By: DAVE RITZ J.

PERIA, CPA

A.

Understanding a Clients Business B. Environmental Conditions C. Information Risk

risk is the risk that an entity will fail to meet its objectives. Failing to reach objectives can eventually result in temptation to misstate financial statements to avoid business failure.

Business

I lost my savings in a bad investment!

Complexity Decisions makers are not trained to collect, compile, and summarize the key operating information themselves. Remoteness Investors are not able to personally visit locations to check on investments. Time sensitivity Decisions must often be made on a moments notice. Consequences A drop in investment value can wipe out ones life savings.

Information risk is the probability that the information circulated by a company will be false or misleading. Client management has an incentive to make the business appear better than it actually may be. This can create a conflict of interest between client management and investors.

Financial Statements

The framework does not itself establish standards or provide procedural requirements for the performance of assurance engagements

In addition to the framework and Philippine Standards on Auditing PSA), Philippine Standards on Review Engagements (PSRES) and Philippine Standards on Assurance Engagements (PSAE). Practitioners who perform assurance engagements are governed by:

The Philippine Code of Ethics for Professional Accountants and Philippine Standards on Quality Control

-refers to the auditors satisfaction as to the reliability of an assertion being made by one party for use by another party

 Assurance

services encompass attestation

services Attestation service is an engagement to issue, or does issue, a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party Auditing is a specific type of attestation

Assurance Services Any Information Attestation Services Primarily Financial Information Auditing Financial Statements

-an engagement in which a practitioner expresses a the conclusion designed to enhance the degree of confidence that intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria.

1.

A three party relationship involving:

a practitioner; a responsible party; and Intended users.

2. An appropriate subject matter 3. Suitable Criteria 4. Sufficient Appropriate evidence 5. A written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement

a.
b. c. d. e.

Relevance Completeness Reliability Neutrality Understanding

1. REASONABLE ASSURANCE ENGAGEMENT - the objective is a reduction in assurance engagement risk to an acceptably low level in the circumstances of the engagement as the basis for positive form of expression of the practitioners conclusion. - Example: Financial Statement(FS) Audit 2. LIMITED ASSURANCE ENGAGEMENT - the objective is a reduction in assurance engagement risk to a level that is acceptable in the circumstances of the engagement, but where the risk is greater than for a reasonable assurance engagement, as a basis for a negative form of expression of the practitioners conclusion. - Example: compliance with regulation

Reasonable assurance is less than absolute assurance Absolute assurance in auditing is not attainable as a result of factors such as the following:

a. b. c. d.

e.

The use of selective testing The inherent limitations of any accounting and internal control systems The fact that most of the evidence available to the practitioner is persuasive rather than conclusive The use of judgment in gathering and evaluating evidence and forming conclusions based on that evidence In some cases, the characteristics of the subject matter when evaluated or measured against the identified criteria

 Audits
Reviews Other

Assurance Services ( CPA Web Trust, Eldercare Plus, Business Performance Measurement Services, Information Reliability Services)

 Agreed-upon

procedures Compilation of financial or other information Preparation of tax returns and tax consulting Management consulting Other advisory services

ASSURANCE
NATURE OF SERVICE Level of Assurance Provided Report Provided AUDIT REVIEW

NON-ASSURANCE
AGREEDCOMPILATION UPON PROCEDURES No Assurance No Assurance

High, but not Moderate absolute Assurance assurance Positive assurance on assertions (Audit Report) Negative assurance on assertions (Review Report)

Factual findings of procedures

Identification of information compiled (Compilation Report)

PSA 200

 The

Auditing and Assurance Standards Council (AASC) has been given the tasks to promulgate auditing standards, practices and procedures which shall be accepted by the accounting profession in the Philippines AASC was established by the Philippine Regulation Commission (PRC) upon the recommendation of the Board of Accountancy (BOA)

To facilitate the preparation by the AASC of its pronouncements and to attain uniformity with international auditing standards, the AASC approved the adoption of the following: a. International Standards on Auditing (ISAs) b. International Standards on Assurance Engagements(ISAEs) c. International Standards on Review Engagements (ISRES) d. International Standards on Related Services (ISRSs)

-issued by the International Assurance and Auditing Standards Board (IAASB) created by International Federation of Accountants (IFAC)

Financial Statements (including footnotes)

Persons who rely on the financial reports

Creditors Investors

Auditing is a systematic process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between the assertions and established criteria GAAP and communicating the results to Auditor's Report/ interested users.
Other Reports

 Financial

Statement Audit - conducted to determine whether the FS of an entity is presented in accordance with an identified financial framework Operational Audit - is a study of an organizations unit to assess entitys performance, identify areas of improvement and make recommendations to improve performance Compliance Audit - involves a review of an organizations procedures to determine its compliance to specific procedures, rules or regulations

CPA Firms/External Auditors -independent contractors -are the ones who generally perform FS audit Internal Auditors - they usually perform operational audit - Entitys own employees who investigate and appraise the effectiveness and efficiency of operations and internal controls Government Auditors

-conduct compliance audit like COA Auditors BIR Examiners

 to

enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework.

 Management

is responsible for preparation and presentation of financial statements With oversight from those charged with governance. Audit does not relieve management or those charged with governance of their responsibilities

 The

auditors responsibility is to form and express an opinion on the financial statements.

 The

auditor should comply with the Code of Professional Ethics The auditor should conduct an audit in accordance with Philippine Standards on Auditing The auditor should adopt the attitude of professional skepticism

Professional skepticism is an auditors tendency not to believe managements assertions without sufficient corroboration.

 An

audit conducted in accordance with PSA is designed to provide only reasonable assurance that the financial statement taken as a whole are free from material misstatements

 The

use of testing. The inherent limitations of internal control (for example, the possibility of management override or collusion). The fact that most audit evidence is persuasive rather than conclusive. Use of judgment

 The

objective of a review of financial statements is to enable a practitioner to state whether, on the basis of procedures which do not provide all the evidence that would be required in an audit, anything has come to the practitioners attention that causes the practitioner to believe that the financial statements are not prepared, in all material respects, in accordance with an identified financial reporting framework (negative assurance)

review comprises INQUIRY and ANALYICAL PROCEDURES which are designed to review the reliability of an assertion that is the responsibility of one party for use by another party. The review does not ordinarily involve an assessment of accounting and internal controls, test of records and other procedures ordinarily performed during an audit. The level of assurance given is less than that given in an audit report

 In

an engagement to perform agreed-upon procedures, an auditor is engaged to carry out those procedures of an audit nature to which the auditor and the entity and any appropriate third parties have agreed and to report on FACTUAL FINDINGS.

 The

recipients of the report must form their own conclusion from the report of the auditor The report is restricted to those that have agreed to the procedures to be performed since others, unaware of the reasons for the procedures, may misinterpret the results.

 In

a compilation engagement, the accountant is engaged to use accounting expertise as opposed to auditing expertise to collect, classify and summarize financial information It ordinarily entails reducing detailed data to manageable and understandable form without a requirement to test the assertions underlying that information

 The

procedures performed are not designed and do not enable the accountant to express any assurance on the financial information Users of compiled financial information derive some benefit as a result of the accountants involvement because the service has been performed with due professional skill and care

NATURE OF SERVICE

AUDIT

REVIEW

AGREED-UPON PROCEDURES

COMPILATION

Level of Assurance Provided Report Provided

High, but not Moderate absolute Assurance assurance Positive assurance on assertions (Audit Report)

No Assurance No Assurance

Negative Factual assurance on findings of assertions procedures (Review Report)

Identificatio n of information compiled (Compilation Report)

 Auditors

opinion must be based on an examination conducted in accordance with professional standards. Failure to comply exposes the auditor to risks such as loss of public respect or even assessment of legal damages. STANDARDS are established to measure the quality of performance of individuals and organizations. BOA promulgated ten Generally Accepted Auditing Standards (GAAS). PSAs are issued to clarify the meaning of these ten GAAS

GENERAL STANDARDS

STANDARDS OF FIELDWORK

STANDARDS OF REPORTING

Technical
Training and Proficiency

Planning Internal
Control Considerations

Generally
Accepted Accounting Principles

Independence Professional
care

Evidential
matter

Inconsistency Disclosure Opinion

 Quality

controls are policies and procedures adopted by CPAs to provide reasonable assurance of conforming with professional standards in performing audit and related services

1.
2. 3. 4. 5. 6. 7.

LEADERSHIP RESPONSIBILITIES FOR QUALITY ON AUDITS ETHICAL REQUIREMENTS INDEPENDENCE ACCEPTANCE AND CONTINUANCE OF CLIENT RELATIONSHIP HUMAN RESOURCES and ASSIGNMENT ENGAGEMENT PERFORMANCE MONITORING

 Establishing

policies and procedures designed to promote an internal culture based on the recognition that quality is essential in the performance of the engagement The ENGAGEMENT PARTNER should take for the overall quality on each audit engagement to which the partner is assigned

 Establishing

policies and procedures designed to provide it with reasonable assurance that the firm and its personnel comply with ethical requirements which include: a. Integrity b. Objectivity c. Professional Competence and due care d. Confidentiality; and e. Professional behavior

 Establishing

policies and procedures designed to provide it with reasonable assurance that the members of the engagement team, the firm and where applicable, the network firms maintain independence

 Establishing

policies and procedures for acceptance and continuance of client relationship and specific engagements, designed to provide it with reasonable assurance that it will only undertake or continue relationships and engagements where it: a. Has considered the integrity of the client; b. Is competent to perform the engagement and has the capabilities, time and resources to do so; and c. Can comply with ethical requirements

 Establishing

policies and procedures that should address issues concerning personnel like: a. Recruitment b. Performance evaluation, compensation and promotion c. Capabilities and competence d. Career development e. Assignment of engagement teams

 Establishing

policies and procedures designed to provide it with reasonable assurance that the engagement is performed in accordance with professional standards and regulatory and legal requirements, and for the auditors report that is issued to be appropriate in the circumstances

 The

engagement partner should take responsibility for the following: a. Direction b. Supervision c. Review d. Consultation e. Engagement Quality Control Review f. Differences in Opinion

 The

continued adequacy and operational effectiveness of quality control policies and procedures is to be monitored Policies and procedures must be adopted to provide reasonable assurance that the systems of quality control are relevant, adequate and operating effectively

 Should

be communicated to its personnel in a manner that provides reasonable assurance that the policies and procedures are understood and implemented

 The

BOA has created a QUALITY REVIEW COMMITTEE (QRC) which shall conduct a quality review on applicants for registration to practice public accountancy and shall recommend the revocation of the certificate of registrations of CPAs who have not observed the quality control measure or those who have not complied with the standards

AUDITORS RESPONSIBILITY TO CONSIDER FRAUD, ERROR AND NONCOMPLIANCE

Philippine Standards on Auditing 240 and 250

ERROR refers to unintentional misstatement in financial statements, including the omission of an amount or a disclosure.
FRAUD refers an intentional act by one or more individuals among management, those charged with governance, employees, involving the use of deception to obtain an unjust or illegal advantage. NONCOMPLIANCE refers to acts of omission or commission by the entity being audited, either intentional or unintentional, which are contrary to the prevailing laws or regulations.

1. FRAUDULENT FINANCIAL REPORTING or MANAGEMENT FRAUD 2. MISAPPROPRIATION OF ASSETS or EMPLOYEE FRAUD

FRAUDULENT FINANCIAL REPORTING or MANAGEMENT FRAUD

- involves intentional misstatements or omissions of amounts or disclosures in the financial statements to deceive financial statement users. This may involve: a. Manipulation, falsification or alteration of records or documents b. Misrepresentation in or intentional omission of the effects of transactions from records or documents c. Recording of transactions without substance d. Intentional misapplication of accounting policies

MISAPPROPRIATION OF ASSETS or EMPLOYEE FRAUD

Involves

theft of an entitys assets committed by the entitys employees. This may include: a. Embezzling of Receipts b. Stealing entitys assets cash, marketable securities and inventory c. Lapping of accounts receivable
-this type of fraud accompanied by false or misleading records or documents in order to conceal the fact that the assets are missing

 Involves

MOTIVATION to commit it and PERCEIVED OPPORTUNITY to do so.

When planning and performing audit procedures and in evaluating and reporting the results thereof, the auditor should recognize that fraud, error and noncompliance with laws and regulations may materially affect the financial statements.

MANAGEMENT- It is the responsibility of the management to establish appropriate controls to prevent and detect fraud, error and noncompliance.
THOSE CHARGED WITH GOVERNANCE- It is the responsibility of those charged with governance to oversee management to ensure that appropriate controls are in place.

The auditors responsibility is to design the audit to obtain reasonable assurance that the financial statements are free from MATERIAL misstatements, whether caused by error, fraud or noncompliance.

 Over

reliance on client representations. Lack of awareness or failure to recognize that an observed condition may indicate a material fraud. Lack of experience. Personal relationships with clients.

Fraud risk factors that relate to misstatements resulting from fraudulent financial reporting:

Management Characteristics Industry Conditions Operating Characteristics

Fraud risk factors that relate to misstatements resulting from misappropriation of assets:

Susceptibility of assets to theft Condition of Internal Control

The auditor should obtain a general understanding of legal and regulatory framework
The auditor should design procedures to help identify instances of noncompliance. The auditor should design audit procedures to obtain sufficient appropriate evidence about compliance with laws and regulations.

 Discussion

of engagement personnel. Specific risks identified and auditor response. Communication to management, audit committee, etc.

Responsible for Detection?

Must Communicate Findings?

Material

Immaterial

Material

Immaterial

Errors

Yes

No

Yes

No

Fraud

Yes

No

Yes

Yes (One level above)

Illegal Acts

Yes

No

Yes

Yes (One level above)

CONDUCTING AN AUDIT OF FINANCIAL STATEMENTS

ISSUE REPORT COMPLETING THE AUDIT SUBSTANTIVE PROCEDURES INTERNAL CONTROL CONSIDERATION AUDIT PLANNING

PREENGAGEMENT PROCEDURES

1.

Evaluate compliance with ethical requirements (PSA 220)

Evaluate continuance of relationship with existing clients (PSA 220) Establish the terms of the engagement (PSA 210)

2.

3.

Client selection and retention Communication between predecessor and successor auditors Engagement letters Staff assignment Time budget

 In

making decisions whether to accept or reject an audit engagement, the firm should consider: 1. Its competence 2. Its independence 3. Its ability to serve the client properly 4. The integrity of the prospective clients management

This serves as the written contract between the auditor and the client. This sets forth: a. Objective of the audit of FS b. Management responsibility c. Scope of the audit d. Forms or any reports or other communication that the auditor expects to issue e. Limitations of the audit f. Responsibility of the client to allow the auditor have unrestricted access to whatever information in connection with the audit

In addition, the auditor may also include the following items: a. Billing arrangements b. Expectations of receiving management representation letter c. Other arrangement like (involvement of an expert, internal auditors and other client personnel? d. Request for the client to confirm the terms of the engagment

Helps ensure that appropriate attention is devoted to important areas of the audit Helps identify potential problems Assists in proper assignment and coordination of audit work Helps ensure that the audit is conducted effectively and efficiently

Understand the entity and its environment including the entitys internal control Develop an overall audit strategy and detailed approach (Risk, Materiality and Analytical Procedures) Audit Planning Documentation.

1.

2. 3. 4. 5.

Industry, regulatory and other external factors, including the applicable financial reporting framework Nature of the entity, including the selection and application of accounting policies Objectives and strategies and the related business risks Measurement and review of the entitys performance Internal control

 Obtaining

understanding of the entitys control system Assessing the level of control risk Performing tests of controls

Audit risk (AR) is the risk (likelihood) that the auditor may unknowingly fail to modify the opinion on financial statements that are materially misstated (e.g., an unqualified opinion on misstated financial statements.) The AUDIT RISK MODEL decomposes overall audit risk into three components: inherent risk (IR), control risk (CR), and detection risk (DR):

AR = IR x CR x DR

Internal Controls
Events,
Transactions

Accounting Information System

Substantive Procedures

Financial Statements

INHERENT RISK The likelihood that, in the absence of internal controls, an error or fraud will enter the accounting information system

CONTROL RISK The likelihood that an error or fraud will not get caught by the clients internal controls.

DETECTION RISK The likelihood that an error or fraud will not be caught by the auditors procedures.

AUDIT RISK The likelihood that an error or fraud will occur, and not get caught by either the internal controls or auditors procedures.

 Using

the information obtained in audit planning and consideration of internal control, the auditor performs test to determine whether the entitys FS are fairly presented in accordance with financial reporting standards These would involve EXAMINATION of DOCUMENTS and EVIDENCE supporting the amounts and disclosure in the FS

AR = IR x CR x DR

Detection Risk and the Nature, Timing, and Extent of Audit Procedures
Lower Detection Risk Higher Detection Risk

Nature
Timing

More effective tests.

Testing performed at year-end. More tests.

Less effective tests.

Testing can be performed at Interim. Fewer tests.

Extent

 Review

of subsequent events and contingencies Assessing going concern assumption Performing overall analytical review procedures Obtaining a written representations from the management

 Forming

a conclusions about the financial statements. This conclusion in the form of an opinion is communicated to various interested users through an AUDIT REPORT

_END OF SESSION 1_