CHAPTER 8

OVERVIEW OF RISK-BASED AUDIT PROCESS

INTRODUCTION

Risk-Based Audit Approach Defined

Risk-based audit approach is an audit approach that begins with an assessment of the types
and likelihood of misstatements in account balance and then adjusts the amount and type of
audit work, to the likelihood of material misstatements occurring in account balances

Given the rapidly changing environment in which today's businesses operate, management,
internal auditors and external auditors must focus on the risks to the entity's operations and
ensure controls are in place to eliminate, mitigate, or compensate for those risks

Many public accounting firms find themselves using a risk-based auditing approach that
employs a top-down evaluation of the client's risk that goes beyond the financial statements. For
instance, audit teams now devote a significant amount of their engagement planning to their
clients’ business risks (ie, the risks that the client will fail to achieve its objectives). Firms
adopting this approach believe they must learn more about their clients’ strategies and
processes to understand whether the financial statements are fairly presented

Under this approach, the auditor performs the following

1. Identification of the client's strategy and the processes for developing that strategy

2. Examination of the core business process and resource management.

3. Identification for each of the key processes (as well as sub-processes) the objectives, inputs,
activities, outputs, systems and transactions

4. Assessment of the risks that the processes will not meet the goals and controls related to
those risks.

FACTORS TO CONSIDER IN IMPLEMENTING THE AUDIT RISK MODEL

The following general observations on audit implementation of the audit risk model:

1. High-risk activities

This includes operations or events where material misstatement could easily occur. For
example, an inventory of high-value diamonds or gold bars held by a jeweler, or a new complex
accounting system being introduced

2. Existence of large non routine transactions

Identified significant related party transactions outside the entity's normal course of business are
to be treated as giving rise to significant risks. This includes infrequent and large transaction.

For example:
  Unusual volume of routine transactions with a related party
 A major sales or supply contract The purchase or sale of major business assets or
business segments, and
 Sale of the business to a third party

Routine non-complex transactions that are subject to systematic processing are less likely to
give rise to significant risks

3. Matters requiring judgment ar management intervention

Examples would include:

 The assumptions and calculations used by management in developing major estimates,

Complex calculations or accounting principles,
 Revenue recognition (presumed to be a significant risk) that is subject to differing
interpretation;
 Where management intervention is required to specify the accounting treatment to be
used

4. Potential for free

The risk of not detecting a material misstatement resulting from fraud (which is intentional and
deliberately concealed) is higher than the risk of not detecting one resulting from error.

In evaluating whether significant risk could result from the identified fraud risk factors and the
possible scenarios and schemes identified in team discussions, consider the following:

 Skillfulness of the potential perpetrator;

 Relative size of individual amount manipulated:
 Level of authority of agreement for employee to:
- directly or indirectly manipulate accounting records, and
- override control procedures,
 significant fraud risks may be identified at any stage in the audit as a result of new
information being obtained.

LIMITATION OF THE AUDIT RISK MODEL

Audit risk is a concept that drives the author's thinking about planning the audit and then
executing an audit. The illustrations are designed to provide guidance, but should not be applied
rotely to any audit client

CPA firms in determining their approach to implementing the audit risk model should consider
the following limitations:

a) Inherent risk is difficult to formally assess. Some transactions because of their complexity are
more susceptible to error but it is quite difficult to asses that level of risk independent of the
client's accounting system.
b) The model treats each risk component as separate and independent when in fact the
components are not independent. It is also quite difficult to separate a client's material controls
and inherent risk.

c) Audit risk is judgmentally determined.

d) Audit technology is not fully developed that each component of the model can be accurately
seed Auditing is based on testing and precise estimates of the model's components are not
possible. Auditors can however, make subjective assessments and use the audit risk model as
guide.

RISK-BASED AUDIT VS. ACCOUNT-BASED AUDIT

In account-based auditing. auditors first obtain an understanding of control and As control risk for
particular types of error and frauds in specific accounts and cycle.

In risk-based audit, the audit team views all activities in the organization first in erms of risks to
strategies and objectives and then in terms of management's es and processes to mitigate the risk The
auditor obtain an understanding of Client's objectives. Then risks are identified and the auditors
determine how management plans to mitigate the risk and whether those plans are in place and
operating effectively,

THE RISK - BASED AUDIT PROCESS

Although specific audit procedures vary from one engagement to the next, the following stages are
involved in every engagement:

Phase I. Risk Assessment

This phase involves the following activities:

a Performance of preliminary engagement activities to decide whether to accept / continue an

audit engagement.

b. Planning the audit to develop an overall audit strategy and audit plan.

c. Performance of risk assessment procedures to identify / assess risk of material misstatement

through understanding the entity

Phase II. I Risk Response

This phase covers the following activities:

a. Designing overall responses and further audit procedures to develop appropriate responses to
the assessed risk of material misstatement. b. Implementing responses to assessed risk of material
misstatement to reduce audit risk to an acceptably low level.

Phase III. Reporting

This phase involves the following activities:

a. Evaluating the audit evidence obtained to determine what additional audit work (if any) is
required.

b. Forming an opinion based on audit findings and preparing the auditor's report.

The audit approach discussed in this book has been divided into three phases: This is illustrated in Figure
8-2. For each of the Audit phases the diagram outlines the major activities, their purpose and the
resulting documentation

The audit process is primarily an evidence-gathering process. As we discussed previously, the audit
process can be viewed as having three phases:

1. Risk assessment

2. Risk response

3. Reporting

Although in theory the audit process can be divided into the three distinct phases, the actual
performance of the engagement may not occur in that particular order Issuing a report is, of course,
always the final phase, but the other two phases are more fluid. During the engagement, the auditor
may obtain information that necessitates modifying the audit program or accumulating additional
evidence. Or the auditor may proceed to gather evidence and then go back to planning. For example,
auditors often finalize the audit program after performing the tests of controls. However, the structure
assists in understanding the audit process.
 The auditor's standard report states, "We conducted our audits in accordance with Philippine
Standards on Auditing. Those standards require that we comply with the ethical requirements and plan
and perform the audit to obtain reasonable assurance about whether the financial statements are free
of material misstatements.

The phrase reasonable assurance is intended to inform the users that auditors do not guarantee
or insure the fair presentation of the financial statements. This phrase communicates that there is some
risk that the financial statements are not fairly stated even when the opinion of the auditor is
unqualified.

The phrase free of material misstatement is intended to inform the users that the auditor's
responsibility is limited to material financial information. Materiality is important because it is
impractical for auditors to provide assurance on immaterial amounts. Thus, materiality and risk are
fundamental concepts that are important to planning the audit and designing the audit approach.

RELEVANT PHILIPPINE STANDARDS ON AUDITING (PSAS) TO BE USED IN THE RISK-BASED AUDIT PROCESS

GUIDANCE ON FUNDAMENTAL CONCEPTS

TOPIC

General Principles --

PSA 200, Overall Objectives of the Independent Auditor and the Conduct of an Audt in
Accordance with International Standards

Quality Control

PSA 200. Quality Control for an audit of Financial Statements

Management Assertions

PSA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding
the Entity and its Environment (Newly Revised Standard effective for audits of financial statements for
periods ending on or after December 15 2013)

Audit Evidence

PSA 500, Audit Evidence

Audit Documentation
 PSA 230, Audi Documentation

PHASE I- RISK ASSESSMENT INCLUDING MAKING CLIENT ACCEPTANCE AND CONTINUANCE DECISIONS

Client Acceptance and Continuance

PSA 210, Agreeing the Terms of Audit Engagements

Considering Fraud

PSA 240, The Auditor's Responsibilities Relating to Fraud in an Audit of Financial Statements

Consideration of Laws and Regulations in Planning the Audit

PSA 250, Consideration of Laws and Regulations in an Audit of Financial Statements

Planning an Audit

PSA 300, Planning an Audit of Financial Statements

Assessing Risk of Material Misstatements

PSA 315, Identifying and Assessing the Risks of Material Misstatement through Understanding
the Entity and its Environment (Newly Revised Standard effective for audits of financial statements for
periods ending on or after December 15, 2013)

PSA 320, Materiality in Planning and Performing an Audit

Planning Audit Procedures

PSA 330, The Author's Responses to Assessed Risks

Understanding Related Parties

PSA 550, Related Parties

Communicating with those Charged with Governance about the Audit Plan

PSA 260, Communication with Those Charged with Governance

PHASE II – RISK RESPONSE

Testing controls for the financial statement audit PSA 330, The auditor’s responses to assessed
risks

Audit sampling for tests of controls PSA 530, Audit sampling

Testing controls in an integrated audit

Obtaining evidence about compliances with laws PSA 250, consideration of laws and regulations in
and regulations an audit of financial statements.

Substantive audit procedures PSA 330, the auditor’s responses to assessed risks

PSA 500, audit evidence

Audit evidence regarding the PSA 501, Audit evidence specific considerations
for selected items
a. valuation of investments in securities and
derivative instruments;

b. existence and condition of inventory;

c. completeness of litigation, claims, and

assessments involving the entity;

and

d. presentation and disclosure of segment

information, in accordance with the applicable
financial reporting framework.

External confirmations PSA 505, External confirmations

Audit sampling for substantive tests PSA 530, Audit sampling

Obtaining evidence about related parties PSA 550, related parties

Auditing accounting estimates PSA 540, Auditing accounting estimates, including

fair value accounting estimates, and relate
disclosures.

Analytical procedures as a substantive test PSA 520, analytical procedures

Using an auditor’s specialist/expert PSA 620, Using the work of an auditor’s expert

PHASE III - REPORTING

Evaluating the implications of noncompliance PSA 250, consideration of laws and regulation in
with laws and regulations an audit of financial statements

Evaluating financial statement misstatements PSA 450, evaluation of misstatements identified

during the audit

Subsequent events PSA 560, Subsequent events

Disclosures about related parties PSA 550, related parties

Going concern PSA 570, going concern

Management representations PSA 580, Written representations

Omitted procedures

Communicating with those charged with PSA 260, communication with those charged with
governance governance

supervision

Engagement quality review

Audit opinions PSA 700, forming an opinion and reporting on

financial statements

Audit opinions modifications PSA 705, Modifications to the opinion in the

independent auditor’s report

Matter paragraphs in the audit report PSA 706, emphasis of matter paragraphs and
other matter paragraphs in the independent
auditor’s report

Special considerations PSA 800, Special considerations – audits of

financial statements prepared in accordance with
special purpose frameworks

PSA 805, special considerations – audits of single

financial statements and specific elements,
accounts or items of a financial statement.

Overview of Risk-Based Audio Process UNDERSTANDING THE AUDIT RISK MODEL

Nature of Risk

Risk is a concept used to express uncertainty about events and/or their outcomes that could have a
material effect on the organization.

The four critical components of risk that are relevant to conducting the audit are:

1. Audit Risk. The risk that an auditor may give an unqualified opinion on financial statements that are
materially misstated.
2. Engagement Risk. The economic risk that a CPA Firm is exposed to simply because it is associated with
a particular client including loss of reputation, inability of the client to pay the auditor, or financial loss
because management is not honest and inhibits the audit process. Engagement risk is controlled by
careful selection and retention of client.

3. Financial Reporting Risk. Those risks that relate directly to the recording of transactions and the
presentation of financial data in an organization's financial statements.

4. Business Risk. Those risks that affect the operations and potential outcomes of organizational
activities.

Audit risk is defined as the risk that the auditor fails to find material misstatements in the client's
financial statements and thereby inappropriately issues an unqualified opinion on the financial
statements. The auditor can control audit risk in two different ways:

1. Avoid audit risk by not accepting certain companies as client, i.e. reduce engagement risk to zero.

2. Set audit risk at a level chat the auditor believes will mitigate the likelihood that the auditor will fail to
identify material misstatements.

In controlling audit risk, the auditor must recognize that it is not possible to ever completely eliminate
audit risk, but it can be reduced by doing more work. However doing more work raises audit fees, which
may create tension with the client and its management.

At the broadest level, business risk and financial reporting risk originate with the audit client and its
environment, and these risks then affect the auditor's engagement risk and audit risk. The effectiveness
of risk management processes will determine whether a company or audit firm continues to exist.

A number of factors affect a client's business risk. For example, the overall economic climate - favorable
or unfavorable can have a tremendous effect on the organization's ability to operate effectively.
Economies downturn technological change, competitor actions, new product lines also affect business
risk

Financial reporting risk could arise from issues such as asset impairments mark-to-market accounting.
warranties, pensions, estimates as well as competence and integrity of management and its incentives
to misstate the financial statements

Business risk and financial reporting risk may affect each other. For instance, management facing strong
competition and weak financial results may be motivated to circumvent a weak internal control system
or to take advantage of complex financial instruments to achieve desired financial reporting results that
do not necessarily portray economic reality. Audit firms have discovered that being associated with
companies with poor integrity creates risk that can destroy the audit firm or significantly increase the
cost of conducting the audit.
Figure 9-3 illustrates the relationship among these risks.

Figure 9-3: Relationship Among Risks

AUDIT RISK

ENGAGEMENT RISK

BUSINESS RISK

FINANCIAL REPORTING RISK

FACTORS AFFECTING BUSINESS RISK

 Economic climate
 Technological change
 Competition
 Business Volatility
 Geographic Location

FACTORS AFFECTING FINANCIAL REPORTING RISK

• Competence and integrity of management

• Incentive to management to misstated financial statements

• Complexity of transactions

• Internal control

Integration of Concepts of Materiality and Risk in a Risk-Based Audit following considerations are
important in integrating the concepts of reality and risk in the conduct of a risk-based audit:

1. Risky areas of a business must be identified by the auditors to determine which account balances are
more prone to material misstatements, how the misstatements might occur and how a client might be
able to cover them up.
2. Auditors need to develop approaches and methodologies to allocate overall assessments of
materiality to individual account balances because some account balances may be more important to
users.

3. Audits involve testing or sampling and thus cannot provide absolute (100%) assurance that the
financial statements are free of material misstatements without inordinately driving up the cost of
audits.

4. Not all clients are worth accepting. Since audits rely on testing and to some extent on the integrity of
management, there are some clients that an audit firm should not accept because the engagement risk
is too high.

5. Competition for clients among audit firms is high. Clients choose auditors based on a number of
factors including fees, service, industry knowledge, personal rapport and ability to assist the client.

6. Auditors should understand society's expectations of financial reporting to reduce audit risk to an
acceptably low level and therefore minimize lawsuits that the users may possibly bring forth.

Although audit risk is a concept, it is often illustrated using quantitative examples. For instance, the
relationship between engagement risk and audit risk may be presented as follows:

Audit Risk

Engagement Risk

High - Do not accept client

Moderate Set very low (1%)

Low - Set within professional standards but can be higher than companies with higher engagement risk
(5%)

 Setting audit risk at 1% is equivalent to performing a statistical test using 99% confidence level.
Audit risk set at 1% implies that the auditor is willing to take a 1% chance of issuing an
unqualified opinion on materially misstated financial statements.
 Audit risk set at 5% implies that the auditor is willing to take a 5% chance of issuing an
unqualified opinion on materially misstated financial statements.
 High levels of audit risk are appropriate for client with lower levels of engagement risk.

Based on the assessment of engagement risk, the auditor sets the desired audit risk. Audit risk
oftentimes illustrated using numeric or quantitative examples. In fact, many audit firms use the
measures associated with statistical sampling to set audit risk, e.g., setting audit risk at a 1% level for
high-risk clients and 5% for lower-risk clients. Other auditing firms use a broader description of audit risk
as high, moderate or low and adjust the nature of their audit procedures accordingly.
1. Which of the following is included as part of the principles governing an audit?

All of the above are included as part of the principles governing an audit

2. Which of the following statements is true about the audit opinion formulation process?

The audit opinion formulation process is based on the premise that management has responsibility to
prepare the financial statements and maintain internal control over financial reporting

3. Which of the following activities is not part of the activities within the audit opinion formulation
process?

The auditor determines the appropriate nonaudit consulting services to provide to the client.

4. Which of the following is not one of the management assertions?

They are all management assertions

5. Which management assertion addresses whether the components of the financial statements are
properly classified, described, and disclosed?

Presentation and disclosure

6. Which of the following is a true statement regarding audit evidence and audit procedures

The auditor has a responsibility to design and perform audit procedures to obtain sufficient appropriate
audit evidence.

7. Which of the following items should be included in audit documentation?

All of the above should be included

8. Which of the following statements is a false statement regarding audit documentation?

The only purpose of audit documentation is to provide evidence that the audit was planned and
performed in accordance with auditing standards.

9. Which of the following procedures is least likely to be performed during the final phase of the audit
opinion formulation process?

Performance of preliminary analytical review procedures.

10. Which of the following factors does not create a demand for external audit services?

Requirement of PICPA

11. Which of the following expectations can users of the audit report reasonably expect with regards to
the audited financial statements?

The financial statements are presented fairly according to the substance of PFRS.
12. Which of the following parties are involved in preparing and auditing financial statements?

ALL OF THE ABOVE Management, Audit committee, Internal audit function, External auditor

13. Which of the following are the responsibilities of the external auditor in auditing financial
statements?

None of the above.

14. In terms of technical knowledge and expertise, which of the following should external auditors do?

All of the above

 CHAPTER 9

RISK ASSESSMENT - PART I

PHASE I-A
PERFORMANCE OF PRELIMINARY ENGAGEMENT ACTIVITIES

Introduction

At the beginning of the current audit engagement, the auditor should perform the following
activities:

a. Perform procedures required by PSA 220, "Quality Control of an Audit of Financial

Statements regarding the continuance of the client relationship and the specific audit
engagement.

b. Evaluate compliance with ethical requirements, including independence as required by

PSA 220.

c. Establish an understanding of the terms of engagement as required by PSA 210.

"Agreeing the Terms of Audit Engagements."

Client Selection and Retention

The auditor's consideration of client continuance and ethical requirements, including

independence, occurs throughout the performance of the audit engagement as conditions and
changes in circumstances occur. However, the auditor's initial procedures on both client
continuance and evaluation of ethical requirements (including independence) are performed
prior to performing other significant activities for the current audit engagement. For continuing
audit engagements, such initial procedures often occur shortly after (or in connection with) the
completion of the previous audit.

The purpose of performing these preliminary engagement activities is to help ensure that the
auditor has considered any events or circumstances that may adversely affect the auditor's
ability to plan and perform the audit engagement to reduce audit risk to an acceptably low level.

Performing these preliminary engagement activities helps to ensure that the auditor plans an
audit engagement for which:

 The auditor maintains the necessary independence and ability to perform the
engagement
  There are no issues with management integrity that may affect the auditor's willingness
to continue the engagement.

 There is no misunderstanding with the client as to the terms of the engagement.

Most CPA firms are desirous and anxious to obtain new clients. Some new engagements are
easily obtained through business transactions such as the acquisition of a company by an
existing client and the client's desire to have the entire audit performed by one CPA firm. Others
are obtained competitively through social contacts which lead to a request that the CPA firm
submit a proposal for performing the company's annual audit. Such prospective clients may
range from start-up companies seeking a first audit to long-established companies seeking
replacement of their current auditor.

Client Acceptance / Retention Decisions

Another element of quality-control deals with accepting and retaining clients This decision
should involve more than just a consideration of management's integrity. Strict client
acceptance/continuance guidelines should be established to screen out the following:

 Clients that are in financial and/or organizational difficulty - For example, clients
that could go bankrupt or clients with poor internal accounting controls and sloppy
records

 Clients that constitute a disproportionate percentage of the firm's total practice -

Clients may attempt to influence the auditor into allowing unacceptable accounting
practices or issuing inappropriate opinions Disreputable clients External audit firms
cannot afford to have their good reputation tarnished by serving a disreputable client or
by associating with a clear that has disreputable management. Clients that offer an
unreasonably low free for response, the auditor ma attempt to cut corners imprudently or
dos auditor's services - money on the engagement. Conversely, auditors may bid for
audits unreasonably low prices.

Audit Firm Limitations

An external audit firm should not undertake an engagement that it is not qualified to handle.
Doing so is especially important for smaller, growing firms that may be tempted to agree to
conduct an audit for which they are not qualified or not large enough to perform. Statistics show
that firms covered by a professional liability insurance plan that are most susceptible to litigation
are those with staffs of eleven to twenty-five auditors. They appear to become overzealous,
leading to low audit quality and exposure to subsequent litigation.
It is essential for a CPA firm to maintain its integrity, objectivity and reputation for providing high
quality services. No auditor can afford to be regularly associated with clients who are engaging
in management fraud or other unlawful activities. Before accepting an engagement, the CPA
should investigate the history of the prospective client, including such matters as the identities
and reputation of the directors, officers, and major shareholders. To help assess engagement
risk, the auditors generally obtain management's permission to make inquiries of other third
parties (e.g., client's banker or legal counsel) about a prospective client. Generally, CPAs
choose to avoid engagements entailing a relatively high engagement risk; others may accept
such engagements, recognizing the need to expand audit procedures to offset the unusually
high levels of risk.

To reduce their own business risk, public accounting firms try to carefully manage their audit
engagements. An important element of a public accounting firm's quality control policies and
procedures is a system for deciding whether to accept a new client and, on a continuing basis,
deciding whether to continue providing services to existing clients. Public accounting firms are
not obligated to accept undesirable clients, nor are they obligated to continue to serve clients
when relationships deteriorate or when the management comes under a cloud of suspicion.

In addition to evaluating engagement risk, the auditor should assess whether they can complete
the audit in accordance with the Philippine Standards on Auditing which are based on
international Standards on Auditing. The CPA must determine whether there are conditions that
would prevent them from performing an independent audit of the client. Consideration will also
be given to whether the partners and staff have the necessary competence and capability to
conduct the audit.

In summary, before accepting an engagement with a new client, the CPA fin shall assess
whether it

1. is competent to perform the engagement and has the time and resources to do so,
capabilities, including

2. can comply with the relevant ethical requirements, and 3. has considered the integrity of
the client and does not have information that would lead it to conclude that the client
lacks integrity

The CPA firm shall likewise establish whether the preconditions for an audit are present such
as:

 Whether the financial reporting framework to be applied in the financial statements are
acceptable;

 Agreement of management that it acknowledges and understands its responsibility,

 1. for the preparation of financial statements in accordance with applicable financial
reporting framework including where relevant to their fair presentation,

2. for such internal control as management determines is necessary to enable the

preparation of financial statements that are free from material misstatement whether
due to fraud or error, and 3. to provide the auditor with:

(a) Access to all information of which management is aware that is relevant to

the preparation of financial statements such as records, documentation and
other matters

(b) Additional information that the auditor may request from management for the
purpose of the audit; and

(c) Unrestricted access to persons within the entity from whom the auditor
determines it necessary to obtain audit evidence.

Engagement letter

The engagement letter, which includes the audit free, also includes a description of the timing of
the external auditor's work and a description of documentation that the client is expected to
provide to the external auditor. In writing an engagement letter, care should be taken when
describing responsibility the auditor takes with respect to discovering fraud and misstatements.
If the client wants its auditors to go beyond the requirements of the auditing standards, the
auditors should have their attorneys review the degree of wording to make sure that it says not
only what is intended but also what is possible.

As a final step, the CPA firm will confer and agree with management or those charged with
governance the appropriate terms of the audit engagement.

The agreed terms of the audit engagement shall be recorded in an audit engagement letter or
other suitable form of written agreement and shall include:

(a) The objective and scope of the audit of the financial statements;
(b) The responsibilities of the auditor;
(c) The responsibilities of management;
(d) Identification of the applicable financial reporting framework for the preparation of the
financial statements, and
(e) Reference to the expected form and content of any reports to be issued by the auditor and
a statement that there may be circumstances in which a report may differ from its
expected form and content.
Figure 9-1 shows an illustration of an Audit Engagement Letter.

Recurring Audits

On recurring audits, the auditor shall assess whether circumstances require the terms of the
audit engagement to be revised and whether there is a need to remind the entity of the existing
terms of the audit engagement. The auditor shall not agree to the change in the terms of the
audit engagement where there is no reasonable justification for doing so.

If the terms of audit engagement are changed, auditor and management shall agree on and
record the new terms of the engagement in an engagement letter or other suitable form of
written agreement.

If the auditor is unable to agree to a change in the terms of the audit engagement and is not
permitted by management to continue the original audit engagement, the auditor shall:

(a) Withdraw from the audit engagement where withdrawal is possible under applicable law or
regulation; and

(b) Determine whether there is any obligation, either contractual or otherwise, to report the
circumstances to other parties, such as those charged with governance, owners or
regulators.
Figure 9-1: Illustrative Engagement Letter

Valderrama & Co. CPA 7560 Sen. Gil Puyat Avenue, Makati City

October 15, 2020

Mr. Alberto Santos,

Managing Director
ABC, Inc.
165 Tandang Sora, Quezon City

Dear Mr. Santos:

You have requested that we audit the financial statements of ABC, Inc. which comprise the
statement of financial position as at December 31, 2020, and the income statement statement of
changes in equity and cash-flow statement for the year ended, and a summary of significant
accounting policies and other explanatory information. We are pleased to confim our
acceptance and our understanding of this audit engagement by means of this letter. Our audit
will be conducted with the objective of our expressing an opinion on the financial statements.

Our Responsibilities

We will conduct our audit in accordance with Philippine Standards on Auditing Those standards
require that we comply with ethical requirements and plan and perform the audit to obtain
reasonable assurance about whether the financial statements are free from material
misstatement. An audit involves performing procedures to obtain audit evidence about the
amounts and disclosures in the financial statements. The procedures selected depend on the
auditor's judgment, including the assessment of the risks of material misstatement of the
financial statements, whether due to fraud or error. An audit also includes evaluating the
appropriateness of accounting policies used and ne reasonableness of accounting estimates
made by management, as well as evaluating the overall presentation of the financial
statements.

Because of the inherent limitations of an audit, together with the inherent limitations o internal
control, there is an unavoidable risk that some material misstatements may nude detected, even
though the audit is properly planned and performed in accordance with PSAS.

In making our risk assessments, we consider intemal control relevant to the entity's preparation
of the financial statements in order to design audit procedures that are appropriate in the
circumstances, but not for the purpose of expressing an opinion on the effectiveness of the
entity's internal control. However, we will communicate to you in writing any significant
deficiencies in internal control relevant to the audit of the financial statements that we have
identified during the audit.
Unless unanticipated difficulties are encountered, our report will be substantially in the following
form:

(Form and content of the auditor's report has not been reproduced.)

The form and content of our report may need to be amended in the light of our audit findings.

Management's Responsibility

Our audit will be conducted on the basis that management and those charged with governance
acknowledge and understand that they have responsibility:

a) For the preparation and fair presentation of the financial statements in accordance with
Philippine Financial Reporting Standards;
b) For such internal control as management determines is necessary to enable the
preparation of financial statements that are free from material misstatement, whether due to
fraud or error, and
c) To provide us with:
i) Access to all information of which you are aware that is relevant to the
preparation of the financial statements such as records, documentation and
other matters;
ii) Additional information that we may request from you for the purpose of the
audit and
iii) Unrestricted access to persons within the company from whom we determine
it necessary to obtain audit evidence.

As part of our audit process, we will request from management and, where appropriate, those
charged with governance written confirmation concerning representations made to us in
connection with the audit.

We look forward to full cooperation from your staff during our audit.

Fees

Our fees which are based on the time required by individuals assigned to the engagement will
be Php100,000 plus out-of-pocket expenses and will be billed as work progresses, Individual
hourly rates vary according to the degree of responsibility involved and the experience and skill
required.

This letter will be effective for future periods unless it is terminated, amended, or superseded.
Please sign and return the attached copy of this letter to indicate that it is accordance with your
understanding of the arrangements for our audit of the financial statements.
PHASE I-B
PLANNING THE AUDIT TO DEVELOP AN OVERALL AUDIT STRATEGY AND
AUDIT PLAN

Introduction

Once the client has been obtained and the engagement letter signed by both parties (auditor
and client), the planning process intensifies as the auditors concentrate their efforts in obtaining
a detailed understanding of the client's business in developing an overall audit strategy and
assess the risks of material misstatement of the financial statements.

PSA 300, "Planning an Audit of Financial Statements" establishes standards and provides
guidance on the considerations and activities applicable to planning and audit of financial
statements. It states that the auditor should plan the audit so that tite engagement will be
performed in an effective manner.

The auditor-in-charge must develop a "plant of action" to organize, coordinate, and schedule
activities of the audit staff. An audit plan is normally drafted prior to starting the work at the
client's offices.

Nature and Scope of Audit Planning

Audit planning involves the establishment of the overall audit strategy for the engagement and
developing an audit plan, in order to reduce audit risk to an acceptably low level, Planning
involves the engagement partner and other key members of the engagement team to benefit
from their experience and insight and to enhance the effectiveness and efficiency of the
planning process.

The nature and extent of planning activities will vary according to the size and complexity of the
entity, the auditor's previous experience with the entity, and changes in circumstances that
occur during the audit engagement.

Planning is a continuous and iterative process that often begins shortly after or in connection
with the completion of the previous audit and continues until the completion of the current audit
engagement. However, in planning an audit, the auditor considers the timing of certain planning
activities and audit procedures that need to be completed prior to the performance of further
audit procedures. For example, the auditor plans the discussion among engagement team
members, the analytical procedures to be applied as risk assessment procedures, the obtaining
of a general understanding of the legal and regulatory framework applicable to the entity and
how the entity is complying with that framework, the determination of materiality, the
involvement of experts and the performance of other risk assessment procedures prior to
identifying and assessing the risks of material misstatement and performing further audit
procedures at the assertion level for classes of transactions, account balances, and disclosures
that are responsive to those risks.

The auditor may decide to discuss elements of planning with the entity's management to
facilitate the conduct and management of the audit engagement (for example, to coordinate
some of the planned audit procedures often occur, the overall audit strategy and the audit plan
remain the auditor's responsibility

Benefits of Audit Planning

Audit planning generally involves the determination of the expected nature, timing and extent of
the audit. Among the benefits derived from audit planning are the following:

(a) It helps ensure that appropriate attention is devoted to important areas of the audit
(b) It aids in identifying potential problems and resolving them on a timely basis.
(c) It helps ensure that the audit is properly organized, managed and performed in an effective
and efficient manner.
(d) It assists in the proper assignment and review of the work of the engagement team
members.
(e) It helps coordinate the work to be done by auditors of components and other parties
involved such as experts, specialists, etc.

The Overall Audit Strategy

PSA 300 requires that the auditor establishes the overall strategy for the audit. This overall audit
strategy sets the scope, timing and direction of the audit and guides the development of the
more detailed audit plan. In developing the audit strategy, the auditor considers the results of
the preliminary activities described in the preceding section. The process of establishing the
audit strategy involves

a. Identifying the characteristics of the engagement that define its scope. Examples are:

1. The financial reporting framework

2. Industry specific reporting requirements, and

3. The locations of the components of the entity.

b. Ascertaining the reporting objectives of the engagement to plan the timing of the audit and
the nature of the communication required such as:

1. Deadlines for interim and final reporting, and

2. Key dates and organization of meetings with management and those charged with
governance to discuss the nature and extent of audit work.

3. Discussion with management regarding the expected communication on the status of audit
work throughout the engagement.

c. Considering the important factors that will determine the focus and direction of the
engagement teams efforts, such as:

1. Determination of appropriate materiality levels

2. Preliminary identification of areas where there may be higher risks of material misstatement.

3. Preliminary identification of material components and account balances.

4. Evaluation of whether the auditor may plan to obtain evidence regarding the effectiveness of
internal control, and 5. Identification of recent significant entity-specific, industry, financial
reporting or other relevant developments.

d. Considering the results of preliminary engagement activities and, where applicable, whether
knowledge gained on other engagements performed by the engagement partner for the
entity is relevant; and

e. Ascertaining the nature, timing and extent of resources necessary to perform the
engagement.

Benefits of Developing the Audit Strategy

 The resources to deploy for specific audit areas, such as the use of appropriately
experienced team members for high risk areas or the involvement of experts on complex
matters.

 The amount of resources to allocate to specific audit areas, such as the number of team
members assigned to observe the inventory count at material locations, the extent of review
of other auditors' work in the case of group audits, or the audit budget in hours to allocate to
high risk areas:

 When these resources are to be deployed, such as whether at an interim audit stage or at
key cut-off dates, and

 How such resources are managed, directed and supervised, such as when team briefing
and debriefing meetings are expected to be held, how engagement partner and manager
reviews are expected to take place (for example, on-site or off-site), and whether to
complete engagement quality control reviews.
Once the overall audit strategy has been established, an audit plan can be developed to
address the various matters identified in the overall audit strategy, taking into account the need
to achieve the audit objectives through the efficient use of the auditor's resources. The
establishment of the overall audit strategy and the detailed audit plan are not necessarily
discrete or sequential processes, but are closely inter-related since changes in one may result
in consequential changes to the other

In audits of small entities, the entire audit may be conducted by a very small nudit team. Many
audits of small entities involve the engagement partner (who may be a sole practitioner) working
with one engagement team member or without any engagement team members). With a smaller
team, co-ordination of, and communication between, team members are easier. Establishing the
overall audit strategy for the audit of a small entity need not be a complex or time consuming
exercise; it varies according to the size of the entity the complexity of the audit, and the size of
the engagement team. For example, a brief memorandum prepared at the completion of the
previous audit, based on a review of the working papers and highlighting issues identified in the
audit just completed, updated in the current period based on discussions with the owner
manager, can serve as the documented audit strategy for the current audit engagement if it
covers the matters noted in paragraph 7 of PSA 300.

A. Application of the Concept of Materiality to Audit

PSA 320, "Materiality in Planning and Performing an Audit" establishes standards and deals
with the auditor's responsibility to apply the concept of materiality in planning and performing an
audit of financial statements.

To reiterate the importance of the concept of materiality to audit, the definition of materiality in
accordance with the FRSC's "Framework for the Preparation and Presentation of Financial
Statements" follows:

"Information is material if its omission or misstatement could influence the economic

decisions of users taken on the basis of the financial statements. Materiality depends on
the size of the item or error judged in the particular circumstances of its omission or
misstatement. Thus, materiality provides a threshold or cut-off point rather than being a
primary qualitative characteristic which information must have if it is to be useful."

This definition emphasizes the importance of materiality to reasonable users who rely on the
statements to make decisions. Auditors, therefore, must have knowledge of the likely uses of
their client's statements and the decisions that are being made.

Materiality involves both quantitative and qualitative considerations. In assessing the

quantitative importance of a misstatement, it is necessary to relate the peso amount of the error
to the financial statements under examination, Qualitative considerations, on the other hand,
relate to the causes of misstatement. An error that may not be material quantitatively, may be
material qualitatively. This may occur, for instance, when the misstatement is attributed to an
irregularity or an illegal act by the client.

The objective of an audit of financial statements is to enable the auditor to express an opinion
whether the financial statements are prepared, in all material respects, in accordance with an
identified financial reporting framework. The assessment of what is material is a matter of
professional judgment.

In planning the audit, materiality should be considered by the auditor when:

(a) determining the nature timing and extent of audit procedures;

(b) identifying and assessing the risks of material misstatement; and
(c) determining the nature, timing and extent of further audit.

The auditor's determination of materiality is a matter of professional judgment and is affected by

the auditor's perception of the financial information needs of users of the financial statements. In
this context, it is reasonable for the auditor to assume that users:

(a) Have a reasonable knowledge of business and economic activities and accounting and a
willingness to study the information in the financial statements with renewable diligence;
(b) Understand that financial statements at prepared mud and audited to levels of materiality:
(c) Recognize the uncertainties inherent in the measurement of amounts based on the use of
estimates, judgment and the consideration of future events; and
(d) Make reasonable economic decisions on the basis of the information in the financial
statements.

Levels of Materiality
The auditor assesses materiality at two levels:
 First is the overall materiality (or materiality level for the financial statements as a whole)
 Second is the specific materiality (or materiality level for particular classes of transactions.
account balances or disclosures)

The auditor considers materiality at both the overall financial statement level and in relation to
individual account balances, classes of transactions and disclosures. Materiality may be
influenced by considerations such as legal and regulatory requirements and considerations
relating to individual financial statement account balances and relationships. This process may
result in different materiality levels depending on the aspect of the financial statements being
considered.

1. Overall materiality

Materiality for the financial statements as a whole (overall materiality) is based on the
auditor's professional judgment as to the highest amount of misstatement(s) that could be
 included in the financial statements without affecting the economic decisions taken by a
financial statement user. If the amount of unconnected misstatements, either individually or
in the aggregate, is higher than the overall materiality established for the engagement, it
would mean that the financial statements are materially misstated.

Overall materiality is based on the common financial information needs of the various users
as a group. Consequently, the possible effect of misstatements on specific individual users,
whose needs may vary widely, is not considered.

2. Specific materiality

In some cases, there may be a need to identify misstatements of lesser amounts than
overall materiality that would affect the economic decisions of financial statement users. This
could relate to sensitive areas such as particular note disclosures (i.e., management
remuneration or industry-specific data), compliance with legislation or certain terms in a
contract, or transactions upon which bonuses are based. It could also relate to the nature of
a potential misstatement.

PSA 320 likewise requires that performance materiality be set.

Performance Materiality

Performance materiality is used by the auditor to reduce the risk to an appropriate low level that
the accumulation of uncorrected and unidentified misstatements exceeds materiality for the
financial statements as a whole (overall materiality), or materiality levels established for
particular classes of transactions, account balances, or disclosures (specific materiality).

Performance materiality is set at a lower amount (or amounts) than overall specific materiality.
The objective is to perform more audit work than would be required by the overall or a specific
materiality to:
 Ensure that misstatements less than overall or specific materiality are detected, so as to
appropriately reduce the probability that the aggregate of uncorrected errors and
undetected misstatements exceed materiality for the financial statements as a whole:
and thus
 Provide a margin or buffer for possible undetected misstatements. This buffer is between
detected but uncorrected misstatements in the aggregate and the overall or specific
materiality.

The margin provides some assurance for the auditor that undetected misstatements, along with
all uncorrected misstatements, will not likely accumulate to reach an amount that would cause
the financial statements to be materially misstated.
Performance materiality is set in relation to overall materiality or specific materiality. For
example, a specific performance materiality can be set at a lower amount than overall
performance materiality for testing repairs and maintenance expenses if there is a higher risk of
assets not being capitalized. Specific performance materiality may also be used to perform
additional work in areas that may be sensitive due to the nature of potential misstatements and
their occurrence, rather than their monetary size.

For example, if overall materiality was set at P200,000 and the audit procedures were planned
to detect all errors in excess of P200,000, it is quite possible that an error of say P80,000 would
go undetected. If three such errors existed totaling to P240,000, the financial statements would
be materially misstated. If performance materiality was set at P120,000, it would be much more
likely that at least one or all of the P80,000 errors would be detected. Even if only one of the
three errors is identified and corrected, the remaining P160,000 misstatement would still be less
than P200,000 and the financial statements as a whole would not be materially misstated.

How to Determine Materiality

Auditors make a preliminary assessment of materiality of the financial statements as a whole by

determining the amount by which they believe the financial statements could be misstated
without affecting users' decisions. This-amount is called "preliminary judgment about materiality
planning materiality". This judgment need not be quantified but often is It is called a preliminary
judgment about materiality because it is a professional judgment and may change during the
engagement if circumstances change. The reason for determining “planning materiality is to
help the auditor plan the appropriate evidence to accumulate. If the auditor sets a low peso
amount, more evidence is required than for a high amount.

In establishing planning materiality or preliminary judgment about materiality, an auditor must

also consider any potential effect a misstatement might have which may be greater than the
peso amount involved. A misstatement which may not be material based on quantitative factors
but that does not allow a client to meet a condition in a contractual obligation or expectations of
a financial statement user may be considered material. In these instances, amount of planning
materiality based on the users expectations of income or alter those working on the
engagement to the potential for these types of material misstatement.
Rules of Thumb (For Use as a Starting Point)

Overall Specific Performance

Materiality is a matter of Establish a lower, specific No specific guidance is
professional judgment rather materiality amount (based on provided in the PSAS.
than a mechanical existence. professional judgment) for the Percentages range from 60%
As a result, no specific audit of specific or sensitive (of overall or specific
guidance is provided in the financial statement areas materiality). where there is a
PSA. However, profit from higher risk of material
continuing profit from misstatement, up to 85%
continuing operations (3% to where the assessed risk of
7%) is often used in practice material misstatement is less
as having the greatest
significance to financial
statement users. If this is not
a useful measure (such as for
a not-for-profit entity or where
profit is not a stable base)
then consider other bases
such as
 Revenues or
expenditures - 1% to
3%
 Assets - 1% to 3%
 Equity - 3% to 5%

Other Considerations

When accepting new audit engagement, inquire about the overall materiality used by the
previous auditor. If available, this would help in determining whether further audit procedures
may be required on the opening asset and liability balances.

Ensure that any experts employed by the entity (to assist the entity in preparing the financial
statements) or used the audit team are instructed to use an appropriate materiality level in
relation to the work they perform.

Relationship between Materiality and Audit Risk

When planning the audit, the auditor considers what would make the financial statements
materially misstated. The auditor's assessment of materiality, related to specific account
balances and classes of transactions, helps the auditor decide such questions as what items to
examine and whether to use sampling and analytical procedures. This enables the auditor to
select audit procedures that, in combination, can be expected to reduce audit risk to an
acceptably low level.
There is an inverse relationship between materiality and the level of audit risk, that is, the higher
the materiality level, the lower the audit risk and vice versa. The auditor takes the inverse
relationship between materiality and audit risk into account when determining the nature, timing
and extent of audit procedures For example, if, after planning for specific audit procedures, the
auditor determines that the acceptable materiality level is lower, audit risk is increased.

The auditor would compensate for this by either:

(a) reducing the assessed level of control risk, where this is possible, and supporting the
reduced level by carrying out extended or additional tests of control or
(b) reducing detection risk by modifying the nature, timing and extent of planned substantive
procedures.

B. Audit Plan

The auditor should develop an audit plan for the audit in order to reduce audit risk to an
acceptably low level.

The audit plan shall include a description of

(a) The nature, timing and extent of planned risk assessment procedures, as determined
under PSA 315, "Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and Its Environment."

(b) The nature, timing and extent of planned further audit procedures at the assertion level,
as determined under PSA 330, "The Auditor's Responses to Assessed Risks."

(c) Other planned audit procedures that are required to be carried out so that the
engagement complies with PSAS.

The auditor shall update and change the overall audit strategy and the audit plan as necessary
during the course of the audit.

The auditor shall plan the nature, timing and extent of direction and supervision of engagement
team members and the review of their work,

The auditor shall document:

(a) The overall audit strategy;
(b) The audit plan; and
(c) Any significant changes made during the audit engagement to the overall audit strategy
or the audit plan, and the reasons for such changes.

Once the audit strategy has been established, the auditor is able to start the development of a
more detailed audit plan to address the various matters identified in the audit strategy; taking
into account the need to achieve the audit objectives through the efficient use of the auditor's
resources. Although the auditor ordinarily establishes the audit strategy before developing the
detailed audit plan, the two planning activities are not necessarily discrete or sequential
processes but are closely inter-related since changes in one may result in consequential
changes to the other.

The audit plan is more detailed than the audit strategy and includes the nature, timing and
extent of audit procedures to be performed by engagement team members in order to obtain
sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
Documentation of the audit plan also serves as a record of the proper planning and
performance of the audit procedures that can be reviewed and approved prior to the
performance of further audit procedures.

Direction, Supervision and Review

The auditor should plan the nature, timing and extent of direction and supervision of
engagement team members and review of their work.

The nature, timing and extent of the direction and supervision of engagement team members
and review of their work vary depending on many factors, including:
 The size and complexity of the entity.
 The area of the audit.
 The assessed risks of material misstatement (for example, an increase in the assessed risk
of material misstatement for a given area of the audit ordinarily requires a corresponding
increase in the extent and timeliness of direction and supervision of engagement team
members, and a more detailed review of their work).
 The capabilities and competence of the individual team members performing the audit work.
PSA 220 contains further guidance on the direction, supervision and review of audit work.

Changes to Planning Decisions during the Course of the Audit

The overall audit strategy and the audit plan should be updated and changed as necessary
during the course of the audit.

Planning an audit is a continual and iterative process throughout the audit engagement. As a
result of unexpected events, changes in conditions, or the audit evidence obtained from the
results of audit procedures, the auditor may need to modify the overall audit strategy and audit
plan, and thereby the resulting planned nature, timing and extent of further audit procedures.
Information may come to the auditor's attention that differs significantly from the information
available when the auditor planned the audit procedures. For example, the auditor may obtain
audit evidence through the performance of substantive procedures that contradicts the audit
evidence obtained with respect to the testing of the operating effectiveness of controls. In such
circumstances, the auditor reevaluates the planned audit procedures, based on the revised
consideration of assessed risks at the assertion level for all or some of the classes of
transactions, account balances or disclosures

Consideration Specific to Smaller Entities

In audits of small entities, an audit may be carried out entirely by the audit engagement partner
(who may be a sole practitioner). In such situations, questions of direction and supervision of
engagement team members and review of their work do not arise as the audit engagement
partner, having personally conducted all aspects of the work, is aware of all material issues. The
audit engagement partner (or sole practitioner) nevertheless needs to be satisfied that the audit
has been conducted in accordance with PSAs. Forming an objective view on the
appropriateness of the judgments made in the course of the audit can present practical
problems when the same individual also performed the entire audit. When particularly complex
or unusual issues are involved, and the audit is performed by a sole practitioner, it may be
desirable to plan to consult with other suitably experienced auditors or the auditor's professional
body.

A suitable, brief memorandum may serve as the documented strategy for the audit of a smaller
entity. For the audit plan, standard audit programs or checklists (see paragraph A18 of PSA
300) drawn up on the assumption of few relevant control activities, as is likely to be the case in
a smaller entity, may be used provided that they are tailored to the circumstances of the
engagement, including the auditor's risk assessments.

Documentation

The auditor should document the overall audit strategy and the audit plan, including any
significant changes made during the audit engagement.

The auditor's documentation of the overall audit strategy records the key decisions considered
necessary to properly plan the audit and to communicate significant matters to the engagement
team. For example, the auditor may summarize the overall audit strategy in the form of a
memorandum that contains key decisions regarding the overall scope, timing and conduct of the
audit.

The auditor's documentation of any significant changes to the originally planned overall audit
strategy and to the detailed audit plan includes the reasons for the significant changes and the
auditor's response to the events, conditions, or results of audit procedures that resulted in such
changes. For example, the auditor may significantly change the planned overall audit strategy
and the audit plan as a result of a material business combination or the identification of a
material misstatement of the financial statements. A record of the significant changes to the
overall audit strategy and the audit plan, and resulting changes to the planned nature, timing
and extent of audit procedures, explains the overall strategy and audit plan finally adopted for
the audit and demonstrates the appropriate response to significant changes occurring during the
audit.
The form and extent of documentation depend on such matters as the size and complexity of
the entity, materiality, the extent of other documentation, and the circumstances of the specific
audit engagement

Additional Considerations in Initial Audit Engagements

The auditor should perform the following activities prior to starting an initial audit;

(a) Perform procedures regarding the acceptance of the client relationship and the specific audit
engagement [see PSA 220 for additional guidance]

(b) Communicate with the previous auditor, where there has been a change of auditors, in
compliance with relevant ethical requirements.

Other Critical Matters in Engagement Planning

1. Application of Analytical Procedures in Planning the Audit

The purpose of applying analytical procedures in planning the audit is to assist in understanding
the business and in identifying areas of potential risk. It will therefore assist the auditor in
planning the nature, time, and extent of auditing procedures that will be used to obtain evidential
matter for specific account balances or classes of transactions. By identifying such things as the
existence of unusual transactions and events, and amount ratios and trends, matters that have
financial statement and audit planning ramifications might be brought to light Likewise, relevant
non-financial information such as number of employees. area of selling Space, volume of woods
produced may also contribute to the accomplishment of the purpose the analytical procedures.
PSA 520 requires the auditors to perform analytical procedures as a part of the planning
process for every audit,

2. Establishment of an Engagement or Audit Team

An audit team consists of people with different levels of expertise and experience. The seam
usually is composed of an engagement partner manager, at East cne senior, and one or more
staff auditors a determining the number of people who will be assigned to a engagement an
auditor normally considers the audit's size so complexity, the availability and experience of
personnel, the necessity Sor special expertise, and the opportunity to train personnel, and the
continuity and routine of personnel. The audit team assembled for a larger engagement typically
is larger than that needed for a smaller engagement. An engagement involving an entity in a
regulated industry, such as bunking, also requires that the major members of the audin seam
have necessary knowledge and experience in that industry.

3. Consideration of Work Performed by Other Auditors/Parties

The following factors should be considered in assessing the work performed by other auditors /
parties: .
 The involvement of other auditors in the audit of components, for example, subsidiaries,
branches and divisions.

 The involvement of experts.

 The number of locations.

a. Predecessor Auditor

The successor auditor's examination may be greatly facilitated by consulting with the
predecessor auditors and reviewing the predecessor's working papers. Communication with the
predecessor auditors can provide the successor CPA with background information about the
client, details about the client's system of internal control, and evidence as to the account
balances at the beginning of the year under audit.

Auditors are ethically prohibited from disclosing confidential information obtained in the course
of an audit without the consent of the client. The successor auditor should therefore obtain the
client's consent before making inquiries from the predecessor auditors.

If the auditor is unable to obtain cooperation from the preceding auditors, or if he feels that the
work done by the preceding auditors does not meet the requirements of generally accepted
auditing standards, he may have to treat the audit of the new client, previously audited by other
accountants, just as he would the first audit of a client who has never been audited before.

b. Other CPAS

Large companies generally consist of divisions and subsidiaries located in many different parts
of the country or the world. For a variety of reasons, one or several of the subsidiaries or
divisions may have different auditors.

To be able to report on the statements of the combined entity, an auditor must determine that
she or he is able to be the principal auditor. Principal auditor means the auditor with
responsibility for reporting on the financial statements of an entity when those financial
statements include financial information of one or more components audited by another auditor.
Other auditor means an auditor, other than the principal auditor, with responsibility for reporting
on the financial information of a component which is included in the financial statement audited
by the principal auditor. Other auditors include affiliated firms whether using the same name or
not, correspondents as well as unrelated auditors, Component means a division, branch,
subsidiary, joint venture, associated company or other entity whose financial information is
included in financial statements audited by the principal auditor
c. Specialists

CPAs may lack the qualifications necessary to perform certain technical tasks relating to the
audit. A specialist brings unique knowledge and judgment in a field other than accounting and
auditing. An auditor might decide to have an art appraiser place values on works of art, a
mineralogist determine the physical characteristics of mineral reserves, or an actuary provide
data related to a group's life expectancy. Effective planning involves arranging for the
appropriate use of specialists both inside and outside of the client organization.

d. Use of Client's Staff

The client's staff should have the accounting records up-to-date when the auditors arrive, In
addition, many audit working papers can be prepared for the auditors by the client's staff, thus
reducing the cost of the audit and freeing the auditors from routine work. The auditors may set
up the columnar headings for such working papers and give instructions to the client's staff as to
the information to be gathered. These working papers should bear the label Prepared by Client,
or PBC, and also the initials of the auditor who verifies the work performed by the client's staff.

Working papers prepared by the client should never be accepted at face value; such papers
must be reviewed and tested by the auditors. Among the tasks that may be assigned to the
client's employees are the preparation of a trial balance of the general ledger, preparation of an
aged trial balance of accounts receivable, analyses of accounts receivable written off, lists of
property additions and retirements during the year, and analyses of various revenue and
expense accounts. Many of these "working papers" may be in the form of computer
spreadsheets and other computerized data files.

e. Internal Auditors

Internal auditors can affect the audit in two ways. First, they can enhance internal control. In
deciding whether to reduce the amount of testing for specific assertions because of work
performed by internal auditors, the independent auditor should consider (1) the materiality of the
amount, (2) the risk of misstatement, and (3) the degree of subjectivity involved in evaluating the
accumulated audit evidence. As these factors increase, the auditor is less likely to rely on the
internal auditor's work.

The second way internal auditors affect an audit is by assisting independent auditors in
performing specific audit procedures. For example, an internal auditor may observe client
personnel taking the inventory

4. Assessment of Going Concern Assumption

PSA 570 requires auditors to evaluate whether substantial doubt exists about an entity's ability
to continue as a going concern, based on procedures planned and performed to obtain
evidence about the management assertions embodied in e financial statements. That is, an
auditor is not required to design specific procedures to evaluate whether an entity is a going
concern.

When planning and performing audit procedures and in evaluating the results thereof, the
auditor should consider the appropriateness of management's use of the going concern
assumption in the preparation of the financial statements.

Examples of events or conditions, which individually or collectively, may cast significant doubt
about the going concern assumption are set out below. This listing is not all-inclusive nor does
the existence of one or more of the items always signify that a material uncertainty exists.

Financial
 Net liability or net current liability position.
 Fixed-term borrowings approaching maturity without realistic prospects of renewal or
repayment; or excessive reliance on short-term borrowings to finance long-term assets.
 Indications of withdrawal of financial support by debtors and other creditors.

Operating
 Loss of key management without replacement.
 Loss of a major market, franchise, license, or principal supplier.
 Labor difficulties or shortages of important supplies.

Other
 Non-compliance with capital or other statutory requirements.
 Pending legal or regulatory proceedings against the entity that may, if successful, result
in claims that are unlikely to be satisfied.
 Changes in legislation oh government policy expected to adversely affect the entity.

The significance of such events or conditions often can be mitigated by other factors. For
example, the effect of an entity being unable make its normal debt repayments may be counter-
balanced try management's plans to maintain adequate cash flows by alternative means, such
as by disposal of assets, rescheduling of ren repayments, or obtaining additional capital,
Similarly, the loss of principal supplier may be mitigated by the availability of a suitable
alternative source of supply.

5. Identification of Related Parties

A related party is defined as an affiliated company, a principal owner of the client company, or
any other party with which the client deals where one of the parties can influence the
management or operating policies of the other. A related party transaction is any transaction
between the client and a related party. Common examples include sales or purchase
transactions between a parent company and its subsidiary, exchanges of equipment between
two companies owned by the same person, and loans to officers. A less common example is
the exercise of significant management influence on an audit client by its most important
customer.

Because material related party transactions must be disclosed, it is important that all related
parties be identified and included in the permanent files early in the engagement. Finding
undisclosed related party transactions is thereby enhanced. Common ways of identifying related
parties include inquiry of management, review of SEC filings, and examination of stockholders
listings to identify principal stockholders.

6. Client's Legal Obligations

Pertinent current-year information that auditors should review includes (1) minutes of directors'
and stockholders' meetings, (2) changes to articles of incorporation or by-laws, and (3) any
significant contracts executed during the year. By reading the minutes, an auditor will obtain
information about significant events that have or will have an impact on the client.

For new clients for which historical information relating to these matters is unavailable, the
auditor should review information relating to prior years.

7. Completion of the Initial Audit Program

An audit program is a set of audit procedures specifically designed for each audit. The program
which includes both substantive tests a tests of controls will enable the auditor to express an
opinion on the financial statements taken as a whole.

The auditor should develop and do program setting out the nature, timing and extent of planned
audit procedures required to implement the overall audit plan The program serves as a set of
instructions to assistants involved in the audit and as a means to control and record the proper
execution of the work. The audit program may also contain the audit objectives for each area
and a time budget in which hours are budgeted for the various audit areas or procedures.
Considering materiality risk of misstatement, and the relative cost of performing audit
procedures, auditors determine the procedures to test the assertions embodied in the financial
statements

Auditing standards require that a written audit program be prepared as a part of each
engagement

In preparing the audit program, the auditor would consider the specific assessments of inherent
and control risks and the required level of assurance to be provided by substantive procedures.
The auditor would also consider the timing of tests of controls and substantive procedures, the
coordination 0 any assistance expected from the entity, the availability of assistants and the
involvement of other auditors or experts. Other matters may also need to be considered in more
detail during the development of the audit program
On initial engagements, the audit program typically will develop te three Stages:
(1) the broad phases of the program can be outlined at the time of engagement;
(2) other details of the program can be identified after the review of and eral control structure
and accounting procedures has begun;
(3) procedures on specific phases of the audit can be further challenged and revised as the
work progresses.

On recurring engagements, the program for the preceding audit should be studied before
preparing the program for the current audit. The program for the current audit should reflect
modifications or are required by the experience gained in the business, internal control or
accounting methods of the client.

8. Preparation of a Time Budget

A time budget is an estimate of the total hours an audit is expected to take. It is based on the
information obtained in the first major step in the audit that is, obtaining an understanding of the
client. It takes into consideration such things as:

(a) the client's size as indicated by its gross assets, sales, number of employees
(b) location of client facilities
(c) the anticipated accounting and auditing problems (d) the competence and experience of
staff available.

The total time must be allocated by the preparation of work schedules indicating who is to do
what and how long it should take. Thus, total hours are budgeted by major categories and may
be scheduled on a weekly basis. Time budget also serves as the basis for estimating fees. [t is
also an important tool to communicate to the audit staff those areas the manager or partner
believes are critical and require more time. Furthermore, a time budget is used to measure the
efficiency of the staff and to determine at each stage of the engagement whether the work is
progressing at a satisfactory rate. An illustration of an Audit Budget and Time Summary is
shown in Figure 9-2.

For repeat engagement, the development of time budgets is facilitated by reference to the
preceding year's detailed time records.

Managing time is an important consideration because billing is often based on the amount of
time charged to the engagement. Indeed, the most costly element of an engagement is the
auditor's time. Time budgets can motivate staff to perform efficiently, and one criterion by which
audit personnel are evaluated is their ability to complete assignments within the allotted time.
(However, placing too much emphasis on time management can lower the quality of the audit.)

A periodic accounting of time and budget may be prepared as a basis for determining the
cause(s) of the variance between actual and budgeted hours. This is illustrated in Figure 9-2.
This report will also serve as a guide in projecting the audit time for the succeeding audits.
9. Assignment of Personnel to the Engagement

Staff must, therefore, be assigned with that standard in mind. On larger engagements, there are
likely to be one or more partners and staff at several experience levels doing the audit.
Specialists in such technical areas as statistical sampling and computer auditing may also be
assigned. On smaller audits there may be only one or two staff members.

A major consideration affecting staffing is the need for continuity from year to year. An
inexperienced staff assistant is likely to become the most experienced non-partner on the
engagement within a few years. Continuity helps the CPA firm maintain familiarity with the
technical requirements and closer interpersonal relations with client personnel.

Another consideration is that the persons assigned be familiar with the client's industry.

In PSA 220, "Quality Control for an Audit of Financial Statements," the auditor, and assistants
with supervisory responsibilities, will consider the professional competence of assistants
performing work delegated to them when deciding the extent of direction, supervision and
review appropriate for each assistant.

Any delegation of work to assistants would be in a manner that provides reasonable assurance
that such work will be performed with due care by persons having the degree of professional
competence required in the circumstances.

10. Scheduling of Work

Audit work that can always be performed during the interim period includes the consideration of
internal control, issuance of management letter, and substantive tests of transactions that have
occurred to the erim date.

Interim tests of certain financial statement balances, such as accounts receivable, may also be
performed, but this results in additional risk that must be controlled by the auditors. Significant
errors or irregularities could arise in these accounts during the remaining period between the
time that the interim test was performed and the statement of financial position date. Thus, to
rely on the interim test of a significant account balance, the auditors must perform additional
tests of the account during the remaining period.

Performance of other substantive tests is scheduled near at, and after year end. Consideration
should be given to such factors as:

a) Deadline for submitting final audit report and filing of income tax returns
b) Ability of the client's staff to submit required schedules
c) Other audit clients
Documentation of Audit Plan / Audit Program

Documentation of the planning process is done through the preparation of working papers
showing:
(1) Audit Plans (discussed in this section)
(2) Audit Programs
(3) Time Budget (refer to page 245)

An audit plan contains the overview of the engagement, outlining the nature and characteristics
of the client's business operations and the overall audit strategy.

The following information are included in a typical audit plan:

1. Description of the client company its structure, nature of business and organization.
2. Audit objectives (i.e., if the audit is for stockholders, creditors or it is special-purpose audit)
3. Description of the nature and extent of other services such as tax returns preparation, etc.
4. Timetable of the audit work
5. Work to be done by the client's employer 6. Assignment of audit staff
7. Target completion dates of the major segments of the engagement
8. Preliminary evaluation and judgment about materiality level for the engagement
9. Any special problems to be resolved during the engagement particularly those revealed by
analytical procedures
10. Conditions that may require changes in audit test

Normally, the audit plan is prepared before starting work at the client's office. It may, however
be modified throughout the engagement as the auditor deems necessary depending on his
consideration of internal control or as special problems are encountered.

The auditor may wish to prepare a memorandum setting forth the preliminary audit plan,
particularly for large and complex entity

Planning a Repeat Engagement

It is far easier to plan for a repeat engagement than planning for a first audit of a new client. The
working papers in the previous year's audit provide a wealth of information useful in planning
the recurring engagement. Of course, the auditor-in-charge of a repeat engagement would have
a good working knowledge of the client's business. The auditor however should not merely
duplicate last year 5 audit program but should modify his approach to the audit for any changes
in the client's operations, internal control structure, or business environment.
Multiple Choice Questions – CHAPTER 9

1. In planning and performing an audit, auditors are concerned about risk factors for two distinct
types of fraud: fraudulent financial reporting and misappropriation of assets. Which of the
following is a risk factor for misappropriation of assets?
a. Generous performance-based compensation systems.
b. Management preoccupation with increased financial performance.
c. An unreliable accounting system.
d. Strained relationships between management and the auditors.

2. Which of the following should not normally be included in the engagement letter for an audit?
a. A description of the responsibilities of client personnel to provide assistance.
b. An indication of the amount of an audit.
c. A description of the limitations of an audit.
d. A listing of the client's branch offices selected for testing.

3. Which portion of an audit is least likely to be completed before the balance sheet date?

a. Test of controls.
b. Issuance of an engagement letter.
c. Substantive procedures
d. Assessment of control risk.

4. Which of the following should the auditor obtain from the predecessor auditors before
accepting an audit engagement?
a. Analysis of balance sheet accounts.
b. Analysis of income statement accounts.
c. All matters of continuing accounting significance.
d. Facts that might bear on the integrity of management.

5. The primary objective of tests of details of transactions performed as substantive procedures

is to:
a. Comply with generally accepted auditing standards.
b. Attain assurance about the reliability of the accounting system
c. Detect material misstatements in the in the financial statements.
d. Evaluate whether management's policies and procedures are opening effectively.

6. The risk that the auditor will conclude, based on substantive procedures, that a material
misstatement does not exist in an account balance when, in fact, such misstatement does exist
is referred to as
a. Business risk
b. Engagement risk
c. Control risk
d. Detection risk
7. Which of the following best describes what is meant by the term "fraud risk factor"?

a. Factors that, when present, indicate that risk exists.

b. Factors often observed in circumstances where frauds have occurred.
c. Factors that, when present. require modification of planned audit procedures.
d. Weakness in internal control identified during an audit.

8. Three conditions generally are present when fraud occurs. Select the one below that is not
one of those conditions.
a. Incentive or pressure
b. Opportunity
c. Supervisory position
d. Attitude

9. Which of the following is most likely to be an overall response to fraud risks identified in an
audit?

a. Supervise members of the team less closely and rely more upon judgment
b. Use less predictable audit procedures.
c. Use only certified public accountants on the engagement
d. Place increased emphasis on the audit of objective transactions rather than subjective
transactions.
 CHAPTER 10
RISK ASSESSMENT – PART II

Expected Learning Outcomes

After studying this chapter, you should be able to:

1. Understand the need to perform risk assessment to identify/assess risk of material

misstatement through understanding the entity and its environment.

2. Know the risk assessment procedures and sources of information about the entity and its
environment.

3. Learn what aspects about the entity should the auditor understand.

4. Know how the auditor could identify and assess the risk of material misstatement both the
financial statement level and assertion level for classes of transactions, account balances and
disclosures.

5. Understanding the use of audit risk model to determine the nature, timing, and extent of audit
procedures.

6. Learn the audit risk in the small business.

Risk Assessment Part II

Phase I – C.1 Performance of Risk Assessment Procedures to Identify/ Assess Risk of Material
Misstatement Through Understanding Entity

Introduction

This chapter discusses the process of obtaining an understanding of the entity and its environment and
assessing the risks of material misstatement in a financial statement audit as required by PSA 315
(Clarified), Identifying and Assessing the Risks of Material Misstatements through Understanding the
Entity and Its Environment and effective for audits of financial statements for periods beginning on or
before December 15, 2009.

PSA 315 (Clarified) deals with the auditor’s responsibility to identify and assess the risks of material
misstatements in the financial statements, through understanding of the entity and its environment,
including its internal control. The standards presents an overview of the requirements such as:

I. Risk assessment procedures and sources of information about the entity and its environment,
including its internal control.

II. Understanding the entity and its environment, including its internal control.

III. Identifying and assessing of the risks of material misstatements

IV. Material weakness in internal control

V. Documentation
I. RISK ASSESSMENT PROCEDURES AND SOURCES OF INFORMATION ABOUT THE ENTITY AND ITS
ENVIRONMENT, INCLUDING ITS INTERNAL CONTROL

Obtaining an understanding of the entity and its environment, including its internal control, is a
continuous, dynamic process of gathering, updating and analyzing information throughout the audit. As
described in PSA 500, audit procedures to obtain an understanding are referred to as “risk assessment
procedures” because some of the information obtained by performing such procedures may be used by
the auditor as audit evidence to support assessments of the risk material misstatements. In addition, in
performing risk assessment procedures, the auditor may obtain audit evidence about classes of
transactions, account balances, or disclosures and related assertions and about the operating
effectiveness of controls, even though such audit procedures were not specifically planned as
substantive procedures or as tests of controls. The auditor also may choose to perform substantive
procedures or tests of controls concurrently with risk assessment procedures because it is efficient to do
so.

Risk Assessment Procedures

The auditor should perform the following risk assessment procedure to provide a basis for the
identification and assessment of risks of material misstatements of the financial statements and
assertions levels:

(a) Inquiries of management and others within the entity;

(b) Analytical procedures; and

(c) Observation and inspection

Inquiries

The auditor performs inquiries of management and others within the entity where the information
obtained may be helpful in identifying the risks of material misstatement. The auditor may also consider
making inquiries of the entity’s external legal counsel or of valuation experts that the entity has used.
Reviewing information obtained from external sources such as reports by analysts, banks, or rating
agencies; trade and economic journals; or regulatory or financial publications may also be useful in
obtaining information about the entity.

Analytical Procedures

Analytical procedures may be helpful in identifying the existence of unusual transactions or events, and
amounts, ratios and trends that might indicate matters that have financial statement and audit
implications. In performing analytical procedures as risk assessment procedures, the auditor develops
expectations about plausible relationships that are reasonably expected to exist, when comparison of
those expectations with recorded amounts of ratios developed from recorded amount yields unusual or
unexpected relationships, the auditor consider those results in identifying the risk in material
misstatements. The auditor however considers the results of such analytical procedures along with
other information gathered in identifying the risk of material misstatements.
Observation and Inspection

Observation and inspection may support inquiries of management and others, and also provide
information about the entity and its environment. Such audit procedures ordinarily include the
following:

> Observation of entity activities and operations

> Inspection of documents (such as business plans and strategies), records and internal control
manuals

>Visits to the entity premises and plant facilities

When the auditor intends to use information about the entity and its environment obtained in prior
periods, the auditor should determine whether the changes have occurred that may affect the
relevance of such information in the current audit.

II. UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT INCLUDING ITS INTERNAL CONTROL

a) Relevant industry, regulatory, and other external factors including the applicable financial reporting
framework.

• These factors include industry conditions such as the competitive environment, supplier and
customer relationships, and technological development; the regulatory environment
encompassing other matters, the applicable financial reporting framework (based on legislative
and regulatory requirements), the legal and political environment, and environmental
requirements affecting the industry and the entity; and other external factors such as general
economic conditions.

b) The nature of the entity, including:

• Its operations;

• Its ownership and governance structures;

• The types of investments that the entity is making and plants to make;

• The way the entity is structured and how it is financed;

• The entity's selection and application of accounting policies, including the reasons for changes
thereto.

Examples:

– Business operations

– Investments

– Financing

– Financial reporting
c) The entity's objectives and strategies, and those related business risks that may result in risks of
material misstatement.

The entity conducts its business in the context of various factors. To respond to these factors, the
management or those charged with governance should define objectives - the overall plans for the
entity.

Significant risks that may be identified for a particular client might include risks related to competition,
changes in government regulations and technology, volatility of raw material prices, interruption of
supplies of critical raw materials, changes in major markets, or increase in interest rates. To understand,
auditors can review the formal process for identifying business risks and ways to mitigate them.

d) The measurement and review of the entity's financial performance.

Performances measures, external or internal, create pressures on the entity that motivate management
to take action to improve business performance.

e) Understanding the client's Internal Control

Internal control is designed to provide reasonable assurance of achieving objectives related to reliable
financial reporting, efficiency and effectiveness of operations, and compliance with applicable laws and
regulations.

The nature and extent of the audit work to be performed depend largely upon the effectiveness of the
client's internal control in preventing or detecting material misstatements in the financial statements.
Before auditors can evaluate such effectiveness, they must have a sufficient understanding of the design
and implementation of internal control to plan the audit.

The nature, timing and extent of the risk assessment procedures performed depend on the
circumstances of the engagement such as size and complexity of the entity and the auditor's experience
with it. Identifying significant changes in the aspects above from prior periods is particularly important.

III. UNDERSTANDING AND ASSESSING THE RISK OF MATERIAL MISSTATEMENT

The auditor should identify and assess the risks of material misstatement at the financial statement
level, and at the assertion level for classes of transactions, account balances and disclosures.

The auditor:

• Identifies risks throughout the process of understanding the entity and its environment;

• Relates the identified risks to what can go wrong at the assertion level;

• Considers whether the risks are of a magnitude that could result in a material misstatement;

• Considers the likelihood that the risks could result in a material misstatement.

IV. MATERIAL WEAKNESS IN INTERNAL CONTROL

The auditor shall evaluate whether a material weakness in the design, implementation or maintenance
of internal control has been identified. The auditor shall communicate material weakness identified on a
timely basis to management and as required by PSA 260, with those charged with governance.
Types of material weakness:

• Risks of material misstatement identified by the auditor and which the entity has not controlled,
or for which the relevant control is inadequate.

• A weakness in the entity's risk assessment process that the auditor identifies as material, or the
absence of a risk assessment process where it would be appropriate for one to have been
established.

• Material weaknesses may also be identified in controls that prevent, or detect and correct, error
or those to prevent and detect fraud

V. Documentation

The auditor should document:

a) The discussion among the engagement team regarding the susceptibility of the entity’s financial
statements to material misstatement due to error or fraud, and the significant decisions
reached.

b) Key elements of the understanding obtained regarding each of the aspects of the entity and its
environment to assess the risk of material misstatement of the financial statements; the sources
of information from which the understanding was obtained; and the risk assessment procedure.

c) The identified and assessed risk of material misstatement at the financial statement level and at
assertion level; and

d) The risks identified and related controls evaluated.

ASSESSING INHERENT RISK AND CONTROL RISK AR THE ASSERTION LEVEL

Auditors in designing audits, consider factors that affect the risk of material misstatements at the
financial statement level and assertion level.

In performing audits, auditors test the validity of financial statement assertions that relate to classes of
transactions, account balances, and financial statement disclosures. At the assertion level, a
misstatement is material if it exceeds the tolerable misstatements specified for the assertion. The risk
that a financial statement assertion is materially is frequently referred to as risk of the assertion level.
Financial statement assertions are not equally subject to misstatement. The risk of misstatement is
higher for some assertion than for others.

The term AUDIT RISK refers to the possibility that the auditor fails to appropriately modify their opinion
on financial statements that are materially misstated. Since an audit involves gathering evidence for
each material financial statement assertion, audit risk can also be examined at that level

For each financial statement account, audit risk consists of the possibility that:

1. A material misstatement in an assertion about the account has occurred, and

2. The auditors do not detect the misstatement.

The risk of occurrence of material misstatement may be separated into two components:
INHERENT RISK- the susceptibility of an account balance or class of transactions to misstatement that
could be material, individually or when aggregated with misstatements in other balances or classes,
assuming there are no related internal controls.

CONTROL RISK- is the risk that a misstatement, that could occur in an account balance or class of
transactions and that could be material, individually or when aggregated with misstatements in other
balances or classes, will not be prevented or detected and corrected on a timely basis by the accounting
and internal control systems.

DETECTION RISK- is the risk that an auditor’s substantive procedures will not detect a misstatement that
exists in an account balance or class of transactions that could be material, individually or when
aggregated with misstatements in other balances or classes.

Mathematically, the relationship between audit risk and its components is stated as:

AUDIT RISK FOR A SPECIFIC FINANCIAL STATEMENT ASSERTION

Audit risk for a specific financial statement assertion is the risk that the assertion contains a material
misstatement that the auditor will not detect.

INHERENT RISK AND CONTROL RISK comprise the risk that an assertion is misstated, and detection risk is
the risk that the auditors will not detect the misstatement. Inherent risk and control risk differ from the
detection risk in that they exist independently of the audit of financial statements.

For the current year’s audit, an auditor cannot change inherent or control risk from what it actually is.
The auditor controls detection risk by the amount of evidence he or she accumulates. Auditors may
affect control risk for a future inherent risk for future audits may change, due to changes in products,
services, or a variety of other factors under the client’s influence, or due to economic or industry factors
outside the client’s influence

INHERENT RISK

This refers to the susceptibility of an account balance to material errors assuming the clients does not
have any related internal controls.

To assess the inherent risk, the auditor uses professional judgment to evaluate numerous factors,
examples of which are:

AT THE FINANCIAL STATEMENT LEVEL

• The integrity of management.

• Management experience and knowledge and changes in management during the period, for
example, the inexperience of management may affect the preparation of the financial
statements of the entity.

• Unusual pressures on management, for example, circumstances that might predispose

management to misstate the financial statements, such as the industry experiencing a large
number of business failures or an entity that lacks sufficient capital to continue operations.
AT THE ACCOUNT BALANCE AND CLASS OF TRANSACTIONS LEVEL

• Financial statement accounts likely to be susceptible to misstatement, for example, accounts

which require adjustment in prior period or which involve a high degree of estimation say for
example, inventories, related party transactions, intangibles.

• The complexity of underlying transactions and other events which might require using the work
of an expert. The degree of judgment involved in determining account balances.

Certain characteristics of the client and its industry affect the inherent risk of a number of financial
statement accounts. For example, factors such as the following are indicative of high inherent risk for
the assertion about many accounts in the client’s financial statements:

• Inconsistent profitability, relative to the industry

• Operating results that are highly sensitive to economic factors.

• Going concern problems

• Large known and likely misstatements detected in prior and

• Substantial turnover, questionable reputation, or inadequate accounting skills of management.

In addition, specific accounts and assertions differ in their inherent risk. Assertions with high inherent
risk often involve:

 Difficult to audit transactions of balances

 Complex calculations
 Difficult accounting issues
 Significant judgement, or
 Valuation that vary significantly based on economic factors
The auditors use their knowledge of the client’s industry and the nature of its operations, including
information obtained in prior year audits to assess inherent risk.

CONTROL RISK

This is the risk that a material error in an account will not be prevented or detected on a timely basis by
the client’s system of internal control. This can never be zero because internal control systems cannot
provide complete assurance that all material errors will be prevented or detected. For example, controls
may be ineffective for certain occasions because of human failures due to carelessness or fatigue.

Preliminary Assessment of Control Risk

The preliminary assessment of control risk is the process of evaluating the effectiveness of an entity’s
accounting and internal control systems in preventing or detecting, and correcting material
misstatements. There will always be some control risk because of the inherent limitations of any
accounting and internal control system.
After obtaining an understanding of the accounting and internal control system, the auditor should
make a preliminary assessment of control risk, at the assertion level, for each material account balance
or class of transactions.

The preliminary assessment of control risk for a financial statement assertion should be high unless the
auditor:

a.) Is able to identify internal controls relevant to the assertion which are likely to prevent or
detect, and correct a material misstatement: and
b.) Plans to perform tests of control to support the assessment.
Documentation of Understanding and Assessment of Control Risk

The auditor should document in the audit working papers:

a.) The understanding obtained of the entity’s accounting and internal control systems: and
b.) The assessment of control risk. When control risk is assessed at less than high, the auditor would
also document the basis for the conclusions.
DETECTION RISK

This refers to the risk that the auditor’s examination will not detect a material error in an account
balance. This is a function of the effectiveness of the auditor’s verification of account balances and is
influenced by the nature, timing, and extent of the auditor’s procedures. In estimating the detection
risk, the auditor should consider the likelihood that he will make an error, such as misinterpreting the
evidence obtained or misapplying an auditing procedure.

Detection risk is restricted by performing substantive tests. For each account, the scope of substantive
tests, including their nature, timing, and extent, determines the level of detection risk.

Figure 10.2 illustrates the interrelationship of the components of audit risk.

Figure 10.2 ILLUSTRATION OF THE INTERRELATIONSHIP OF THE COMPONENTS OF AUDIT RISK

Auditor’s assessment of control risk is:

High Medium Low
Auditor’s High Lowest Lower Medium
assessment of Medium Lower Medium Higher
inherent risk Low Medium Higher Highest

USING THE AUDIT RISK MODEL TO DETERMINE THE NATURE, TIMING, AND EXTENT OF AUDIT
PROCEDURES

The definition of audit risk using some convenient abbreviations is restated as follows:

Audit risk = Inherent risk x Control risk x Detection risk

AR = IR x CR x DR
Called the audit risk model, auditors use this relationship to determine the nature, timing, and extent of
audit procedures to manage and control audit risk. Some auditors actually use numerical assessments of
risks (usually in percentage points), whereas others use a qualitative assessment such as high, medium,
and low.

The steps followed in Using the Audit Risk Model to Determine Allowable Detection Risk are shown
below:

1 2 3 4

Determine Assess Assess Solve Equation to

Planned Inherent Control Determine
Allowable
Audit Risk Risk Risk
Detection Risk

DISCUSSION:

Step 1. Determine Planned Audit Risk

Plan the audit risk for each financial statement assertion. This is referred to as planned audit risk or
acceptable audit risk. An auditor plans audit risk for each financial statement assertion so that he or she
will be able to express an opinion on the financial statements taken as a whole with an appropriate low
level of audit risk. In assessing acceptable audit risk, the auditor must assess each of the factors affecting
it.

The factors to be considered in assessing acceptable audit risk and the methods used by auditors are as
follows:

FACTORS METHOD USED BY PRCATITIONERS TO ASSESS

ACCEPTABLE AUDIT RISK
External users’ reliance on financial statements  Examine the financial statements,
including footnotes
 Read minutes of board of directors
meetings to determine future plans
 Discuss financing plans with
management
Likelihood of financial difficulties  Analyse the financial statements for
financial difficulties using ratios and
other analytical procedures
 Examine historical and projected cash
flow statements for the nature of cash
inflows and outflows
Management integrity  Obtain information from local attorneys,
other CPAs, banks, predecessor auditor
It can be seen that the assessment of each of the factors is highly subjective and this means that the
overall assessment is also highly subjective. A typical evaluation of acceptable audit risk is high, medium,
or low, where a low acceptable audit risk assessment means a “risky” client requiring more extensive
evidence, assignment of more experienced personnel, and/or more extensive review of working papers.
As the audit progresses, additional information about the client is obtained and acceptable audit risk
may be modified.

Step 2. Assess Inherent Risk

The assessment of inherent risk implies that the auditor attempts to predict where misstatements are
most and least likely in the financial statement segments. This information affects the total amount of
evidence that the auditor is required to accumulate and influences how the auditor’s efforts to gather
the evidence are allocated among the segments of the audit. There is always some risk that the client
has made misstatements that are individually or collectively large enough to make the financial
statements misleading. The misstatements can be intentional or unintentional and they can affect the
peso balance in accounts or disclosure.

Step 3. Assess Control Risk

Control Risk Represents

1.) An assessment of whether a client’s internal controls are effective for preventing and
detecting misstatements, and

2.) The auditor’s intention to make that assessment at a level below the maximum (100%)
as part of the audit plan.

If after the auditor has obtained an understanding of internal control and concludes that internal
controls are completely ineffective, to prevent of detect misstatement, the auditor would assign a high,
perhaps 100% (maximum level) risk factor to control risk.

Before auditors can set control risk less than 100%, they must do these things:

1.) Obtaining an understanding of internal control,

2.) Evaluate how well it should function based on the understanding, and

3.) Test the internal controls for effectiveness.

The first of these is the understanding requirement that relates to all audits. The last two are the
assessment of control risk steps that are required when the auditor chooses to assess control risk below
maximum.
Step 4. Determine Allowable Detection Risk

Allowable Detection Risk or Planned Detection Risk is the amount of risk the auditor can allow for an
assertion or a measure of the risk that audit evidence for a segment will fail to detect misstatements
exceeding a tolerable amount, should such misstatements exist. There are two key points about planned
detection risk:

a.) It is dependent on the other three factors in the model.

b.) It determines the amount of substantial evidence that the auditor plans to accumulate, inversely
with the size of planned detection risk.

PDR can be computed using the equation:

PDR = AAR
IR X CR

Where:

PDR = Planned Detection Risk

AAR = Acceptable Audit Risk

IR = Inherent Risk

CR = Control risk

As an alternative to numeric representations for planned audit risk, inherent risk, and control risk, some
auditors use the terms high, medium, or low. Most auditors are conservative in making these
assessments. In other words, an auditor assessing inherent risk to be between low and medium sets the
risk at medium which will require him to gather a medium amount of evidence.

The audit risk model for evaluating audit results is:

AcAR = IR x CR x AcDR

Where:

AcAR = Achieved Audit Risk. A measure of the risk the auditor has taken that an account in the financial
statements is materially misstated after the auditor has accumulated audit evidence,

IR = Inherent Risk. It is the same inherent risk factor discussed in planning unless it has been revised as a
result of new information.

CR = Control Risk. It is also the same control risk discussed previously unless it has been revised during
the audit.
AcDR = Achieved Detection Risk. A measure of the risk that audit evidence for a segment did not detect
misstatement exceeding a tolerable amount, if such misstatements existed. The auditor can reduce
achieved detection risk only by accumulating substantive evidence.

Although research indicated that it is not appropriate to use the formula to calculate achieved audit risk,
the relationships in the formula are valid and should be used in practice.

The formula shows that there are three ways to reduce achieved audit risk to an acceptable level:

 Reduce Inherent Risk. Because inherent risk is assessed by the auditor based on the client’s
circumstances, this assessment is done during planning and is typically not changed unless new
facts are uncovered as the audit progresses.

 Reduce Control Risk. Assessed control risk is affected by the client’s internal controls and the
auditor’s tests of those controls. Auditors can reduce control risk by more extensive tests of
controls if the client has effective controls.

 Reduce Achieved Detection Risk by Increasing Substantive Audit Tests. Auditors reduce
achieved detection risk by accumulating evidence using analytical procedures, substantive tests
of transactions, and tests of details of balances. Additional audit procedures assuming that they
are effective, and larger sample sins both reduce achieved detection risk.

Combining these three factors subjectively to achieve an acceptably low audit risk requires considerable
professional judgment. Some firms develop sophisticated approaches to help their auditors make those
judgments, while other firms leave those decisions to each audit team.

AUDIT RISK IN THE SMALL BUSINESS

The auditor needs to obtain the same level of assurance in order to express an unqualified opinion on
the financial statements of both small and large entities. However, many internal controls which would
be relevant to large entities are not practical in the small business. For example, in small businesses,
accounting procedure may be performed by a few persons who may have both operating and custodial
responsibilities, and therefore segregation of duties may be missing or severely limited.

Inadequate segregation of duties may, in some cases, be offset by a strong management control system
in which owner/manager supervisory controls exist because of direct personal knowledge of the entity
and involvement in transactions. In circumstances where segregation of duties is limited and audit
evidence of supervisory controls is lacking, the audit evidence is necessary to support the auditor’s
opinion of the financial statements may have to be obtained entirely though the performance of
substantive procedures.
CHAPTER 10

1.Which of the following is not among the risk assessment procedures that the auditor should perform in
obtaining an understanding of the entity and its environment, including its internal control?

a. Inquiries of management and others within the entity.

b. Analytical procedures.

c. Observation and inspection.

d. Confirmation

2. In determining others within the entity to whom inquiries' may be directed and the extent of those inquiries,
the auditoy considers what information may be obtained that would help him/her; in identifying risks of
material misstatement. The term "others" does not include the

a. Controller b. In-house legal counsel

b. Internal auditor d. Major supplier of raw materials

2.The audit procedure that may be helpful in identifying the existence of unusual transactions or events, and
amounts, ratios and trends that may indicate matters that have financial statement and audit implications is

a. Inquiries of management b. Observation and inspection

c. Confirmation d. Analytical procedures

4. Observation and inspection procedures that may support inquiries of management and others and also,
provide information about the entity and its environment will involve the following except

a. Visits to entity's premises and plant facilities

b. Walk-throughs

c. Reading minutes of board of directors' meetings

d. Confirmation of account balances.

5.The auditor's understanding of the entity and its environment consists of an understanding of the following
aspects except:
a. Industry, regulatory, and other external factors, including the applicable financial reporting framework.

b. Nature of the entity, including the entity's selection and application of accounting policies.

c. Measurement and review Of the entity's financial performance.

d. Entity's selection and screening process of marketing and production personnel.

6. PSA 315(Clarified) requires . that the auditor should obtain an understanding of relevant industry, regulatory
and other external factors including the applicable financial reporting framework. Which of the following is not
an example of matters relating to regulatory environment that the auditor would usually consider?

a. Regulatory framework for a regulated industry.

b. Legislation and regulation significantly affecting the entity's operation.

 c. Taxation.

d. Product technology relating to the entity's product.

7. PSA 315 (Clarified) requires that the auditor should obtain an understanding of relevant industry, regulatory
and other external factors including the applicable financial reporting framework. Which of the following is not
among the items that relate to industry conditions?

a. Energy, supply and cost

b. Cyclical or seasonal activity

c. Market and competition

d. Inflation and currency revaluation

9.PSA 315 (Clarified) requires that the auditor should obtain an understanding of the entity's selection and
application of accounting policies and consider whether they are appropriate for its business and consistent
with the applicable financial reporting framework and accounting polices used in the relevant industry. The
understanding does not encompass.

a. The methods the entity uses to account for significant and unusual transactions.

b. The effect of significant accounting policies in contractual or emerging areas for which there is lack of
authoritative guidance or consensus.

c. Changes in the entity's accounting policies.

d. Criteria in the selection ofthe company's chief accounting executive.

9. PSA requires that the auditor , should obtain an understanding of the entity's objectives and strategies, and
the related business risks that may result in material misstatement of the financial statements. Which of the
following is not an example of business risks that may have financial consequences and may affect the financial
statements?

a. A contracting customer base due to industry consolidation that may increase the risk of misstatement
associated with the valuation of receivables.

b. Use of new IT.

c. New accounting requirements.

d. Contracting economy.

10.The risk of material financial statement misstatement may be greater when the following conditions exist
except

a. When there is greater management intervention to specify the accounting treatment.

b. When there is greater manual intervention for data collection and processing.

c. Complex calculations or accounting principles is involved.

d. When there is sufficient personnel with appropriate accounting and financial reporting skills.
 CHAPTER 11

RISK ASSESSMENT - PART 1

PHASE I-C.2 CONSIDERATION OF INTERNAL CONTROL in a FINANCIAL STATEMENT AUDIT
Nature and Purpose of Internal Control
One of the most widely accepted concepts in the theory and practice of auditing is the
importance of the client's system of internal control to generate reliable financial
information. If the auditor is convinced that the client as an excellent system of Internal
control, one that includes adequate internal controls for providing reliable data and for
safeguarding assets and records, the amount audit evidence to be accumulated can be
significantly less than when controls are not adequate. In some instances, internal control may
be so inadequate as to preclude conducting an effective audit.
PSA 315 (Clarified) paragraph 4 (c) defines internal control as the process designed and effected
by those charged with governance, management, and other personnel to provide reasonable
assurance about the achievement of the entity's objectives with regard to reliability of financial
reporting, effectiveness and efficiency of operations and compliance with applicable laws and
regulations. It follows that internal control is designed and implemented to address identified
business risks that threaten the achievement of any of these objectives.
Those objectives fall into three categories:
 Reliability of the entity's financial reporting
 Effectiveness and efficiency of operations •
 Compliance with applicable laws and regulations
Whether an entity achieves its objectives relating to financial reporting and compliance is
determined by activities within the entity's control. However, achieving its objectives relating to
operations will den management's decisions but also on competitor's action outside the entity.
INTERNAL CONTROL SYSTEM DEFINED
Internal control system means all the policies and procedures (internal controls) adopted by
the management of an entity to assist in achieving management's objectective of ensuring, as
far as practicable, the orderly and efficient conduct of its business, including adherence to
management policies, the safeguarding of assets, the prevention and detection of fraud and
error, the accuracy and completeness of the accounting records, and the timely preparation of
reliable financial information.
COMPONENTS AND PRINCIPLES OF INTERNAL CONTROL
Internal control structures vary significantly from one company to the next. Factors such as size
of the business, nature of operations, the geographical dispersion of its activities, and
objectives of the organization affect the specific control features of an organization. However,
certain elements or features must be present to have a satisfactory system of control in almost
any large scale organization.
The internal control system extends beyond these matters which relate directly to the functions
of the accounting system and consists of the following components:
a. the control environment;
b. the entity's risk assessment process;
c. the information system, including the related business processes, relevant to financial
reporting, and communication; d. control activities;
e. monitoring of controls.
In 2013, COSO issued the guidance that identifies the five components that support; an
organization in achieving its objectives.

Figure 11-2: Five Components and the Principles Representative of the Fundamental Concepts
Associated with the Component
Components Description Applicable principles

1. Control The collective effect on an 1. Demonstrates a commitment to

Environment entity's board, management and integrity and ethical Environment
owner’s on establishing , management, and owner's on values.
enhancing, or mitigating the establishing, enhancing, or mitigating
effectiveness of specific control the 2. Demonstrates independence of
policies or procedures. The the board of directors effectiveness
control environment sets the of specific control policies from
tone and provides discipline and management and exercises oversight
structure for the or procedures. The control
environment development and
performance of internal control. sets
the tone and provides discipline and
3. Establishes, with board oversight,
structures, reporting structure lines,
and appropriate authorities and
responsibilities in the pursuit of
objectives.
4. Demonstrates a commitment to
attract, develop, and retain
competent individuals in alignment
with objectives.
5. Holds individuals accountable for
their internal control responsibilities
in the pursuit of objectives.
2. Risk Assessment Management's efforts to 6. Specifies objectives with sufficient
identify, analayze and manage clarify to enable the analyze, and
risks pertaining to the manage risks pertaining to
preparation of financial identification and assessment of risks
statements relating to the preparation of
financial statements. objectives.
7. Identifies risks to the achievement
of its objectives across the entity and
analyzes risks as a basis for
determining how the risks should be
managed.
8. Considers the potential for fraud in
assessing risks to the achievement of
objectives. 9. Identifies and assess
changes that could significantly
impact the system of internal control.
3. Control Activities Policies and procedures to 10. Select and develops control
ensure that necessary actions activities that contribute to
are taken to address risks to the the mitigation of risks to the
achievement of preparing achievement of objectives
reliable financial statements.
Control activities pertain to to acceptable levels.
performance physical controls, 11. Selects and develops general
and segregation of duties. control activities over
technology to support the
achievement of objectives.
12. Deploys control activities through
policies that establish
what is expected and in procedures
that put policies
into action
4. Information and The entity's information system . 13. Obtain or generates and uses
Communication and procedures for relevant, quality
communicating matters related information to support the
to the processing of accounting functioning of other
data. This component generates
the financial statements. components of internal control. 14.
Internally communicates information,
including
objectives and responsibilities for
internal control, necessary to support
the functioning of other
components of internal control. 15.
Communicates with external parties
regarding matters
affecting the functioning of other
components of internal
control.
5. Monitoring 16. Selects, develops, and performs
The process an ongoing and/or
entity uses to separate evaluations to ascertain
assess the quality of whether the components of internal
internal control control are present and
over time. functioning. 17. Evaluates and
communicates interal control
deficiencies in a timely manner to
those parties responsible for taking
correction action, including senior
management and the board of
directors, as appropriate

A. Control Environment
The control environment which means the overall attitude, awareness and actions of
directors and management regarding the internal co system and its importance in the entity.
The control environment has an effect on the effectiveness of the specific control procedures.
A strong control environment, for example, one with tight budgetary controls and an
effective internal audit function. can significantly complement specific control procedures.
However, a strong environment does not, by itself, ensure the effectiveness of the internal
control system. Factors reflected m the control environment include:
  The function of the board of directors and its committees;
 Management's philosophy and operating style;
 The entity's organizational structure and methods of assigning authority and
responsibility;
 Management's control system including the internal audit function, personnel policies
and procedures and segregation of duties.
The environment in which internal control operates has an impact on the effectiveness of the
specific control procedures. Several factors comprise the control environment, including:
1. Communication and Enforcement of Integrity and Ethical Values
2. Commitment to Competence
3. Participation by those Charged with Governance
4. Management's Philosophy and Operating Style
5. Organizational Structure
6. Assignment of Authority and Responsibility
7. Human Resources Policies and Procedures

B. Entity's Risk Assessment Process

Risk assessment is the “identification, analysis, and management of risks ne preparation of
financial statements.” For example risk assessment may focus on how the entity considers the
possibility of being recorded or identifies and assesses significant estimates recorded in the
financial statements.
Risks relevant to financial reporting include external and internal events and circumstances that
may occur and adversely affect an entity's ability to initiate, record, process, and report
financial data consistent with the assertions of management in the financial statements. Once
risks are identified, management considers their significance, the likelihood of their occurrence,
and how they should be managed. Risks can arise or change due to circumstances such as the
following:

 Changes in regulatory or operating environment.

 New personnel
 . New or revamped information systems;
 New technology.
 Rapid growth.
 New business models, products, or activities.
 Corporate restructurings, Expanded foreign operations.
 Expanded foreign operations.
 New accounting pronouncements.
The basic concepts of the entity's risk assessment process are relevant to every entity,
regardless of size, but the risk assessment process is likely to be less formal and less structured
in small entities than in larger "ones. All entities should have established financial reporting
objectives, but they may be recognized implicitly rather than explicitly in small entities.
Management may be aware of risks related to these objectives without the use of a formal
process but through direct personal involvement with employees and outside parties.
C. Information System, including the Business Processes relevant to Financial Reporting and
Communication
An information system consists of infrastructure (physical and hardware components),
software, people, procedures, and data. Infrastructure and software will be absent, or have less
significance, in system exclusively or primarily manual. Many information systems make
extensive use of IT.
An information system encompasses methods and records that.
 Identify and record all valid transactions.
 Describe on a timely basis the transactions in sufficient detail to permit proper
classification of transactions for financial reporting.
 Measure the value of transactions in a manner that permits recording their proper
monetary value in the financial statements.
 Determine the time period in which transactions occurred to permit recording of
transactions in the proper accounting period.
 Present properly the transactions and related disclosures in the financial statements.
D. Control Activities
Control activities are the policies and procedures that help ensure that management directives
are carried out, for example, that necessary actions are taken to address risks that threaten the
achievement of the entity's objectives. Control activities, whether within IT or manual systems,
have various objectives and are applied at various organizational and functional levels.
The major categories of control procedures are:
A. Performance Review
B. Information Processing Controls
(1) Segregation of duties (2) Adequate documents and records (3) Safeguards over access to
assets; and
(4) Independent checks on performance
C. Physical controls (e.g., secured facilities over access to assets and records, authorization for
access tom computer programs and data files)
E. Monitoring of Controls
Monitoring, the final component of internal control, is the process that an entity uses to assess
the quality of internal control over time. Monitoring involves assessing the design and
operation of controls on a timely basis and taking corrective action as necessary. Management
monitors controls to consider whether they are operating as intended and to modify them as
appropriate for changes in conditions.
Some monitoring activities may include communications from external parties. For example,
customers implicitly corroborate sales data by paying their bills or raising questions. Also, bank
regulators, other regulators, and outside auditors may communicate about the design or
effectiveness of internal control.
OBJECTIVE OF THE STUDY OF INTERNAL CONTROL
The auditor should obtain an understanding of the accounting and internal control systems
sufficient to plan the, audit and develop an effective audit approach. The auditor should use
professional judgment to assess audit risk and to design audit procedures to ensure it is
reduced to an acceptably low level. The auditor's understanding of their client's internal control
provides therefore a basis both to (1) plan the audit, and (2) assess control risk.
Figure 11-2 presents a summary of how an auditor considers internal control in planning an
audit.
In assessing control risk, an auditor must consider the design of controls, whether they have
been placed in operation, and, if they are in use, their effectiveness.
a. To assess control risk below maximum, an auditor should identify, relevant to each assertion,
the specific controls that are likely to prevent or detect material misstatements in those
assertions.
b. To evaluate the effectiveness of controls that have been placed in operation, the auditor
performs tests to determine that they are being applied. This is not required in obtaining an
understanding of internal control to plan an audit.

Documentation of Understanding
The auditor should document the understanding of the entity's internal control structure
elements obtained to plan the audit. The form and extent of this documentation is influenced
by the size and complexity of the entity, as well as the nature of the entity's internal control
structure. For example, documentation of the understanding of the internal control structure of
a large complex entity may include flowcharts, questionnaires, or decision tables. For a small
entity, however, documentation in the form of a memorandum may be sufficient. Generally,
the more complex the internal control structure and the more extensive the procedures
performed, the more extensive the auditor's documentation should be.
1. Internal Accounting Control Questionnaire
Internal accounting control questionnaire contains a series of questions designed to detect
control weaknesses. Most questionnaires are designed to yield "yes", "no", or "not applicable”
answers to the questions. A "yes" answer generally indicates a satisfactory degree of internal
accounting control while a “no” answer indicates a possible weakness in control or at least
indicates that further investigation is required. When negative answers do indicate a weakness
in a control, they should be completed on a separate weakness investigation work sheet. There
should be a description of the possible effects of the weakness and indication whether such
effects could lead to material errors. If the weakness is material, then it should be reported to a
senior management, the board of directors, and the audit committee. “Material weakness is
one in which the procedures or degree of compliance with the procedures fail to provide
reasonable assurance that material errors or irregularities would be prevented or promptly
detected during the accounting process."
In completing the internal control questionnaire, the auditor should consider the following
critical aspects:
1) Is the system of internal control sound?
2) If it is not reliable, what errors might occur?
3) What alternative audit procedures should be adopted if the system is unreliable?
Advantages
1. They provide audit assuran provide audit assurance that attention is given to presence are
absence of all controls listed and that certain features of the system not overlooked.
2. They provide a means of obtaining uniform documentation internal control system reviewed.
3. They provide inexperienced audit staff members with guidance in performing internal control
reviews.
4. They facilitate the early detection of potential weaknesses in the system.
Disadvantages
1. Auditor may view the questionnaire device for accomplishing an automatic evaluation of
internal control.
2. Controls listed on questionnaires may not suit the particular circumstances of a specific
audit.
3. The auditor may overlook pertinent control not included in the questionnaires.
2. Flowcharts
Flowchart is a symbolic diagram of a specific part of an internal accounting control system
indicating the sequential flow of data and/or authority. An internal control flowchart uses
standardized symbols, interconnecting lines, and annotations to represent information,
documents, and document flow. It provides a pictorial overview of a client's internal control
activities. It illustrates the interaction of individuals, records, and controls related to a particular
department or class of transactions. Internal control flowcharts generally reflect the
segregation of duties by using a column across the top to reflect different departments and the
How of documents from left to right. A properly prepared flowchart should reflect all
operations, movement, delays and filing procedures associated w whatever is being charted
and should also indicate the conversion of source document into accounting information - for
example, ledger, journal computer-generated document.
Flowcharts have several advantages over other methods of documentation:
1. Easily understood. Since flowcharts provide a visual description supplemented by a written
narrative, they are more easily understood.
2. Better overall picture or complex system. A complex system may be reduced to a one or two-
page flowchart which might otherwise require
a 15-page internal control questionnaire or a 10-page narrative memo.
3. Parallels EDP documentation. EDP systems are commonly documented with flowcharts which
make it easier for EDP purchase personnel to relate to the auditors.
4. It is easy to update.
Disadvantages in using flowcharts include:
1. Higher level of knowledge and training are required to prepare a good flowchart of a complex
system.
2. Flowcharts take more time to prepare and require more knowledge.
3. It is more difficult to spot internal control weakness.
As a general rule, flowcharts are prepared to be read from the upper lefthand comer of a page
to the bottom right-hand comer. The flow of information across and downward' should be self-
explanatory and should indicate the source and final disposition of each item. Subroutine or
secondary information should be recorded on supplementary or supporting flowcharts to avoid
cluttered presentation.
The following questions should be answered before a flowchart is prepared:
1) Who performs the various functions in the routine? 2) Why are these functions performed?
3) What work is performed, and is the work considered input or output?
4) When are the functions performed and in what sequence?
5) How are the functions performed and in what sequence?
Conference with senior management, supervisors above checklist should be conducted by the
independent flowcharting a routine. In addition, copies of all forms, documents and reports
used in the routine to be flowcharted should be obtained.
primary purpose of the internal control flowchart is to communicate effectively.
The following techniques should assist in meeting this goal:
Standardized symbols. Auditors use a uniform set of symbols developed by the American
National Standards Institute (ANSI).
Flowlines. The flow of documents should be from top to bottom and left to right. Arrowheads
may be used on all lines and should be used when the flow is not standard or is bi-directional.
Documents. When a document is created, its source should be indicated. Multiple-document
symbols are required when multiple copies of the document are prepared. The disposition of
every copy of each document should be shown.
Processing. Processing symbols are used to identify any procedures applied to documents, such
as their being filed.
Annotations. Comments and explanations should be used to make the flowchart easier to
understand or more complete.
Flowcharting is an art, and therefore, different individuals may prepare different flowcharts for
any given situation. The critical factor is that flowcharts should clearly represent a system. The
following guidelines may be useful in preparing a flowchart:
1. Determine the class of transactions or transaction cycle to be flowcharted.
2. Obtain an understanding of internal control by making inquiries of client personnel,
observing employee activities, and examining documents, records, and policies and procedures
manuals.
3. Organize the flowchart into columns, using a different column for each department, function,
or individual. Draw a sketch of the flowchart.
4. Draw the flowchart and insert comments and annotations.
5. Test the flowchart for completeness by following a few transactions through the chart.

3. Narrative Description
A narrative is a written description of a particular phase or phases or a control system Although
useful for describing simple systems, narratives may be adequate when a system is complicated
or frequently revised. If the systems are' extensive and/or complex, separate narratives may be
prepared for smaller groups of controls which relate to specific classes of transactions or
accounts. Some auditors prepare narrative descriptions to accompany internal control
questionnaires or flowcharts in order to provide information not otherwise included.
Figure 11-5 is an example of a written narrative, describing a segment of a sales accounting
system.
Advantages
1. Narrative is flexible and may be tailor-made for engagement.
2. Requires a detailed analysis and thus forces auditor to understand functioning of the system.
Disadvantages
1. Auditor may not have the ability to describe the system correctly and concisely.
2. This may require more time and careful study.
3. Auditor may overlook important portions of internal control system.
4. A poorly written internal accounting control narrative can lead to a misunderstanding of the
system thus resulting in the improper design and application of compliance tests.
4. Internal Control Checklist
This contains a detailed enumeration of the methods and practices which characterize good
internal control or of item to be considered in reviewing internal control.
The checklist basically provides only a guide to review the internal control of the auditee and
does not represent a record of the auditor's findings. In most cases therefore, this tool is used
together with the narrative approach.
5. Decision Tables
In this approach, the system is depicted as decision points. Advantages and disadvantages are
similar to those of the flowchart approach.

Figure 11-3: Internal Control Questionnaire

• What are the significant judgment areas (reserves, contingencies, asset values, note
disclosures) that affect the current-year financial statements? What considerations were
involved in resolving these judgement matters? What is the range of potential impact on future
reported financial results?
• what issues or concerns exist that could adversely affect the future operations and /
financial condition of the company? What is management's plan to deal with these future risks?
• What is the overall quality of the company's financial reporting, including the
appropriateness of important accounting principles followed by the company?
• What is the range of acceptable accounting choices the company has available to it?
• Were there any significant changes in accounting policies, or in the application of
accounting principles during the year? If yes, why were the changes made and what impact did
the changes have on earnings per share (EPIS) or other key financial measures?
• Were there any significant changes in accounting estimates, or modules used in making
accounting estimates during the year? If yes, why were the changes made and what impact did
the changes have an earnings per share (EPS) or other key financial measures?
• Are there any instances where the company may be thought of as pushing the limits of
revenue recognition? If so, what is the rationale for the treatment chosen?
• Have similar transactions and events been treated in a consistent manner across
divisions of the company and across countries in which the company operates? If not, what are
the exceptions and reasons for them?
• Do the accounting choices made reflect the economic substance of transactions and the
strategic management of the business? If not, where are the exception and why do they exist?
• To what extent are the financial reporting choices consistent with the manner in which
the company measures its progress toward achieving its mission internally? If not, what are the
differences?
• How do the significant accounting principles used by the company compare with leading
companies in the industry, or with other companies that are considered leaders in financial
disclosure? What is the rationale for any differences?
• Has there been any instance where short-run reporting objective (e.g., achieving a profit
objective or meeting bonus or stock option requirements) were allowed to influence
accounting choices? If yes, what choices were made and why?

Figure 11-4 Flowcharting Symbols

Basic Symbols
Input/Output
-Indicates the input or output of information. Can be used in place of the document
symbol when a document
Process
-Operation(s) causing the information to change in some manner without manual
assistance (e.g., update of master payroll records or preparation of payroll checks in
computerized payroll system).
Cross Flow Lines
-If flow lines cross, they are not related
Annotation
-For the addition of comments. May be connected to a symbol of a flow line.

Input / Output Symbols

The following specialized symbols may indicate an input/output function as well as the medium
for recording of the means of handling information. When appropriate specialized symbols
exist, they are used instead of the basic symbols.

Punched Card
-Using any kind of punched card in an input/output
function.
Card Deck
-A deck of punched cards.
On-line Storage
-Using some sort of on-line storage (e.g., payroll transaction tape loaded on a tape drive
under the control of a central processing unit) in an input-output function.
Input/Output Symbols

Off-line Storage
-Storage of information or documents. The method of storage may be indicated inside
the symbol (e.g., date, number)
Magnetic Tape
-Using magnetic disc in an input/output function.
Magnetic Disc
-Using magnetic disc in an input/output function.
Punched Tape
-Using punched paper tape in an input/output function.
document
-For example, sales invoice, purchase order, check, remittance advice.
Transmittal Tape
-Adding machine tape proof, or similar batch control information.
Decision
-An operation to determine tape proof, or similar batch control information.
Manual operation
-The processing of data in a system by manual techniques.
Auxiliary Operation
-An operation done on equipment that is not controlled by a computer (e.g., card file
sort by customer number)
Decision
-The entry or exit position in a system. Can be used to designate an organization,
function, or person.
Decision
-Exit to, or entry from, another part of the flowchart on the same page. Use letters
inside symbol to match entry and exit points.
Off-page Connector
-Exit to, or entry from, another page of the same flowchart, indicate page number and
letter reference inside the symbol.
Figure 11-5
Example of a Narrative Description o a Segment of a Sales Accounting System

The shipping department based on an approved sales order prepares a three-copy shipping
document when a shipment is made. The distribution of the document is as follows:
1. Sent to customer with goods as a packing siip. 2. Forwarded to billing department.
3. Forwarded to accounts receivable recording. The sales order is filed numerically. The billing
department users the shipping document to prepare a two-copy sales invoice with the
following distribution:
1. 2.
Sent to customer. Forwarded to accounts receivable recordkeeping. The shipping document is
filed numerically.
The accounts receivable recordkeeping function periodically matches sales invoices and
shipping documents received.
1. Matched sales invoices are posted to accounts receivable detail
Matched sales invoices and shipping documents are filed alphabetically by customer name.

HOW ADEQUACY OR INADEQUACY OF INTERNAL CONTROL AFFECTS AUDIT PROCEDURES

The primary reason for studying and evaluating internal control is to provide a basis for relying
upon the system and for determining the extent of year-end substantive tests to be performed.
There is an inverse relationship between the effectiveness of internal control and the extent of
detailed audit procedures; more effective systems require less detailed testing. Strengths and
weaknesses identified during the evaluation of internal accounting control and tests of
compliance will affect the nature, timing, and extent of audit procedures.
It should be remembered that the purpose of an audit engagement is to determine whether
the financial statements are fairly presented in accordance with financial reporting standards.
The audit is not specifically designed to search for errors or irregularities, although during the
study and evaluation of internal accounting control system and the performance of substantive
tests, errors or irregularities may be discovered. The auditor must consider the audit
implication when errors or irregularities are likely to exist. Initially, discussion with
management personnel may be made. If it appears that material errors and irregularities could
occur, this fact must be communicated to the board of directors.
Furthermore, if additional evidence indicates that theme are irregularities which may materially
affect the financial statements, it may be appropriate for the auditor to:
1) qualify his opinion or disclaim an opinion based on an uncertainty
conditions and/or 2) consider withdrawing from the engagement and notifying the board of
directors in writing the reason for the withdrawal.
COMMUNICATION OF PERFORMANCE, IMPROVEMENTS AND OBSERVATIONS IN INTERNAL
CONTROL TO MANAGEMENT
As a result of obtaining an understanding of the accounting and internal control systems and
tests of control, the auditor may become aware of weaknesses in the systems. The auditor
should make management aware, as soon as practical and at an appropriate level of
responsibility, of material weaknesses in the design or operation of the accounting and internal
control systems, which have come to the auditor's attention. The communication to
management of material weaknesses would ordinarily be in writing. However, if the auditor
judges that oral communication is appropriate, such communication would be documented in
the audit working papers. It is important to indicate in the communication that only
weaknesses which have come to the auditor's attention as a result of the audit have been
reported and that the examination has not been designed to determine the adequacy of
internal control for management purposes.
The auditor's purpose of evaluating the prescribed control procedures is to plan substantial
tests that will be effective in detecting the types of errors or irregularities that are possible in
the circumstances. However, this information may also be used by auditors as a basis for
making constructive suggestions to clients concerning improvements in internal control.
Management letter may be made that will contain constructive suggestions or improvements in
internal control or other suggestions for increased efficiency in operations. This letter IS
considered a by product rather than the aim of the audit and IS often completed sometime
after the completion of field work.
If however, the auditor identifies material weaknesses; he has a professional responsibility to
communicate them to both senior management and the board of directors. The auditor should
issue a written report at the earliest possible that it is documented in the work papers.
Auditing standards identify conditions that an auditor may find during that must be reported to
the audit committee or its equivalent.
Reportable Conditions
Specifically, these are matters coming to the auditor's attention that in h judgment, should be
communicated to the audit committee because the represent significant deficiencies in the
design or operation of the internal structure, which could adversely affect the organization's
ability to record process, summarize, and report financial data consistent with the assertions of
management in the financial statements. Examples of reportable conditions are as follows:
Deficiencies in internal control structure design.
Inadequate overall internal control structure design Absence of appropriate segregation of
duties consistent with appropriate control objectives Absence of appropriate reviews and
approvals of transactions, accounting entries, or systems output Inadequate procedures for
appropriately assessing and applying accounting principles
Failures in the operation of the internal control structure
Evidence of failure of identified controls in preventing or detecting misstatements of
accounting information Evidence that a system fails to provide complete and accurate output
consistent with the entity's control objectives because of the misapplication of control
procedures Evidence of failure to safeguard assets from loss, damage or misappropriation
Others
Absence of a sufficient level of control consciousness within the organization Failure to follow
up and correct previously identified internal control structure deficiencies

Reporting - Form and Content

Conditions noted by the auditor that are considered reportable under this section or that are
the result of agreement with the client should be reported, preferably in writing if information
is communicated orally, the auditor should document the communication by appropriate
memoranda or notations in the working papers.
The report should state that the communication is intended solely for the information and the
use of the audit committee, management, and others within the organization. When there are
requirements established by governmental authorities to furnish such reports, specific
reference to such regulatory authorities may be made.
Any report issued on reportable conditions should –
Indicate that the purpose of the audit was to report on the financial
Include the definition of reportable conditions. Include the restriction on distribution as
discussed in the previous paragraph
If reportable condition is of such magnitude as to be a material weakness, the report can
identify it separately as a material weakness. Figure 11.8 presents a sample letter on reportable
conditions.

Figure 11-8: Sample Reportable Conditions Letter

Dear Audit Committee Members:
In planning and performing our audit of financial statements of the Mahartika Company for the
year ended December 31, 2013, we considered internal control in order to determine our
auditing procedures for the purpose of expressing our opinion on the financial statements and
not to provide assurance on internal control. However, we noted certain matters involving
internal control and its operations that we consider to be a reportable condition under
standards established by the Auditing Standards and Practices Council. Reportable conditions
involve matters coming to our attention relating to signicant deficiencies in the design or
operation of internal control that, in our judgment, could adversely affect the organization's
ability to record process, summarize, and report financial data consistent with the assertions of
management in the financial statements
Prenumbered sales invoices are not accounted for to ascertain that all sales are recorded As a
result sales could be omitted from the sales journal which would affect both sales and accounts
receivable. This matter is significant because of the significance of the average size of the
Company's sales.
This report is intended solely for the information and use of the audit committee management,
and others within the Mahartika Company.
Sincerely,
Cabrera and Cabrera, CPAS
If no reportable conditions are found, an auditor may not issue a letter stating that. Şuch a
letter may mislead users by implying a greater level of assurance about the lack of any
significant deficiencies than the auditor could really provide. However, an auditor may issue a
letter indicating that no material weaknesses were found during the course of an audit.
Maný auditors write management letters to clients. Not required by auditing standards, such
letters contain suggestions for improving operations and internal control. Internal control
matters covered may include reportable conditions that have been communicated to the audit
committee as well as matters not significant enough to be included in the letter on reportable
condition.
Chapter 11

1. The primary purpose for obtaining an understanding of an audit client's internal control structure is to:

a. provide a basis for making constructive suggestions in a management letter.

b. determine the nature, timing, and extent of tests to be performed in the audit

c. obtain sufficient competent evidential matter to afford a reasonable basis for an Opinion on the financial
statements under examination.

d. provide information for a communication of internal control structure-related matters to management.

2. Which of the following can an auditor observe as a general control procedure used by companies?

a. Segregation of functional responsibilities.

b. Management philosophy and operating cycle.

c. Open lines of communication to the audit committee of the board of directors.

d. External influences such as bank examiner audits.

3. A client's control procedure is:

a. an action taken by auditors to obtain evidence.

b. an action taken by client personnel for the purpose of preventing, detecting, and correcting errors and
irregularities in transactions.

c. a method for recording, summarizing and reporting financial information

d. the functioning of the board of directors in support of its audit committee.

4. The control objective designed to reduce the probability that fictitious transactions get recorded in the
accounts is:

a. completeness c. proper period

b. authorization d. validity

5. The control objective designed to reduce the probability that a credit sale transaction will get debited to cash
instead of accounts receivable is:

a. validity c. accuracy

b. Classification d. completeness
6. In most audits of large companies, internal control risk assessment contributes to audit efficiency, which
means:

a. the cost of year-end audit work will exceed the cost of control evaluation work.

b. auditors will be able to reduce the cost of year-end audit work by an amount more than the control
evaluation costs.

c. the cost of control evaluation work will exceed the cost of year-end audit work.

d. auditors will be able to reduce the cost of year-end audit work by an amount less than the control
evaluation costs.

7. Which of the following is a device designed to help the audit team obtain evidence. about the control
environment and about the accounting and control procedures of an audit client?

a. A narrative memorandum describing the control system.

b. An internal control questionnaire

c. A flowchart of the documents and procedures used by the company.

d. A well- indexed file of working papers.

8. During consideration of the internal control system in a financial statement audit, an auditor is not obligated
to

a. search for significant deficiencies in the operation of the internal control system.

b. understand the internal control environment and the accounting system.

c. determine whether the control procedures relevant to the audit planning have been placed in operation
perform

d. procedures in order to understand the design of the internal control policies.

9. The primary objective of procedures performed to obtain an understanding of the internal control system is
to provide an auditor with

a. evidential matter to use in reducing detection risk;

b. knowledge necessary to plan the audit.

c. a basis from which to modify tests of controls.

d. information necessary to prepare flowchart.

10. Which of the following is not a reason an auditor should obtain an understanding of the elements of an
entity's internal control system in planning an audit?

a. To identify types of potential misstatements that can occur.

b. To design substantive tests

c. To consider the operating effectiveness of the internal controls.

d. To consider factors that affect the risk of material misstatements.

11.When control risk is assessed-at the maximum level for all financial statement assertions, an auditor should
document the auditor's

Understanding of the Conclusion that Basis for concluding

entity's internal control risk is at the that control risk is at
control elements maximum level the maximum level

12.

a. Yes No No

b. Yes Yes No

c. No Yes Yes

d. Yes Yes Yes

12. After obtaining an understanding of an entity's internal control system, an auditor may assess control risk at
the maximum level for some assertions because the auditor

a. believes the internal control policies and procedures are unlikely to be effective.

b. determines that the pertinent internal control system elements are not well documented.

c. performs tests of controls to restrict detection risk to an acceptable

d. identities internal control policies and procedures that are likely to prevent material misstatements.

13. After obtaining an understanding of an entity's internal control system and assessing control risk, an auditor
next may

a. perform tests of controls to verify management's assertions that are embodied In the financial
statements.

b. consider whether evidential matter is available to support a further reduction in the assessed level of
control risk.

c. apply analytical procedures as substantive tests to validate the assessed level of control risk.

d. evaluate whether the internal control system policies and procedures detected, material misstatements in
the financial statements.

14. The objective of tests of details of transactions performed as tests of controls is to

a. detect material misstatements in the account balances of the financial statements.

b. evaluate whether an internal control system policy or procedure operated effectively.

c. determine the nature, timing, and extent of substantive tests for financial statement assertions.

d. reduce control risk, inherent risk; and detection risk to an acceptably low level.
15. An auditor uses the knowledge provided by the understanding of the internal control system and the
assessed level of control risk primarily to

a. determine whether procedures and records concerning the safeguarding of assets are reliable.

b. ascertain-whetner the opportunities to allow any person to both perpetrate and conceal irregularities are
minimized.

c. modify the initial assessments of inherent risk and preliminary judgments about materiality levels.

d. determine the nature, timing, and extent of substantive tests for financial statement assertions.

16. In a study and evaluation of the control system policies and procedures, the completion of a questionnaire is
most closely associated with which of the following?

a. Tests of controls

b. Substantive tests

c. Obtaining an initial understanding of the system.

d. Review of the system design.

17. A weakness in internal control over recording retirements of equipment may cause an auditor to

a. trace additions to the "other assets" account to search of equipment that is still on hand but no longer
being used s

b. select certain items of equipment from the accounting records and locate them In the plant.

c. inspect certain items of equipment in the plant and trace those items to the accounting records.

d. review the subsidiary ledger to ascertain whether depreciation was taken on each item of equipment
during the year.

18. Reportable conditions are matters that come to an auditor's attention that should be communicated to an
entity's audit committee because they represent

a. material irregularities or illegal acts perpetrated by high-level management.

b. significant deficiencies in the design or operation of the internal control system.

c. flagrant violations of the entity' s documented conflict-of-interest policies.

d. intentional attempts by client personnel to limit the scope of the auditor's field work.

19. Miles Retailing, Inc., maintains a staff of three full-time internal auditors who report directly to the
controller. In planning to use the internal auditors to provide assistance in performing the audit, the
independent auditor most likely will

a. place limited reliance on the work performed by the internal auditors.

b. decrease the extent of the tests of controls needed to support the assessed level of detection risk.

c. increase the extent of the procedures needed to reduce control risk to an acceptable level.

d. avoid using the work performed by the internal auditors

20. In developing a preliminary audit strategy, an auditor should consider

a. whether the allowance for sampling risk exceeds the achieved upper precision limit.

b. findings from substantive tests performed at interim dates.

c. whether the inquiry of the client's attorney identifies any litigation, claims, or assessments not disclosed
in the financial statements.

d. the planned assessed level of control risk.

21. Which of the following statements describes why a properly designed and executed audit may not detect a
material irregularity?

a. Audit procedures that are effective for detecting an unintentional misstatement may be ineffective for
an intentional misstatement that IS concealed through collusion.

b. An audit is designed to provide reasonable assurance of detecting material errors, but there is no similar
responsibility concerning material irregularities.

c. The factors considered in assessing control risk indicated an increased risk of intentional misstatements,
but only a low risk of unintentional errors in the financial statements.

d. The auditor did not consider the factors influencing audit risk for account balances that have effects
pervasive to the financial statements taken as a whole.

22.When an auditor increases the planned assessed level of control risk because certain control procedures
were determined to be ineffective, the auditor would most likely increase the

a. extent of tests of details b. level of inherent risk

c. extent of tests of controls d. level of detection risk

23. An auditor's primary consideration regarding an entity's internal control system policies and procedures is
whether the policies and procedures

a. affect the financial statement assertions.

b. prevent management override.

c. relate to the control environment.

d. reflect management's philosophy and operating style.

24. When there are numerous property and equipment transactions during the year, an auditor who plans to
assess control risk at a low level usually performs

a. analytical procedures for property and equipment balances at the end

b. tests of controls and extensive tests of property and equipment balances at the end of the year.

c. analytical procedures for the current year propelty and equipment transactions.

d. tests of controls and limited tests of current year property and equipment transactions.
25. When an auditor assesses control risk below the maximum level, the auditor is required to document his or
her

Basis for understanding that Understanding of the entity 's

control risk is below the internal control system elements
maximum level

a. No No

b. Yes Yes

c. Yes No

d. No Yes

26. An auditor most likely would review an entity's periodic accounting for the numerical sequence of shipping
documents and invoices to support management's financial statement assertion of

a. Existence c. rights and obligations

b. valuation d. completeness

27.An advantage of using internal control flowcharts instead of internal control 'questionnaires to document
information about internal control is that flowcharts

a. identify internal control weaknesses more prominently.

b. provide a visual depiction of clients' activities.

c. indicate whether control procedures are operating effectively.

d. reduce the need to observe clients employees performing routine; tasks.

28. Which of the following audit techniques most likely would provide an auditor with the greatest assurance
about the effectiveness, of the operation of an internal control procedure?

a. Confirmation with outside parties.

b. Inquiry of client personnel.

c. Recomputation Of account balance amounts.

d. Observation of client personnel.

CHAPTER 12

FRAUD AND ERROR

INTRODUCTION

PSA 240, "The Auditor's Responsibility to Consider Fraud in an Audit of Financial Statements" establishes
standards and provides guidance on the auditor's responsibilities relating to fraud and error in the audit
of financial statements. It discusses the audit procedures that the auditor should perform when he
suspects or when he determines, that fraud or error has occurred.

Characteristics of Fraud

Misstatements in the financial statements can arise from either fraud or error. The distinguishing factor
between fraud and error is whether the underlying action that results in the misstatement of the
financial statements is intentional com unintentional

Two types of intentional misstatements are relevant to the auditor (1) misstatements resulting from
fraudulent financial reporting and (2) misstatements resulting from misappropriation of assets. Although
the auditor may suspect or in rare cases, identify the occurrence of fraud, the auditor does not make
legal determinations of whether fraud has actually occurred. Fraud, whether fraudulent financial
reporting or misappropriation of assets, involves incentive or pressure to commit fraud, a perceived
opportunity to do so and some rationalization of the act.

Fraudulent Financial Reporting

Fraudulent financial reporting involves intentional misstatements including omissions of amounts or

disclosures in financial statements to deceive financial statement users. It can be caused by the efforts
of management to manage earnings in order to deceive financial statement users by influencing their
perceptions as to the entity's performance and profitability. Such a situation could occur when, due to
pressures to meet market expectations or a desire to maximize compensation based on performance,
management intentionally takes positions that lead to fraudulent financial reporting by materially
misstated the financial statements. In some entities, management may be motivated to reduce earnings
by a material amount to minimize tax or inflate earnings to secure bank financing

Fraudulent financial reporting may be accomplished by the following:

  Manipulation, falsification (including forgery), or alteration of accounting records or supporting
documentation from which the financial statements are prepared

 Misrepresentation in, or intentional omission from the financial statements of events,

transactions or other significant information

 Intentional misapplication of accounting principles relating to amounts,classification, manner of

presentation, or disclosure

Fraudulent financial reporting often involves management override of controls that otherwise may
appear to be operating effectively. Fraud can be committed by management overriding controls using
such techniques as:

 Recording fictitious journal entries, particularly close to the end of an accounting period, to
manipulate operating results or achieve other objectives

 Inappropriately adjusting assumptions and changing judgments used to estimate account

balances.

 Omitting, advancing or delaying recognition in the financial statements of events and

transactions that have occurred during the reporting period.

Misappropriation of Assets

Misappropriation of assets involves the theft of an entity's assets and is often perpetrated by employees
in relatively small and immaterial amounts. However, it can also involve management who are usually
more able to disguise or conceal misappropriations in ways that are difficult to detect. Misappropriation
of assets can be accompanied in a variety of ways including:

 Embezzling receipts (for example, misappropriating collections on accounts receivable or

diverting receipts in respect of written-off accounts to personal bank accounts).

 Stealing physical assets or intellectual property (for example, stealing inventory for personal use
or for sale, stealing scrap for resale, colluding with a competitor by disclosing technological data
in return for payment).

Misappropriation of assets is often accompanied by false or misleading re or documents in order to

conceal the fact that the assets are missing or have s pledged without proper authorization
Responsibility for the Prevention and Detection of Fraud

The primary responsibility for the prevention and detection of fraud rests both those charged with
governance of the entity and management.

This involves a commitment to creating a culture of honesty and ethical behavior which can be
reinforced by an active oversight by those charged with governance.

Responsibilities of the Auditor

An auditor conducting an audit in accordance with PSAs is responsible for obtaining reasonable
assurance that the financial statements taken as a whole are free from material misstatement, whether
caused by fraud or error.

Risk Assessment

In planning the audit, the auditor should assess the risk that fraud and error may cause the financial
statements to contain material misstatements and should inquire of management as to any fraud or
significant error which has been discovered

In addition to weaknesses in the design of the accounting and internal control systems and
noncompliance with identified internal controls, conditions or events which increase the risk of fraud
and error include:

 Questions with respect to the integrity or competence of management.

 Unusual pressures within or on an entity. .

 Unusual transactions.

 Problems in obtaining sufficient appropriate audit evidence.

Examples of these conditions or events are set out in the Appendix to PSA 240.

Detection

Based on the risk assessment, the auditor should design audit procedures to obtain reasonable
assurance that misstatements arising from fraud and error that are material to the financial statements
taken as a whole are detected.

The likelihood of detecting errors ordinarily is higher than that of detecting frauds since fraud is
ordinarily accompanied by acts specifically designed to conceal its existence.
Whether the auditor has adhered to these principles and procedures is determined by the adequacy of
the audit procedures undertaken in the circumstances and the suitability of the auditor's report based
on the results of those audit procedures.

Inherent Limitations of an Audit

An audit is subject to the unavoidable risk that some material misstatements of the financial statements
will not be detected, even though the audit is properly planned and performed in accordance with PSA.

The risk of not detecting a material misstatement resulting from fraud is higher than the risk of not
detecting a material misstatement resulting from error, because fraud ordinarily involves acts designed
to conceal it such as collusion, forgery, deliberate failure to record transactions, or intentional
misrepresentations being made to the auditor.

The auditor should plan and perform the audit with an attitude of professional skepticism, recognizing
that conditions or events may be found that indicate that fraud or error may exist.

Examples of Fraud Risk Factors

Risk Factors Relating to Misstatement Resulting to Fraudulent Financial Reporting

A. Incentives Pressures

1. Threatened financial stability or profitability brought about by economic, industry or entity operating
conditions such as

(a) High degree of competition or market saturation, accompanied by declining margins

(b) High vulnerability to rapid changes, such as changes in technology, product obsolescence, or
interest rates.

(c) Significant declines in customer demand and increasing business failures in either the
industry or overall economy.

2. Excessive pressure from management to meet the requirements or expectations of third parties due to
the following:

(a) Profitability or trend level expectations of investment analysts, institutional investors,

significant creditors, or other external parties (particularly expectations that are unduly aggressive or
unrealistic), including expectations created by management in for example, overly optimistic press
releases or annual report messages
 (b) Need to obtain additional debt or equity financing to stay competitive -- including financing
of major research and development or capital expenditures.

3 Threatened personal financial situation of management or those charged with governance relative to
the entity's financial performance due to

(a) Significant financial interests in the entity.

(b) Personal guarantees of debts of the entity.

B. Opportunities

1. Nature of the industry or the entity's operations provides opportunities to engage in fraudulent
financial reporting that can arise from

(a) A strong financial presence or ability to dominate a certain industry sector that allows the
entity to dictate terms or conditions to suppliers or customers that may result in inappropriate or non-
arm's length transactions

(b) Assets, liabilities, revenues or expenses based on significant estimates that involve subjective
judgments or uncertainties that are difficult to corroborate.

(c) Significant, unusual, or highly complex transactions, especially those close to period end that
pose difficult "substance over form" estions. Significant operations located or conducted across
international borders in jurisdictions where differing business environments and cultures exist.

2. Ineffective monitoring of management due to

(a) Domination of management by a single person or small group (in a non owner-managed
business) without compensating controls.

(b) Oversight by those charged with governance over the financial reporting process and
internal control is not effective.

3. Complex and unstable organizational structure as evidenced by

(a) Difficulty in determining the organization or individuals that have controlling interest in the
entity.

(b) Overly complex organizational structure involving unusual legal entities or managerial lines
of authority.

(c) High turnover of senior management, legal counsel, or those charged with governance.

4. Deficiency in internal control components resulting from

 (a) Inadequate monitoring of controls, including automated controls and controls over interim
financial reporting (where external reporting is required).

(b) High turnover rates or employment of accounting, internal audit. or information technology
staff that are not effective.

(c) Accounting and information systems that are not effective, including situations involving
material weaknesses in internal control

C. Attitudes and Rationalizations

1. Communication, implementation, support, or enforcement of the entity's values or ethical standards

by management, or the communication of inappropriate values or ethical standards, that are nor
effective.

2. Excessive interest by management in maintaining or increasing the entity's stock price or earnings
trend,

3. The practice by management of committing to analysts, creditors, and other third parties to achieve
aggressive or unrealistic forecasts.

4. Management failing to correct known material weaknesses in internal control on a timely basis.

5. An interest by management in employing inappropriate means to minimize reported earnings for tax-
motivated reasons.

Risk Factors Arising from Misstatements Resulting to Misappropriation of Assets

A. Incentives / Pressures

1. Personal financial obligations may create pressure on management or employees with access to cash
or other assets susceptible to theft to misappropriate those assets.

2. Adverse relationships between the entity and employees with access to cash or other assets
susceptible to theft may motivate those employees to misappropriate those assets. For example, adverse
relationships may be created by the following:

(a) Known or anticipated future employee layoffs.

(b) Recent or anticipated changes to employee compensation or benefit plans

(c) Promotions, compensation, or other rewards inconsistent with expectations.

B. Opportunities
1. Certain characteristics or circumstances susceptibility of assets to misappropriation. For example,
opportunities to misappropriate assets increase when

(a) large amounts of cash on hand or processed. may increase the

(b) inventory items that are small in size, of high value, or in high demand.

(c) fixed assets which are small in size, marketable, or lacking observable identification of ownership.

2. Inadequate internal control over susceptibility of misappropriation of those assets. For example, assets
may increase the misappropriation of assets may occur because there is:

(a) Inadequate segregation of duties or independent checks.

(b) Inadequate oversight of senior management expenditures, such as travel and other reimbursements

(c) Inadequate management oversight of employees responsible for assets, for example, inadequate
supervision or monitoring of remote locations.

C. Attitudes / Rationalizations

1. Disregard for internal control over misappropriation of assets by overriding existing controls or by
failing to correct known internal control deficiencies.

2. Behavior indicating displeasure or dissatisfaction with the entity or its treatment of the employee.

3. Tolerance of petty theft.

PROCEDURES WHEN SUSPECTED ERRORS OR IRREGULARITIES ARE SUSPECTED

When an auditor detects factors that increase audit risk at the financial statement level he or she should
respond to such elevated risk by altering the

1. Engagement staffing.

2. Extent of staff supervision,

3. Degree of professional skepticism applied, and/or

4. Overall strategy for the expected conduct and scope of the engagement.

When the application of audit procedures designed from the risk assessment indicates the possible
existence of fraud or error, the auditor should consider the potential effect on the financial statements.
If the auditor believes the indicated fraud or error could have a material effect on the financial
statements, the auditor should perform appropriate modified or additional procedures.

The extent of such modified or additional procedures depends on the auditor's judgment as to:

(a) the types of fraud and error indicated;

(b) the likelihood of their occurrence; and

(c) the likelihood that a particular type of fraud or error could have a material effect on the
financial statements

Unless circumstances clearly indicate otherwise, the auditor cannot assume that an instance of fraud or
error is an isolated occurrence. If necessary, the auditor adjusts the nature, timing and extent of
substantive procedures.

REPORTING OF FRAUD AND ERROR

Communication to Management and With Those Charged with Governance

To Management

The auditor should communicate factual findings to management as soon as practicable if

(a) the auditor suspects fraud may exist, even if the potential effect on the financial statements
would be immaterial; or

(b) fraud or significant error is actually found to exist.

DOCUMENTATION

The auditor's documentation of the understanding of the entity and its environment and the assessment
of the risks of material misstatement required by PSA 315 shall include:

(a) The significant decisions reached during the discussion among the engagement team
regarding the susceptibility of the entity's financial statements to material misstatement due to fraud;
and

(b) The identified and assessed risks of material misstatement due to fraud the financial
statement level and at the assertion level.
WITHDRAWAL FROM THE ENGAGEMENT

If, as a result of a misstatement resulting from fraud or suspected fraud, the auditor encounters
exceptional circumstances that bring into question, the auditor's ability to continue performing the
audit, the audit shall:

A) Determine the professional and legal responsibilities applicable in the circumstances,

including whether there is a requirement for the auditor to report to the person or persons who made
the audit appointment or, in some cases, to regulatory authorities;

b) Consider whether it is appropriate to withdraw from the engagement, where withdrawal

from the engagement is legally permitted, and

c) If the auditor withdraws:

(i) Discuss with the appropriate level of management and those charged with
governance the auditor's withdrawal from the engagement and the reasons for the withdrawal;
and

(ii) Determine whether there is a professional or legal requirement to report to the

person or persons who made the audit appointment or in some cases, to regulatory authorities,
the auditor's withdrawal from the engagement and the reasons for the withdrawal.

Chapter 12

1. When the auditor assess inherit risk, he considers among others the following factors except

a. Integrity of management

b. Nature of the entity's business

c. Unusual purpose on management

d. Results of the interim tests

2. Which of the following is not a benefit claimed for the practice of determining materiality in the initial
planning stage of starting an audit?

a. Being able to fine tune the audit work for effectiveness and efficiency

b. Avoiding the problem of doing more work than necessary (overauditing)

c. Being able to decide early what kind of audit opinion to give

d. Avoiding the problem of doing too little work (underauditing)

3. The revenue cycle of a company generally includes these accounts:

a. Inventory, accounts payable, and general expenses

b. Inventory, general expenses, and payroll

c. Cash, accounts receivable, and sales

d. Cash, notes payable, and capital stock

4. Which of the following ordinarily is designed to detect possible material peso errors on the financial
statements?

a. Control testing

b. Analytical procedures

c. Computer controls

d. Post-audit working paper review

5. Which of the following statements best describes an auditor's responsibility to detect errors and
Irregularities?

a. The auditor should study and evaluate the client's internal control system, and design the audit to provide
reasonable assurance of detecting all errors and irregularities

b. The auditor should assess the risk that errors and irregularities may cause the financial statements to
contain material misstatements, and determine whether the necessary internal control procedures have
been prescribed and are being followed satisfactorily

c. The auditor should consider the types of errors and irregularities that could occur, and determine
whether the necessary internal control procedures have been prescribed and are being followed

d. The auditor should assess the risk that errors and irregularities may cause the financial statements to
contain material misstatements, and design the audit to provide reasonable assurance of detecting
material errors and irregularities

6. Which of the following circumstances most likely would cause an auditor to believe that material
misstatements might exist in an entity's financial statements?

a. Accounts receivable confirmation requests yield significantly fewer responses than expected

b. Audit trails of computer-generated transactions exist for only a short time

c. The chief financial officer does not sign the management representation letter until the last day of the
auditor's field work

d. Management consults with other accountants about significant accounting matters

7. For which of the following judgements may an independent auditor share responsibility with an entity's
internal auditor, who is assessed to be both competent and objective?

I. Materiality of misstatements

II. Evaluation of accounting estimates

a. I only b. II only

c. Neither d. Both

8. An auditor uses the assessed level of control risk to

a. Evaluate the effectiveness of the entity's control activities

b. Identify transactions and account balances where inherent risk is at maximum

 c. Indicate whether materiality thresholds for planning and evaluation purposes are sufficiently high

d. Determine the acceptable level of detection risk for financial statements assertions

9. Which of the following is a step in an auditor's decision to assess control risk at below maximum?

a. Apply analytical procedures to both financial data and non-financial information to detect conditions that
may indicate weak control

b. Perform tests of details of transactions and account balances to identify potential errors and irregularities

c. Identify specific control activities that are likely to detect or prevent material misstatements

d. Document that the additional audit effort to perform tests of controls exceed the potential reduction in
substantive testing

10. Proper segregation of duties reduce the opportunities in which a person could both

a. Journalize entries and prepare financial statements

b. Record cash receipts and record cash disbursements

c. Establish internal control and authorize transactions

d. Perpetuate errors and irregularities and conceal them

11. The objective of tests of details of transactions performed as tests of controls is to

a. Monitor the design and use of entity documents, such as prenumbered shipping forms

b. Determine whether internal controls have been placed in operation

c. Detect material misstatements in the account balances of the financial statements

d. Evaluate whether the internal controls are operating effectively

12. Fraud may be most properly defined as

a. False representation or concealment of a material fact to the benefit or detriment of an individual or

organization

b. Extortion in which the threat of physical violence is used to coerce someone to part with something of
value

c. The use of company assets for one's own personal purposes

d. Outright theft of company assets without falsification of records to conceal the act

13. Fraud may be perpetrated with the intent to benefit a company. Which of the following is an example of
such a fraud?

a. Acceptance of bribes or kickbacks by purchasing agent

b. Claims submitted for services or goods not actually provided to the company

c. Sale or assignment of fictitious or misrepresented assets

 d. Diversion by an employee or outsider of transaction that would normally generate profits for the
company

14. An internal auditor was engaged to audit a foreign manufacturing subsidiary. The auditor noted that
"consulting fees" and miscellaneous selling expenses appeared to be high and were not always properly
documented. In evaluating the risks associated with these facts, the auditor should consider that

a. A foreign operation's involvement is not important in quantitative terms

b. A foreign operation's involvement is not important in qualitative terms

c. Audit risks are increased because of cultural differences

d. The risks associated with failing to detect any wrongdoing are probably not material

15. The risk of management fraud increases in the presence of

a. Management incentive systems based on operating income

b. Improved internal control

c. Substantial increases in sales

d. Frequent changes in suppliers

16. Jones, CPA, is auditing the financial statements of ABC Retailing, Inc. What assurance does Jones provide
that the audit will detect either direct-effect illegal acts that are material to ABC's financial statements or illegal
acts that have a material but indirect effect on the financial statements?

I. Direct-Effect Illegal Acts - Reasonable

II. Direct-Effect Illegal Acts - Limited

III. Indirect-Effect Illegal Acts - Reasonable

a. I only b. I and III

c. II only d. II and III

17. Maxie Corporation has a few large accounts receivable that total P1,000,000. Nadie Corporation has a large
number of small accounts receivable that also total P1,000,000. The importance of an error in any one account
is, therefore, greater for Maxie than for Nadie. This is an example of the auditor's concept of

a. Materiality

b. Comparative analysis

c. Reasonable assurance

d. Relative risk

18. Which one of the following statements is correct concerning the concept of materiality?

a. Materiality is determined by reference to guidelines established by the PICPA

b. Materiality depends only on the peso amount of an item relative to other items in the financial
statements
 c. Materiality depends on the nature of an item rather than on the peso amount of the item

d. Materiality is a matter of professional judgement

19. The ultimate risk against which an auditor requires reasonable protection is a combination of two separate
risks. The first of these is that material errors will occur in the accounting process by which the financial
statements are developed, and the second is that

a. A company's internal control will not be adequate to detect errors and irregularities

b. Those errors that occur will not be detected in the auditor's examination

c. Management may possess an attitude that lacks integrity

d. Evidential matter is not competent enough for the auditor to form an opinion based on reasonable
assurance

20. The risk that an auditor's procedures will lead to the conclusion that a material error does exist in an account
balance when, in fact, such error does exist is referred to as

a. Audit risks b. Inherent risks

c. Control risks d. Detection risks

21. Which of the following statements is not correct about materiality?

a. The concept of materiality recognizes that some matters are important for fair presentation of financial
statements in conformity with PFRS, while other matters are not important

b. An auditor considers materiality for planning purposes in terms of the largest aggregate level of
misstatements that could be material to any one of the financial statements

c. Materiality judgements are made in light of surrounding circumstances and necessarily involve both
quantitative and qualitative judgements

d. An auditor's consideration of materiality is influenced by the auditor's perception of the needs of a

reasonable person who will rely on the financial statements

22. Inherent risk and control risk differ from detection risk in that inherent risk and control risk are

a. Elements of audit risk, whereas detection risk is not

b. Changed at the auditor's discretion, whereas detection risk is not

c. Considered at the individual account-balance level, whereas detection risk is not

d. Functions of the client and its environment, whereas detection risk is not

23. Which of the following audit risk components may be assessed in non-quantitative terms?

I. Inherent risk

II. Control risk

III. Detection risk

a. I only b. I and III only

 c. II and III only d. All

23.Inherent risk and control risk differ from detection risk in that they

a. Arise from the misapplication of auditing procedures

b. May be assessed in either quantitative or nonquantitative terms

c. Exist independently of the financial statement audit

d. Can be changed at the auditor's discretion

25. The risk that the auditor's own work will lead to the decision that material misstatements do not exist in the
financial statements, when in fact such misstatements do exist is:

a. Audit risks

b. Inherent risks

c. Control risks

d. Detection risks
CHAPTER 13

RISK RESPONSE - PART I

DESIGNING AN EFFECTIVE RESPONSE TO ASSESSED RISKS

INTRODUCTION

The Risk Response Phase in the Risk-Based Audit Approach includes following

steps:

(a) Designing the overall audit responses and further audit procedures. This

will require:

(i) Updating overall audit strategy

(ii) Developing response to assessed risks (iii) Briefing team on audit plans as required

(b) Performance of further audit procedures. This step will involve: (i) Performing planned procedures

(ii) Assessing results and evidence obtained (iii) Documenting findings and conclusion

The starting point for designing an effective audit response is the listing of assessed risks that was
developed at the conclusion of the risk assessment phase of the audit.

The auditor shall design and implement overall responses address the risks identified and assessed at the:

financial statement level; and

assertion level for financial statement areas and disclosures.

An assessment of the risks of material misstatement is required at the financial statement and assertion
levels to obtain evidence that addresses risk assessments developed for each relevant assertion.

Areas that the auditor would address in developing an overall response shall include the determination of:

The extent that the audit team needs to be reminded about the use of

professional skepticism;

Which staff to assign, including those with special skills, or whether to use experts;

The extent of supervision required throughout the audit;

The need for incorporating some elements of unpredictability in the selection of further audit procedures
to be performed; and

Any general changes that need to be made to the nature, timing, or extent of audit procedures. These
could include the timing of procedures

(interim or period-end), or new/extended procedures to address specific risk factors such as fraud.

TYPES OF RESPONSE

The types of response required is summarized in Figure 13-1.

Designing an Effective Response to Assessed Risk

in developing the detailed audit plan, the auditor would use his/her professional judgment to select the
appropriate types of possible audit procedures. To obtain the required reasonable assurance, the auditor
applies the audit procedures that in the judgment and based on the PSA are deemed appropriate in the
circumstances and in determining the audit procedures to be performed in conducting an audit in
accordance with Philippine Standards on Auditing, the audits should comply with each of the PSAs
relevant to the audit.

NATURE OF AUDIT PROCEDURES

An effective audit program will be based on an appropriate mix of procedures that collectively reduce
audit risk to an acceptably low level. Audit procedures are the methods or acts that auditors use to gather
evidence to determine the validity of financial statement assertions. One way for the auditors to increase
the amount of evidence obtained is to select a more effective audit procedure. For example, if the auditors
want to increase the amount of evidence about the existence of accounts receivable, they could decide to
confirm the accounts rather than rely upon the inspection of internal documents.

The various types of an audit procedures available to the auditor are categorized as follows.

I. Test of Controls or Compliance Tests

These are audit procedures designed to evaluate the operating effectiveness of controls in preventing, or
detecting and correcting, material misstatements at the assertion level.

Types of Compliance Tests

1) No Trail

This type does not leave a visible trail m the supporting documents of the performance of control
procedure by the client's employee. The auditor makes inquiries and observation of office personnel and
routines to determine how control procedures are performed and who performs them.

2) Documentary Trail

This type leaves a visible trail in the supporting documents. Hence, the auditor inspects the documents
supporting a particular type of transaction to see whether a control procedure, such as approval or

other checking, was performed and who performed it as indicated by

signatures or initials.

II. Substantive Procedures

These are audit procedures designed to detect material misstatement the assertion level. Substantive
procedures comprise:

(1) Tests of details (of classes of transactions, account balances and disclosures), and

(ii) Substantive analytical procedures.

The auditor applies compliance tests when the purpose is to see whether prescribed accounting control
procedures are being followed. This evaluation identifies the control procedures that can be relied on in
performing restricted substantive tests. Substantive tests are applied when the auditor's purpose is to see
whether the peso amount of an account is properly stated. Thus, there is a relationship between the
amount of reliance and the amount of additional work that will be

needed.

Types of Substantive Tests

There are two general categories of substantive tests. (a) Tests of Details of Transactions or Balances; and
(b) Analytical Review Procedures

Irrespective of the assessed risks of material misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance and disclosure.

(a) Tests of Details

This type of substantive test involves obtaining evidential matter on the items (or details) involved in an
account balance or class of transactions.

338

Chapter 13

other checking, was performed and who performed it as indicated by

signatures or initials.

II. Substantive Procedures

These are audit procedures designed to detect material misstatement the assertion level. Substantive
procedures comprise:

(1) Tests of details (of classes of transactions, account balances and disclosures), and

(ii) Substantive analytical procedures.

The auditor applies compliance tests when the purpose is to see whether prescribed accounting control
procedures are being followed. This evaluation identifies the control procedures that can be relied on in
performing restricted substantive tests. Substantive tests are applied when the auditor's purpose is to see
whether the peso amount of an account is properly stated. Thus, there is a relationship between the
amount of reliance and the amount of additional work that will be

needed.

Types of Substantive Tests

There are two general categories of substantive tests. (a) Tests of Details of Transactions or Balances; and
(b) Analytical Review Procedures

Irrespective of the assessed risks of material misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance and disclosure.

(a) Tests of Details

This type of substantive test involves obtaining evidential matter on the items (or details) involved in an
account balance or class of transactions.

Designing an Effective Response to Assessed Risk

Tests of details are also referred to as follows:

Tests of Transactions

339

These are tests of the processing of individual transactions by inspection of the documents and accounting
records involved in processing. For example, tracing a sample of receiving reports to the purchase journal
to see whether receipts of merchandise have been recorded as purchases.

Tests of Balances

These are tests applied directly to the details of balances in general ledger accounts. For example,
confirming the balances of accounts in the accounts payable subsidiary ledger with individual customers.
These tests have the objective of establishing the monetary correctness of the accounts they relate to.

Some auditors refer to tests of balances as direct tests of balances to emphasize the substantive nature of
the test as directly supporting an account balance. It should be noted that substantive tests and compliance
tests of control procedures that leave a documentary trail both involve the inspection of documents
supporting the transactions. For this reason, these tests are often applied together to the same group of
documents. In that case, the test is referred to as a dual purpose test because it has both compliance and
substantive objectives.

(b) Analytical Review Procedures

Analytical types of tests involve study and comparison of relationships among accounting data and related
information. They identify unusual fluctuations for investigation and focus on the rationale of
relationship. They are substantive tests that may achieve specific audit objectives if the evidential matter
is considered persuasive by the auditor. Auditing standards require the application of analytical
procedures at the planning and overall final review stages of audits. The auditors may also decide to use
them during the audit as substantive tests to provide evidence as to the reasonableness of the specific
account balances.
Figure 13-2 presents examples of analytical procedures that involve comparison.

THE RELATIONSHIP OF AUDIT TECHNIQUES, AUDIT PROCEDURES AND ASSERTIONS

Audit techniques are the basic tools or means employed to obtain audit evidences. The application of
these techniques constitutes the audit procedures The following schedule will illustrate the relationship
between audit techniques, audit procedures and assertions:

Audit Technique Illustrative Application of Audit Assertion Substantiated

Count Counting of inventory, cash Physical Existence

securities, unmatured promissory
notes (to establish existence and
where applicable. ownership and
condition of assets).

Confirm Obtaining confirmation directly of Existence; rights and obligations

details of account balances (to verify
validity and accuracy of balances
and other information with outside
parties).

Inquire Obtaining client's representation Completeness

letter; explanations to many diverse
questions raised during the audit (to
obtain knowledge).
 Examine Examining (or vouching) paid Occurrence, Measurement
Inspect checks, vendor's invoices, approved
Review client documents (vouchers,
Trace purchase orders, receiving reports)
Verify Vouch titles, contracts and other
documentary materials (to verify the
validity and propriety of accounting
treatment of transactions and
account balances and a compliance
with internal control).

Observe Observing the taking of physical Existence

Test inventories by client personnel; of
Verify actual operation of internal control
(to determine compliance with
prescribed procedures).

Extend Rechecking clerical determinations Measurement

Foot by client (to verify the accuracy of
computations and transfer of
information made by client).

Compare Comparing current period account Completeness

Trace balances or operating data with
similar information for prior
"periods and investigation of
unusual data relationship (to
disclose and determine the reasons
for significant changes).

Analytical review Compare sales with sales budget. Completeness

DECIDING THE NUMBER OF ITEMS TO AUDIT

The auditor must decide the extent of testing or the number of items to audit. For example, when auditing
cash receipts, an auditor may decide to examine every cash disbursement or only a sample of them. The
sufficiency of the evidence needed determines the number of items to test (Chapters 16 and 17 discuss
methods auditors use to determine sample size).

TIMING OF TESTING

Another decision that the auditor must make is when to perform each audit procedure. Because an audit
usually begins sometime during the fiscal year being audited and ends one to three months after the end of
the fiscal year, a long period of time for performing the procedure is available. Audit procedures
performed before year-end are referred to as interim work, whereas those performed between year-end
and the completion of the audit are referred to as year-end work. For example, confirming accounts
receivable one month before year-end is interim work. Confirming accounts receivable at December 31
for a client with a December 31 fiscal year-end is year-end work.
The auditor should consider the following in deciding whether and when to perform interim work in a
particular account balance:

(1) the internal control associated with the account,

(2) how rapidly business conditions might change,

(3) management's predisposition to misstate the financial statements and the potential impact of such
misstatements on the account, and

(4) the predictability of the account balances at year-end.

TIMING OF TESTS OF CONTROLS

The auditor shall test controls for the particular time, or throughout the period for which the auditor
intends to rely on those controls in order to provide an appropriate basis for the auditor's intended
reliance.

When the auditor obtains audit evidence about the operating effectiveness of

controls during an interim period, the auditor shall:

(a) obtain audit evidence about significant changes to those controls subsequent to the interim period; and
(b) determine the additional audit evidence to be obtained for the remaining period.

Also, when using audit evidence obtained in previous audits, the auditor should consider the following:

(a) The effectiveness of other elements of internal control, including the control environment, the entity's
monitoring of controls, and the entity's risk assessment process; (b) The risks arising from the
characteristics of the control, including

whether it is manual or automated; (c) The effectiveness of general IT control;

(d) The effectiveness of the control and its application by the entity, including the nature and extent of
deviations in the application of the control noted in previous audits, and whether there have been
personnel changes that significantly affect the application of the control;

(e) Whether the lack of a change in a particular control poses a risk due to changing circumstances; and
(1) The risks of material misstatement and the extent of reliance on the

control.

When the auditor plans to rely on controls over a risk the auditor has determined to be a significant risk,
the auditor shall test in the current period.
TIMING OF SUBSTANTIVE PROCEDURES

Irrespective of the assessed risks of materials misstatement, the auditor shall design and perform
substantive procedures for each material class of transactions, account balance, and disclosure.

The auditor's substantive audit procedures shall include the following audit procedures related to the
financial statement closing process:

(a) Agreeing or reconciling the financial statements with the underlying

records; and

(b) Examining material journal entries and other adjustments made during the course of preparing the
financial statements

When the auditor has determined that an assessed risk of material misstatements at the assertion level is a
significant risk, the auditor shall perform substantive audit procedures that are specifically responsive to
that risk. When the approach to a significant risks consists only of substantive procedures, those
procedures shall include tests of details.

When substantive procedures are performed at an-interim date, the auditor shall cover the remaining
period by performing:

(a) substantive procedures, combined with tests of controls for the

intervening period; or (b) if the auditor determines that it is sufficient, further substantive procedures
only, that provide a reasonable basis for extending the audit conclusions from the interim date to the
period end.

If misstatements that the auditor did not expect when assessing the risks of material misstatement are
detected at an interim date, the auditor shall evaluate whether the related assessment of risk and the
planned nature, timing, or extent of substantive procedures covering the remaining period need to be
modified.

SELECTING THE AUDIT PROCEDURES THAT WILL BE APPLIED

After the auditor has developed specific audit objectives in relation to the assertion for a particular
account balance or class of transactions, the next step is to select audit procedures to achieve these
objectives.

In determining which audit procedures to use to obtain evidence, the auditor must consider whether one
or more procedures will provide evidence that can reduce the risk of that assertion being misstated to an
acceptable low level. It is possible that more than one audit procedure may be required to determine the
validity an assertion. In some cases however, an audit procedure may provide evidence about the validity
of more than one assertion.

The selection of particular procedures to achieve specific audit objectives is influenced by the following
considerations:
1. The nature and materiality of the particular component of the Financial

statements (account balance or class of transaction). 2. The nature of the audit objective to be achieved.

3. The reliance that can be placed on internal control structure. 4. The relative risk of material errors or
irregularities. The kinds and

competence of available evidence. 5. The expected efficiency and effectiveness of possible audit
procedures.

Auditing standards suggest that the auditor must use professional judgment in determining the nature,
timing and extent of audit procedures appropriate in a particular situation. The procedure should satisfy
the auditor's objectives so that the evidence gathered enables the auditor to verify the assertions in the
financial statements. Thus the combination of the auditor's reliance on internal control (structure) and on
selected substantive tests should provide a reasonable basis for his opinion on the financial statements.

Chapter 13

1. Which of the following best describes the primary purpose of audit procedures?

a. To detect errors or irregularities.

b. To comply with financial reporting standards.

c. To gather collaborative evidence.

d. To verify the accuracy of account balances.

2. As a result of analytical procedures, the independent auditor determines that the gross profit has
declined from 30% in the preceding year to 20% In the current year. The auditor should

a. document management's intentions with respect to plans for reversing this trend.

b. evaluate management's performance in causing this decline.

c. require footnote disclosure.

d. consider the possibility of an error in the financial statements.

3. The auditor will most likely perform extensive tests for possible understatement of

a. revenues c. liabilities

b. assets d. capital

4. Which of the following elements ultimately determines tn auditing procedures necessary under the
circumstances to afford a reasonable basis for an opinion?

a. Auditor judgment c. Relative risk

 b. Materiality d. Reasonable assurance

5. In testing the existence assertion for an asset, an auditor ordinarily works from the

a. financial unrecorded items to the financial statements.

b. potentially unrecorded items to the financial statements.

c. accounting records to the supporting evidence.

d. supporting evidence to the accounting records.

6. A basic premise underlying the application of analytical procedures is that

a. the study of financial ratios is an acceptable alternative to the investigation of unusual fluctuations.

b. statistical tests of financial information may lead to the discovery of material errors in the financial
statements.

c. plausible relationships among data may reasonably be expected to exist and continue in the absence of
known conditions to the contrary.

d. these procedures cannot replace tests of balances and transactions.

7. Which of the following circumstances is most likely to cause an auditor to consider whether a material
misstatement exists?

a. Transactions selected for testing are not supported by proper documentation.

b. The turnover of senior accounting personnel is exceptionally low.

c. Management places little emphasis on meeting earnings projections.

d. Operating and financing decisions are dominated by several persons.

8. An auditor's analytical procedures most likely will be facilitated if the entity.

a. corrects material weaknesses in internal control before the beginning of the audit.

b. develops its data from sources solely within the entity.

c. segregates obsolete inventory before the physical inventory count.

d. uses a standard cost system that produces variance reports.

9. Which ofthe following procedures would provide the most reliable audit evidence?

a. Inquiries of the client's internal audit staff, held in private.

b. Inspection of prentnnbered client purchase orders filed in the vouchers payable department.

c. Analytical procedures performed by the auditor on the entity' 8 trial balance.

d. Inspection of bank statements obtained directly from the client's financial institution.
 CHAPTER 14
RISK RESPONSE – PART II

IMPLEMENTING THE DESIGNED RISK RESPONSE AND OBTAINING AUDIT

EVIDENCEINTRODUCTION

This phase involves the implementation of the design risk and accumulation of evidence about
internal control operating effectiveness, account, disclosures and assertions

PSA 500, “Audit Evidence” explains what constitutes audit evidence in an audit of financial
statements, and deals with the auditor’s responsibility to design and perform audit procedures
to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on
which to base the auditor’s opinion.

NATURE AND SIGNIFICANCE OF AUDIT EVIDENCE

Audit evidence is all the information used by the auditor in arriving at the conclusions on which
the audit opinion is based, and includes both information contained in the accounting records
underlying the financial statement and other information.

Auditors are not expected to address all information that may exist. Audit evidence, which is
cumulative in nature, includes audit evidence obtained from audit procedures performed
during the course of audit and may include-audit evidence obtained from other sources such as
previous audits and a firm’s quality control procedures for clients acceptance and continuance.

The auditor shall design and perform audit procedures that are appropriate in the
circumstances for the purpose of obtaining sufficient appropriate audit evidence.

Appropriateness (of audit evidence) is the measure of the quality of audit evidence; that is, its
relevance and its reliability in providing support for the conclusions on which the auditor’s
opinion is based.

Sufficiency (of audit evidence) is the measure of the quantity of audit evidence. The quantity of
the audit evidence needed is affected by the auditor’s assessment of the risk of material
misstatement and also by the quality of such audit evidence.
The ultimate goal of an audit is to express an opinion as to whether the financial statements are
presented fairly in accordance with financial reporting standards. When management prepares
financial statements which purport to be in conformity with financial reporting standards,
certain assertions (implicit or explicit) are made.

The auditor’s opinion on financials statement is formulated on the basis of evidential matter
supporting such statements. Determination as to whether evidential matter is valid or
competent for audit purposes rest on the auditor’s professional judgement giving due regard to
the pertinence, objectivity, and timeliness of the evidence, and to the existence of the other
evidential matter corroborating the conclusions to which it leads.

WHAT CONSTITUTES AUDIT EVIDENCE

Accounting records generally include the records of initial entries and supporting records, such
as checks and records of electronic fund transfers; invoices; contracts; the general and
subsidiary ledger journal entries and other adjustment to the financial statements that are not
reflected in formal journal entries; computation, reconciliations and disclosures. The entries in
the accounting records are often initiated, recorded, processed and reported in electronic form.
In addition, the accounting records may be part of integrated system that share data and
support all aspect of the entity’s financial reporting; operations and compliance objectives.

Other information that the auditor may use as audit evidence includes minute of meetings;
confirmations from third parties; analysts’ reports; comparable data about competitors
(benchmarking); control manual; information obtained by the auditor from such audit
procedures as inquiry, observation, and inspection; and other information developed by, or
available to, the auditor that permits the auditor to reach conclusions through valid reasoning.

SUFFICIENT APPROPRAITES AUDIT EVIDENCE

The auditors should obtain sufficient appropriate audit evidence to be able to draw reasonable
conclusions on which to base the audit opinion.

Sufficiency and appropriateness are interrelated and apply to audit evidence obtained from
both tests of control and substantive procedures. Sufficiency is the measure of the quantity of
audit evidence; appropriateness is the measure of the quality of audit evidence and its
relevance to a particular assertion and its reliability. Ordinarily, the auditor finds it necessary to
rely on audit evidence that is persuasive rather than conclusive and will often seek audit
evidence from different sources or of a different nature to support the same assertion.
In forming the audit opinion, the auditor does not ordinarily examine all of the information
available because conclusions can be reached about an account balance, class of transaction or
control by way using judgement or statistical sampling procedure.

The author’s judgement as to what is sufficient appropriate audit evidence is influenced by such
factors as the:

 Auditor’s assessment of the nature and level of inherent risk at both the financial
statement level and the account balance or class of transactions level.
 Nature of the accounting and internal control system and the assessment of control risk.
 Materiality of the item being examined.
 Experience gained during previous audit.
INTERRELATIONSHIP BETWEEN RISK, APPROPRIATE AND SUFFICIENCY OF AUDIT EVIDENCE

While the auditor is obtain sufficient appropriate evidence before issuing an opinion,
determining what is “appropriate” and “sufficient” is not an easy task. Appropriateness of audit
evidence is the measure of the quality (that is, its relevance and reliability in proving support
for the conclusions on which the auditor’s opinion is based while sufficiency of audit evidence
needed refers to the measure of the quantity of such. The quantity of the audit evidence
needed is affected by the auditor’s assessment of the risk of material misstatements and also
by the quality of such audit evidence.

The interrelationship between risk, appropriateness and sufficiency of audit evidence is shown
in Figure 14-1.

Figure 14-1: Interrelationship of Risk, Appropriateness and Sufficiency of Audit Evidence

APPROPRIATENESS

RISK Relevance Reliability

That Account or Assertion is Quality of Evidence that Auditor

Materially Misstated Collects

Inherent Risk Control Risk

SUFFICIENCY
Quality of Evidence that Auditor
Collects
The reliability of audit evidence is influenced by its source: internal or external, and by its
nature: visual, documentary or oral. While the reliability of audit evidence is dependent on
individual circumstances, the following generalizations will help in assessing the reliability of
audit evidence:

 Audit evidence is more reliable when it is obtained from independent sources outside
the entity.
 Audit evidence that is generated internally is more reliable when the related controls
imposed by the entity are effective.
 Audit evidence obtained directly by the author (for example, observation of the
application of control) is more reliable than audit evidence obtained indirectly or by
inference (for example, inquiry about the application of a control).
 Audit evidence provided by original documents is more reliable than audit evidence
provided by photocopies or facsimiles.
Audit evidence is more persuasive when items of evidence from different sources or of a
different name are consistent. In these circumstances, the auditor may obtain a cumulative
degree of confidence higher than would be obtained from items of audit evidence when
considered individually. Conversely, when audit evidence obtained from one source is
inconsistent with that obtained from another, the auditor determines what additional
procedures are necessary to resolve the inconsistency.

The auditor needs to consider the relationship between the cost of obtaining audit evidence
and the usefulness of the information obtained. However, the matter of difficulty and expense
involved is not in itself a valid basis for omitting a necessary procedure.

When in substantial doubt as to a material financial statement assertion, the auditor would
attempt to obtain sufficient appropriate audit evidence. The auditor may have to express a
qualified opinion or a disclaimer of opinion if he is unable to gather such evidence.

COMPETENCE OR APPROPRIATENESS OF EVIDENCE

The competence or appropriateness of evidence refers to its trustworthiness or believability.

The factors that determine the competence of evidence are:

1. Relevance of the evidence to the particular assertion being tested

Evidence must be relevant to the assertion being tested. For example, observing the
taking of inventory provides evidence concerning existence of the inventory, but it is not
relevant to determining ownership.
 2. Objectivity of the evidence
Evidence can be objective or subjective. In general, the more objective the evidence, the
more reliable and competent it is. Conversely, the more subject evidence is, the less
reliable it is. The greater the judgement required on the part of the provider of the
information, the more subjective the information will be. An example of objective
evidence is information obtained by physically counting cash or footing the accounts
receivable subsidiary ledger. Examples of subjective evidence are an attorney’s
statement about the collectability of an account more subjective the evidence, the more
important the auditor’s experience in evaluating it.

3. Qualification of the provider of the evidence

Evidence obtained from independent external sources has greater reliability than
evidence obtained within the entity. Evidence an auditor obtains directly through his or
her own work is more reliable than information obtained through the work of others.
Confirmation responses from a business are more reliable than confirmation from a
household. And accounting data and financial statement developed in an entity in which
internal control is satisfactory are more reliable than data and statements developed in
an entity with unsatisfactory internal control.

4. Timeless of the evidence

Timeless is particularly important with respect to account the change rapidly (either
because the total balance changes or because the peso value of the transactions that
flow into and out of the account is large). Evidence gathered about a year-end account
balance provides more evidence about a year-end balance than does evidence gathered
about the balance at another date.
The following hierarchy of evidential matter will help one understand the relative competence
and persuasive power of different kinds of evidence. The hierarchy starts with the strongest
form of evidence and proceeds to the weakest.

1. An auditor’s direct, personal knowledge, obtained through physical observation and his
or her own mathematical computation, is generally considered the most competent
evidence.
2. Documentary evidence obtained directly from independent external sources (external
evidence) IS considered competent.
3. Documentary evidence has originated outside the client’s data processing system but
which has been received and processed by the client (external-internal evidence) is
generally considered competent. However, circumstances of internal control quality are
important.
 4. Internal evidence consisting of document that are produced, circulated, and finally
stored within the client’s information system is generally considered low in competence.
However, internal evidence is used extensively when it is produced under satisfactory
conditions of internal control. Sometimes, internal evidence is the only kind available.
5. Verbal and written representation given by the client’s officers. Directors, owners and
employees are generally considered the least competent evidence. Such representation
should be corroborated with other types of evidence.
Sufficiency of evidence

Sufficiency of audit evidence refers to the amount or quantity of evidence gathered. The
concept of sufficiency recognizes that the accumulation of evidence should be
persuasive rather than convincing.

This concept is consistent with the idea that the auditor is not free to collect unlimited
amount of evidence since he must work with an economic limits.

Cost cannot, however be the sole basis for the quantity or quality of audit
procedures. Auditors used professional judgment to determine the extent of test
necessary to obtain sufficient evidence. In exercising their professional judgment,
auditors consider both the

1) materiality (e.g. peso amount) of the item in question as well as the

2) relative risk of the item (eg cash due to its liquidity, may have a higher relative than a
certain property plant and equipment do)

Since the competency of evidence depends upon the financial statement assertions
under consideration, the auditor should attempt to gather sufficient quantity of
competent evidence at a minimum cost.

Procedures for obtaining audit evidence

the auditor obtains audit evidence by one or more of the following procedures

1. Inspection

2. Observation

3. three inquiry and confirmation

4. Recalculation

5. Reperformance and

6. Analytical procedures.
The timing of such procedures will be dependent, in part, upon the periods of time
during which the audit evidence thought is available. These procedures are introduced
in the previous chapter and are discussed in this section in the context of how audit
evidence can be obtained through their application.

Inspection of Records or Documents

Inspection involves the examination of records, documents. Records and documents

are inspected to provide or varying degrees of reliability depending on the nature and
source and the effectiveness of internal controls over their processing.

Documents can be internal either internal or external. Internal document is one that has
been prepared and used within the client's organization in its retain without its ever
going to an outside party such as customer or a vendor. Examples are purchase
requisition, employee’s time reports, inventory receiving, etc.

External document is one that has been in the hands of someone outside the client's
organization who is a party to the transaction being documented by but which is either
currently in the hands of the kind a readily accessible. Examples are vendor’s invoices,
canceled note payable in insurance policies, canceled checks, etc.

Inspection of Tangible Assets

Inspection or physical examination of tangible assets provides reliable audit evidence

with respect to their existence but not necessarily as to their ownership or value of.

The inspection or count by other auditor tangible asset to determine its existence and
qualitative characteristic is considered one of the most reliable and useful types of
evidence. This is applicable in the verification of inventory, cash, fixed asset fixed
tangible assets, securities and notes receivable.

Confirmation

Confirmation, which is a specific type of inquiry, is the process of obtaining a

representation of information or of an existing condition directly from a third party. For
example, the auditor may take direct confirmation of receivables by communication with
others. Confirmations are frequently used in relation to account balances and their
components, but did not be restricted to these items.

Figure 14-1 present a summary of information free can be confirmed and from whom
confirmations are obtained.

An external confirmation describes the receipt of a reading response from an

independent third party, in a paper from, or by electronic or other medium, verifying the
accuracy of information that was requested by the other your. Other examples of
situations for external confirmations may be used include the following:

 Bank balances and other information from the bankers.

  Account receivable balances.

 Investors held by third parties at bonded warehouse reprocessing or on

consignment.

 Property title deeds held by lawyers or financers for safe custody or s security.

To be considered reliable, the auditor must control them from the time their preparation
is completed until they are returned. Figure 14.1 shows the major types of information
that are frequently confirm as well as their sources

In the confirmation of accounts balances, the auditor may use the (a) positive or (b)
negative form of confirmation.

A positive external confirmation request asked the respondent to reply to the auditor in
all cases either by indicating the respondent’s agreement with the given information, or
by asking the responded to fill in the information. A response to a positive confirmation
request is ordinarily expected to provide reliable audit evidence.

A negative evidence confirmation request asked the respondent to reply only in event of
disagreement with the information provided in the request. However, when no response
has been received to a negative confirmation request, the auditor remains aware that
there will be no explicit evident that intended third parties have received a confirmation
request and verified that the information contained therein is correct. Accordingly, the
use of negative confirmation request ordinarily provides less reliable evidence then the
use of positive confirmation request, in the auditor considers performing other
substantive procedures to supplement the use of negative confirmations.

Negative confirmation request may be used to reduce audit risk on acceptable level
when:

a) the assist level of inherent and control risk is low;

b) a large number of small business is involved;

c) A substantial number of errors is not expected; and

d) the auditor is no reason to believe that respond this will disregard this request.

Negative confirmation request may be used to reduce audit risk on acceptable level
when

Illustrative confirmation letters are shown in figures 14-2, 14-3 and 14-4

Inquiry

Inquiry involves seeking information both financial and non-financial of knowledgeable

persons inside or outside entity. Enquiries may include formal written increase address
to third parties to informal oral increase addressed to persons inside entity. The auditors
could obtain information not previously possessed or corroborative audit evidence to the
responses to the inquiries posed by the auditor.

Inquiries is the obtaining of written or oral information from the client in response to the
questions from the auditor. Evidence obtained from the client through inquiry usually
cannot be considered conclusive because it is not from an independent worth and may
be biased in the client's favor. The auditor should therefore obtain further corroborating
evidence by other procedures.

Written representations

PSA 580, "Written representations" provide the audit evidence is all the information
used by the auditor in arriving at the conclusions on which the audit opinion is based.
Written representations are necessary information that the audit requires and
connection with audit of the entity's financial statements. Accordingly, similar to
responses to inquiries, written representations and audit evidence. All the reading
representations provide necessary on it evident they do not provide sufficient
appropriate audit evidence on their own about any of the matters with which they deal.
Furthermore, the fact that management has provide reliable written representations
does not affect nature or extent of other audit evidence that the auditor obtains about
the fulfillment of management's responsibilities or about specific assertions.

The auditor shall request written representations from management with appropriate
responsibilities for the financial statements and knowledge of the matters concerned.

Written representations which will be obtained for the management will depend upon
the circumstances upon which such letters are required. Representation letter may be
obtained for general representations, as described in PSA 580 (Figure 14-5) it may also
be obtained for limited representation such as:

a) Accounts receivable (Figure 14-6)

b) Inventories (Figure 14-7)

c) Liabilities (Figure 14-8)

Observation

Observation consists of looking at a process or procedure being performed by others.

For example, the true of the client's plants will enable the auditor to obtain a general
impression of the client's facility, observation of inventory taking will enable him to
determine if there are obsolete item or he may watch personal perform accounting
duties to determine whether the person assigned a responsible is actually doing it.
Observation provides audit evidence about the performance of a process or procedure,
but is limited to the point in time at which the observation takes place and by the fact
that the act of being observed may affect how the process or procedure is performed.

Recalculation

Recalculation consists of checking the mathematical accuracy of source documents and

accounting records or of performing independent calculations. They can be performed
through the use of information technology, for example, by obtaining an electronic file
from the entity and using CAAT’s to check the accuracy of the summarization of the file.

Reperformance

Reperformance is the auditors independent execution of the procedures or controls that

were originally performed as part of the entity's internal control, either manually or
through the use of CAATs, for example, reaper forming the aging of accounts
receivable.

Analytical procedures

Analytical procedures consist of evaluation of financial information made by a study of

possible relationships among both financial and non-financial data. Analytic and
analytical procedures also encompassed the investigation of identified but tuitions and
relationships that are inconsistent with other relevant information or deviate significantly
from predicted amounts. See PSA 520, “Analytical Procedures” for further guidance on
analytical procedures.

The following schedule summarizes the most commonly used audit procedures to
gather audit evidence examples of their application:

Audit procedure Definition Example of Application

1. Analyze to identify and classify items for account transaction
further study
2. Compare to observe similarities and Beginning balances with last
differences between relative items. year's audit figure
3. Confirm to communicate with outside parties Accounts receivable, cash
to authenticate internal evidence and bank, accounts payable
4. Count to enumerate a characteristic Cash, inventory
5. Examine to review critically Authoritative document such
as invoices, checks
6. Extend to multiply Inventory quantity
 7. Foot to add a comment Total cash received column
8. Inspect to scrutinize or critically Certificate of stock
9. Interrelate examine a document Interest expense with
liabilities
10. Observe to assure relationship Inventory count
11. Reconcile to watch or test a client Cash balance per ledger with
cash balance per bank
statement
12. Test to establish agreement between Cash transaction
separate sources of information
13. Trace to sample to follow a transaction Bookkeeping procedures
through the steps of the system
14. Verify to prove accuracy of numbers or Rent income against lease
existence of amount contract
15. Vouch to prove accuracy of accounting Cash disbursement
entries by tracing to supporting
documents

RELATIONSHIP OF TYPES OF EVIDENCE TO AUDIT OBJECTIVES

Since the auditor’s evaluation of the fairness of the presentation of the financial
statements heavenly depends upon the evidence of their fairness, care must be taken to obtain
as much evidence as is needed to make a proper evaluation.

It is also important to have an understanding of the relationship of the type of evidence to

audit objectives. The audit objectives can be accomplished with the use of the seven types of
evidence. For a given account and related accounts in a Web, the auditor selects evidence to
accomplish all the objectives at minimum cost.
Figure 14-1 Information Frequently Confirmed

INFORMATION CONFIRMED CONFIRMATION OBTAINED FROM

Assets Bank
Cash in Bank Customer
Accounts Receivable Maker
Notes Receivable Consignee
Inventory out on consignment Public Warehouse
Inventory held in public warehouse Insurance Company
Cash surrender value of life insurance

Liabilities
Accounts payable Creditor/Supplier
Notes Payable Lender
Advances from customers Customer
Mortgages payable Mortgagor
Bonds payable Issuer

Owner’s Equity
Shares Outstanding Registrar and transfer agent

Other information
Insurance coverage Insurance Company
Contingent liabilities Company’s legal counsel
Bond indenture agreement Issuer, Trustee
Collateral held by the creditors Creditor

Figure 14-2 Illustrative Positive Accounts Receivable Confirmation

Zenith Manufacturing Company

200 C. M. Recto Avenue
Metro Manila

January 15, 20x4

Aquino Products, Inc,

1234 Quirino Avenue
Paraniaque, Metro Manila

Please confirm the correctness of your December 31 , 20X3 account balance of

P14,324 directly to our auditors.

Max A. Cruz & Co., CPAs

who are auditing our financial statements. This is not a request for payment.

An envelope addressed to our auditors is enclosed

Marie James, Controller

Max A. Cruz & Co. CPAs

Ayala Avenue, Makati

The balance due from us of P14,324 as of December 31 , 20X3 is correct except as

noted below

Aquino Products,Inc.

Figure 14-3 Illustrative Negative Accounts Receivable Confirmation

Zenith Manufacturing Company

200 C, M. Recto Avenue
Metro Manila

January 15, 20X4

Solwin Products, Inc
2785 Sta. Mesa Blvd.
Metro Manila

Please examine the attached statement. If the statement disagrees with your
records, respond directly to our auditors,

Max A. Cruz & Co., CPAs

who are auditing our financial statements. An envelope addressed to our auditors is
enclosed.

THIS IS NOT A REQUEST FOR PAYMENT

Marie James. Controller

Figure 14-4 Illustrative Accounts Payable Confirmation

Zenith Manufacturing Company

200 C, M. Recto Avenue
Metro Manila

January 15, 20X4

Sheehan Supply Company

2134 Sucat Road
Paraniaque, Metro Manila

Please forward a detailed statement of our indebtedness to you to our auditor:

Max A. Cruz & Co., CPAs

who are auditing our fInancial statements. Include in your statement all open
accounts, notes, acceptances, or other indebtedness as of December 31 , 20X3.
An envelope addressed to our auditors is enclosed.

Marie James, Controller

Figure 14-5 Illustrative Client’s General Representation Letter

ACE MANUFACTURING, INC.

March 15, 20x4

Navarro, Fuentecilta, Macayayong, & Co., CPAs

Po. Box 378
Mendiola, Manila

Gentlemen:

This representation letter is provided in connection with your audit of the financial statements of ABC Company for the year
ended December 31, 2013 for the purpose of expressing an opinion to whether te financial statements are presented fairly, in
all materials respects, in accordance with Philippine Financial Reporting Standards.

We confirm that (, to the best of our knowledge and belief, having made such inquiries as we considered necessary for the
purpose of appropriately informing ourselves):

Financial Statements

 We have fulfilled our responsibilities for the preparation and presentation of the financial statements as set out in
the terms of the audit engagement dated [insert date and in particular, the financial statements are fairly presented
in accordance with Philippine Financial Reporting Standards.
 Significant assumptions used by us in making accounting estimates included those measured at fair value, are
reasonable. (PSA 540 (Clarified)).
 Related party relationships and transactions have been appropriately accounted for and disclosed in accordance
with the requirements of Philippine Financial Reporting Standards. (PSA 550 (Clarified)).
 All events subsequent to the date of the financial and for which Philippine Financial Reporting Standards requires
adjustment or disclosure have been adjusted or disclosed (PSA 560 (Clarified))
 The effects of uncorrected misstatements are immaterial, both individually an din aggregate, to the financial
statements as a whole. A list of the incorrected misstatements are immaterial, both individually and in aggregate, to
the financial statement as a whole. A list of the uncorrected misstatements is attached to the representation letter
([Proposed] PSA 540 (Clarified)).
 [ Any other matter that the auditor may consider appropriate (see paragraph A12 of PSA 580 (Clarified).]

Information Provided

 We have provided with:

- All information such as records and documentation and other matters that are relevant to the preparation and
presentation of the financial statements;
- Additional information that you have requested from us; and
- Unrestricted access to those within the entity.
 All transaction have been recorded in the accounting records and are reflected in the financial statements.
 We have disclosed to you the results of our assessment of the risk that the financial statements may be materially
misstated as a result of fraud. (PSA (Clarified))
 We have disclosed to you all information in relation to fraud or suspected fraud that we are aware of and that
affects the entity and involves:
- Management
- Employees who have significant roles in internal control; or
- Others where the fraud could have a material effect on the financial statements. (PSA(Clarified))
 We have disclosed to you all information in relation to allegations of fraud, or suspected fraud, affecting the
entity’s financial statements, communicated by employees, former employees, analyst, regulators or others. (PSA
240 (Clarified))
 We have disclosed to you all known instances of non-compliance or suspected non compliance with laws and
regulations whose effects should be considered when preparing financial statements. (PSA 250 (Clarified))
 We have disclosed to you the identity of the entity’s related parties and all the related party relationships and
transactions of which we are aware. (PSA 550 (Clarified))
 [ Any other matters that the auditor may consider necessary ( see paragraph A13 of PSA 580 (Clarified)).]
 ACE MANUFACTURING, INC.
ACCOUNTS RECEIVABLE CERTIFICATE

March 15, 20x4

Navarro, Fuentecilta, Macayayong, & Co., CPAs

Po. Box 378
Mendiola, Manila

Gentlemen:

In connection with your examination of our accounts as at December 31, 20x3, we hear by make the following statements
and representations concerning the accounts receivable as at the date amounting to P2,600,000.

1) All accounts receivable recorded on the books as the above mentioned sate represented valid claim’s against
customers.
2) None of our company’s accounts receivable was pledged or otherwise hypothecated.
3) All states to and including the above date have been recorded on the books as states of the year then ended and the
merchandise sold has been excluded from inventories of that date. The accounts receivable shown in the books do
not include charges with respect to materials or merchandise shipped subsequent to the statement of financial
position date
4) The amount P130,000 provided as an allowance for possible doubtful accounts receivable is adequate to provide
for any toss that may be sustained in collection the manta receivable from customers as at the date above.

Very truly yours,

(To be signed by company officer who has responsibility over accounts receivable)

Figure 14-6 Illustrative Client’s Representation Letter for Accounts Receivable

 ACE MANUFACTURING, INC.
INVENTORY CERTIFICATE

March 15, 20x4

Navarro, Fuentecilta, Macayayong, & Co., CPAs

Po. Box 378
Mendiola, Manila

Gentlemen:

In connection with your examination of our accounts as at December 31, 20x3, we hear by make the following statements
and representations concerning our inventories.

1) The proper valuation of the inventories at the above date are as follows:
Finished Goods P 972,000
Goods in Process 950,000
Raw Materials 1,500,000
Factory Supplies 500,000
P 3,922,000
2) The inventory quantities are correct and were determined by actual weight or count. The inventories were taken
under proper supervision by responsible employees of our company.
3) The inventories are the property of our company and have not been pledged
4) The inventories do not include any stocks on consignment or other items to which our company has no title. Items
billed by our company up to and including the statement of financial position date have not been included in the
inventories.
5) The inventory is priced at cost (first-in, first-out). This basis and the methods of computation are the same as were
used at the end of the previous year.
6) No obsolete, damaged or unusable merchandise are included in the inventory at prices in excess of net realizable
value.
7) No purchase commitments exist at prices in excess of market prices at above date and no sales commitments exist
below inventory prices.

Very truly yours,

(To be signed by company officer who has responsibility over inventories)

Figure 14-7 Illustrative Client’s Representation Letter for Inventory

 ACE MANUFACTURING, INC.
LIABILITY CERTIFICATE

March 15, 20x4

Navarro, Fuentecilta, Macayayong, & Co., CPAs

Po. Box 378
Mendiola, Manila

Gentlemen:

In connection with your examination of our accounts as at December 31, 20x3, we hear by make the following statements
and representations concerning our company’s liabilities:

1) All liabilities have been recorded in the books of accounts including the liabilities for all purchases, titles of which
have passed to our company on or prior to the above date.
2) As at the above-mentioned date, our company had no contingent liabilities, except:
a. Unused letters or credit totaling P90,200
3) The company is not aware of any possible tax assessment nor has it received any tax assessment which has not
been paid for as follows:
4) There were no contractual obligations of material amount for the construction or purchase of fixed assets.
5) The following assents have been pledged to secure liabilities enumerated below:
Assets Pledged Liabilities Secured

Description Value Creditor Amount

Investment in shares of P100,000 (cost) Western Banking Notes Payable –

stock of Atlantic. P600,000

Land P474,000 (cost) BB Loans & Securities Notes Payable –

Western Banking P200,000
P300,000

Machinery and P14,500,000 Philippine Bank Mortgage Payable –

Equipment P9,000,000

Very truly yours,

(To be signed by financial officer of the company)

Figure 14-8 Illustrative Client’s Representation Letter for Liabilities

EVIDENCE ABOUT ACCOUNTING ESTIMATES

Careful consideration must be given by the auditor on financial statement accounts that are affected by
estimates made by management (often referred to as accounting estimates), particularly those for
which a wide range of accounting methods are considered acceptable.
The auditor should obtain sufficient appropriate audit evidence regarding accounting estimates.
"Accounting estimate" means an approximation of the amount of an item in the absence of a precise
means of measurement. Examples are:

 Allowances to reduce inventory and accounts receivable to their estimated realizable value.
 Provisions to allocate the cost of fixed assets over their estimated useful lives
 Accrued revenue.
Management is responsible for making accounting estimates included in financial statements. These
estimates are often made in conditions of uncertainty regarding the outcome of events that have
occurred or are likely to occur and involve the use of judgment. As a result, the risk of material
misstatement is greater when accounting estimates are involved.

Nature of Accounting Estimates

The determination of an accounting estimate may be simple or complex depending upon the nature of
the item. For example, accruing a charge for rent may be a simple calculation, whereas estimating a
provision for slow-moving or surplus inventory may involve considerable analyses of current data and a
forecast of future sales. In complex estimates, there may be a high degree of special knowledge and
judgment required.

Accounting estimates may be determined as part of the routine accounting system operating on a
continuing basis. or may be non-routine, operating only at period end. In many cases, accounting
estimates are made by using a formula based on experience, such as the use of standard rates for
depreciating each category of fixed assets or a standard percentage of sales revenue for computing a
warranty provision. In such cases, the formula needs to be reviewed regularly by management, for
example, by reassessing the remaining useful lives of assets or hy comparing actual results with the
estimate and adjusting the formula when necessary

The uncertainty associated with an item, or the lack of objective data may make it incapable of
reasonable estimation, in which case, the auditor needs to consider whether the auditor's report needs
modification to comply with PSA 700, "Forming an Opinion and Reporting on Financial Statements

Audit Procedures

The auditor should obtain sufficient appropriate audit evidence as to whether an accounting estimate is
reasonable in the circumstances and, when required, is appropriately disclosed. The evidence available
to support an accounting estimate will often be more difficult to obtain and less conclusive than
evidence available to support other items in the financial statements
An understanding of the procedures and methods, including the accounting and internal control
systems, used by management in making the accounting estimates is often important for the auditor to
plan the nature, timing and extent of the audit procedures.

The auditor should adopt one or a combination of the following approaches in the audit of an
accounting estimate:

(a) Review and test the process used by management to develop the estimate:
(b) Use an independent estimate for comparison with that prepared by management, or
(c) Review subsequent events which confirm the estimate made.
Reviewing and Testing the Process Used by Management

The steps ordinarily involved in reviewing and testing of the process used by management are:

(a) Evaluation of the data and consideration of assumptions on which the estimate is based
(b) Testing of the calculations involved in the estimate;
(c) Comparison, when possible, of estimates made for prior periods with actual results of those
periods, and
(d) Consideration of management's approval procedures
Evaluation of Results of Audit Procedures

The auditor should make a final assessment of the reasonableness of the estimate based on the
auditor's knowledge of the business and whether the estimate is consistent with other audit evidence
obtained during the audit

EVIDENCE FOR RELATED PARTY TRANSACTIONS

How should auditors react if a corporation buys a parcel of real estate from one of its executive officers
at an obviously excessive price? This situation illustrates the problems that may arise for auditors when
the client company enters into related party transactions. The term related parties refers to the client
entity and any other party with which the client may deal where one party has the ability to influence
the other to the extent that one party to the transaction may not pursue its own separate interests.
Examples of related parties include officers, directors, principal owners, and members of their
immediate families; and affiliated companies, such as subsidiaries.

A related party transaction is any transaction between the company and these parties (except for
normal compensation arrangements, expense allowances, and similar transactions arising in the
ordinary course of the business). Since transactions with related parties are not conducted at arm's
length, the auditors should be aware that the economic substance of these transactions may differ from
their form. Common methods of identifying related parties include making inquiries of management and
reviewing SEC filings, stockholders' listings, and conflict-of-interest statements obtained by the client
from its executives. A list of all known related parties should be prepared at the beginning of the audit
so that the audit staff may be alert for related party transactions throughout the engagement. This list is
retained in the auditors' permanent file for reference and updating in successive engagements. As they
perform the audit, the auditors will be alert for transactions with these parties and any transactions with
unusual terms that might be indicative of related party negotiations.

The primary concern of the auditors is that material related party transactions are adequately disclosed
in the client's financial statements or the related notes Disclosure of related party transactions should
include: the nature of the relationship: a description the transactions, including peso amounts; and
amounts due to and from related parties, together with terms and manner of settlement.

Multiple Choice Questions – CHAPTER 14

1. Lewi, CPA, is planning the audit of Jen's Company. Jen verbally asserts to Lewi that all the expenses for
the year have been recorded in the accounts. Jen's representation in this regard:
a. is sufficient evidence for Lewi to conclude that the completeness assertion is supported for the
expenses.
b. can enable Lewi to minimize his work on the assessment of control risk for the completeness of
expenses.
c. should be disregarded because it is not in writing.
d. is not considered a sufficient basis for Lewi to conclude that all expenses have been recorded.

2. The evidence considered most appropriate or competent by auditors is best described as:
a. internal documents such as sales invoice copies produced under conditions of strong internal
control.
b. written representations made by the president of the company.
c. documentary evidence obtained directly from independent external sources.
d. direct personal knowledge obtained through physical observation and mathematical
recalculation.

3. Which of the following audit procedures would provide the least reliable evidence that the client has
legal title to inventories?
a. a Confirmation of inventories at locations outside the client's facilities
b. Analytical review of inventory balances compared to purchasing and sales activities
c. Observation of physical inventory counts
d. Examination of paid vendors' invoices

4. Of the following, which is the least persuasive type of audit evidence?

a. Documents mailed by outsiders to the auditor
b. Correspondence between auditor and vendors
c. Copies of sales invoices inspected by the auditor
d. Computations made by the auditor
5. Which of the following statements is generally correct about the competence of evidential matter?
a. The auditor's direct personal knowledge, obtained through observation and inspection, is
more persuasive than information obtained indirectly from independent outside sources.
b. To be competent, evidential matter must be either valid or relevant, but it need not be both.
c. Accounting data alone may be considered sufficient, competent evidential matter from which to
issue an unqualified opinion on financial statements.
d. Competence of evidential matter refers to the amount of corroborative evidence to be
obtained.

6. Audit programs should be designed so that

a. most of the required procedures can be performed as interim work.
b. inherent risk is assessed at a sufficiently low level.
c. the auditor can make constructive suggestions to management.
d. the audit evidence gathered supports the auditor's conclusions.

7. Which of the following procedures would provide the most reliable audit evidence?
a. Inquiries, held in private, of the client's internal audit staff
b. Inspection of pre-numbered client purchase orders filed in the vouchers payable department
c. Analytical procedures performed by the auditor on the entity's trial balance
d. Inspection of bank statements obtained directly from the client's financial institution

8. Which of the following presumptions does not relate to the competence of audit evidence?
a. The more effective internal control is, the more assurance it provides about the accounting data
and financial statements.
b. An auditor's opinion, to be economically useful, is formed within a reasonable time and based
on evidence obtained at a reasonable cost.
c. Evidence obtained from independent sources outside the entity is more reliable than evidence
secured solely from within the entity.
d. The independent auditor's direct personal knowledge, obtained through observation and
inspection, is more persuasive than information obtained directly.

9. Which of the following presumptions is correct about the reliability of evidential matter?
a. Information obtained indirectly from outside sources is the most reliable evidential matter.
b. To be reliable, evidential matter should be convincing rather than persuasive
c. Reliability of evidential matter refers to the amount of corroborative evidence obtained
d. Effective internal control provides more assurance about the reliability of evidential matter.

10. Which of the following factors is most important in determining the appropriateness of audit
evidence?
a. The reliability of the evidence in meeting the audit objective
 b. The objectivity of the auditor gathering the evidence
c. The independence of the source of evidence
d. d. The quantity of the evidence obtained

11. Which of the following is the best definition? Appropriate evidence is evidence that
a. is reasonably free of error and bias and faithfully represents what it purports to represent.
b. is obtained by observing people, property, and events.
c. is supplementary to other evidence already given and tends to strengthen or confirm it.
d. proves an intermediate fact, or group of facts, from which one can infer the existence of some
other fact that is significant to the issue under consideration.

12. In testing the reasonableness of interest income, an auditor could most effectively use analytical
procedures involving
a. the beginning balance in the investments account for fixed-income securities.
b. the average monthly balance in the investments account for fixed income securities.
c. the ending balance in the investments account for fixed-income securities.
d. documentary support of specific entries in the account

13. An auditor's preliminary analysis of accounts receivables revealed the following turnover rates: 2015
(4.3%); 2014 (6.2%); 2013 (7.3%). Which of the following is the most likely cause of the decrease in
accounts receivable turnover?
a. Increase in the cash discount offered
b. Liberalization of credit policy
c. Shortening of due-date terms
d. Increased cash sales
PSA _____320_____ is Materiality in Planning and Performing an Audit

Risk that affects the operations and potential outcomes of organizational activities is
__BUSINESS RISK_________

PSA __240_____ is The Auditor's Responsibilities Relating to Fraud in an Audit of

Financial Statements.

PSA ___210_____ is Agreeing the Terms of Audit Engagements

PSA ____230____ is Audit Documentation

PSA _____330____ is The Auditor's Responses to Assessed Risks
Which of the following are the responsibilities of the external auditor in auditing financial
statements?
I – maintaining internal controls and preparing financial reports
II – providing internal assurance on internal control and financial reports
Neither I nor II

Which of the following items should not be included in audit documentation?

Service fees of the audit team members

Which of the following is a true statement regarding audit evidence and audit
procedures?
The auditor has a responsibility to design and perform audit procedures to obtain
sufficient appropriate audit evidence

Which of the following is included as part of the principles governing an audit?

Auditors need to maintain professional skepticism only on audits where there is a high
risk of material misstatements

Which of the following factors does not create a demand for external audit services?
I – Potential bias by management in providing information
II – Complexity of the accounting processing system
III – Required by professional organizations
III only
Which of the following parties are involved in preparing an opinion on the audited
financial statements?
External auditor

Which of the following statements is true about the audit opinion formulation process?
The audit opinion formulation process is based on the premise that management has
responsibility to prepare the financial statements and maintain internal control over
financial reporting.

Which of the following expectations can users of the audit report reasonably expect with
regards to the audited financial statements?

I - The financial statements are presented fairly according to the substance of PFRS
II - The financial statements include all financial disclosures desired by users
III - The financial statements are free from all errors
I only

Which of the following is a false statement regarding audit documentation?

I – Audit program is an example of audit documentation
II – Audit documentation helps facilitate internal and external inspections of completed
audits
Neither I nor II

Which of the management assertion addresses whether the components of the financial
statements are properly classified, described and disclosed?
Presentation and disclosure

Which of the following procedures is least likely to be performed during the final stage of
the audit opinion formulation process?
I – Assessment of misstatements detected during the performance of substantive
procedures and tests of controls
II – Performance of preliminary analytical review procedures
II only
Which of the following is not part of the activities within the audit opinion formulation
process?
The auditor determines the appropriate compilation and tax services to provide to the
client

Identified insignificant related party transactions outside the entity's normal course of
business are to be treated as giving rise to significant risk
True (not sure sa sabat kay wala man ni gincorrectionan ni Maam pero sa book FALSE ni)

Under risk-based audit approach auditor examines core business processes and
resource management.
True

Audit technology now a days is fully developed because of information technology

False

An auditor can avoid audit risk by not accepting certain companies or client
True

Performance of risk assessment procedures to identify risks of material misstatement

through understanding the entity is done in Phase II
False

Business risk and financial reporting risk may affect each other.
True

Competence and integrity of management strongly affect business risk

False

Risk - based model does not treat each risk component as separate and independent.
False
Any client is worth accepting in an audit engagement.
False

Estimates of fair values of assets requires judgment.

True

High levels of audit risk are appropriate for client with lower levels of engagement risk
True

Audit risk and financial reporting risk originates with the audit client and its environment
False

In terms of technical knowledge and expertise, which of the following should external
auditors not do?
Accommodate request of management to provide consulting services

Setting audit risk at 1% is equivalent to performing a statistical test using 99%

confidence level.
True