fairness of the financial statements. Should the auditor determine that sufficient
appropriate evidence was not obtained; additional substantive procedures need to be performed. Once
the auditor discontent with the sufficiency and appropriateness of the evidence, the completion phase
can continue.

The next stage of this phase is to determine the final materiality figure and to evaluate all
misstatements identified. The auditor can either accept the planning materiality figure as the final
materiality figure or lower it. However, the auditor should never increase the planning materiality
figure during the completion phase. The auditor then aggregates the total identified misstatements and
determines if it causes the financial statements to be materially misstated (compare to the final
materiality figure).

The list of identified misstatements is discussed with the client, and the client is given the
opportunity to correct some or all of the identified misstatements should they wish to do so. If the
uncorrected misstatements are judged to be material, the auditor issues an opinion that explains that
the financial statements are materially misstated. If the uncorrected misstatements do not cause the
financial statements to be materially misstated, the auditor may issue a report with an unqualified
opinion.

During the completion phase the auditor also carries out an overall evaluation of the financial
statements. This uses analytical procedures as well as the knowledge of the entity obtained throughout
the previous phases of the audit. The auditor also needs to assess the appropriateness of preparing the
financial statements on a going-concern basis as well as identifying possible subsequent events which
have not been correctly disclosed in the financial statements.

6
After performing all these procedures, the auditor needs to make a conclusion and formulate an audit
opinion. The final phase in the audit process is to evaluate the results of the audit evidence and choose
the appropriate audit opinion to issue. The auditor’s report is the main product or output of the audit.
The auditor’s findings are communicated to the users of the financial statements through the
independent auditor’s report.

RISK BASED AUDIT PROCESS

The next exhibit depicts the risk-based audit approach roadmap.

Exhibit 2.7 The Risk-Based Audit Approach Roadmap

Phase 1----Risk Assessment Phase 2----Risk Response Phase 3----Conclusion

and Reporting
Preliminary Planning the Responding to Determining Completing the Audit
Engagement Audit Assessed the extent of and Considering Post-
Activities Risks Testing Audit Responsibilities

Determining Understanding Considering Considering Forming the Auditor’s

Materiality the Entity and Fraud, Error Work of Other Opinion and Report
its and NOCLAR Practitioners Contents
Environment
Understanding Indentifying Considering Performing and Reporting
the Entity and Assessing Considering Certain on Specialized Audit
Internal Control ROMM Effect of IT Specific Items Engagements

Professional Judgment and Professional Skepticism

Audit Evidence and Documentation

Audit Quality

In accordance with PSAs, the auditor shall perform a quality audit. In doing so, the auditor
shall conduct the audit with professional judgment and maintain professional skepticism throughout
the planning and performance of the audit and:

 Identify and assess the risk of material misstatements (ROMM), whether due to fraud or error,
based on an understanding of the entity, its environment and its internal control.
 Obtain sufficient appropriate audit evidence about whether material misstatements exist by
designing and implementing appropriate risks responses.
 Form an opinion on F/S based the audit evidence obtained.

Phase 1----Risk Assessment

In this phase, the auditor decides whether to accept an audit engagement. If the client is
acceptable, the auditor documents the terms of audit in an engagement letter.

To effectively and efficiently) perform an audit, the auditor plans the audit. This involves
obtaining understanding of the entity, its environment and its internal control that serves as a frame of

7
reference on (1) how the audit is conducted, (2) professional judgment and professional skepticism are
exercised, (3) materiality is determined, and (4) ROMM are assessed both at F/S and assertion levels.

Phase 2----Risk Response

The assessed ROMM serves as a basis for the auditor’s responses to obtain sufficient
appropriate audit evidence. The auditor’s two responses include overall responses to address risks
ROMM at F/S level and further audit procedures at assertion level.

Phase 3----Conclusion and Reporting

The auditor evaluates the results of the audit evidence obtained and:

a) Form an opinion on the F/S; and

b) Express clearly that opinion through a written report.

The following are the auditor’s opinion depending on the outcome engagement:

1. Unmodified (Unqualified or clean) opinion- The opinion expressed when the F/S are
prepared, in all material respects, in accordance with the AFRF.

2. Modified opinion- The three types are:

a. Qualified opinion- The auditor is satisfied that the F/S is presented fairly. Except for a
specific aspect of them.
b. Adverse opinion- The auditor does not believe the F/S is fairly presented.
c. Disclaimer of opinion- The auditor does not know if F/S is presented fairly.

The Risk Based Audit Model

The risk-based audit model is an audit approach that begins with the assessment of the types
and likelihood of misstatements in account balances and then adjusts he amount and type of audit
work to the likelihood of material misstatements occurring in account balances.

Account-based audit, on the other hand, is an approach wherein the auditor obtains an
understanding of control and assesses control risk for particular types of errors and frauds in specific
accounts and cycles.

Understanding the Audit Risk Model

Audit risk – is the risk that the auditor may give an unqualified opinion on materially
misstated financial statements. It is determined and managed by the auditor. The auditor always
wants to minimize that risk but should take into account the costs associated with gathering the
evidence to minimize the risk. It is intertwined with materiality and is influenced by engagement risk.

Engagement risk – deals with whether the auditor wants to be associated with a particular
client including loss of reputation, inability of the client to pay the auditor or financial loss because
management is not honest and inhibits the audit process.

8
 Business risk – is the risk that affects the operations and potential outcomes of organizational
activities.

Financial reporting risk – relates to the recording of transactions and the presentation of the
financial data in an organization’s financial statements.

The Audit Risk Model

The audit risk model has three components:

1) Inherent risk (IR) – is the susceptibility of a transaction or accounting adjustment to be

recorded in error, or for the transaction not to be recorded in the absence of internal
control.

2) Control risk (CR) – is the risk that the client’s internal control system will fail to prevent
or detect a misstatement.

3) Detection risk (DR) – is the risk that the audit procedures will fail to detect a material
misstatement.

Audit Risk (AR) = IR x CR x DR

Although audit risk is a sample, it is often expressed in quantitative terms such as:

 1% - this is equivalent to performing a statistical test using 99% confidence level. Audit
risk set at 1% implies that the auditor is willing to take 1% chance of issuing an
unqualified opinion on materially misstated financial statement

 5% - this implies that the auditor is willing to take a 5% chance of issuing an unqualified
opinion on materially misstated financial statement.

The following general observations are considered to have influenced the implementation of
the audit risk model:

 The better the company’s internal control, the lower the likelihood of material
misstatement.
 Unusual or complex transactions are more likely to be erroneously recorded than are
recurring or routine transactions.
 The amount and persuasiveness of audit evidence gathered should vary inversely with
audit risk, e.i., lower audit risk requires gathering more persuasive evidence

Factors to Consider in Implementing the Audit Risk Model

1. High risk activities

2. Existence of large non-routine transactions
3. Matters requiring judgment or management intervention
4. Potential for fraud

Inherent limitations of the Audit Risk Model

1. Inherent risk is difficult to formally assess.

9
 2. The model treats each risk component as separate and independent when in fact the
components are not independent
3. The model treats each risk component as separate and independent when in fact the
components are not independent.
4. Audit risk is judgmentally determined
5. Audit technology is not so fully developed that each component of the model can be
accurately assessed

AUDIT PLANNING

PSA 300 (Redrafted) “Planning an Audit of Financial Statements” defines planning an audit
as an activity that involves establishing the overall audit strategy for the engagement and developing
an audit plan. Adequate planning benefits the audit of financial statements in several ways, including
the following:

• Helping the auditor to devote appropriate attention to important areas of the audit.

• Helping the auditor identify and resolve potential problems on a timely basis.

• Helping the auditor properly organize and manage the audit engagement so that it is
performed in an effective and efficient manner.

• Assisting in the selection of engagement team members with appropriate levels of

capabilities and competence to respond to anticipated risks, and the proper assignment of
work to them.

• Facilitating the direction and supervision of engagement team members and the review of
their work.

• Assisting, where applicable, in coordination of work done by auditors of components and

experts.

At the audit planning stage, the auditor adopts a broad view of the client as a whole and the
industry in which it operates. An understanding of the client is gained in the early stages of each audit
and that knowledge drives the planning of the audit. It informs the choice of where to focus the most
attention throughout the audit. When forming an opinion on the fair presentation of the financial
statements, consideration is given to the evidence gathered during the performing stage of the audit,
placing that information within the context of the knowledge of the client gained from the planning
stage.
During the planning stage, an assessment is made of the risk that a material misstatement
(significant error or fraud) could occur in the client’s financial statements.

By understanding where the risks are most significant, an auditor can plan the audit to spend
more time where the risks are greatest. During the planning stage, an auditor will gain an
understanding of the client, the client’s internal controls, information technology (IT) environment,
corporate governance environment, and closing procedures. An auditor will identify any related
parties, factors that may affect the client’s going concern status, and significant accounts and classes
of transactions that will require close audit attention to gauge the risk of material misstatement.

10
Planning Activities

The auditor shall establish an overall audit strategy for the audit. The overall audit strategy
sets the scope, timing, and direction of the audit, and guides the development of the more detailed
audit plan.

1. The establishment of the overall audit strategy involves:

a. Determining the characteristics of the engagement that define its scope;

b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit
and the nature of the communications required;

c. Considering the important factors that will determine the focus of the engagement team’s
efforts;

d. Considering the results of preliminary engagement activities and, where applicable,

whether knowledge gained on other engagements performed by the engagement partner
for the entity is relevant; and

e. Ascertaining the nature, timing and extent of resources necessary to perform the
engagement.

2. The auditor shall develop an audit plan that shall include a description of:

a. The nature, timing and extent of planned risk assessment procedures, as determined under
PSA 315.

b. The nature, timing and extent of planned further audit procedures at the assertion level, as
determined under PSA 330.

c. Other planned audit procedures that are required to be carried out so that the engagement
complies with PSAs.

Knowledge of Business

In order to plan the audit properly, the audit team starts by obtaining (for a new engagement)
or updating (for a reoccurring engagement) the understanding of the entity and its environment. The
auditor should obtain this understanding to enable the auditor to identify business risks that may result
in material misstatements. The auditor evaluates the client’s response to these business risks and
decides whether the responses have been adequately implemented.

The auditor’s understanding of the entity and its environment should include information
about each of the following categories:

 Industry, regulatory, and other external factors, including the applicable financial reporting
framework.
 Nature of the entity.
 Selection and application of accounting policies.
 Objectives, strategies and related business risks.
 Measurement and review of financial performance.
 Entity’s internal control

11
 The above list indicates what the auditor should obtain knowledge of.

Understanding the Internal Control System

Internal control is the process designed, implemented and maintained by those charged with
governance, management and other personnel to provide reasonable assurance about the achievement
of an entity’s objectives with regard to:

 Reliability of financial reporting;

 Effectiveness and efficiency of operations; and
 Compliance with applicable laws and regulations

When obtaining an understanding of controls that are relevant to the audit, the auditor
shall:

 Evaluate the design of those controls; and

 Determine whether they have been implemented by performing procedures in
addition to inquiry of the entity’s personnel.

The Internal Control System is made up of the following components:

1. Control Environment

The control environment includes the governance and management functions and the
attitudes, awareness, and actions of those charged with governance and management concerning
the entity’s internal control and its importance in the entity.

Elements of control environment:

a. Communication and enforcement of integrity and ethical values.
b. Commitment to competence.
c. Participation by those charged with governance.
d. Management’s philosophy and operating style.
e. Organizational structure.
f. Assignment of authority and responsibility.
g. Human resource policies and practices.

The auditor shall obtain an understanding of the control environment. As part of

obtaining this understanding, the auditor shall evaluate whether:

a. Management, with the oversight of those charged with governance, has created and
maintained a culture of honesty and ethical behavior; and

b. The strengths in the control environment elements collectively provide an appropriate

foundation for the other components of internal control, and whether those other components
are not undermined by deficiencies in the control environment.

2. The Entity’s Risk Assessment Process

The auditor shall obtain an understanding of whether the entity has a process for:

a. Identifying business risks relevant to financial reporting objectives;

b. Estimating the significance of the risks;
c. Assessing the likelihood of their occurrence; and
d. Deciding about actions to address those risks.

12
3. The information system, including the related business processes, relevant to financial
reporting, and communication

The auditor shall obtain an understanding of the information system, including the related
business processes, relevant to financial reporting, including the following areas:

 The classes of transactions in the entity’s operations that are significant to the financial
statements.

 The procedures, within both IT and manual systems, by which those transactions are initiated,
recorded, processed, corrected as necessary, transferred to the general ledger and reported in
the financial statements.

 The related accounting records, whether electronic or manual, supporting information, and
specific accounts in the financial statements that are used to initiate, record, process and
report transactions; this includes the correction of incorrect information and how information
is transferred to the general ledger.

 How the information system captures events and conditions, other than transactions, that are
significant to the financial statements.
 The financial reporting process used to prepare the entity’s financial statements, including
significant accounting estimates and disclosures.

 Controls surrounding journal entries, including non-standard journal entries used to record
non-recurring, unusual transactions or adjustments.

The auditor shall obtain an understanding of how the entity communicates financial
reporting roles and responsibilities and significant matters relating to financial reporting,
including:

 Communications between management and those charged with governance; and

 External communications, such as those with regulatory authorities.

4. Control activities relevant to the audit

Control activities are the policies and procedures to help ensure that management
directives are carried out. Example of control activities include those relating to the following:

 Authorization
 Performance reviews
 Information Processing
 Physical controls
 Segregation of duties

The auditor shall obtain a sufficient understanding of control activities to:

 Assess the risks of material misstatement at the assertion level; and

 Design further audit procedures responsive to assessed risks.

13
5. Monitoring of controls

Monitoring of controls involves assessing the design and operation of controls on a

timely basis and taking the necessary corrective actions modified for changes in conditions.

The auditor shall obtain an understanding of the major activities that the entity uses to
monitor internal control over financial reporting, including those related to those control activities
relevant to the audit, and how the entity initiates remedial actions to deficiencies in its controls.

If the entity has an internal audit function, the auditor shall obtain an understanding of the
following in order to determine whether the internal audit function is likely to be relevant to the
audit:

a. The nature of the internal audit function’s responsibilities and how the internal audit
function fits in the entity’s organizational structure; and

b. The activities performed, or to be performed, by the internal audit function.

The auditor shall obtain an understanding of the sources of the information used in the
entity’s monitoring activities, and the basis upon which management considers the information to
be sufficiently reliable for the purpose.

Assessment of Risk and Materiality

PSA 315 states that the objective of the auditor in identifying the risks of material
misstatements is to identify and assess the risks of material misstatement, whether due to fraud or
error, at the financial statement and assertion levels for classes of transactions, account balances and
disclosures. This is done through understanding the entity and its environment, including its internal
control, thereby providing a basis for designing and implementing responses to the assessed risks of
material misstatement. The auditor should:

a. Identify risks throughout the process of obtaining an understanding of the entity and its
environment, including relevant controls that relate to the risks, and by considering the
classes of transactions, account balances, and disclosures in the financial statements.

b. Assess the identified risks, and evaluate whether they relate more pervasively to the
financial statements as a whole and potentially affect many assertions.

c. Relate the identified risks to what can go wrong at the assertion level, taking account of
relevant controls that the auditor intends to test.

d. Consider the likelihood of misstatement, including the possibility of multiple

misstatements, and whether the potential misstatement is of a magnitude that could result
in a material misstatement.

Risk assessment procedures by themselves do not provide sufficient appropriate audit

evidence on which to base the audit opinion.

1. The risk assessment procedures shall include the following:

a. Inquiries of management and others within the entity;
b. Analytical procedures; and
c. Observation and inspection

14
 2. The auditor’s understanding of the entity and its environment consists of an understanding of
the following aspects:

a. Industry, regulatory, and other external factors, including the applicable financial
reporting framework.

b. Nature of the entity, including the entity’s selection and application of accounting
policies.

c. Objectives and strategies and the related business risks that may result in a material
misstatement of the financial statements.

d. Measurement and review of the entity’s financial performance.

e. Internal control.

Application of Analytical Procedures

Analytical procedures are an important part of the audit process and consist of evaluations of
financial information made by a study of plausible relationships among both financial and
nonfinancial data. Analytical procedures range from simple comparisons to the use of complex
models involving many relationships and elements of data. A basic premise underlying the application
of analytical procedures is that plausible relationships among data may reasonably be expected to
exist and continue in the absence of known conditions to the contrary. Particular conditions that can
cause variations in these relationships include, for example, specific unusual transactions or events,
accounting
changes, business changes, random fluctuations, or misstatements.

Understanding financial relationships is essential in planning and

evaluating the results of analytical procedures, and generally requires knowledge of the client and the
industry or industries in which the client operates. An understanding of the purposes of analytical
procedures and the limitations of those procedures is also important. Accordingly, the identification of
the relationships and types of data used, as well as conclusions reached when recorded amounts are
compared to expectations, requires judgment by the auditor.

Analytical procedures are used for the following purposes:

a. To assist the auditor in planning the nature, timing, and extent of other auditing
procedures
b. As a substantive test to obtain audit evidence about particular assertions related to
account balances or classes of transactions
c. As an overall review of the financial information in the final review stage of the audit

Analytical procedures should be applied to some extent for the purposes referred to in (a) and
(c) above for all audits of financial statements made in accordance with generally accepted auditing
standards. In addition, in some cases, analytical procedures can be more effective or efficient than
tests of details for achieving particular substantive testing objectives.

Analytical procedures involve comparisons of recorded amounts, or

Ratios developed from recorded amounts, to expectations developed by the auditor. The auditor
develops such expectations by identifying and using plausible relationships that are reasonably
expected to exist based on the auditor's understanding of the client and of the industry in which the
client operates. Following are examples of sources of information for developing expectations:

15
 a. Financial information for comparable prior period(s) giving consideration to known
changes

b. Anticipated results—for example, budgets, or forecasts including extrapolations from

interim or annual data.

c. Relationships among elements of financial information within the period

d. Information regarding the industry in which the client operates, for example, gross
margin information

e. Relationships of financial information with relevant nonfinancial information

Coordination, Direction, Supervision and Review

The auditor shall plan the nature, timing and extent of direction and supervision of
engagement team members and review their work.

The nature, timing and extent of the direction and supervision of engagement team members
and review of their work vary depending on many factors, including:
 The size and complexity of the entity;
 The area of the audit;
 The risks of material misstatement; and
 The capabilities and competence of the individual team members performing the
audit work.

The auditor plans the nature, timing and extent of direction and supervision of engagement
team members based on the assessed risk of material misstatement.

Other Critical Matters in Engagement Planning

Changes to Planning Decisions during the Course of the Audit

The overall audit strategy and the audit plan shall be updated and changed as necessary during
the course of the audit.

Documentation

The auditor shall document the overall audit strategy and the audit plan, including any
significant changes made during the audit engagement.

Additional Considerations in Initial Audit Engagements

The auditor shall perform the following activities prior to starting an initial audit:

1. Perform procedures regarding the acceptance of the client relationship and the specific
audit engagement.

2. Communicate with the previous auditor, where there has been a change of auditors, in
compliance with relevant ethical requirements.

16
 END OF UNIT REVIEW QUESTIONS

A-1 A Review Questions:

EdBern, an audit partner of Manlangit, Bernal and Sarmiento, CPAs was asked to speak at a dinner
meeting of the local Small Business Association. The president of the association has suggested that
she should talk about the various phases of the audit process. EdBern has asked you, her trusted
assistant, to prepare an outline for her speech. She suggests that you answer the following:

a. List and describe the various phases of an audit.

b. Describe how audit procedures designed for one purpose might provide evidence for other
purposes. Give an example.

c. One of the steps involves understanding an entity’s internal control. Why might the members
of the association be particularly interested in the work conducted by auditors in this phase of
the audit?

A-1B Review Questions:

1. Discuss the financial statement audit process, briefly describing the major steps that should be
undertaken to complete the process.

2. In planning the audit, the auditor is required, under PSA 500, to establish an overall audit
strategy and develop an audit plan. What is an audit strategy and what does it include, as
opposed to an audit plan?

3. You are a CPA in a regional public accounting firm that has 10 offices in three cities. Mr.
Shine has approached you with a request for an audit. He is president of Hitech Software and
Games, Inc., a five-year-old company that has recently grown to P500 million in sales and
P200 million in total assets. Mr. Shine is thinking of going public with a P25 million issue of
common stock, of whichP10 million would be a secondary issue of shares he holds. You are
very happy about this opportunity because you know Mr. Shine is the new president of the
Symphony Society board and he has made quite a civic impression since he came to your
medium-size city seven years ago. Hitech is one of the growing employers in the city.

a. Discuss the sources of information and the types of inquiries that you and the
firm’s partners may make in connection with accepting Hitech as a new client.
b. Do professional audit standards require any investigation of prospective clients?
c. Suppose Mr. Shine also has told you that 10 years ago his closely held hamburger
franchise business went bankrupt, and, on investigation, you learn from its former
auditors (your own firm in another city) that Shine played “fast and loose” with
franchise fee income recognition rules and presented such difficulties that your
firm resigned from the audit (before the bankruptcy). Do you think the partner in
charge of the audit practice should accept Hitech as a new client?

17
18