CHAPTER 1

FUNDAMENTAL PRINCIPLES OF ASSURANCE SERVICES

Chapter Overview and Objectives:

This chapter discusses the fundamental principles of assurance services. At the

end of this chapter, readers should be able to discuss
1. The fundamental principles of assurance services
2. The assurance services
a. Definition
b. Objective
c. Elements
d. Types (as to level of assurance and as to structure)
e. Common examples
3. The non-assurance services
4. The global organizations and standard-setting boards of the
accountancy profession
5. The professional standards governing assurance and non-assurance
engagements

Relevant references:
PFAE - Philippine Frameworkfor Assurance Engagements

PSA 120 - Framework of Philippine Standards on Auditing

Preface - Preface to the Philippine Standards on Quality Control, Auditing,

Review, Other Assurance and Related Services
INTRODUCTION TO ASSURANCE
I
Decision-making has been a normal part of our lives. Countless number of
decisions each and every day is made which can significantly affect a life of
every person and of every organization.

To have a favorable outcome, decision makers heavily rely on information

available which, more often than not, is prepared or provided by other
persons or organizations. However, in most instances, the interests of the
providers of information contradict with those of the users of the
information. Thus, creating the need for an objective evaluation of the
information in order to have a more reliable and dependable information.

In business, reliable information becomes an essential aspect of decision-

making. Decision makers gather relevant and reliable information prior to
making any economic decisions that normally include the following:
Users Economic decisions
Potential and V to decide when to buy, hold or sell an equity
existing investment s/ to assess the stewardship or
investors accountability of management to determine
distributable profits and dividends (for
Board of Directors — BOD)

Lenders and to assess the security for amounts lent to the entity
other creditors
Employees to assess the ability of the entity to pay and provide
other benefits to its employees
Government to determine taxation policies
V to prepare and use national income statistics
to regulate the activities of entities
*Lifted from Conceptual Framework for Financial Reporting
Commonly, these users will rely on the financial information embodied in the
financial statements presented and prepared by the entity where they plan
to invest, grant a loan, request salary increases or additional benefits, or
change taxation policies. This situation had created the need for
independent Certified Public Accountant (CPA) who is equipped with
 appropriate skills and knowledge to objectively evaluate the information. The
CPA is expected to provide reasonable assurance as to the fairness of
preparation and presentation of the financial information.

Such assurance will be expressed in the form of an opinion or conclusion

which will later be communicated in an assurance report.

Aim... Believe... Claim... Page 2

What is assurance?
Assurance refers to the practitioner's satisfaction as to the reliability of an
assertion being made by one party for use by another party.

Simply stated, assurance means how sure or certain the practitioner is that the
representation made by a particular party is reliable.

ASSURANCE ENGAGEMENTS
Definition
Assurance engagement (or services) means an engagement in which a
practitioner expresses a conclusion designed to enhance the degree of
confidence of the intended users other than the responsible party about the
outcome of the evaluation or measurement of a subject matter against
criteria.

Assurance services are three-party contracts in which assurers report on (or

improve) the quality of information. It is used to describe the broad range of
information enhancement services that are provided by CPAs.

These services are performed by an independent professional designed to

improve the quality or enhance the credibility of the subject matter of the
engagement.

Objective of assurance engagement

The objective of an assurance engagement is for a practitioner to evaluate or
measure a subject matter that is the responsibility of another party against
identified suitable criteria and express a conclusion that provides the intended
user with a level of assurance about that subject matter.

Elements of assurance engagements

 3
As depicted on the above diagram, the following are the elements of an
assurance engagement (3SECC):
A. A three-party relationship involving a practitioner, a responsible party, and
intended users;
B. An appropriate Subject matter;
C. Suitable Criteria;
D. Sufficient appropriate Evidence; and
E. A written assurance report (Conclusion) in the form appropriate to a
reasonable assurance engagement or a limited assurance engagement.

A. Three-Party Relationship:
 An assurance engagement involves three separate parties, namely
a. The practitioner is broader than the term auditor as used in
Philippine Standards on Auditing (PSAs) and Philippine Standards on
Review Engagements (PSREs), which relates only to practitioners
performing audit and review engagements with respect to historical
financial information must be independent to both the responsible
party and the intended users is governed by ethical requirements
(i.e. professional competence) regarding the conduct of the
engagements may use the work of persons from other professional
disciplines, referred to as experts for engagements requiring
specialized skills and knowledge beyond those ordinarily possessed
by an individual practitioner responsible for determining the nature,
timing or extent of procedures required by the engagement
So as not to be confused with the term professional accountant,
practitioner and auditor, the following explains the uses of these
terms.
Professional
Certified Public Accountant engaged in any area of
accountant accountancy
Practitioner
CPA rendering professional services (assurance or
non-assurance)
Auditor A practitioner rendering audit and review services
b. The responsible party
• is the person/s responsible to the subject matter, the subject
matter information, or both
• may or may not be the engaging party to the practitioner
• may or may not be from the same organization with the intended
users
• may be one of the intended users, but should not be the only
one
Aim... Believe... Claim... Page 4

c. The intended users are the person/s for whom the practitioner
prepares the assurance report. The assurance report shall be
addressed to all users whenever practical.
in case of broad range of interests by the readers of assurance
report, intended user may be limited to major stockholders with
significant and common interests.
may be identified by agreement between the practitioner and
the responsible party or engaging party, or by law. Once
identified, the report to be issued must be restricted only to
parties identified.
B. Appropriate Subject Matter
Subject matter is the nature of the assertion the practitioner gathers
sufficient evidence. On the other hand, subject matter information
pertains to the outcome of the evaluation or measurement of the subject
matter. It is for which the practitioner gathers sufficient appropriate
evidence to provide a reasonable basis for expressing a conclusion in an
assurance report
The subject matter, and subject matter information, of an assurance
engagement can take many forms. Table below summarizes illustration
given in the Philippine Framework for Assurance Engagements.
Subject matter
Form Subject matter
information
Financial historical or recognition,
performance or prospective financial measurement,
conditions position, financial presentation and
performance and disclosure represented
cash flows in financial statements
Non-financial performance of an key indicators
performance or entity of efficiency
conditions and
effectiveness
Physical capacity of a facility Specifications
characteristics document
Systems and an entitvs internal assertion about
processes control or IT system effectiveness
Behavior corporate statement of
governance, compliance or a
compliance with statement of
regulation, effectiveness
human resource
practices

5
Chapter 1 — Fundamental Principles of Assurance Services
Furthermore, subject matters have different characteristics, including the
degree to which information about them is: qualitative versus
quantitative; objective versus subjective; historical versus prospective;
and v/ relates to a point in time or covers a period.
Such characteristics affect the:
a. Precision with which the subject matter can be evaluated or measured
against criteria; and
b. The persuasiveness of available evidence. The assurance report notes
characteristics of particular relevance to the intended users.

Characteristics of a subject matter to be considered appropriate

An appropriate subject matter is:
a. Identifiable, and capable of consistent evaluation or measurement
against the identified criteria; and
b. Such that the information about it can be subjected to procedures for
gathering sufficient appropriate evidence to support a reasonable
assurance or limited assurance conclusion, as appropriate.

Criteria
The benchmarks used to evaluate or measure the subject matter
including, where relevant, benchmarks for presentation and disclosure.
Criteria may be
a. Formal
PFRS - preparation of financial statement
Established internal control framework (e.g. COSO) or internal
control objectives specifically designed for the engagement
reporting on internal controls
Applicable laws, regulations or contracts - reporting for
compliance

b. Less formal
Internally developed code of conduct (e.g. entity's by-laws)
Agreed level of performance (e.g. the number of times a
particular committee is expected to meet in a year)

c. Established those embodied in laws or regulations, or issued by

authorized or recognized bodies of experts that follow a transparent
due process associated to formal criteria

d. Specifically developed those designed for the purpose of the

engagement associated to less formal criteria
Aim... Believe... Claim... Page 6

C.
Suitable criteria are required for reasonably consistent evaluation or
measurement of a subject matter within the context of professional
judgment. Without the frame of reference provided by suitable criteria,
any conclusion is open to individual interpretation and misunderstanding.
Suitable criteria are context-sensitive, that is, relevant to the engagement
circumstances. Even for the same subject matter there can be different
criteria. For example, one responsible party might select the number of
customer complaints resolved to the acknowledged satisfaction of the
customer for the subject matter of customer satisfaction; another
responsible party might select the number of repeat purchases in the
three months following the initial purchase.

Characteristics of suitable criteria: (RUN CR)

a. Reliability - reliable criteria allow reasonably consistent evaluation or
measurement of the subject matter including, where relevant,
presentation and disclosure, when used in similar circumstances by
similarly qualified practitioners.
b. Understandability contribute to conclusions that are clear,
comprehensive, and not subject to significantly different
interpretations.
c. Neutrality - contribute to conclusions that are free from bias.
d. Completeness - criteria are sufficiently complete when relevant
factors that could affect the conclusions in the context of the
engagement circumstances are not omitted. Complete criteria include,
where relevant, benchmarks for presentation and disclosure.
e. Relevance - relevant criteria contribute to conclusions that assist
decision-making by the intended users.

Communication of criteria to intended users

Criteria need to be available to the intended users to allow them to
understand how the subject matter has been evaluated or measured.
Criteria are made available to the intended users in one or more of the
following ways:
a. Publicly.
b. Through inclusion in a clear manner in the presentation of the subject
matter information.
c. Through inclusion in a clear manner in the assurance report.
d. By general understanding, for example the criterion for measuring
time in hours and minutes.
 7

Chapter 1 — Fundamental Principles of Assurance Services

Sufficient Appropriate Evidence
Evidence pertains to all information gathered by the practitioner in
evaluating the subject matter against criteria, on which the conclusion is
based.
The practitioner performs the engagement with an attitude of
professional skepticism to obtain sufficient appropriate evidence about
Whether the subject matter information is free from material
misstatement.
Without the evidence, the practitioner will not be able to attain the
objective of an assurance engagement which is formulating and
expressing an opinion or conclusion.

Consideration when planning and performing the engagement

The following are practitioner's consideration when planning and
performing the engagement (determining the nature, timing and extent
of evidencegathering procedures).
a. Quantity of evidence (Sufficiency)
b. Quality of evidence (Appropriateness)
c. Materiality
d. Assurance engagement risk
e. Cost-benefit consideration
f. Professional skepticism

Sufficiency vs. Appropriateness

Two characteristics must be possessed by the evidence to be gathered in
an assurance engagement. These are sufficiency and appropriateness.

Sufficiency is the measure of the quantity of evidence. The quantity of

evidence needed is affected by the
'/ Risk of the subject matter information being materially misstated (the
greater the risk, the more evidence is likely to be required); and s/
Quality of such evidence (the higher the quality, the less may be
required).

Appropriateness (previously called competence) is the measure of the

quality of evidence; that is, its relevance and its reliability.

Accordingly, the sufficiency and appropriateness of evidence are

interrelated. However, merely obtaining more evidence may no t
compensate for its poor quality.
 What is sufficient and appropriate shall be determined by the practitio ner
using his or her professional judgment and by exercising professio nal
skepticism.

Aim... Believe... Claim... Page 8

D.
In terms of obtaining sufficient appropriate evidence, it is generally more
difficult to obtain assurance about subject matter information covering a
period than about subject matter information at a point in time.
In addition, conclusions provided on processes ordinarily are limited to the
period covered by the engagement; the practitioner provides no conclusion
about whether the process will continue to function in the specified
manner in the future.

Materiality
Materiality is relevant when the practitioner determines the nature, timing
and extent of evidence-gathering procedures, and when assessing whether
the subject matter information is free of misstatement.
When considering materiality, the practitioner understands and assesses
what factors might influence the decisions of the intended users. For
example, when the identified criteria allow for variations in the
presentation of the subject matter information, the practitioner considers
how the adopted presentation might influence the decisions of the
intended users.
The assessment of materiality and the relative importance of quantitative
and qualitative factors in a particular engagement are matters for the
practitioner's judgment.

Assurance engagement risk

Definition
Assurance engagement risk is the risk that the practitioner expresses an
inappropriate conclusion when the subject matter information is materially
misstated.

Managing assurance engagement risk

The practitioner may reduce assurance engagement risk to a lower level
by increasing the assurance level provided by the procedures performed.
To be meaningful, the level of assurance obtained by the practitioner is
likely to enhance the intended users' confidence about the subject matter
information to a degree that is clearly more than inconsequential.
Components
In general, assurance engagement risk can be represented by the
following components, although not all of these components will
necessarily be present or significant for all assurance engagements:
Assurance Engagement Risk
 Risk of material Misstatement Risk of non-
detection or
detection risk
The risk that the
The risk that the subject matter information is practitioner will not
detect a material
materially misstated. It is composed of the following: misstatement that exists.

Inherent risk Control risk

The susceptibility of the The risk that a material
subject matter misstatement that could
information to a material occur will not be
misstatement, assuming prevented, or detected that
there are no related and corrected, on a timely
basis by related internal controls controls
The degree to which the practitioner considers each of these
components is affected by the engagement circumstances, in particular
by the nature of the subject matter and whether a reasonable assurance
or a limited assurance engagement is being performed.

Materiality and assurance engagement risk (audit risk) will be

discussed in detail in Chapter 5.

Cost-benefit Consideration
In performing evidence-gathering procedures, the practitioner is expected
to observe cost-benefit consideration. This means that "the benefits that
will be derived from obtaining the evidence should exceed the cost of
obtaining

The practitioner considers the relationship between the cost of obtaining

evidence and the usefulness of the information obtained. However, the
matter of difficulty or expense involved is not a valid basis for omitting an
evidence gathering procedures for which there is no alternative.
To simplify, in case there is a significant evidence-gathering procedure
that must be performed but it involves high cost or high level of difficulty,
the practitioner may:
1. Identify and perform alternative procedures that can minimize the
associated cost or level of difficulty.
2. In the absence of alternative procedures, the practitioner is still
required to perform the procedures as long as he/she believes that
 performance of it is necessary and beneficial to the entire
engagement.

Professional Skepticism
The practitioner plans and performs an assurance engagement with an
attitude of professional skepticism recognizing that circumstances may
exist that cause the subject matter information to be materially
misstated.

This means the practitioner makes a critical assessment, with a

questioning mind, of the validity of evidence obtained and is alert to
evidence that contradicts or brings into question the reliability of
documents or representations by the responsible party.

Simply stated, professional skepticism dictates that whenever the

practitioner gathers information, he/she considers the possibility that the
information received might contain misstatement. To exhibit professional
skepticism, the practitioner will then validate the information received by
performing additional procedures. Accordingly, the more the practitioner
intends to exhibit the attitude of professional skepticism, the more
procedures will be required.
The following are examples of exhibiting professional skepticism
I. An attitude of professional skepticism is necessary throughout the
engagement process for the practitioner to reduce the risk of
overlooking suspicious circumstances, of over generalizing when
drawing conclusions from observations, and of using faulty
assumptions in determining the nature, timing and extent of evidence
gathering procedures and evaluating the results thereof.

2. An assurance engagement rarely involves the authentication of

documentation, nor is the practitioner trained as or expected to be
an expert in such authentication. However, the practitioner considers
the reliability of the information to be used as evidence, for example
photocopies, facsimiles, filmed, digitized or other electronic
documents, including consideration of controls over their
preparation and maintenance where relevant.

3. When receiving contradicting information from different sources, the

practitioner ordinarily performs procedures to identity the possible
causes of the discrepancies (e.g. bank reconciliation, subsidiary and
general ledgers reconciliation, and inquiries with parties involved to
account for the differences).
Chapter 1 — Fundamental Principles of Assurance Services
However, in the event that the practitioner had already exhausted all
possible means to identify for the differences but still there are items
unaccounted, the following generalizations about reliability of
evidence may be useful.
a. External vs. internal source
Evidence is more reliable when it is obtained from independent
sources outside the entity.
b. Effective internal control
Evidence that is generated internally is more reliable when the
related controls are effective.
c. Directly vs. indirectly obtained by the practitioner
Evidence obtained directly by the practitioner (for example
observation of the application of a control) is more reliable than
evidence obtained indirectly or by inference (for example, inquiry
about the application of a control).
d. Written vs. oral representations
Evidence is more reliable when it exists in documentary form,
whether paper, electronic, or other media (for example, a
contemporaneously written record of a meeting is more reliable
than a subsequent oral representation of what was discussed).
e. Original vs. reproduced copies
Evidence provided by original documents is more reliable than
evidence provided by photocopies or facsimiles.

E. Written Assurance Report

The practitioner provides a written report containing a conclusion or an
opinion that conveys the assurance obtained about the subject matter
information. In addition, the practitioner considers other reporting
responsibilities, including communicating with those charged with
governance. The opinion to be expressed by the practitioner may include
either of the following:

Types of Opinion
Type Common phrase used

1. Unmodified/Unqualified Present fairly, in all material respect

2. Qualified Except for
3. Adverse Do not present fairly, in all material
respect
4. Disclaimer of opinion We do not express a conclusion
Levels and forms of assurance
The levels (high or moderate) and forms (positive or negative) of assuranc e
provided by the practitioner is dependent on the type of assuranc e
 engagement being rendered.

Aim... Believe... Claim... Page 12

The following are types of assurance engagement as to level of assurance
provided:
I. Reasonable assurance engagement - the objective is a reduction in
assurance engagement risk to an acceptably low level in the
circumstances of the engagement as the basis for a positive form of
expression of the practitioner's conclusion. Such form conveys
"reasonable assurance".

Example of expressing an opinion in reasonable assurance

engagement: "In our opinion internal control is effective, in all
material respects, based on XYZ criteria."

2. Limited assurance engagement - the objective is a reduction in

assurance engagement risk to a level that is acceptable in
circumstances of the engagement, but where the risk is greater than
for a reasonable assurance engagement, as a basis for a negative
form of expression of the practitioner's conclusion. This form conveys
"limited assurance"
Example of expressing an opinion in limited assurance engagement:
"Based on our work described in this report, nothing has come to
our attention that causes us to believe that internal control is not
effective, in all material respects, based on XYZ criteria."
Reasonable vs. Limited Assurance Engagement
Reasonable Limited
Level of Reasonable or High, but not Limited or
assurance absolute Moderate
provided
Form Positive Negative
Example Audit Review
Procedures Inquiry v/ Inquiry v/
performed Observation Analytical
s
/ Inspection procedures
v/ Analytical procedures
s
/
v/
Confirmation
s
/ Reperformance
v/ Recalculation
Moreover, the following are types of assurance engagement as to
structure:
 13

Chapter 1 — Fundamental Principles of Assurance Services

Assurance Engagements as to structure
The following are the assurance engagements according to structure.
A. Attestation engagements
Attestation engagement is an engagement in which a practitioner is
engaged to issue, or does issue, a written communication that
expresses a conclusion about the reliability of a written assertion that
is the responsibility of another party. Common types of attestation
engagements are:
a. Audit engagement is an engagement in which the auditor
provides a reasonable (but not absolute) level of assurance that
the subject matter is free from material misstatements.
b. Review engagement is an engagement in which the auditor
provides a moderate level of assurance that the information
subject to the engagement is free of material misstatement.

B. Direct engagements
Direct engagement is a residual definition of assurance engagement
as to structure.
Furthermore, assurance engagements may be classified further
depending on the availability or non-availability of the assertions to the
intended users. This classification will include the following:
1. Assertion-based engagements are assurance engagements that the
evaluation or measurement of the subject matter is performed by
the responsible party, and the subject matter information is in the
form of an assertion by the responsible party that is made available
to the intended users. This is commonly used for attestation
engagements.

2. Direct reporting engagements are assurance engagements that the

practitioner either directly performs the evaluation or measurement
Of the subject matter, or obtains a representation from the
responsible party that has performed the evaluation or
measurement that is not available to the intended users in the
assurance reports. This is commonly used for direct engagements.

NON-ASSURANCE ENGAGEMENTS
Non-assurance engagements lack one or more of the elements of assuranc e
engagements. Common examples include: A. Agreed-upon procedures s/
auditor is engaged to carry out those procedures of an audit nature to which
the auditor and the entity and any appropriate third parties h ave agreed and
to report the factual findings
Aim... Believe... Claim... Page 14
Chapter 1 — Fundamental Principles of Assurance Services recipients of the
report must form their own conclusions from the report by the
auditor.
report is restricted to those parties who have agreed to the
procedures to be performed

B. Compilation of financial and other information s/ accountant is

engaged to use accounting expertise as opposed to auditing expertise
to collect, classify and summarize financial information s/ ordinarily
entails detailed data to a manageable and understandable form
accountant will not express any assurance on the financial information
intended users derived some benefits as a result of the accountant's
involvement

C. Some tax services where no conclusion is expressed, and tax consulting

v/ Practitioner provides advice on income tax and business strategies
Develop tax strategies to minimize businesses' tax liability and
worries

D. Management consulting and other advisory services v/ Practitioner

provides advice or recommendations for the improvement of client's
use of its capabilities and resources to achieve the objective the client's
organization
Needless to say, non-assurance engagements provide no assurance to
intended users.

SUMMARY OF DIFFERENCES BEThVEEN ASSURANCE AND NON-ASSURANCE

ENGAGEMENT
Assurance engagement Non-assurance engagement
Designed to improve the quality v Designed to provide
or enhance credibility of the comments, suggestions or
subject matter recommendations on how to
use the information
V Should be provided by V Independence is not required
independent professional
V Common examples include V Common examples include
a. Audit; a. agreed-upon procedures;
b. review; and b.compilation;
c. examination of prospective c. preparation of tax returns; and
financial information d.management advisory services
v Three-party contract VTwo-party contract
v Output: assurance in the form of v Output: recommendation on
an opinion how to use the information
Aim... Believe... Claim... Page 15

Chapter 1 — Fundamental Principles of Assurance Services

Presented on the diagram below are the examples of common OSSUrance
and non-assurance engagements.

GLOBAL ORGANIZATIONS AND STANDARD-SEITING BOARDS OF THE

ACCOUNTANCY PROFESSION

The International Federation ofAccountants (IFAC) is the global

organization for the accountancy profession. The organization was
founded in 1977 and is comprised of more than 175 member and
associate organizations in 130 countries and jurisdictions, representing
nearly 3 million professional accountants. It supports the development,
adoption, and implementation of high-quality international standards l

To pursue its purpose, it supports four independent standard setting

boards namely:
1. International Auditing and Assurance Standards Board (IAASB)'
2. International Accounting Education Standards Board (IAESB)TM2
3. International Ethics Standards Board for Accountants (IESBA)
4. International Public Sector Accounting Standards Board (IPSASB) '
Presented on the next page is a diagram of the structure of these
organizations and their respective roles and pronouncements.

1
Source: https://www.ifac.org/
2
IAESB ceased operation in 2019. Accountancy education will be taken forward
by IFAC as part Of the new a proach at the lobal level. Source: h s://www.iaesb.org/

Aim... Believe... Claim... Page 16

STANDARDS GOVERNING PROFESSIONAL SERVICES BY
IN THE PHILIPPINES CPAs Below table lists the different professional

standards containing basic and essential procedures (together with related

guidance in the principlesform explanatory and other material, including

services. appendices), All these which standards are used are issued by

CPAsby

as guidelines in rendering professional the Auditing and Assurance

Standards Council (AASC; formerly known Standards and Practices Council
- ASPC). as Auditing

At present, AASC pronouncements are mainly adopted from the standards

and practice statements issued by the IAASB. Country-specific standards
and practice statements are developed to address specific auditing issues
not covered by the IAASB pronouncements.

Standards Related Practice Application of Standards

Statements
Philippine Standards on Philippine Auditing Audit of historical financial
Auditing (PSAs) Practice Statements information
(PAPSs)
Philippine Standards on Philippine Review Review of historical
Review Engagements Engagement financial information
(PSREs) Practice Statements
(PREPSs)
Philippine Standards on Philippine Assurance Assurance engagements
Assurance Engagement dealing with subject matter
Engagements (PSAEs) Practice Statements other than historical
(PAEPSs) financial information
Philippine Standards on Philippine Related Agreed-upon procedures
Related Services Services Practice information and other
(PSRSs) Statements (PREPSs)
related services
engagements as specified
by AASC
Philippine Standards on All services falling under
 Quality Control (PSQCs) the AASCs Engagement
Standards
IMPORTANT NOTES:
a. PSAs, PSREs, PSAEs and PSRSs are known as engagement standards.
b. These standards require professional accountants to exercise
professional judgment in applying them.
c. Practice Statements are issued to provide interpretive guidance and
practical assistance to professional accountants in implementing
the related engagement standards and to promote good practice.
d. A professional accountant shall be aware and consider the applica ble
practice statements to the engagement.

Page 18
In exceptional circumstances, a professional accountant may judge it
necessary to depart from a basic principle or essential procedure of
an engagement standard to achieve more effectively the objective of
the engagement. When such a situation arises, the professional
accountant should be prepared to justify the departure.

ADOPTION OF PHILIPPINE STANDARDS AND PRACTICE STATEMENTS

Approach
The AASC undertake a review of existing International pronouncements and
those that may be issued in the future to make them Philippine-specific.
Changes to International pronouncement to make them Philippine-specific
are made clear in the AASC exposure draft and final Philippine Standards or
Practice Statements.

Working Procedure
Below diagram illustrates the working procedures of AASC when adopting
international pronouncements.

5
4
3
2
Comments Final Approval

1 Exposed** to the
Suggestions, and Effectivity
Preparation of
Public Revisions and
Each final Philippine
 Exposure Drafts Final Draft Standards and
The draft shall also Practice Statements,
AASCEach workgroup is be published in the The comments and as well as membersassigned specific PICPA
Accounting suggestions received interpretations, if are assignedTimes and ACPAPP AASC are then and
considered the exposureby deemed appropriate,
International

Standards and Bulletin to give it shall be submitted to Practice further exposure. draft is revised as
workgroupsStatements, or appropriate. the PRC through BOA.

IAASB's exposure Exposure period:

With adrafts to review on Generally not shorter is When approved"the revised • by thedraft Publication Gazette:
to Official designatedthe proposed than 90 days for AASC, it is issued as a After which the Philippine Standard
leadereach exposure draft final Philippine or Practice to be considered by Standard or Practice pronouncement
shall Statementfor the organizations Statement. be published in the consideration by and
persons to official gazette and the AASC* en banc. whom it is sentfor becomes operative

Page 19
SUMMARY OF SERVICES PERFORMED BY PRACTITIONERS
Assurance engagements Non-assurance
engagements
Audit Review Agreed-upon Compilation
(e.g. audit of (e.g. review procedures engagement
of
References PSAs and PSREs and PSRSs and PSRSs and
PAPS PREPS PRSPS PRSPS Use
Objective Express an Express a Perform accounting
expertise to
opinion conclusion procedures
collect,
whether whether as agreed
classify and
the FS are material upon with summarize
prepared modification the client
in s are to be and third
accordanc made to the parties and
e with FS to report on
PFRS conform with factual
PFRS findings
Ethical Independence Independence Fundamenta Fundamenta
requiremen plus plus l ethical l ethical
t fundamental fundamental principles principles
ethical ethical
principles principles
 Level of High but not Moderate No No assurance
assurance absolute (limited) assurance
(reasonable)
Procedures Exclusively by Exclusively by Agreed-upon May or
are the auditor the auditor by parties may not be
determined agreed by
by parties
Report Independent Review Report on Compilation
provided Auditor's Report Factual Report
Report (negative Findings of which
(positive assurance on procedures identifies
assurance on assertions) the
information
assertions)
compiled
Availability To all users To all users For limited To all users
of report use only
Page 20

CHAPTER 2
INTRODUCTION TO AUDIT SERVICES AND FINANCIAL
STATEMENT AUDIT

Chapter Overview and Objectives:

This chapter discusses the fundamental principles of audit services. At the end of
this chapter, readers should be able to discuss
1. The fundamental principles of auditing services
2. The different types of audit
a. As to nature of assertions
b. As to types of auditors
3. The financial statements audit
 a. The definition and key concepts
b. The objective of FS audit
c. The general principles of an FS audit
d. The theoretical framework of FS audit
e. The elements of FS audit
f. The assurance provided by FS audit
g. The demand for FS audit
h. The value of FS audit

Relevant references:
PSA 120 - Framework of Philippine Standards on Auditing

PSA 200 - Overall Objectives of the Independent Auditor and the Conduct of an
Audit in accordance with Philippine Standards on Auditing

Page 37
INTRODUCTION TO AUDIT SERVICES
In recent years, audit has maintained as the flagship service rendered by
professional accountants not only in the Philippines but across the globe.
This is primarily due to public's perception of the auditors' responsibility in
ensuring market integrity. Credible and reliable reporting together with an
effective audit function fortifies confidence in the entire financial system.

As mentioned in the previous chapter, in business, reliable information

becomes an essential aspect of decision-making. However, in most instances,
this information is prepared and provided by other persons or organizations,
whose interests contradict with those of the users of the information. This
situation had created the need for an objective evaluation of the information
by an independent professional accountant. Such service is widely known as
audit.

The primary objective of an audit function is to improve the quality of or lend

credibility to the information prepared by a particular entity. This objective is
met through expression of an opinion that provides users with reasonable
assurance that the subject matter of the audit service is free from material
misstatements. Such opinion is then communicated to the users through the
audit report. Attachment of the audit report to the subject matter of an audit
engagement means that the information can be relied upon by the users.

AUDITING
Definition
As defined by the American Accounting Association, an audit is a systematic
process of objectively obtaining and evaluating evidence regarding
assertions about economic actions and events to ascertain the degree of
correspondence between these assertions and established criteria and
communicating the results thereof.

The following are key concepts obtained from the definition of an audit:
a. A systematic process
An audit is composed of logical, ordered and structured series of steps
and procedures. In order to meet the objectives of an audit
engagement, one must follow a sequence of procedures.
b. It involves objectively obtaining and evaluating evidence abou t
assertions.
Audit evidence is the information obtained by the auditor in arriving at
the conclusions on which the audit opinion is based. On the other
 hand' assertions are representations made by an audit client, explicit
or otherwise, about economic actions and events.

Furthermore, in obtaining and evaluating evidence about assertions,

auditors shall observe the principle of objectivity. It imposes an
obligation on all CPAs not to compromise their professional or business
judgment because of bias, conflict of interest or the undue influence of
others.

c. It ascertains the degree of correspondence between assertions and

established criteria
In order to meet the objective of an audit engagement, an auditor must
be able to express an opinion. To do that, auditor uses criteria (standard
or benchmark) to verify the validity of the assertions prepared and
presented by the audit client.

d. It includes communication of the results to interested users

After obtaining sufficient appropriate evidence, the auditor prepares a
report which contains an overall opinion. Such report is then
communicated to interested users. This is considered to be the most
important characteristics of an audit. Failure to communicate the
results will render the audit engagement useless.

Types of audit
Audit may be classified in number of ways such as legislative controls,
objectives, risks involved, subject matter, and affiliation of the auditor
performing the engagement with the audit client. However, in compliance with
the syllabus in Auditing of the Philippine CPA Licensure Examination, we will be
limiting the discussion to types of audit as to (1) nature of assertion or data and
(2) types of auditor.

1. Nature of assertion or data

a. Financial statement (FS) audit a type of audit pertaining to the
gathering of evidence on the assertions embodied in the financial
statements of an entity to determine whether the financial
statements are fairly presented in accordance with generally
accepted accounting principles or another comprehensive and
authoritative financial reporting framework the results of this type
of audit is for the use of external users

b. Operational audit a type of audit involving a systematic review of

the organization's activities in relation to specified objectives for the
purpose of assessing the performance, identifying opportunities for
improvement, and developing recommendations for improvement or
 further action also known as management audit or performance
audit

Page 39
c. Compliance audit type of audit involving the review of
organizations procedures to determine whether the organization has
adhered to specific procedures and rules set down by some higher
authority

2. Types of auditor
a. External audit a type of audit engagement performed by
independent or external CPAs on a contractual basis (rendered by
CPAs engaged in public practice) it emphasizes that the auditor
must not be a member of the entity being audited can provide
financial statements, operational and compliance audits to private
entities
b. Internal audit an independent appraisal function established with
an organization to examine and evaluate its activities as a service to
organizations its primary objective is to assist all members of the
organization in the effective discharge of their responsibilities can
perform operational and compliance audits (for internal use) but not
financial statements audit because of independence requirements

To establish the independence of internal auditors, they are

required to be independent of the different operating units to be
audited. In addition, to emphasize their independence, they shall
report to the audit committee, any equivalent supervisory board, or
board of directors. Below is a sample organizational chart
considered as one of the best practices adopted by different
entities to emphasize the independence of internal auditors.
 c. Government audit the primary objective of this type of audit is to
determine whether government funds are being handled properly
and in compliance with existing laws and whether programs are
being conducted efficiently and effectively can provide financial
statements, operational and compliance audits to public entities
including government owned and controlled corporations (GOCCs)

Comparison of the different types of audit

Financial
Operational Compliance
Statements
Audit Audit
Audit
Assertions Financial Operations are Activities
statements conducted complied with
are fairly efficiently and applicable laws,
presented effectively rules,
regulations,
contracts or
management
policy
Suitable GAAP or any Objective set by Applicable
Criteria other the management contracts,
identified rules,
financial regulations,
reporting laws or
framework management
policy
Report An opinion Report on Degree of
whether the efficiency and compliance
financial effectiveness. This with applicable
statements are will also include laws, rules,
fairly recommendations regulations, or
presented in to improve management
conformity operations. policy.
with an
identified
financial
reporting
framework
Generally External Internal auditors Government
performe auditors auditors
d by
IMPORTANT NOTES:
1. Both financial statements and compliance audits use established criteria,
whereas, internal audit uses specifically developed criteria.
2. Both financial statements and compliance audits generally cater external
users, whereas, internal audit assists the members of the organization in the
effective discharge of their responsibilities.

41
3. Internal auditors are generally part of the organization, thus, creating an
employer-employee relationship. With this, they do not render financial
statements audit.

FINANCIAL STATEMENTS AUDIT

Financial statements audit remains to be the most common type of audit
rendered by CPAs. It involves the examination of the financial statements of
a particular entity to determine whether or not they are presented in
aCCOrdance with a specified criterion.
Financial statements are ordinarily prepared and presented annually and
are directed toward the common information needs of a wide range of
users. Many of those users rely on the financial statements as their major
SOurce of information because they do not have the power to obtain
additional information to meet their specific information needs. Thus,
financial statements need to be prepared in accordance with one, or a
combination of:
a. Accounting standards generally accepted in the Philippines
(Philippine Financial Reporting Standards — PFRSs);
b. Internationally accepted accounting standards (International
Financial Reporting Standards — IFRSs); and
c. Another authoritative and comprehensive financial reporting
framework which has been designed for use in financial reporting
and is identified in the financial statements.

Objective of financial statement audit

PSA 120 dictates that the objective of an audit of financial statements is to
enable the auditor to express an opinion whether the financial statements
are prepared, in all material respects, in accordance with generally
accepted accounting principles or other identified financial reporting
framework.
 PSA 200 (Revised and Redrafted) further supported the above objective by
stating that "in conducting an audit of financial statements, the overall
objectives of the auditor are:
a. To obtain reasonable assurance about whether the financial
statements as a whole are free from material misstatement,
whether due to fraud or error, thereby enabling the auditor to
express an opinion on whether the financial statements are
prepared, in all material respects, in accordance with an applicable
financial reporting framework; and

b. To report on the financial statements, and communicate as

required by the PSAs, in accordance with the auditor's findings.

From these statements, the following key phrases were emphasized:

Expression of an opinion. The ultimate objective of a financial statements
audit is for the auditor to express an opinion regarding the fairness of
preparation and presentation of the financial statements. In forming the
audit opinion, the auditor obtains sufficient appropriate audit evidence to
be able to draw conclusions on which to base that opinion.

Financial statements are taken as a whole. The opinion expressed by the

auditor applies to the complete set of financial statements prepared and
presented by the entity.

Reasonable assurance. Though the auditor's opinion enhances the credibility

of the financial statements, user cannot assume that the opinion is a
guarantee or an assurance that the presented information is free from any
misstatements.

In all material respects. In rendering financial statement audit, auditor is

required to adhere to the requirements of Philippine Standards on
Auditing. This set of standards applies only to material matters.

Presence of criteria. The financial statements shall be prepared in accordance

with an applicable financial reporting framework.

Communication of the results. Again, the ultimate objective of an audit

engagement is the communication of the results to various interested users.

General Principles of an FS Audit

Whenever FS audit are conducted, the following principles must be observed (CPP
PJ SAE):
1. The auditor should comply with relevant ethical requirements (Code of Ethics).
2. The auditor should conduct an audit in accordance with Philippine Standards
on Auditing.
3. The auditor should plan and perform the audit with an attitude of Professional
skepticism.
4. All throughout the audit engagement, the auditor should exercise Professional
Judgment.
5. The auditor should obtain Sufficient Appropriate audit Evidence.

Page 43
Chapter 2 — Introduction to Audit Services and Financial Statement Audit
Theoretical Framework of FS Audit
Efforts had been made to formally create a conceptual structure for
auditing financial statements. The conceptual structure would include
conditions that should exist whenever FS Audit is conducted to have a
favorable result.
The following are some of the assumptions, postulates or concepts
included in this conceptual structure (VIC BPI):

1. All financial data are Verifiable through existence of supporting

dOCUments and records
An audit involves the obtaining and evaluating evidence about
assertions which should be capable of being verified. Verifiability
means that different knowledgeable and independent observers could
reach consensus, although not necessarily complete agreement, that a
particular depiction is a faithful representation.

2. Auditor should always maintain Independence with respect to the

financial statements under audit
The value and credibility of the auditor's report lies in the auditor's
independence. If the auditor is not independent from both of the
client and users, the report is of little or no value.

3. No long-term Conflict between the auditor and the client's

management Management may be motivated to present financial
information in a manner favorable to them even if it would mean
violation of the criterion used. This scenario may create disagreements
or conflicts between the auditor and client's management since
auditors are expected to attest to data that is fairly presented.
Such conflicts may exist temporarily or on a short-term basis but
should be resolved prior to the completion of the audit. The auditor
shall be satisfied on the resolution of the said conflicts; otherwise, it
could lead to the modification of auditor's report.

4. Audit Benefits the Public

Financial statement audit shall have the objective of increasing the
quality of the information or lending credibility to the items presented
in the financial statements which will assist its different users in
making economic decisions. This can be done by providing assurance
that the financial statementS audited are free from material
misstatements.

5. Effective Internal control system reduces the possibility of errors and

 fraud Information presented on the financial statements is more
reliable when the internal controls designed and implemented by the
Aim... Believe... Claim... page 44
—

Review of elements of FS audit

An audit service is just a composition of a much wider assurance services. The
elements of the latter, as discussed in Chapter I, apply to that of the former. To
recall, the following are the elements of an assurance service and how it is
applied in an audit of financial statements.

A. A three-party relationship
The table below summarizes the parties, with their respective
responsibilities, involved in a financial statement audit.
Parties Responsibilities
Auditor (represents the V formation and expression of an
practitioner) opinion on the financial
statements
V compliance with ethical
requirements (e.g. independence
and competence)
V determining the scope of audit in
accordance with PSAs and other
applicable regulations of
professional bodies
 Management and V preparation and presentation of the
those charged with financial statements in accordance
governance with the applicable financial reporting
(represents the framework v prevention and
detection of fraud and error
responsible party)
V adoption and implementation of
adequate accounting and internal
control systems

Users of FS V use the audit report which

(represent the contains the opinion expressed by
intended users) the auditor

Page
—

IMPORTANT NOTES:
1. The audit of financial statements does not relieve management
and/or those charged with governance of their responsibilities.
2. The auditor is not, and cannot, be held responsible for fraud and
error. However, because of the expertise of the auditor and the
procedures he/she performs, an audit may be carried out which
may act as a deterrent.

B. An appropriate subject matter

In financial statement audit, the assertions embodied in the financial
statements represent the subject matter of the engagement. For the
financial statements to be an appropriate subject matter of an audit
engagement, adequate supporting records and documents should be
available. This concept is popularly known as "auditabilitV'.

C. Suitable criteria
Criteria used in audit of financial statements generally include the
PFRS/IFRS, GAAP and other applicable financial reporting framework

D. Sufficient appropriate evidence

Concepts discussed in assurance engagements apply to audit
engagements. Terms are revised to specifically relate to audit
engagements (e.g. assurance engagement risk is changed to audit
risk)

E. A written assurance report or conclusion.

The auditor provides a written report called "audit report" which
contains the conclusion or opinion conveying the assurance obtained
about the financial statements. In addition, the auditor considers
other reporting responsibilities, including communicating with those
charged with governance.
 The opinion to be expressed by the auditor depending on the
evidence obtained may include either of the following:
Type Common phrase used
Unmodified or v Presents fairly, in all material
unqualified respect
Qualified Except for
Adverse v Do not present fairly, in all material
respect
Disclaimer of V We do not express a conclusion
opinion

Page
To warrant the issuance of an unmodified opinion, the auditor shall
conclude that there are no:
a. Material limitation on the scope of the auditor's work (Qualified or
Disclaimer of Opinion). There is a limitation on the scope of audit
when the auditor is unable to gather sufficient appropriate evidence.
b. Material disagreement with management regarding the acceptability
of the accounting policies selected, the method of their application
or the adequacy of financial statement disclosures (Qualified or
Adverse Opinion).

The table below illustrates how the auditor's judgment about the nature
of the matter giving rise to the modification, and the pervasiveness of its
effects or possible effects on the financial statements, affects the type of
opinion to be expressed.
Nature of Matter Auditor's Judgment about the
Giving Rise to the Pervasiveness of the Effects or Possible
Modification Effects on the Financial Statements

Material but Not Material and

Pervasive Pervasive
Financial Qualified opinion Adverse
statements are opinion
materially
misstated
Inability to obtain Qualified opinion Disclaimer
sufficient of opinion
appropriate audit
evidence
Refer to Chapters 12 and 13 for a more detailed discussion of audit
reporting.

Assurance provided by the auditor

In audit, assurance refers to the auditor's satisfaction as to the reliability of the
financial statements prepared and presented by a particular entity to address
the common needs of wide range of users.
To provide such assurance, the auditor assesses the evidence collected as a
result of procedures conducted and expresses an opinion. The auditor's
opinion is intended to enhance the credibility of financial statements by
providing a high, but not absolute, level of assurance.

Reasonable assurance and the inherent limitations of an audit

An auditor conducting an audit in accordance with PSAs obtains reasonable
assurance that the financial statements, taken as a whole, are free from
material misstatement, whether due to fraud or error.

Page
 —
An auditor cannot obtain absolute assurance because of the following
inherent limitations of an audit that affect the auditor's ability to detect
material misstatements. These limitations result from factors such as the
fOIlowing:

2 Use of selective testing (exposure to sampling risk)

Auditing standards do not require auditors to examine all available

information supporting a particular assertion for practical reasons (time
and cost constraints), as long as the auditor has sufficient appropriate
eVidence that can serve as a basis in expressing his/her opinion.
2. Inherent limitations of internal control (exposure to control risk)
Effectiveness of internal control influences the conduct of an audit.
However, such controls cannot fully guarantee the validity and accuracy
of items generated from it because of some inherent limitations (e.g.
COSt-benefit consideration, management overriding the controls,
circumvention through collusion among employees, and human errors).

3. Fact that most of audit evidence is persuasive rather than conclusive

While performing evidence-gathering procedures, auditors are exposed
to persuasive (items that leaves some doubts) rather than conclusive
(very convincing) evidence.
4. Work undertaken by the auditor to form opinion is permeated by
judgment (exposure to non-sampling risk)
Through the course of the audit, the auditor exercises his/her judgment.
It is inherent that whenever he/she exercises judgment, there is a great
possibility that he/she might be commit mistakes due to carelessness,
fatigue, misinterpretation of facts, and other human weaknesses.
5. Nature/characteristics of assertions (exposure to inherent risk)
In some instances, it may be necessary to rely heavily on
representation made by entity's management. If the management
lacks integrity, they may provide materially misleading information
causing the auditor to rely to unreliable information.
Due to the above limitations, all financial statement audit engagements are
exposed to risk termed as audit risk (for assurance engagement, this is
termed as assurance engagement risk), which is the risk that the auditor
gives an inappropriate audit opinion when the financial statements are
materially misstated.
 Aim... Believe... Claim... Page 48

—
THE DEMAND FOR FS AUDIT
Investors, creditors, and other users of financial information demand
highquality, relevant, and reliable information. Such information will enable
them to come up with educated financial decisions that will assist them in
managing business and information risks.

Business risk

Countless number of decisions is made each and every day by businesses in

order to appropriately manage business risk, which is any event or activity
that will prevent the entity in meeting its business objectives such as wealth
and profit maximization. If an entity is exposed to a very significant business
risk, such risk may ultimately lead the entity to fail. This is the primary reason
why decisions to be made must be carefully evaluated and should be founded
on suitable basis.

Information risk

A further complication in decision making is the presence of information risk

or the risk that the information prepared and presented by the entity contains
misstatement.

Information risk is the mathematical complement of reliability level. This

means that as information risk increases (from 5% to 10%), reliability level
decreases (from to 90%).
The following are some of the factors contributing to information risk.
Voluminous data. As the number of transactions entered into by the entity
grows, the risk that errors might occur during processing also increases.
Complexity of transactions. The more complicated the transactions
entered into by the entity, the greater the possibility that transactions
will not be recorded properly.
Remoteness of information. Decision makers normally rely on information
prepared by another party. They do not have direct access to records
and documents which can assist them in verifying the validity of the
information presented.
Conflicts of interest between the provider and users of information. Users
of financial statements rely heavily on the quality of information
prepared by the management, who is in the position to present their
business appear to be better than it actually may be.
Because of information risk, users had been more skeptical with the
information presented by management. They even find ways on how to reduce
the said risk. To reduce information risk, users do the following:
Information is verified. Under this approach, users directly verify the
validity of the information by examining supporting records and
documents held by the entity. However, major problems are
commonly encountered by users relying from this approach. These
are

Page 49
 Chapter 2 — Introduction to Audit Services and Financial Statement
Audit
a. users are separated from entity's records by distance and
time.
b. users do not possess the necessary skill and competence to
appropriately verify the information; and
c. most often than not, users cannot directly access company,s
records (see remoteness above).
Financial statements are audited. The users rely on the evaluation
made by an independent auditor. This approach addresses the
Problems encountered by users in "verify the information"
approach since the auditor
a. monitors the financial information reported by management
and would include direct examination of records and
documents; and
b. is equipped with skills and competence in objectively
obtaining and evaluating evidence.
Information risk is shared with the management. This approach
dictates that in the event users fail or incur a loss because of
incorrect decisions based on inaccurate data, users may seek
reimbursements (fully or partially) from the entity.

Additional conditions creating the need for FS Audit

Below is a list of circumstances which contribute to the need for FS Audit
(CERF). Conflict of interest between the responsible party and the
intended users of the financial statements
Expertise. Complexity of accounting and auditing requires expertise
Remoteness of users. Users of information frequently are prevented from
directly assessing the quality of information
Financial consequence. Misleading financial information could have
substantial economic consequences for a decision maker.

Aim... Believe... Claim... Page 50

Chapter 2 — Introduction to Audit Services and Financial Statement Audit
REGULATORS' REQUIREMENTS
In addition to the above circumstances, one of major reasons why there is a
need for FS audit is some regulators require the submission of audited FS.
Examples are the following:
I. General Financial Reporting Requirements (as stated in the Revised
Securities Regulation Code [SRC] Rule 68)
The following shall submit financial statements audited by an
independent Certified Public Accountant to the Securities and Exchange
Commission:
Entity Threshold
Stock corporation Total Assets or Total
Liabilities P600,0003
Nonstock corporation Total Assets or Total
Liabilities P600,000 1
Branch offices/representative offices of Assignedcapital
stock foreign corporations
Branch offices/representative offices of Total assets
non-stock foreign corporations
Regional operating headquarters of Totalrevenues
foreign corporations
Note: Corporations that do not meet the threshold above may submit
their Annual Financial Statements accompanied by a duly notarized
Treasurer's Certification only (rather than an Auditor's Report).

2. Tax Compliance Requirements

The National Internal Revenue Code, as amended, states the
requirement for audited books of accounts under Section 232 (A) as
follows:
Entity Threshold
Corporations, Gross annual sales, earnings,
Companies, receipts or output >
Partnerships or Persons
For entities that meet the above threshold, they are required to v/ Have
their books of accounts audited and examined yearly by independent
Certified Public Accountants, and v/ Their income tax returns
accompanied with a duly accomplished Account Information Form (AIF)
which shall contain, among others, information lifted from certified
balance sheets, profit and loss statements, schedules listing income-
producing properties and the corresponding income therefrom and
other relevant statements.

Further details of tax compliance requirements are discussed in your

respective taxation courses.
 3
As prescribed by Republic Act No. 11232, or the Revised Corporation Code of the Philippines
(RCC) and

any of its subsequent revisions or such amount as may be subsequently prescribed

Aim... Believe... Claim... Page 51

Chapter 2 — Introduction to Audit Services and Financial Statement Audit

VALUE OF FS AUDIT

Based from the discussions of the demand for FS audit, the following may be
construed as the value of a FS audit
Audit reduces information risk that may lead to lower cost of capital. One of FS
Audit's focuses is to enhance the quality of the information, thus, reducing
information risk. With high-quality, relevant and reliable information, users
may come up with educated financial decisions which minimizes the
possibility of incurring losses on resources invested.

Audit may be used to deter inefficiency and fraud. Audit involves objective
obtaining and evaluating of evidence which could lead to identification of
material misstatements presented in the financial statements.

Audit may be used to enhance systems of internal controls. Audit includes

an understanding of the entity and its environment which incorporates the
internal controls of the entity. During the course of this evaluation,
deficiencies may be identified which may help management in formulating
actions to improve its controls that help them achieve their objectives.
 Chapter 3 — Practice and Regulation of the Accountancy Profession
CHAPTER 3
PRACTICE AND REGULATION OF THE ACCOUNTANCY
PROFESSION

Chapter Overview and Objectives:

This chapter discusses the practice of the accountancy profession and the
regulatory environment in which it is in. At the end of this chapter, readers
should be able to discuss
1. The regulatory act of the practice of accountancy profession
a. Scope of practice
b. The Professional Regulatory Board of Accountancy
c. Examination, Registration and Licensure
d. Practice of accountancy
e. Penal and final provisions
2. The continuing professional development of accountancy professionals
3. The organizations affecting the accountancy profession

Relevant references:
RA 9298 - Republic Act No. 9298 or the Philippines Accountancy Act of 2004

RA 10912 - Republic Act No. 10912 or the Continuing Professional Development

Act of2016

Aim... Believe... Claim... Page 69

Chapter 3 — Practice and Regulation of the Accountancy Profession

INTRODUCTION
Accounting is one of the basic and key functions of any business activity
at any given industry governed by PFRS/IFRS, generally accepted
accounting principles and other applicable standards. The education that
may lead to SUcceed to anything in any business world will be this
Accounting degree. Having an accounting background can offer you a
vast array of opportunities of wide doors open to any kind of career
options. This will serve a strong solid foundation for becoming a Certified
Public Accountant (CPA) which prepares you to become a partner of an
outstanding firm, or of a blooming career in COrporate management.
Accountancy is a professional service rendered by accountants on which you
can choose on four major practices: public practice, commerce and industry,
academe and practice in government. Interestingly, except for the practice in
the government, you can be engaged in to all of those categories
simultaneously.
In a general overview, accounting services cover areas of general accounting,
auditing, taxation and management consultancy. General accounting normally
entails recording of historical transactions and preparation of financial
statements. Auditing is an independent examination of the financial
statements intended to express an opinion whether the financial statements
are prepared, in all material respect, in accordance with an identified financial
reporting framework. Taxation involves compliance with the Bureau of
Internal Revenue in relation to payment of taxes and submission of
information returns. Lastly, management consultancy is intended to help
business organization in improving their operating and/or financial
performance.
Given the continuous and dramatic change in globalization, these accounting
services have portrayed a vital role in the business environment. To an
increasing complexity and explosive trends in technology; and government
regulations and tax law changes, accounting skills become more in demand
that role of financial experts, management consultants, budget analysts has
become a dynamic career. Job prospects in accounting are projected to grow
as long as businesseS exist. So regardless of whatever path you decide to
pursue, discipline with hard work will definitely put you to the top of the
career goal you set.
Aim... Believe... Claim... Page 70
 Chapter 3 — Practice and Regulation of the Accountancy Profession

REGULATION OF THE ACCOUNTANCY PROFESSION

REPUBLIC ACT NO. 9298 (RA 9298) OR THE "PHILIPPINE ACCOUNTANCY ACT OF
2004"
RA 9298, which was approved on May 13, 2004, is the regulatory act of the
practice of accountancy in the Philippines. It supersedes Presidential Decree
no. 692 (PD 692), otherwise known as the revised accountancy law.

Objectives
RA 9298 shall provide for and govern:
A. The standardization and regulation of accounting education;
B. The examination for registration of certified public accountants; and
C. The supervision, control, and regulation of the practice of accountancy in the
Philippines.

Enforcement of the Act

To regulate the accountancy profession, the following is a list of organizations
and their corresponding duties as mandated by RA 9298:
Organization Duty
Professional It is the primary duty of PRC and BOA to
Regulation effectively enforce or implement the provisions
Commission (PRC) of RA 9298.
and Professional
Also, BOA shall assist PRC in filing the appropriate
Regulatory Board of
charges for cases of illegal practice or violations
Accountancy (BOA)
of RA 9298 through the concerned prosecution
office in accordance with law and rules of court
All duly constituted Upon the call or request of PRC or BOA, these
law enforcement organizations shall render assistance in enforcing
agencies and officers the provisions of RA 9298 and to prosecute any
of national, provincial, person violating the provisions of the same
city or municipal
government or of any
political subdivision.
Secretary of Justice or He or she shall act as legal adviser to PRC and
his duly designated BOA and shall render legal assistance as may be
representative necessary in carrying out the provisions of RA
9298.
It is also important to note that any person may bring before PRC, BOA or the
above-mentioned officers of the law, cases of illegal practice or violations of RA
9298 committed by any person or party.

Aim... Believe... Claim... Page 71

Chapter 3 — Practice and Regulation of the Accountancy Profession

SCOPE OF PRACTICE
As discussed in RA 9298, the practice of accountancy, which are known as
sectors include the following:
1. Practice of Public Accountancy
Shall constitute in a person, be it his/her individual capacity, or as a Partner
or as a staff member in an accounting or auditing firm, holding out
himself/herself as one skilled in the knowledge, science and practice of
accounting, and as a qualified person to render professional services as a
certified public accountant; or offering or rendering, or both, to more than
one client on a fee basis or otherwise, services such as the audit or
verification of financial transaction and accounting records; v/ the
preparation, signing, or certification for clients of reports of audit, balance
sheet, and other financial, accounting and related schedules, exhibits,
statements or reports which are to be used for publication or for credit
purposes, or to be filed with a court or government agency, or to be used for
any other purpose; the design, installation, and revision of accounting
system; the preparation of income tax returns when related to accounting
procedures; or when he/she represents clients before government agencies
on tax and other matters related to accounting or renders professional
assistance in matters relating to accounting procedures and the recording
and presentation of financial facts or data.
With this, to be considered as a CPA engaged in public practice, there
must be a client — service provider relationship that should exist
between an entity (client) and the CPA (service provider) who renders
services requiring accounting and auditing skills and knowledge.

2. Practice in Commerce and Industry

Shall constitute in a person v/ involved in decision making requiring
professional knowledge in the science of accounting; when he/she represents
his/her employer before government agencieS on tax and other matters
related to accounting; or when such employment or position requires that
the holder thereof must be a certified public accountant.
Simply stated, to be engaged in commerce and industry, the
relationship that should exist between the recipient of the services and
the CPA is employeremployee relationship. Also, the position being held
by the CPA must require application of accounting and auditing skills
and knowledge.

Page 72 Aim... Believe...

Claim...
 RA 9298 further requires that if business or company in the private
sector has a paid -up capital of at least five
million pesos and/or an annual revenue of at
least ten million pesos any position which requires supervising the
recording of financial transactions, preparation of financial statements,
coordinating with the external auditors for the audit of such financial
statements and other related functions shall be occupied only by a duly
registered CPA.
Such requirement shall apply only to persons to be employed after the
effectivity of RA 9298 and its Implementing Rules and Regulations and
shall not result to deprivation of the employment of incumbents to the
position.

3. Practice in the Government

Shall constitute in a person who holds, or is appointed to, a position in an
accounting professional group in government or in a government—
owned and/or controlled corporation, including those performing
proprietary functions, where decision making requires professional
knowledge in the science of accounting, or where a civil service eligibility
as a certified public accountant is a prerequisite.
The characteristics of this sector is almost similar with commerce and
industry. The primary difference between the two is the employer. In
commerce and industry, the employer is a private entity (e.g. sole
proprietorship, partnership, or corporation). On the other hand, in
government, the employer is a government-owned and controlled entity
(e.g. government agency, local government unit, and government owned
and controlled corporations).

4. Practice in Education/Academe
Shall constitute in a person in an educational institution which involve
teaching of accounting, auditing, management advisory services, finance,
business law (currently called regulatory framework for business
transactions - RFBT), taxation, and other technically related subjects.
RA 9298 further requires the following:
Requirement
BSA program is being offered The dean must be occupied only
exclusively in a particular college by a duly registered CPA.
(e.g. College of Accountancy)
BSA program is being offered The department chairman or its
with other business courses (e.g. equivalent (e.g. program chair)
College of Business and must be occupied only by a duly
Accountanc ) registered CPA.
73
Chapter 3 — Practice and Regulation of the Accountancy Profession
In addition, RA 9298 provided that members of the Integrated Bar of the
Philippines (lawyers) may be allowed to teach business law (RFBT) and
taxation subjects.

PROFESSIONAL REGULATORY BOARD OF ACCOUNTANCY (BOA)

Composition
BOA is composed of a chairman and six (6) members. Among the
members, a vice chairman shall be elected for a term of one (1) year.
Moreover, the four (4) sectors in the practice of accountancy shall as
much as possible be equitably represented in BOA.

Appointment process
The chairman and members of BOA are all appointed by the President of the
Philippines and will undergo below process.
1. For each vacant position, the Accredited National Professional Organization
of CPAs (APO) submits a list of five (5) nominees with complete
documentation to PRC not later than sixty (60) days prior to the expiry of
the term of an incumbent chairman or member.
There should be adequate documentation to show the qualification and
primary field of professional activity of the nominee to enable PRC to
determine the competence of the nominee and the sector where he/she
belongs.
2. From the list of nominees, PRC shall then select three (3) recommendees.
These persons are ranked by PRC (1 st 2nd, and 3 rd) and then recommended
to the President of the Philippines.
APO's failure to submit its own nominee(s) to PRC with the required
documentations within the prescribed period will require PRC, upon
recommendation of BOA, to submit its own list of recommendees.

3. From the list of recommendees, the President of the Philippines

appoints a person who will be serving as chairman or member of BOA.

The above concepts may be summarized as follows:

APO/PICPA President
5 nominees 3 recommendees
1 appointee
 Aim... Believe... Claim... Page 74

Qualifications of Members
A member of BOA shall, at the time of his/her appointment, possess the
following qualifications:
a. Must be a natural-born citizen and a resident of the Philippines;
b. Must be a duly registered Certified Public Accountant with at least ten
(10) years of work experience in any scope of practice of accountancy.
c. Must be of good moral character and must not have been convicted of
crimes involving moral turpitude; and
d. Must not have any pecuniary interest, directly or indirectly, in any
school, college, university or institution conferring an academic degree
necessary for admission to the practice of accountancy or where
review classes in preparation for the licensure examination are being
offered or conducted, nor shall he/she be a member of the faculty or
administration thereof at the time of his/her appointment to BOA.
e. Must not be a director or officer of the APO at the time of his
appointment.

Term of Office
Below is the summary of concepts related term of office of chairman and
members of BOA. The Chairman and members of BOA shall hold office for a
term of three (3) years.
No person who has served two (2) successive complete terms shall be
eligible for reappointment until the lapse of one (1) year.
Any vacancy occurring within the term of a member shall be filled up
for the unexpired portion of the term only.
Appointment to fill up an unexpired term is not to be considered as a
complete term.
No person shall serve BOA for more than twelve (12) years.

Powers and Functions of BOA

BOA shall exercise the following specific powers, functions and responsibilities
as enumerated by RA 9298:
a. To prescribe and adopt the rules and regulations necessary for
carrying out the provisions of RA 9298;
b. To supervise the registration, licensure and practice of accountancy in
the Philippines;
c. To administer oaths in connection with the administration of RA 9298;
d. To issue, suspend, revoke, or reinstate the Certificate of Registration
for the practice of the accountancy profession;
e. To adopt an official seal of BOA;
f. To prescribe and/or adopt a Code of Ethics for the practice of
accountancy;

75
g. To monitor the conditions affecting the practice of accountancy and
adopt such measures, including promulgation of accounting and auditing
standards, rules and regulations and best practices as may be deemed
proper for the enhancement and maintenance of high professional,
ethical, accounting and auditing standards: Provided, That domestic
accounting and auditing standards, rules and regulations shall include
the international accounting and auditing standards, and generally
accepted best practices;
h. To conduct an oversight into the quality of audits of financial statements
through a review of the quality control measures instituted by auditors in
order to ensure compliance with the accounting and auditing standards
and practices;
To investigate violations of RA 9298 and the rules and regulations
promulgated hereunder and for this purpose, to issue summons,
subpoena and subpoena ad testificandum and subpoena duces
tecum to violators or witness thereof and compel their
attendance to such investigation or hearings and the production
of documents in connection therewith: Provided, That BOA upon
approval of PRC may, subject to such rules and regulations that
may be promulgated to implement this section, delegate the fact-
finding aspect of such investigations to the accredited national
professional organization of certified public accountants:
Provided, Further, That BOA and/or PRC may adopt their findings
of fact as it may seems fit;
j. BOA may, motu propio in its discretion, make such investigations
as it deems necessary to determine whether any person has
violated any provisions of this law, any accounting or auditing
standard or rules duly promulgated by BOA as part of the rules
governing the practice of accountancy;
k. To issue a cease or desist order to any person, association,
partnershi p or corporation engaged in violation of any provision
of RA 9298, any accounting or auditing standards or rules duly
promulgated by BOA as part of the rules governing the practice of
accountancy in the Philippines;
To punish for contempt of BOA, both direct and indirect, in
accordance with the pertinent provisions of and penalties
prescribed by the Rules Of
 Court;

Aim... Believe... page

m. To prepare, adopt, issue or amend the syllabi of the subjects for
examinations in consultation with the academe, determine and
prepare questions for the licensure examination which shall strictly be
within the scope of the syllabi of the subjects for examinations as well
as administer, correct and release the results of the licensure
examinations;
n. To ensure, in coordination with the Commission on Higher Education
(CHED) or other authorized government offices that all higher
educational instruction and offering of accountancy comply with the
policies, standards and requirements of the course prescribed by CHED
or other authorized government offices in the areas of curriculum,
faculty, library and facilities; and
o. To exercise such other powers as may be provided by law as well as
those which may be implied from, or which are necessary or incidental
to the carrying out of, the express powers granted to BOA to achieve
the objectives and purposes of RA 9298.

Grounds for Suspension or Removal of Members of BOA

The President of the Philippines, upon the recommendation of PRC, after
giving the concerned member an opportunity to defend himself in a proper
administrative investigation to be conducted by PRC, may suspend or remove
any member on the following grounds:
a. Neglect of duty or incompetence;
b. Violation or tolerance of any violation of RA 9298 and its implementing
rules and regulations or the CPA's Code of Ethics and the technical and
professional standards of practice for certified public accountants;
c. Final judgment of crimes involving moral turpitude; and
d. Manipulation or rigging of the CPA licensure examination results,
disclosure of secret and confidential information in the examination
questions prior to the conduct of the said examination or tampering of
grades.
Other provisions of RA 9298 related to BOA
Compensation BOA shall receive compensation and allowances
and Allowances comparable to that being received by the Chairman and
of BOA members of existing regulatory boards under PRC as
provided for in the General Appropriations Act.
Annual Report BOA shall, at the close of each calendar year, submit an
annual report to the President of the Philippines through
PRC the following:
V a detailed account of its proceedings and
accomplishments; and

77
making recommendations for the adoption of
measures that will upgrade and improve the
conditions affecting the practice of accountancy.
Administrative BOA shall be under the administrative supervision of PRC
Supervisions of

3 BOA

Custodian of its All records of BOA, including applications for Records

examination, examination questions, answer sheets, and other records
and documents pertaining to the CPA licensure examination, and administrative
and other investigative cases conducted by BOA shall be under the custody of
the BOA.
Secretariat and PRC shall designate the Secretary of BOA and shall
Support Services provide the secretariat and other support services to
implement the provisions of RA 9298.

EXAMINATION, REGISTRATION AND LICENSURE

LICENSURE EXAMINATIONS FOR CERTIFIED PUBLIC ACCOUNTANT
Qualifications of Applicants for Examinations
To be allowed to take the Licensure Examination for CPAs (LECPA), a candidate
shall establish the following requirements by providing the corresponding
listed documents to the satisfaction of BOA that he/she:
Requirements Documents
a. is a Filipino citizen Certificate of Live Birth authenticated by
Philippine Statistics Authority (PSA), formerly known as National
Statistics Office
 b. is of good moral character Valid National Bureau of
Investigation (NBI) Clearance
c. has not been convicted of any criminal Valid NBI Clearance offense
involving moral turpitude
d. is a holder of the degree of Bachelor of Transcript of Records with
Science in Accountancy conferred by a scanned picture and
Remarks school, college, academy or institute duly "For Board
Examination recognized and/or accredited by the Purposes" CHED
or other authorized government offices
IMPORTANT NOTES:
All graduates with a Bachelor's Degree, major in Accounting were
given bY RA 9298 additional two (2) years from the effectivity of RA
9298. It was later extended by BOA up to October 2008 through a
resolution.

Aim... Believe...
A graduate with a Bachelor's Degree, major in Accounting who was able to
take the LECPA on or before October 2008 but failed may still take future
examinations.
A graduate with a Bachelor's Degree, major in Accounting who will be taking
the LECPA for the first time, will not be allowed to take the examination not
unless he/she earns the degree of Bachelor of Science in Accountancy.

PASSED General average of at least seventy-five percent (75%), with

no grades lower than sixty-five percent (65%) in any given
subject.
CONDITIONAL General average of less than 75%, has a grade of less than
65%, or both, but has obtained 75% and above in at least
majority (4 out of 6) of the subjects covered in the licensure
examination.
Removal Examination
An examinee obtaining a "conditional" status shall take an
examination in the remaining subjects (with grade lower
than 75%) within two years from the preceding
examination.
After taking the removal examination, the examinee shall
meet the "passed" rating requirements. Otherwise, the
examinee will be considered "failed" in the entire
examination.
FAILED Examinees who did not meet the above two ratings shall
obtain a "failed" rating.
 In addition to the documents discussed, married female applicants shall
submit a copy of marriage contract authenticated by Philippine Statistics
Authority (PSA).

Scope of Examination
The current licensure examination for certified public accountants shall cover, but are
not limited to, the following subjects:
1. Advanced Financial Accounting and Reporting (AFAR)
2. Auditing (Al-JD)
3. Financial Accounting and Reporting (FAR)
4. Management Advisory Services (MAS)
5. Taxation (TAX)
6. Regulatory Framework for Business Transactions (RFBT)
Also, per RA 9298, BOA, subject to the approval of PRC, may revise or exclude
subjects and their syllabi, and add new ones as the need arises. However, the
change shall not be more often than once every three (3) years.

Rating in the Licensure Examination

Failing Candidates to Take Refresher Course
An examinee failing in two (2) complete CPA Board Examinations shall not be
allowed from taking another set of examinations unless he/she submits evidence
to the satisfaction of BOA that he/she enrolled in and completed at least twenty_
four (24) units of subject given in the board exam. Such evidence is POpularly
known as refresher course certificate which shall be obtained from educational
institutions, which are allowed to offer the Bachelor of Science in ACCOUntancy
program.
The examination where the examinee had obtained a "conditional" status and
the removal examination on the subject in which he/she failed shall be COUnted
as one complete examination.

Other provisions of RA 9298 related to the CPA Licensure Examination

Report of Ratings obtained by each candidate within ten (10)
Ratings calendar days after the examination, unless extended
for just cause
Oath All successful candidates in the examination shall be
required to take an oath of profession before any
member of BOA or before any government official
authorized by PRC or any person authorized by law to
administer oaths
Roster of A roster showing the names and place of business of all
 Certified Public registered certified public accountants shall be
Accountants prepared and updated by BOA, and copies thereof shall
be made available to any party as may be deemed
necessary.
REGISTRATION
The following documents are given to persons registered as CPA.
A. Certificate of registration
A certificate of registration shall be issued to
a. examinees who pass the licensure examination
b. person admitted under reciprocity or other international agreementS
It shall bear the following
a. full name and the assigned registration number of the registrant
b. signature of the chairperson of PRC and the chairman and memberS Of
BOA
c. official seal of PRC and BOA

Aim... Believe...

RA 9298 provided that the person indicated in this certificate is entitled to the
practice of the accountancy profession with all the privileges accompanied
thereto. The said certificate shall remain in full force and effect until
withdrawn, suspended or revoked in accordance with RA 9298.

Simply stated, the certificate of registration is the primary proof of a person's

acceptance in the accountancy profession and it has a lifetime validity unless
suspended or revoked.

B. Professional identification card

In addition to the certificate of registration, a professional identification card
bearing the registration number, date of issuance, expiry date, duly signed by
the chairperson of PRC, shall likewise be issued to every registrant. Such card is
renewable every three (3) years.
The main purpose for this is for the registrant to have an immediate proof of being
a CPA.
Illustration on renewal and validity:
An examinee who was born on April 5, 1998, had successfully passed the
October 2019 LECPA. The examinee registered as a CPA on December 3,
 2019. The professional identification card received shall be valid for 3
years or until year 2022 (2019 + 3 years) and must be renewed on or
before April 5, 2022.
Failure to renew on or before the required date of renewal will subject the
CPA to fines and penalties in accordance with policies promulgated by
PRC.

C. Special or Temporary Permit

RA 9298 provided that special or temporary permit may be issued by BOA
subject to the approval of PRC and payment of the fees the latter has
prescribed and charged thereof to the following persons:
a. A foreign CPA called for consultation or for a specific purpose which, in the
judgment of BOA, is essential for the development of the country
(provided that his/her practice shall be limited only for the particular work
that he/she is being engaged and that there is no Filipino CPA qualified for
such consultation or specific purposes);
b. A foreign CPA engaged as professor, lecturer or critic in fields essential to
accountancy education in the Philippines and his/her engagement is
confined to teaching only; and
c. A foreign CPA who is an internationally recognized expert or with
specialization in any branch of accountancy and his/her service is essential
for the advancement of accountancy in the Philippines.
4

4 Indication of Certificate of Registration, Identification Card and Professional Tax Receipt

Whenever a CPA signs, uses or issues documents in connection with the

practice of the accountancy profession, the CPA shall be required to
indicate his/her certificate of registration number, and date of issuance,
the duration of validity including the Professional Tax Receipt number on
the documents.

5 Refusal to Issue

BOA shall not register and issue a certificate of registration and

professional identification card to any successful examinee
a. Convicted by a court of competent jurisdiction of a criminal
offense involving moral turpitude
b. Guilty of immoral and dishonorable conduct
c. Of unsound mind

Suspension and Revocation

BOA have the power to suspend or revoke the practitioner's certificate of
registration and professional identification card or suspend him/her from
the practice of his/her profession or cancel his/her special permit for any
of the causes or grounds
a. As mentioned in the grounds for refusal to issue;
b. Any unprofessional or unethical conduct;
c. Malpractice; or
d. violation of any of the following:
any of the provisions of RA 9298 and its IRR s/ the CPA's Code
of Ethics v/ the technical and professional standards of practice
for CPAs.

Reinstatement, Reissuance and Replacement of Revoked or Lost

Certificates BOA has the discretion to reinstate the validity of a revoked
certificate Of registration after the expiration of two (2) years from the
date of revocation and may exempt the applicant from taking another
examination.

Moreover, BOA has the power to issue a new certificate of registration to

replace lost, destroyed, or mutilated certificate/license subject to the
 rules promulgated by BOA and PRC and upon payment of the required
fees.

Aim... Believe... Claim... page 82

PRACTICE OF ACCOUNTANCY prohibition

in the Practice of Accountancy
RA 9298 requires that no person shall practice accountancy in the Philippines, or
use the title "Certified Public Accountant", or use the abbreviated title "CPA" or
display or use any title, sign, card, advertisement, or other device to indicate
such person practices or offers to practice accountancy, or is a CPA, unless such
person received from BOA a certificate of registration and a professional
identification card or a valid temporary/special permit duly issued to him/her by
BOA and PRC.
Simply stated, a person shall not represent himself/herself as a CPA if he/she is
not a CPA.

Limitation of the Practice of Public Accountancy

Types of organization allowed
Single practitioners and partnerships (whether general or limited) organized for
the practice of public accountancy shall be registered CPA in the Philippines.
A corporation type of organization is prohibited to engage in practice of public
accountancy.

Rules on name
A CPA shall practice only under an individual, firm or partnership name allowed
in accordance with Philippine laws and shall not include any fictitious name,
indicates specialization or is misleading as to the type of organization
(proprietorship or partnership).
Illustration on types of organization and names
The following are examples of organizations that may be organized for the
practice of public accountancy.
Individual He/she shall do business under his registered name
CPA with BOA and PRC and as printed in his/her CPA
certificate (e.g. Rein Ronald C. Bercasio, CPA)
Firm (sole They shall do business under their respective duly
proprietorship) registered and authorized Firm name appearing in the
registration documents issued by the Department of
Trade and Industry (DTI) or any proper government
office/s. The firm name shall include the real name of
the sole proprietor as printed in his/her CPA
 certificate (e.g. Rein Ronald C. Bercasio & Associates)
Partnership They shall do business under their respective
Partnership names as indicated in their current Articles
of Partnership and certificate of registration issued by
the Securities Exchange Commission (SEC) or under the
Partnership names as indicated in their current Articles
of Partnership in case of unregistered partnerships (e.g.
Escala, Bercasio, and Company)
Partnership engaged in the practice of public
accountancy may be carried on in the form of a general
partnership (GP) or a limited liability partnership (LLP)
organized accordance with Philippines laws.

83
and

in

Death, withdrawal or resignation of all other partners

In case of death, withdrawal or resignation of all other partners in a
partnership, the surviving or remaining partner may continue to use the
old partnership name for a period of not more than two (2) years after
becoming a sole proprietorship.
This means that the remaining partner shall change the old partnership
name to an individual CPA or Firm name if he/she continues to practice
on or before reaching the end of two-year period.

Accreditation to Practice Public Accountancy

Certificate of Accreditation
Definition
This is a certificate under seal, issued by PRC upon the recommendation by
BOA pursuant to this revised rules and regulation, attesting that Individual
CPAs, including the staff members thereof, Firms, including the sole
proprietors, and the staff members thereof and Partnerships of CPAs
including the partners and the staff members thereof, are "duly accredited"
to practice public accountancy in the Philippines.

Requirement
Before a certificate of accreditation is issued to CPAs in public practice,
CPAs must show evidence that they had acquired a minimum of three
 (3) years meaningfUl experience in any of the areas of public practice
including taxation.

84

Meaningful experience
To acquire meaningful experience, RA 9298 provided that a meaningful
experience shall be considered as satisfactory compliance with the
requirements of RA 9298 if it is earned in
a. commerce and industry and shall include significant involvement in general
accounting, budgeting, tax administration, internal auditing, liaison with
external auditors, representing his/her employer before government
agencies on tax and matters related to accounting or any other related
functions; or
b. academe/education and shall include teaching for at least three (3)
trimesters or two (2) semesters subjects in either financial accounting,
business law and tax, auditing problems, auditing theory, financial
management and management services. Provided, That the accumulated
teaching experience on these subjects shall not be less than three (3)
school years; or
c. government and shall include significant involvement in general
accounting, budgeting, tax administration, internal auditing, liaison with
PRC on Audit or any other related functions; and
d. public practice and shall include at least one year as audit assistant and at
least two years as auditor in charge of audit engagement covering full audit
functions of significant clients.

Renewal and Expiration

The certificate of accreditation shall be valid for a period of three (3) years and
may be renewed every three (3) years on or before September 30 on the year
of expiry upon compliance of the requirements.
Illustration on renewal and expiration
If the application of registration of Escala, Bercasio and Company was
approved on August 15, 2020 and has a validity period of three (3) years.
The registration shall expire on December 31, 2022. The year of registration
(2020) is counted as Year 1, 2021 as Year 2, and 2022 as Year 3.
As for the renewal, based from the above given information, the
partnership shall file for renewal on or before September 30, 2022 for the
three-year period beginning January 1, 2023 and shall apply on or before
September 30, 2025 for the next three (3) year period beginning January 1,
2026 and so forth.
85
Seal and Use of Seal
All licensed CPAs shall obtain and use a seal bearing the registrant's name
registration number and title. The auditor's reports shall be stamped with
said seal, indicating therein his/her current Professional Tax Receipt (PTR)
number date/place of payment when filed with government authorities or
when used professionally.
The seal of a CPA must be circular in form with a smaller
circle within and must contain
Name the following:
1. Upper portion of the space between circles —
engrave the name of the individual CPA, firm or

CPA partnership
2. Lower portion of the space between circles — engrave
the CPA registration number of the Reg. No.
proprietor of the firm and the
individual CPA, signing partner
of the partnership
3. Middle of the smaller circle — engrave the letters
"CPA".
Affixing the CPA's seal and signature is an indication of compliance of the
requisite accounting and auditing standards and rule by the CPA.

Ownership of Working Papers

As a rule, working papers are confidential, privileged and property of the CPA.

Foreign Reciprocity
RA 9298 provided that foreign citizens may be allowed to practice
Accountancy in the Philippines in accordance with the provisions of existing
laws, international treaty obligations including mutual recognition
agreements entered into by the Philippine government with other
countries.

A person who is not a citizen of the Philippines shall not be allowed to

practice accountancy in the Philippines unless he/she can prove the country
of which he/she is a citizen, subject or national admits citizens of the
Philippines to the practice of the same profession without restriction.

PENAL PROVISION
Any person who shall violate any of the provisions of RA 9298 or any of its
IRR as promulgated by BOA subject to the approval of PRC, shall, upon
conviction, be punished by a fine of not less than fifty thousand pesos (P
50,000.00) or by imprisonment for a period not exceeding two (2) years or
both.
Page 86
 Chapter 3 — Practice and Regulation of the Accountancy Profession

CONTINUING PROFESSIONAL DEVELOPMENT

Based on RA 10912 Continuing Professional Development (CPD) Act of 2016 RA
10912 is an act mandating and strengthening the continuing professional
development program for all regulated professions, creating the continuing
professional development council, and appropriating funds therefor, and for
other related purposes

Definition and Rationale

CPD refers to the inculcation of advanced knowledge, skills and ethical values
in a post-licensure specialization or in an inter- or multidisciplinary field of
study, for assimilation into professional practice, self-directed research or
lifelong learning.
Voluntary compliance with the CPD program is an effective and credible means
of ensuring competence, integrity and global competitiveness of professional in
order to allow them to continue the practice of their profession.

Required CPE Credit units

1. Renewal of PIC — fifteen (15) credit units.
Exemptions:
v/ Professional working overseas (OFWs) v/ Newly licensed professionals for
the first renewal cycle after obtaining their license
2. For accreditation (initial and renewal) — one hundred twenty (120) credit
units
Minimum units under required competency areas
A. Technical Competence30 units
B. Professional Skills 5 units
C. Professional Values, Ethics, and Attitudes 5 units 40 units
Flexible CPD units 80 units Required number of CPD units 120
units
IMPORTANT NOTES:
v/ The required minimum units earned from the previous year/s shall be
20 credit units.
v/ Flexible CPD units may be earned on the three different competency areas
at the discretion of the CPA.

How to earn CPD credit units?

The following is the list of CPD Activities from which a CPA can earn CPD units
(lifted from PRC Resolution No. 254 Series of 2017 or the Operational Guidelines
in the Implementation of RA 10912 for the Accountancy Profession)

Aim... Believe... Claim... Page 87

1. SEMINARS/WORKSHOPS (TRAINING OFFERED BY ACCREDITED
PROVIDERS, FACE TO FACE OR ONLINE)

SUPPORTING
PROGRAM or ACTIVITY CREDIT UNITS
DOCUMENTS
Certificate of
Approved
Attendance
with No. of (a) Participation
1.1 As a participant Credit Unit for
Hours and in courses
the Program
Seminar conferences and
Program seminars
Photocopy of
certificate, Copy
1.2 As Resource Speaker 3 CU per hour of papers and
Program
Invitation (g) Participation
Certification as a speaker in
from sponsoring conferences,
1.3 As Panelist/Reactor 2 CU per hour organization and briefing
Copy of sessions, or
Program discussion
Certification groups
from sponsoring
1 CU per hour organization and
Copy of
Facilitator/Moderator Program
Twice the Monitoring
Number of Report,
Certificate of
1.5 CPD Monitor Approved
Appearance and
Credit Units for
the Authority to
the Program Monitor
Maximum of
20 CU for a
Certificate of
12month
1.6 In-Service Training/ Training and
period or a
On-the-Job Training Training
fraction
Description
thereof upon
completion

Believe... page
Chapter 3 — Practice and Regulation of the Accountancy Profession
2. ACADEMIC TRACK (MUST BE APPLIED WITHIN 5 YEARS AFTER COMPLETION)
PROGRAM or SUPPORTING
ACTIVITY CREDIT UNITS DOCUMENTS
60 CU for University
2.1 Master's Compliance Certification/Diploma
Degree or Period upon & Transcript of
equivalent Completion of Records
Degree (authenticated copy)
60 CU for
Compliance
Period upon
Completion of University
2.2 Doctorate Candidacy Certification /
Degree or Additional 30 Diploma & Transcript
equivalent CU for of Records (f) Formal
Compliance (authenticated copy)
study related
Period upon
to professional
Completion of
responsibilities
Degree
30 CU for
Compliance
Period upon University
Completion of Certification /
Candidacy Diploma & Transcript
2.3 Bachelor of
Additional 30 of Records,
Laws
CU for Certificate of
Compliance Admission to the
Period upon Philippine Bar
Completion of
Degree
10 CU per Copy of Professional
2.4 Professional Professional Certificate duly
(j) Professional
Certifications, Certification authenticated by
re-examination
such as CMA, obtained from certifying
or formal
CFA, CFE, CIA, 2010 and organization, such as
testing
CISA, etc... subsequent IIA, ISACA, CIMA,
years etc.
Copy of Certificate
2.5 Foreign of
10 CU for each
Language Completion and
Foreign
Certifications Proficiency from a Nil
Language
verifiable, duly recognized
Certification
inputbased foreign language
training institution
Certification of grant
2.6 Professional
15 CU per year or appointment
Chair
paper
 Certification from
2.7 Internship / Host Institution and 3. SELF-DIRECTED
AND/OR
Specialty / Sub- 10 CU per year Certificate of
LIFELONG
specialty / Completion
LEARNING
Program (TRAINING
2.8 Fellowship OFFERED BY
Grant Certification from NON-ACCREDITED
PROVIDERS, FACE
2.8.1 Participant 2 CU per grant granting institution
TO FACE OR
2.8.2 Resource and/or Certificate of
ONLINE)
Speaker PROGRAM4or CU per grant CREDIT UNITS
Fellowship SUPPORTING
2.8.3 Researcher
ACTIVITY 5 CU per grant DOCUMENTS
Maximum of 30 Certificate of
2.9 Post-Graduate CU for an 18- Attendance
Diploma/Certification
Credit Units for the
Diploma 3.1 month period or a from the Institution
/ As a participant Program as evaluated by with No. of
Certificate fraction thereof
Hours and
upon completionthe CPD Council Seminar
Program
Photocopy of
certificate,
3.2 As Resource 3 CU per hour Copy of
Speaker papers and
Program
Invitation
Certification
from
3.3 As 2 CU per hour sponsoring
Panelist/Reactor organization
and Copy of
Program
Certification
from
3.4 As
Facilitator/Moderato 1 CU per hour sponsoring
organization
and Copy of
Program
Believe...
Maximum of 20 CU for a Certificate
3.5 In-Service
12-month period or a of Training
Training/
fraction thereof upon and Training
On-the-Job Training
completion Description
3.6 10 CU per complete set Copy of (e)
Program/Training of modules Module and Developing or
Module Evaluation delivering a
 course or CPD
session in an
area related
Development to
professional
responsibilitie
s
Certification
of
5 CU per Technical Completion
Paper (for Published and Approval
3.7 Technical Paper (for
Paper see
3.8) Published
Paper see
3.8)
3.8 Article Published in Refereed / Peer Reviewed Professional
Journal
10 CU 15 CU
Local International Copy of
3.8.1 Author/s For multiple authors, Published (h) Writing
divide CU equally among Article and articles,
them Table of papers, or
3.8.2 Peer Contents books of a
2 CU per article
Reviewer technical,
3.9 Pamphlet / Book or Monograph professional
20 CU for 40 CU for or academic
single single author nature
author for Book or
pamphle Monograph Copy of
t (less pamphlet Published
3.9.1 Author/s than 100 (more than Material
pages) 100 pages) with
For multiple authors, Proof of
divide CU equally among Copyright
them and Table of
Contents

3.9.2 Editor Maximum of 20 CU

Aim... Believe...
Maximum of 5 CU per 3.10
article Proof of
Magazine/Newspape
r Articles relevant toFor multiple authors, Publication
the topics in thedivide CU equally among Article
 Competence Areas them
Certification
2 CU per day (max from
3.11 Study Tours/Visits of 20 CU/tour) sponsoring Nil
institutions
Certification
of
Attendance
3.12 Active Committee and CPD
Membership in FRSC, AASC, compliance
2 CU per meeting
PIC, CPD, Committee attended up to a signed by the Participation
(PICPA & Professional maximum of 24 Secretary and in and work
CU
Organizations), CHED, per calendar year duly noted by on technical
Technical Committee on the Chairman committee

Accountancy Education of the

respective
Committee
3.13 Consultancy (e.g.
rendered to the profession Subject to
CU for other
such as Citizen prior
voluntary services
Participatory Audit, determinatio
subject to prior
Government Bidding and n and
approval by the
Procurement Observers, approval by
Joint CPD
Accreditors and other the joint CPD
Committee
activities as per request of Committee
an institution, etc.)
3.14 Socio-Civic activities
(e.g. Mentors in Go! Project
Negosyo Mentor-Me 3 CU per hour Proposal,
program, Tax and Report and
Accounting Clinics, etc.) Photos
3.15 Recognition/Title (e.g.
Copy of
Fellows, Hall of Fame Full CU for certification
Awards, Outstanding Compliance from the
Period
Professional, Lifetime subject to Awarding
approval
Achievement Awardee, by the CPD Body (duly
Council
etc.) notarized)
Where: FRSC - Financial Reporting Standards Council
 AASC - Assurance and Auditing Standards Council
PIC - Philippine Interpretation Committee
CPD - Continuing Professional Development
Believe...
 Chapter 3 — Practice and Regulation of the Accountancy Profession
PICPA — Philippine Institute of Certified Public Accountants
CHED - Commission on Higher Education

4. SUCH OTHER ACTIVITIES TO BE RECOMMENDED BY THE CPD COUNCIL

AND APPROVED BY BOA AND PRC

ORGANIZATIONS AFFECTING THE ACCOUNTANCY PROFESSION

A. ACCOUNTING AND AUDITING STANDARDS SETTING BODIES
RA 9298 mandated PRC to create accounting and auditing standard
setting bodies to assist BOA in carrying out its powers and functions in
promulgating accounting and auditing standards and generally
accepted best practices. These bodies shall be known as Financial
Reporting Standards Council and Auditing and Assurance Standards
Council.
1. FINANCIAL REPORTING STANDARDS COUNCIL (FRSC)
The FRSC shall be composed of fifteen (15) members. A chairman,
who had been or presently a senior accounting practitioner in any
of the scope of accounting practice and fourteen (14)
representatives from the following:

6 Board of Accountancy
1

7 Commission on Audit
1

8 Securities and Exchange Commission 1

9 Bangko Sentral ng Pilipinas

1

Bureau of Internal Revenue 1 A major

organization composed of preparers and users of
financial statements (FINEX)* 1 Accredited National

Public Practice 2

Commerce and Industry 2

Academe/Education 2

Government 2 8
Professional Organization of CPAs:
14
*Financial Executives Institute of the Philippines
 2. AUDITING AND ASSURANCE STANDARDS COUNCIL (AASC)
Per RA 9298, the AASC shall be composed of fifteen (15) members.
A chairman, who had been or presently a senior practitioner in
public accountancy and fourteen (14) representatives from the
following:
Board of Accountancy 1
Commission on Audit 1
Securities and Exchange Commission 1
Bangko Sentral ng Pilipinas 1
An association or organization of CPAs in active
public practice of accountancy 1
Accredited National Professional Organization of
CPAs:

Aim... Believe... Claim... Page 93

Chapter 3 — Practice and Regulation of the Accountancy
Profession
6*
Public Practice
Commerce and Industry 1 Academe/Education1
Government1 9

*shall be equally distributed among big, medium and small practitioners

B. EDUCATION TECHNICAL COUNCIL (ETC)

ETC was established to assist BOA in
a. carrying out its powers and functions provided in ensuring that all higher
educational instruction and offering of accountancy are in compliance with
the requirements of CHED or other government authorized offices. b.
attaining the objective of continuously upgrading the aCCOUntancy
education in the Philippines to make the Filipino CPAs globally competitive.
ETC shall be composed of seven (7) members with a Chairman, who had
been presently a senior accounting practitioner in the academe/education
and six representatives from the following:
Board of Accountancy 1 Accredited National Professional
Organization of CPAs:
Public Practice 1
Commerce and Industry 1
Academe/Education 2*
Government 1 5

*shall be equally distributed among the private and public schools

c. QUALITY REVIEW COMMIITEE (QRC)

QRC was mandated to be created to assist BOA in
a. Conduct quality review on applicants for registration to practice public
accountancy and render a report which shall be attached to the
application for registration.
b. Recommend to BOA the revocation of the certificate of
registration and the professional identification card of CPAs in
public practice Of accountancy.
The QRC shall be composed of seven (7) members. A chairman, who had
been presently a senior accounting practitioner in the public accountancy
and six representatives from the following:
Board of Accountancy 1
Accredited National Professional Organization of CPAs:
Public Practice 2 Commerce and Industry 1
 Aim... Believe... Claim... Page 94

Chapter 3 — Practice and Regulation of the Accountancy Profession

Academe/Education 1
Government 1 5

IMPORTANT NOTES:
Term of office: The chairman and members of the FRSC, AASC,
QRC and ETC shall have a term of three (3) years renewable
for another term.
•Z Composition: FRSC and AASC shall review its composition
annually and may recommend to BOA and PRC a more
suitable representation as they may deem fit.
Actual creation: Only FRSC and AASC were actually created
and still existing up to date.

ACCREDITED PROFESSIONAL ORGANIZATION

All registered CPAs shall be united and integrated through
their membership in a one and only registered and
accredited national professional organization of registered
and licensed certified public accountants, which shall be
registered with the Securities and Exchange Commission as a
nonprofit corporation and recognized by BOA, subject to the
approval by PRC.

The members in the said integrated and accredited national

professional organization shall receive benefits and privileges
appurtenant thereto upon payment of required fees and
dues. Membership in the integrated organization shall not be
a bar to membership in any other association of certified
public accountants.
Currently, the one and only registered APO in the Philippines is
the Philippine Institute of Certified Public Accountant (PICPA).
PHILIPPINE INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANT
(PICPA)
PICPA as APO: PICPA, a non-stock and not-for-profit
organization, was recognized by PRC as the APO on October
2, 1975 per Accreditation No. 15. It was established for the
benefit and welfare of the CPAs, the advancement of their
profession, and the attainment of other professional ends. v/
Certificate of Accreditation: Renewal of certificate of accreditation once
every three years.
Conditions for Continuity as APO: To maintain its recognition as the
APO, it must meet the following requirements:
 a. Primary purpose: It is established for the benefit and welfare
of the CPAs, the advancement of their profession, and the
attainment of other professional ends
b. Membership: Membership is open to all registered CPAs from
all four (4) sectors

Aim... Believe... Claim... Page 95

 c. Active Membership: It shall three have (3) a years, creditable at

least plan a majority to enlist of intothe active membership

within

CPAs in the practice of accountancy

d. National Directors: There shall only be fifteen to have (15)
national directors, unless there is a valid reason additional
representation. In practice, there are twenty-five (25) national
directors equitably distributed in four (4) major geographical
areas (Luzon, Visayas, Mindanao and National Capital Region)
e. Chapters and Regions: PICPA shall have adequate chapters and
regions in major areas in the Philippines to effectively attend to
the needs of its members
f. Full time Executive Director: It shall have a full-time career
Executive Director who shall implement the policies
promulgated by the PICPA
Board of Directors and shall have direct supervision over the PICPA
Secretariat
g. Management of Financial Resources: It shall be judicious and
prudent in the management of its financial resources and for
this purpose its chapter/region/national office and their
respective foundation shall keep proper books of accounts and
submit audited annual financial statements
h. Non-stock corporation: It is duly registered as a non-stock
corporation or association by the Securities and Exchange
Commission (SEC)
i. Payment ofprescribedfees: It has paid the prescribed
accreditation fee v/ Grounds for Cancellation of Accreditation:
Cancellation of accreditation may be caused by any of the
following grounds:
a. it has ceased to possess any of the qualifications for accreditation
b. it no longer serves the best interests of CPAs
c. it did not achieve its plan within three years
d. it has committed acts inimical to its members and to the profession
e. Failure to renew its accreditation after a lapse of unreasonable
period.

Moreover, the following sectoral organizations were also created to

assist BOA and PICPA and to focus on the specific sectors of practice of
the accountancy profession.
1. Association of Certified Public Accountants in Public Practice (ACPAPP)
 2. Association of Certified Public Accountants in Commerce and Industry
(ACPACI)
3. Association of Certified Public Accountants in Education (ACPAE)
4. Government Association of Certified Public Accountants (GACPA)

96
Page
Aim...
Chapter 3 — Practice and Regulation of the Accountancy Profession
CONTINUING PROFESSIONAL EDUCATION (CPE) COUNCILS PRC-
CPE Council
BOA, upon approval by PRC, shall create this council which shall assist
BOA in implementing its CPE program.
Composition
The PRC CPE Council shall be composed of a chairperson and two (2)
members.
• The chairperson shall be chosen among the members of BOA
• The first member could either be the president or any officer chosen by
the BOD of PICPA
• The second member could either be the president or any officer of the
organizations of deans or department heads of schools, colleges or
universities offering BS Accountancy program.
Powers and Functions
The council shall, upon a majority vote, exercise powers and functions which
shall include but shall not be limited to the following:
Accept, evaluate and approve applications for accreditation of CPE
providers.
Accept, evaluate and approve applications for accreditation of CPE
programs, activities or sources as to their relevance to the
profession and determine the number of CPE credit units to be
earned on the basis of the contents of the programs, activity or
source submitted by the CPE providers.
Accept, evaluate and approve applications for accreditation for
exemptions from CPE requirements.
Monitor implementation by the CPE providers of their programs, activities
or sources.
Assess periodically and upgrade criteria for accreditation of CPE providers
and CPE programs, activities or sources.
Perform such other related functions that may be incidental to
implementation of the CPE programs or policies.
Term of office
Co-terminus with their respective incumbency in BOA, PICPA and organization

PICPA CPE Council

If the need arises, the PRC CPE Council may delegate to the PICPA o the
processing of the application keeping of all records for CPE providers
and their respective programs and credit units earned by each CPA who
avail of the CPE programs any other related functions

Aim... Believe... Claim... Page 97

 IMPORTANT NOTES:
v/ PRC-CPE Council and PICPA-CPE Council were discussed in RA
9298
In practice, the term CPE is replaced with Continuing Professional
Development (CPD).
Currently, in compliance with the requirements of RA 10912, the
monitoring the implementation of CPD Program is called CPD
Council.

F. REGULATORY AGENCIES
In addition to BOA, the following government agencies affect the practice of
the accountancy profession.
1. Professional Regulation Commission (PRC)
PRC is the agency that administers, implements and enforces the
regulatory policies of the government with respect to the regulation
and licensing of the various professions under its jurisdiction.

2. Commission on Audit (COA)

COA is considered as the Philippines' Supreme Audit Institution. Its
mission is to ensure accountability for public resources, promote
transparency, and help improve government operations in
partnership with stakeholders for the benefit of the Filipino people
(coa.gov.ph).
COA has the power, authority and the duty to examine, audit, and
settle all accounts pertaining to the revenue and receipts of, and
expenditures or uses of funds and property, owned or held in trust by,
or pertaining to, the government, or any of its subdivisions, agencies,
or instrumentalities, including government-owned or controlled
corporations and recommend measures to improve the efficiency and
effectiveness of government operations.

Its primary function is to keep the general accounts of the

government and for such period as may be provided by law,
preserve the vouchers pertaining thereto.
Reports on the:
1) Accountability of government funds
a. When it examines all accounts pertaining to the revenue
and receipts of, and expenditures or uses of funds and
property owned or held in trust by, or pertaining to, the
government ,
b. When it sets accounting and auditing rules and
regulationS including those for the prevention and
disallowance of irregular' unnecessary, excessive,
 extravagant or unconscionable expenditures, or uses of
government funds and properties .
2) Financial condition and operation of the government to the
President and the Congress.

Aim... Page 98
 3) Operational efficiency and effectiveness of the government and its
agencies.
4) Accountability of government records.
5) Decisions to any case brought before it within 60 days.
3. Securities and Exchange Commission (SEC)
SEC is the regulatory agency charged with supervision over the
corporate sector, the capital market, participants, and the securities and
investment instruments market, and the protection of the investing
public (sec.gov.ph).

SEC regulates the registration and operations of corporations,

partnerships and other forms of associations, as well as monitoring of
compliance with the Corporation Code, Civil Code provisions on
partnerships, Foreign Investment Act, and other related laws. It has
power to established rules for any CPAs associated with audited
financial statements submitted to PRC and also has considerable
influence in setting GAAP and disclosure requirements for financial
statements
The SEC Powers and functions relevant to the Accountancy Profession
I) Have the jurisdiction and supervision over all corporations,
partnerships or associations who are the grantees of primary
franchises and/ or a license or permit issued by the Government;
2) Approve, reject, suspend, revoke or require amendments to
registration statements, and registration and licensing applications;
3) Issue cease and desist orders to prevent fraud or injury to the investing
public;
4) Impose sanctions for the violation of laws and the rules, regulations
and orders issued pursuant thereto;
5) Punish for contempt of PRC, both direct and indirect, in accordance
with the pertinent provisions of and penalties prescribed by the Rules
of Court;
6) Issue subpoena duces tecum and summon witnesses to appear in any
proceedings of PRC and in appropriate cases, order the examination,
search and seizure of all documents, papers, files and records, tax
returns, and books of accounts of any entity or person under
investigation as may be necessary for the proper disposition of the
cases before it, subject to the provisions of existing laws.
Objectives v/ to assist in providing investors with reliable information
upon which to make investment decisions

Aim... Page 99
4. Bureau of Internal Revenue (BIR)
 BIR has the primary objective of raising revenues for the government.
It also prescribes additional requirements for audited financial
statements that accompany tax returns of various entities. Details of
this agency are discussed in taxation subject.

5. Bangko Sentral ng Pilipinas (BSP)

BSP has the primary objective of maintaining price stability conducive
to a balanced and sustainable economic growth. It also aims to
promote and preserve monetary stability and the convertibility of the
Philippine peso.
BSP provides policy directions in the areas of money, banking and
credit. It supervises operations of banks and exercise regulatory
powers over non-bank financial institutions with quasi-banking
functions (bsp.gov.ph).

6. Insurance Commission
Insurance commission promulgates and implements policies, rules and
regulations governing the operations of entities engaged in insurance
and pre-need activities. It also prescribes additional requirements
regarding audits of its regulated entities.

Aim... Page 100

 chapter 4 — Overview of the Audit Process and Preliminary Activities

CHAPTER 4
OVERVIEW OF AUDIT PROCESS AND PRELIMINARY
ACTIVITIES

Chapter Overview and Objectives:

This Chapter discusses the audit process in detail and presents the activities
during its preliminary phase. At the end of this chapter, readers should be
able to discuss:
1. The activities conducted in performing financial statements audit
2. The different categories and types of assertions made by the entity
3. The major preliminary engagement activities
4. The activities involved in client acceptance
5. The process of agreeing the terms of the audit engagement
6. The considerations taken in accepting a change in an engagement

Relevant references:
PSA 200 - Overall Objectives of the Independent Auditor and the Conduct of an
Audit in accordance with International Standards on Auditing

PSA 210 - Agreeing the Terms ofAudit Engagement

PSA 500 - Audit Evidence

Aim... Believe... Claim... Page 121
—

INTRODUCTION
Audit of financial statements is normally performed by independent and
qualified auditor on an annual basis to meet the information needs of
entity,s financial statement users. The entity is required to prepare its
financial statements by complying with applicable financial reporting
framework (e.g. PFRS, PFRS for SME, PFRS for Small Entities). To audit
the entity's financial statements, auditors must adhere to applicable
auditing standards (e.g. PSA).
As defined, an audit is a systematic process of objectively obtaining and
evaluating evidence regarding assertions about economic actions and
events to ascertain the degree of correspondence between these
assertions and established criteria and communicating the results
thereof.
Basically, the logic and objective of audit of financial statements are
similar in all audits of financial statements. In order to attain the
objective of the audit, the auditor needs to undergo a systematic
process comprising certain activities.
Being a systematic process, an audit engagement is performed by means of an
ordered or structured series of steps. This process is commonly called as
"AUDIT
PROCESS".

AUDIT PROCESS: A GENERAL APPROACH

A general overview of the audit process may be best represented by the
following diagram:

Entity The auditor prepares and

performs The auditor The auditor presents audit
gathers audit expresses an
financial procedures evi dence audit
opinion
statements

Entity prepares and presents financial statements

An audit in accordance with PSAs is conducted on the premise that
management and, where appropriate, those charged with governance
have responsibilities that are fundamental to the conduct of the audit•
The financial statements subject to audit are those of the entity, prepared
and presented by management of the entity with oversight from those
 charged with governance. The audit of the financial statements does not
relieve management or those charged with governance of those
responsibilities

122

Aim... Believe... Claim... Page

 Category Assertions
Classes Occurrence - transactions and events that
Transactions and have been recorded have occurred and
events for pertain to the entity.
the Completeness - all transactions and events
period under that should have been recorded have been
audit (TOCCAC) recorded.
Cutoff - transactions and events have been
recorded in the correct accounting period.
Accuracy - amounts and other data relating to
recorded transactions and events have been
recorded appropriately.
Classification - transactions and events have
been recorded in the proper accounts.
Account balances Completeness - all assets, liabilities and equity
at the period end interests that should have been recorded
(ACERV) have been recorded.
Existence assets, liabilities, and equity
interests exist.
Rights and obligations - the entity holds or
controls the rights to assets, and liabilities are
the obligations of the entity.
Valuation and allocation - assets, liabilities,
and equity interests are included in the
financial statements at appropriate amounts
and any resulting valuation or allocation
adjustments are appropriately recorded.
Presentation and Occurrence and rights and obligations
disclosure disclosed events, transactions, and other
(POCAC) matters have occurred and pertain to the
entity.
Completeness - all disclosures that should
have been included in the financial
statements have been included.
Accuracy and valuation - financial and other
information are disclosed fairly and at a
ropriate amounts.
Chapter 4 — Overview of the Audit Process and Preliminary Activities
The financial statements are considered as assertions or representation
made by the entity, through its management and those charged with
governance, as appropriate. These assertions may be explicitly or implicitly
included in the financial statements and may fall into the following
categories (TAP):

Aim... Believe... Claim... Page 123

 Classification
information
described,
expressed.
and understandability - financial is appropriately presented and
disclosures are clearly

Additional responsibilities
Moreover, PSA 200 provides that management and, where aPPropriate
those charged with governance have responsibility:
a. For the preparation and presentation of the financial statements
accordance with the applicable financial reporting framework;
includes the design, implementation and maintenance of internal
control relevant to the preparation and presentation of financial
statements that are free from material misstatement, whether due
fraud or error; and
b. To provide the auditor with:
i. All information, such as records and documentation, and
matters that are relevant to the preparation and presentation of
financial statements; ii. Any additional information that the auditor
may request management and, where appropriate, those charged
governance; and iii. Unrestricted access to those within the
entity from whom auditor determines it necessary to obtain audit
evidence.
As part of their responsibility for the preparation and presentation of
financial statements, management and, where appropriate, those charged
with governance are responsible for:
o The identification of the applicable financial reporting framework,
the context of any relevant laws or regulations.
o The preparation and presentation of the financial statements
accordance with that framework.
o An adequate description of that framework in the financial
statements.
The preparation of the financial statements requires management exercise
judgment in making accounting estimates that are reasonable in
circumstances, as well as to select and apply appropriate accounting polici
These judgments are made in the context of the applicable financial
reporting framework.

1. The auditor performs audit procedures

 In conducting an audit of financial statements, the overall objectives Of
the auditor are:

Aim... Believe... Claim... page 124

4
a. To obtain reasonable assurance about whether the financial statements
as a whole are free from material misstatement, whether due to fraud or
error, thereby enabling the auditor to express an opinion on whether the
financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework; and
b. To report on the financial statements, and communicate as required by
the PSAs, in accordance with the auditor's findings.
To achieve the overall objectives of the audit, the auditor shall design and
perform audit procedures which enable the gathering of audit evidence.
such evidence will be used as a basis in expressing the opinion required by
the audit of financial statements.
When selecting procedures, the auditor considers various factors including
assertions made by the entity, assessed level of risks, and materiality.
Procedures to be performed may be categorized into (1) major audit
procedures and (2) specific audit procedures.

Major audit procedures

I. Risk assessment procedures. The audit procedures performed to obtain
an understanding of the entity and its environment, including the
entity's internal control, to identify and assess the risks of material
misstatement, whether due to fraud or error, at the financial statement
and assertion levels.
2. Test of controls. An audit procedure designed to evaluate the operating
effectiveness of controls in preventing, or detecting and correcting,
material misstatements at the assertion level.
3. Substantive procedure. An audit procedure designed to detect material
misstatements at the assertion level. Substantive procedures comprise:
i. Tests of details (of classes of transactions, account balances, and
disclosures), and ii. Substantive analytical procedures.

Specific audit procedures

1. Inspection of Records or Documents. It consists of examining records or
documents, whether internal or external, in paper form, electronic form,
or other media.
2. Inspection of Tangible Assets. It consists of physical examination of
the assets.
3. Observation. It consists of looking at a process or procedure being
performed by others.
4. Inquiry. It consists of seeking information of knowledgeable persons,
both financial and non-financial, throughout the entity or outside the

Page 125
entity. This procedure may be used extensively throughout the
audit as a complement of other audit procedures.
5. Confirmation. A specific type of inquiry that is the process of obtaining a
representation Of information or of an existing condition directly from a
third party.
6. Recalculation. It consists of checking the mathematical aCCuracy of
documents or records. This procedure may be performed manually or
electronically.
7. Reperformance. It involves the auditor's independent execution of
procedures or controls that were originally performed as part of the
entity/s internal control.
8. Analytical Procedures. Procedures consist of evaluations of financial
information made by a study of plausible relationships among both
financial and non-financial data. Analytical procedures also encompass
the investigation of identified fluctuations and relationships that are
inconsistent with other relevant information or deviate significantly from
predicted amounts.

2. The auditor gathers audit evidence

Through the procedures performed, the auditor obtains sufficient
appropriate audit evidence to be able to draw reasonable conclusions
on which to base the audit opinion.
Audit evidence refers to information used by the auditor in arriving at
the conclusions on which the auditor's opinion is based. Audit evidence
includes both information contained in the accounting records
underlying the financial statements and other information.

3. The auditor expresses an audit opinion

The auditor provides a written audit report containing a conclusion or a n
opinion regarding the fairness of preparation and presentation of
financial statements in accordance with the applicable financial reporting
framework•

Opinion to be expressed by the auditor may include either of the

following:
 a. Unmodified opinion. The opinion expressed by the auditor when
the auditor concludes that the financial statements are prepared, in
all material respects, in accordance with the applicable financial
reporting framework. This type of opinion is also known as
unqualified opinion•
b. Modified opinion. A qualified opinion, an adverse opinion or a
disclaimer of opinion. The auditor shall modify the opinion in the
auditor's report when:
1. A choice between Qualified and Adverse. The auditor
concludeS that, based on the audit evidence obtained,
the financial statementS as a whole are not free from
material misstatement; or

Aim... Believe... Claim...

Page 126

4
2. A choice between Qualified and Disclaimer of opinion.
The auditor is unable to obtain sufficient appropriate
audit evidence to conclude that the financial statements
as a whole are free from material misstatement.

Sub-phases of audit process

The above audit process may be divided into two sub-phases, the investigative
phase and the reporting phase. Investigative phase includes performance of
audit procedures and gathering of audit evidence. On the other hand,
reporting phase includes the expression of opinion, preparation of the report,
and communication of the results to the different users of the audited financial
statements.

AUDIT PROCESS: A MORE DETAILED APPROACH

The specific sequence or order of activities in performing financial statements
audit may vary from firms to firms depending on their own policies and
procedures. However, such sequence of different activities normally will
include the following steps:

Preliminary Planning an audit of

engagement fin ancial statements
activities
 Completing the Evidence-gathering Study and audit
(Substantive testing) evaluation of internal
control

Issuance of thePost-audit
audit report responsibilities

AUDIT PROCESS: A MORE DETAILED APPROACH

PHASE DESCRIPTION

1 Preliminary This phase will require a decision from the

. engagement auditor whether or not to accept a new client or
activities continue relationship with an existing one. This
process would require evaluation not only of the
auditor's qualification,

Page 127

but also the integrity and auditability of the client's

financial statements.

Primary objective: To minimize the likelihood of

being associated to a client whose management
lacks integrity
2. Planning an audit of Audit planning involves the development of an overall
financial statements audit strategy, audit plan and audit program. The
auditor usually obtained more detailed knowledge
about the client's business and industry in order to
understand the transactions and events affecting the
financial statements.
Preliminary assessment of risk and materiality is also
made during this phase.

Primary objective: To assess the different risks

associated with the audit to determine the nature,
timing and extent of further audit procedures
necessary to be performed
3. Study and evaluation Since entitvs internal control directly affects the
of internal control reliability of the financial statements, it is appropriate
to study and evaluate these controls.

Primary objective: To establish a basis for reliance on

internal controls, in determining the nature, timing
and extent of audit procedures to be performed

4. Evidencegathering Using the information obtained in audit planning and

(Substantive testing) consideration of internal controls, the auditor
performs substantive test to determine whether
entiti/s financial statements are presented fairly in
accordance with financial reporting standards.
Substantive procedures could either be analytical
procedures or test of details Of transactions and
balances

This phase will always be performed by the auditor.

Primary objective: To ascertain the degree Of

correspondence between the financial statementS
prepared by client's management and the financial
reporting framework. With this, the auditor will be
able to conclude whether or not the financial
statements are presented fairly in accordance with
financial reporting standards
5. Completing the audit Wrapping-up procedures are performed; conclusionS
reached are reviewed; and an overall opinion is
formed during this phase.
Aim... Believe... Claim... Page 128
 Primary objective: To assist the auditor in
assessing conclusion reached is consistent with
evidence gathered
6. Issuance of In this stage, auditor prepares and issues audit
the audit report which describes the scope of the audit and
report states the auditor's conclusion regarding the
fairness of the financial statements.

Primary objective: To communicate the

conclusions reached by the auditor to various
intended users
7. Post-audit After completion of the audit engagement, auditor
responsibilities performs procedures that will enable him/her
identify areas for improvement in the current and
future engagements.

Primary objective: To assess and evaluate the

quality of services delivered by the engagement
team
PRELIMINARY ENGAGEMENT ACTIVITIES
MAJOR AUDIT PROCEDURES
In making a decision whether to accept or reject an engagement, the auditor's
firm should consider the following:
1. Its competence;
2. Its independence;
3. Its ability to serve the client properly; and
4. The integrity of the prospective client's management.
To adequately address the above items, the auditor is expected to perform the
following:
1. Obtain a preliminary knowledge of the clienes business and industry to
determine whether the auditor has the degree of competence required
by the engagement.
As prescribed by Code of Ethics for Professional Accountants, a
professional accountant in public practice should agree to provide only
those services that the professional accountant in public practice is
competent to perform. This means that auditor can only accept
engagements whose requirements are within auditor's capacity and
capability.

Ordinarily, to determine whether the auditor has the degree of

competence required by the engagement, auditor obtains a preliminary
knowledge of the client's business and industry.

Page 129
2. Consider whether there are any threats to the firm's independence and
objectivity, and if so, whether adequate safeguards can be established
 Before accepting a specific audit engagement, the auditor considers
whether there are any threats to the firm's independence and
objectivity, and if so whether adequate safeguards can be established.
Independence consists of both independence of mind and
independence in appearance. Independence of mind is the state of
mind that permits the expression of a conclusion without being affected
by influences that compromise professional judgment, allowing an
individual to act With integrity, and exercise objectivity and professional
skepticism. On the other hand, independence in appearance is the
avoidance of facts and circumstances that are so significant that a
reasonable and informed third party, having knowledge of all relevant
information, including safeguards applied, would reasonably conclude a
firm's, or a member of the aSsurance team's, integrity, objectivity or
professional skepticism had been compromised.
In an audit engagement, the Code of Ethics for Professional
Accountants requires all members of the audit team to be independent
its
from the client. Audit team includes members of the engagement team,
the firm, and network firm/s.

3. Evaluate the firm's ability to serve the prospective client.

Prior to acceptance of an engagement, the firm considers its resources
(e.g. personnel) in evaluating whether the firm has the ability to serve
the prospective client properly.

4. Evaluate auditability.
In an audit engagement, auditor gathers sufficient appropriate evidence
to form and express an opinion as to the fairness of preparation and this,
presentation of the client's financial statements. For the auditor to do
accounting records, documents and other information that supports the
client's financial statements should be made available to the auditor.
Absence of records, documents and other information raises significant
doubt about client's auditability.

5. Investigate the integrity of the prospective client's management The

proposed auditor (previously called successor auditor) considerS
whether acceptance of a new or continuing an existing client
relationShiP would create any threats to compliance with the
fundamental principles Potential threats to integrity or professional
behavior may be created from' for example, questionable issues
associated with the client (its owners' management and activities).

Page 130
The main objective of this procedure is to minimize the likelihood of being
associated to a client whose management lacks integrity.

Investigation of the integrity of the client's management may be

performed through reading published articles, inquiry to appropriate
 parties, or communication with the previous auditor (previously called
predecessor auditor) subject to client's permission.

Note: Every time communication is made to parties other than the client,
the auditor shall seek permission from the client and document the items
discussed.
and

Matters to be discussed with previous auditor include the following: (RID)

a. The previous auditor's understanding as to the Reasons for change in With
auditors; where

b. Information that might bear on the Integrity of the management; and

c. Disagreements between the previous auditor and management as to
from
accounting principles, auditing procedures, etc.

6. Agree on the terms of the engagement and prepare an engagement letter.

After considering the above factors, the auditor shall decide whether to
as
accept or decline the proposed audit engagement. If the auditor decided
to accept the engagement, the auditor and the client shall agree on the
from
terms of the engagement.
the

ACCEPTANCE OF AN ENGAGEMENT
Objective
The objective of the auditor is to accept or continue an audit engagement only
the
when the basis upon which it is to be performed has been agreed, through:
a. Establishing whether the preconditions for an audit are present; and auditor
b. Confirming that there is a common understanding between the auditor not
and management and, where appropriate, those charged with required
governance of the terms of the audit engagement.

A. Preconditions for an Audit

the
The use by management of an acceptable financial reporting framework
the
in the preparation of the financial statements; and
The agreement of management and, where appropriate, those charged with to
governance to the premise on which an audit is conducted. is

In order to establish whether the preconditions for an audit are present, the
auditor shall:
a. Determine whether the financial reporting framework to be applied in
the preparation of the financial statements is acceptable; and
client'
Page 131 as

b. Obtain the agreement of management that it acknowledges

understands its responsibility:
i. For the preparation of the financial statements in accordancesends
to
the applicable financial reporting framework, including

13
2
 relevant their fair presentation; ii. For such internal control as
management determines is neCeSsaryt0 enable the preparation of
financial statements that are free material misstatement, whether
due to fraud or error; and iii. To provide the auditor with:
a. Access to all information of which management is aware
relevant to the preparation of the financial statements such
records, documentation and other matters;
b. Additional information that the auditor may request
management for the purpose of the audit; and
c. Unrestricted access to persons within the entity from
whom auditor determines it necessary to obtain audit
evidence.

Limitation on Scope Prior to Audit Engagement Acceptance

If management or those charged with governance impose a limitation on
scope of the auditor's work in the terms of a proposed audit
engagement such that the auditor believes the limitation will result in
the disclaiming an opinion on the financial statements, the auditor shall
accept such a limited engagement as an audit engagement, unless by
law or regulation to do so.

Other Factors Affecting Audit Engagement Acceptance

If the preconditions for an audit are not present, the auditor shall
discuss matter with management. Unless required by law or
regulation to do so, auditor shall not accept the proposed audit
engagement:
a. If the auditor has determined that the financial reporting
framework be applied in the preparation of the financial
statements unacceptable; or
b. If the agreement of management that it acknowledges and
understandS its responsibility has not been obtained.

B. AGREEING THE TERMS OF AUDIT ENGAGEMENTS

The auditor shall agree on the terms of engagement with the
represented by management or those charged with governance'
appropriate. The agreed terms shall be recorded in an audit engagement
letter or other suitable form of written agreement.

It is in the interest of both the enti and the auditor

that the auditor an engagement letter, preferably before the
commencement of the audit help avoid misunderstandings with
respect to the audit.
Page
Chapter 4 — Overview of the Audit Process and Preliminary Activities

Form and Content of engagement letter

The form and content of audit engagement letters may vary for each
client, but they would generally include reference to:
a. The objective and scope of the audit of the financial statements;
b. The responsibilities of the auditor;
c. The responsibilities of management;
d. Identification of the applicable financial reporting framework for the
preparation of the financial statements; and
e. Reference to the expected form and content of any reports to be
issued by the auditor and a statement that there may be
circumstances in which a report may differ from its expected form and
content.
IMPORTANT NOTES:
If law or regulation prescribes in sufficient detail the terms of the
audit engagement, the auditor need not record them in a written
agreement, except for the fact that such law or regulation applies
and that management acknowledges and understands its
responsibilities.
Even if the objective and scope of an audit and the responsibilities
of management and of the auditor may be sufficiently established
by law of a particular country, the auditor may nevertheless
consider it appropriate to include the matters in an engagement
letter for the information of management.
Furthermore, an audit engagement letter may make reference to, for
example: (RA FORMS)
a. The presence of audit Risk (unavoidable risk because of inherent
limitations of audit)
b. Unrestricted Access to whatever records
C. The financial reporting Framework used
d. Objective of the audit
e. The form of any Reports or other communication
f. Management's responsibility
g. Elaboration of the Scope of the audit

The auditor may also wish to include in the letter: (FRAP Reports)
a. Basis in which Fees are computed and any billing arrangements
b. Expectation of receiving Representation letter
C. Acknowledgment of management of terms of agreement
d. Arrangements regarding the Planning of the audit
e. Description of any other letters or Reports
Aim... Believe... Claim... Page 133
 When relevant, the following points could also be made:
• Arrangements concerning the involvement of other auditors and experts in
some aspects of the audit.
the involvement of internal
• Arrangements concerning auditors and other staff of the entity.
e Arrangements to be made with the previous auditor, if any, in the
case of initial audit.
o Any restriction of the auditor's liability when such possibility exists.
o A reference to any further agreements between the auditor and the
entity.
o Any obligations to provide audit working papers to other parties.

Example of an Audit Engagement Letter

Below example was lifted from PSA 210. The following is an example of an
audit engagement letter for an audit of general-purpose financial
statements prepared in accordance with Philippine Financial Reporting
Standards.

To the appropriate representative of management or those charged with

governance of ABC Company:
[The objective and scope of the audit]
You have requested that we audit the financial statements of ABC Company,
which comprise the balance sheet as at December 31, and the income
statement, statement of changes in equity and cash flow statement for the
year then ended, and a summary of significant accounting policies and other
explanatory information. We are pleased to confirm our acceptance and our
understanding of this audit engagement by means of this letter. Our audit
will be conducted with the objective of our expressing an opinion on the
financial statements.
[The responsibilities of the auditor]
We will conduct our audit in accordance with Philippine Standards on
Auditing (PSAs). Those standards require that we comply with ethical
requirements and plan and perform the audit to obtain reasonable
assurance about whether the financial statements are free from material
misstatement. An audit involveS performing procedures to obtain audit
evidence about the amounts and disclosures in the financial statements.
The procedures selected depend on the auditor's judgment, including the
assessment of the risks of material misstatement of the financial
statements, whether due to fraud or error. An audit also includes
evaluating the appropriateness of accounting policies used and the
reasonableness of accounting estimates made by management, as well as
evaluating the overall presentation of the financial statements.
Aim... Believe... Claim... Page 134
 Because of the inherent limitations of an audit, together with the
inherent limitations of internal control, there is an unavoidable risk
that some material misstatements may not be detected, even though
the audit is properly planned and performed in accordance with PSAs.

In making our risk assessments, we consider internal control relevant to the

entitvs preparation of the financial statements in order to design audit
procedures that are appropriate in the circumstances, but not for the
purpose of expressing an opinion on the effectiveness of the entitVs internal
control. However, we will communicate to you in writing concerning any
significant deficiencies in internal control relevant to the audit of the
financial statements that we have identified during the audit.
[The responsibilities of management and identification of the applicable financial
reporting framework]
Our audit will be conducted on the basis that [management and, where
appropriate, those charged with governance] acknowledge and understand
that they have responsibility:
a. For the preparation and fair presentation of the financial statements in
accordance with Philippine Financial Reporting Standards;
b. For such internal control as [management] determines is necessary to
enable the preparation of financial statements that are free from material
misstatement, whether due to fraud or error; and
c. To provide us with:
i. Access to all information of which [management] is aware that is
relevant to the preparation of the financial statements such as records,
documentation and other matters; ii. Additional information that we
may request from [management] for the purpose of the audit; and iii.
Unrestricted access to persons within the entity from whom we determine
it necessary to obtain audit evidence.

As part of our audit process, we will request from [management and, where
appropriate, those charged with governance], written confirmation
concerning representations made to us in connection with the audit.
We look forward to full cooperation from your staff during our audit.

[Other relevant information]

[Insert other information, such as fee arrangements, billings and other specific
terms, as appropriate.]
[Reporting]
[Insert appropriate reference to the expected form and content of the auditor's
report.]

Aim... Believe... Claim... Page 135

The form and content of our report may need to be amended in the light
of audit findings. our
 Please sign and return the attached copy arrangements of this letter for to our
indicate audit oftheyour

acknowledgement Of, and agreement with, the financial

statements including our respective responsibilities.
XYZ & co.
Acknowledged and agreed on behalf of ABC Company by
(Signed)

Name and Title

Date

Audit of Components
When the auditor of a parent entity is also the auditor of its
subsidiary, branch, or division (component), the factors that influence
the decision whether to send a separate engagement letter to the
component include the following (CLOSI):
• Who appoints the Component auditor;
• Legal requirements in relation to audit appointments; o Degree of
Ownership by parent;
• Whether a Separate auditor's report is to be issued on the
component; and e Degree of Independence of the component's
management from the parent entity.

Recurring Audits
On recurring audits, the auditor should consider whether
circumstances require the terms of the engagement to be revised and
whether there is a need to remind the client of the existing terms of the
engagement. The auditor may decide not to send a new engagement
letter each period.
However, the following factors may make it appropriate to revise the
terms of the engagement, remind the entity of existing terms, and/or
send a new letter:
• Any indication that the client misunderstands the objective and
scope Of the audit.
• Any revised or special terms of the engagement.
• A recent change of management, board of directors or ownershiP•

Aim... Believe... Claim... Page 136

Chapter 4 — Overview of the Audit Process and Preliminary
Activities o A significant change in ownership.
• A significant change in nature or size of the client's business.
• A change in legal or regulatory requirements.
A change in financial reporting framework adopted in the preparation of
the financial statements.
•
Reasonably
Circumstances A
justifiable?
1. Change in circumstances affecting the need for
the service
2.A misunderstanding as to the nature of an audit or
related services originally requested
3.A restriction on the scope of the engagement, whether x
imposed by management or caused by circumstances
4. If the change relates to information that is incorrect, x
incomplete or otherwise unsatisfactory
5. The auditor is unable to obtain sufficient appropriate x
audit evidence regarding assertions
change in other reporting requirements.

ACCEPTANCE OF A CHANGE IN ENGAGEMENT

If, prior to completing the audit engagement, the auditor is requested to
change the audit engagement to an engagement that conveys a lower level
of assurance, the auditor shall determine whether there is reasonable
justification for doing so. The auditor shall not agree to a change in the
terms of the audit engagement where there is no reasonable justification
for doing so.
Below are examples of circumstances that could lead to change in engagement
and whether or not they are reasonably justifiable:

Auditor's response
If the terms of the audit engagement are changed, the auditor and
management shall agree on and record the new terms of the engagement
in an engagement letter or other suitable form of written agreement.
If the auditor is unable to agree to a change of the terms of the audit
engagement and is not permitted by management to continue the original
audit engagement, the auditor shall:
a. Withdraw from the audit engagement where possible under
applicable law or regulation; and
b. Determine whether there is any obligation, either contractual or
otherwise, to report the circumstances to other parties, such as
those charged with governance, owners or regulators.
Aim... Believe... Claim... Page 137
Chapter 5 — Planning an Audit of Financial Statements

CHAPTER 5
PLANNING AN AUDIT OF FINANCIAL STATEMENTS

Chapter Overview and Objectives:

This chapter discusses audit planning phase of the audit process. At the end of
this chapter, readers should be able to discuss
I. The objective and specific roles of planning in an audit of financial
statements
2. Factors affecting the nature and extent of planning activities
3. Outputs of audit planning activities
4. Documentation requirements when planning an audit
5. Major audit planning activities performed by the auditor
a. Risk assessment procedures
b. Consideration of materiality
c. Consideration of audit risk and its components
d. Establishing the overall audit strategy
e. Developing the audit plan
f. Direction, supervision, and review
g. Other planning considerations

Relevant references:
PSA 200 - Overall Objectives of the Independent Auditor and the Conduct of
an Audit in accordance with International Standards on Auditing

PSA 300 - Planning an Audit of Financial Statements

PSA 315 (Revised) - Identifying and Assessing the Risks of Material

Misstatement through Understanding the Entity and its Environment

PSA 320 (Revised and Redrafted) - Materiality in Planning and Performing an

Audit
PSA 520 - Analytical Procedures

Page 157 Aim... Believe... Claim...

Chapter 5 — Planning an Audit of Financial Statements
INTRODUCTION TO PLANNING

Every activity or undertaking entered into by a things person the

performed future has certain enables is to targets. people plan thetoIn
order to attain these targets, one of the first courses of action needed to
be taken. Preparing for consider the impact they would like to have and
to find a way to attain those targets. In multi-personnel activities, when
a team works together to set goals, it allows everyone to be on the same
page, working toward a common, shared purpose.

Planning helps people to identify and achieve these targets through

making or carrying out plans and avoiding doing some random activities.
This makes planning a very necessary and important procedure in any
undertaking.

PLANNING IN AUDIT OF FINANCIAL STATEMENTS

Roles of planning
Just like in any other activity or endeavor, planning is a vital phase in an
audit of financial statements. Auditing standards explicitly require the
auditor to prepare adequate planning for an engagement. PSA 300
further provides that the objective of the auditor is to plan the audit so
that it will be performed in an effective manner.
Although audit effectiveness is the primary objective of the auditor,
adequate planning also leads to audit efficiency. Audit effectiveness
pertains to attainment of the objective of the engagement, whereas,
audit efficiency pertains to employing the least amount of resources to
the engagement.
Adequate planning benefits the audit of financial statements in several
ways, including the following: (CAFÉ PA)
Assisting, where applicable, in Coordination of work done by
auditors of components and experts
Assisting in the selection of engagement team members with
appropriate levels of capabilities and competence to respond t o
anticipated risks, and the proper Assignment of work to them
Facilitating the direction and supervision of engagement team
memberS and the review of their work
Helping the auditor properly organize and manage the audit
engagement so that it is performed in an Effective and efficient
 manner Helping the auditor identify and resolve potential
Problems on a timely basis
Helping the auditor to devote appropriate Attention to important
areas of the audit

15B

Aim... Believe... Claim... page Factors affecting the nature and extent of
planning activities
The nature and extent of planning activities will vary according to the: (SECTa)
Factor
Impact on Planning Activities
Size and complexity of It is assumed that more extensive planning
the entity activities must be done when the client is a larger
entity; enters into more complex transactions;
and/or has complex form of organization.

Key engagement team The engagement partner and other key members
members' previous of the engagement team shall be involved in
Experience with the planning the audit, including planning and
entity participating in the discussion among engagement
team members.

Their experience and insight will greatly enhance

the effectiveness and efficiency of the planning
process.
Changes in The overall audit plan should be revised as
circumstances that necessary during the course of the audit
occur during the audit particularly when there are significant changes in
engagement. condition or unexpected results of audit
procedures.
Timing of the The practicability of some audit procedures could
appointment of the be affected by the time when the auditor is
independent auditor appointed to perform the audit. Example, an
auditor appointed prior to year-end may observe
physical inventory count.
Planning: As a phase of an audit
Planning is not a discrete phase of an audit, but rather a continual and
iterative process that often begins shortly after (or in connection with) the
completion of the previous audit and continues until the completion of the
current audit engagement. With this, initial plans may be subjected to
changes depending on information received while performing the
engagement.

Outputs of Audit Planning

Planning an audit involves establishing the overall audit strategy for the
engagement and developing an audit plan. With this, the following are the
main outputs of audit planning:
1. Overall audit strategy which sets the scope, timing and direction of the audit,
and that guides the development of the audit plan.

2. Audit plan which shall include a description of

a. the nature, timing and extent of the following audit procedures

Page 159
Chapter 5 — Planning an Audit of Financial Statements
further audit procedures at the assertion level
b. other planned audit procedures that are required to be carried out
so that the engagement complies with PSAs.

Moreover, the auditor shall update and change the overall audit strategy
and the audit plan as necessary during the course of the audit.

Documentation
The auditor shall document:
1. The overall audit strategy;
2. The audit plan; and
3. Any significant changes made during the audit engagement to the
overall audit strategy or the audit plan, and the reasons for such
changes.

MAJOR AUDIT PLANNING ACTIVITIES

Presented below is a diagram of major audit planning activities performed
throughout the planning phase:
Nature, Risk assessment
Timing and procedures
Extent of (RAPS)
Managing
I
the
Engagement
Supervision ROMMs,
and review A.through UE&E
and

Pla
n

Strategy
Nature, Timing and or approach
Extent of Audit for effective
Procedures and efficient
audit

C. Developing an Audit
 E.
Other Planning Considerations
page 160
Aim... Believe... Claim...
The discussion of these major audit planning activities in presented in the section
below.
A. IDENTIFYING AND ASSESSING RISK OF MATERIAL MISSTATEMENTS THROUGH
UNDERSTANDING THE ENTITY AND ITS ENVIRONMENT
To establish an overall audit strategy, which guides the development of the
audit plan, the auditor needs to perform procedures which will enable him
or her to (1) obtain an understanding of the entity and its environment; and
(2) identify and assess risk of material misstatements. These procedures are
known as risk assessment procedures (RAPs).

Below is a summary of RAPS performed when identifying and assessing risk

of material misstatements through understanding the entity and its
environment.

Risk assessment procedures (RAPS)

Definition
As defined in PSA 315, risk assessment procedures are audit
procedures performed to obtain an understanding of the entity
and its environment, including the entity's internal control, to
identify and assess the risks of material misstatement, whether due
to fraud or error, at the financial statement and assertion levels.
 Page 161
Chapter 5 — Planning an Audit of Financial Statements
Objective of the auditor when performing RAPS
PSA 315 states that the objective of the auditor is to identify and assess
the risks of material misstatement, whether due to fraud or error, at
the financial statement and assertion levels, through understanding the
entity and its environment, including the entity's internal control,
thereby providing a basis for designing and implementing responses to
the assessed risks of material misstatement.

With this, the main purposes of performing RAP is to enhance the

understanding of the entity in order to specifically identify the
applicable further audit procedures (FAP) and to appropriately respond
to the different risks assessed related to audit. As mentioned in the
previous chapter, FAPs include tests of controls (TOC) and substantive
tests (ST).
TOC
RAP
ST

The need to identify FAP arises mainly because RAP by themselves do

not provide sufficient appropriate audit evidence on which to base the
audit opinion. Details of the RAP are discussed in the below section:

1. Obtain an understanding of the entity and its environment, including

its internal control
The auditor shall ensure that members of the engagement team
obtain the required understanding of the entity's business and
industry which will enable them to carry out the required
procedures of the engagement.

The auditor shall obtain an understanding of the following:

a. Relevant industry, regulatory, and other external factors
including the applicable financial reporting framework
b. The nature of the entity, including its operations; ownership
and governance structure; types of investments that the entity
is making and plans to make; and the way the entity is
structured and how it is financed
c. Entitvs selection and application of accounting policies,
including reasons for changes thereto
d. Entity's objectives and strategies, and those related business
risks that may result in risk of material misstatement
 e. The measurement and review of the entity's financial
performanCe Internal control (This will be discussed further in
the immediately succeeding chapter.)

Aim... Believe...
Claim... Page 162
Definition
As defined in PSA, inquiry consists of seeking
information of knowledgeable persons, both financial
and nonfinancial, within the entity or outside the entity.
Inquiry is used extensively throughout the audit in
addition to other audit procedures. Inquiries may range
from formal written inquiries to informal oral inquiries.
Evaluating responses to inquiries is an integral part of
the inquiry process.
In order to obtain these required understanding, the auditor performs
risk assessment procedures which shall include the following specific
procedures:
a. Inquiry

Inquiries during planning stage

Much of the information obtained by the auditor's inquiries is
obtained from management and those responsible for financial
reporting. However, the auditor may also obtain information, or a
different perspective in identifying risks of material misstatement,
through inquiries of others within the entity and other employees
with different levels of authority. For example:
Inquiries directed towards those charged with governance
may help the auditor understand the environment in which
the financial statements are prepared.
Inquiries directed toward internal audit personnel may
provide information about internal audit procedures
performed during the year relating to the design and
effectiveness of the entiti/s internal control and whether
management has satisfactorily responded to findings from
those procedures.
Inquiries of employees involved in initiating, processing or
recording complex or unusual transactions may help the
auditor to evaluate the appropriateness of the selection
and application of certain accounting policies.
Inquiries directed toward in-house legal counsel may
provide information about such matters as litigation,
compliance with laws and regulations, knowledge of fraud
or suspected fraud affecting the entity, warranties,
postsales obligations, arrangements (such as joint ventures)
 with business partners and the meaning of contract terms.
Inquiries directed towards marketing or sales personnel may
provide information about changes in the entity's marketing
strategies, sales trends, or contractual arrangements with its
customers.

Page 163

Chapter 5 — Planning an Audit of Financial Statements

b. Observation
Definition
observation consists of looking at a
As defined in PSA,
procedure being
process or by others, for example, the
performed auditors counting by the entity's
observation of
personnel, or of activities.
inventory the
performance of
Observation during planning stage
control
Auditor aims to obtain an
understanding of the entity through observation of the entity's:
o processes used in processing information to be reported.
and
o activities and operations.

c.
Definition
As defined in PSA, inspection involves examining records
documents, whether internal or external, in paper form,
electronic form, or other media, or a physical
examination of an asset.

Inspection

Inspection during planning stage

The auditor can obtain an understanding of the entity through
the following inspection activities during planning:
Review of prior year's working papers and prior year's
financial statements
Review of reports prepared by the entity's
management (such as quarterly management reports
and interim financial statements) and those charged
 with governance (such as minutes of board of
directors' meetings) Review of documents (such as
business plans and strategies), records, and internal
control manuals
Reading articles, books, periodicals, and other
publications related to the entity's industry
Visits to the entity's premises and plant facilities

Note: Observation and inspection may support inquiries Of

management and other entity's personnel, and may also
provide information about the entity and its environment.
Aim... Believe... Claim... Page 164
d. Analytical procedures
Definition
As defined in PSA, analytical procedures consist of evaluations of
financial information made by a study of plausible relationships
among both financial and non-financial data. Analytical
procedures also encompass the investigation of identified
fluctuations and relationships that are inconsistent with other
relevant information or deviate significantly from predicted
amounts.
A basic premise underlying the application of analytical
procedures is that plausible relationships among data may
reasonably be expected to exist and continue in the absence of
known conditions to the contrary.

The auditor is required to perform analytical procedures during

planning and overall review stages of the audit. Analytical
procedures may be done thru the following techniques:
Horizontal and trend
analysis; v/ Vertical analysis; and
v/ Ratio analysis.

Analytical procedures during planning stage

Analytical procedures may help identify the existence of unusual
transactions or events, and amounts, ratios, and trends that might
indicate matters that have audit implications. Unusual or
unexpected relationships that are identified may assist the auditor
in identifying risks of material misstatement, especially risks of
material misstatement due to fraud.

Procedures when applying analytical procedures

1. Develop expectations regarding financial statements using (PAA
RIN)
Prior year's financial statements
Annualized interim financial statements
Anticipated results such as budgets, forecasts or
projections
Typical Relationships among financial statements
account balances Industry averages
Non-financial information
 Chapter 5 — Planning an Audit of Financial Statements
2. Compare expectations with the items presented in the
financial statements
The auditor compares the expectations with the recorded
amounts to identify whether or not there are Unusual or
unexpected relationships or fluctuations.

3. Define and investigate significant differences

Defining significant differences is a matter of judgment. The
auditor focuses on identified fluctuations and relationships
that are inconsistent with other relevant information or
deviate significantly from predicted amounts.

Where there are unusual fluctuations and relationships, the

auditor ordinarily begins with inquiries of management,
followed by o Corroboration of management's responses o
Consideration of the need to apply other audit procedures
based on the results of management inquiries

Uses of analytical procedures

Phase Objective Required?

o To enhance the understanding of the
business
o To identify areas that may represent
Planning YES
specific risks relevant to the audit o To
determine the nature, timing and extent of
FAPs
o To evaluate the reasonableness of
financial information o To obtain
Substantive
corroborative evidence relating to a NO
tests
particular assertion o To detect material
misstatement
o To identify unusual or unexpected
account balances that were not
previously identified in planning and
Overall
substantive testing o To assist in YES
review
determining whether or not the
auditor has the ability to issue the
report
Below is a summary of phases where analytical procedures may be applied.
 Aim... Believe... Claim... Page 166

2. Consider materiality
Materiality affects the application of PSA and is reflected in the
auditor's report. The auditor must make judgments about materiality
in determining the nature, timing and extent of procedures to apply
and in evaluating the results.

Materiality
Definition
Information is material if its omission or misstatement could
influence the economic decisions of users taken on the basis of the
financial statements. Materiality depends on the size of the item or
error judged in the particular circumstances of its omission or
misstatement.
The concept of materiality recognizes that some matters, but
not all, are important for fair presentation of the financial
statements in conformity with PFRS.
Materiality in the Context of an Audit
Financial reporting frameworks often discuss the concept of
materiality in the context of the preparation and presentation of
financial statements. Although financial reporting frameworks may
discuss materiality in different terms, they generally explain that:
Misstatements, including omissions, are considered to be material if
they, individually or in the aggregate, could reasonably be
expected to influence the economic decisions of users taken on
the basis of the financial statements;
Judgments about materiality are made in light of surrounding
circumstances, and are affected by the size or nature of a
misstatement, or a combination of both; and
Judgments about matters that are material to users of the financial
statements are based on a consideration of the common financial
information needs of users as a group. The possible effect of
misstatements on specific individual users, whose needs may vary
widely, is not considered.

Uses of materiality
The concept of materiality is applied by the auditor both in planning
and performing the audit, and in evaluating the effect of identified
misstatements on the audit and of uncorrected misstatements, if any,
on the financial statements and in forming the opinion in the auditor's
report.
 Level Remarks Sample
determination
Overall financial • represented by the Benchmark4
statements level x
smallest aggregate
Appropriate %
amount of misstatement
Other Terms:
applicable to all financial 0M
overall
statements it helps the
materiality
(0M) general auditor determine
materiality whether the proposed
level audit adjustments are
tolerable significant or not
misstatement • if the audit adjustments
exceed this level, the
auditor may need to
adjust the financial
statements
 Accordingly, materiality should be considered by the auditor in
the following phases:

Determination of materiality
The auditor's determination of materiality is not a mere
calculation but is a matter of professional judgment, and
is the auditor's perception of the financial information
needs the financial statements.
Using professional judgment, auditor is required to determine
following three different levels of materiality. Below discussion
based on AASC Bulletin Series 001 of 2010.

Three Different Levels of Materiality

Performance • the amount or amounts 0M
materiality (PM) set by the auditor at x
less than materiality for Appropriate 0/0*
Other the financial statements
Terms: as a whole
planning
materiality •
• also refers to the amount
or amounts set by the *Example: If
Scoping
auditor at less than the the % used to
materiality
materiality level or levels determine the
for particular classes of PM was 75%,
transactions, account this denotes
balances or disclosures that based on
• calculated as a certain the
percentage of overall professional
materiality in order to judgment of
capture any uncorrected the auditor,
misstatements, the total there are
amount of which may EUlJMs on the
exceed overall materiality financial
o used in scoping of
statement level
financial statement line
as a whole
items to be tested by the
auditor and ensures that amounting to
significant accounts in the 25% of 0M.
financial statements are
covered by audit testing o
This amount
In determining serves as a
performance materiality, "cushion" or
an understanding of the "allowance" to
following factors may reduce to an
affect the auditor's appropriately
judgment such as: low level the
nature of the entity's probability that
business and the aggregate
transactions of EUMs
exceeds TM.
• risk assessment
procedures nature and
extent of misstatements
identified in previous
audits
 Spe • is the 0M
cifi amoun
c t set Less:
clas by the
ses audito EUUMs1 on specific level
of r for
Specific materiality6
tra particu
nsa lar
ctio classes
ns, of
acc transa
oun ctions,
t accou
bal nt
anc balanc
e es or
or disclos
disc ures
los for
ure which
s missta
lev temen
el
ts,
Other thoug
Terms: h
spe lower
cific than
materi overall
ality o materi
individ ality, it
ual could
materi reason
ality ably
be
expect

1 Expected uncorrected and undetected misstatements factors normally considered in determining

specific materiality: laws and regulations (e.g. related party transactions); financial reporting
framework; key industry disclosures of the entity; particular aspects of the entity's business;
understanding of the view of those charged with governance and management

Page
 ed to
influe
nce
the
econo
mic
decisi
ons of
users
of the
financi
al
state
ments
Revisions to initial materiality levels
If the auditor becomes aware of information during the audit that
would have caused the determination of a different amount of the
benchmark, the auditor should revise the overall materiality and
the auditor should assess the need to revise performance
materiality and specific materiality, and whether the nature, timing
and extent of further audit procedures remain appropriate.
Effect of materiality to audit procedures
The materiality level determined by the auditor affects the extent
of audit procedures to be performed by the auditor in order to
achieve the objective of the engagement. The lower the tolerable
misstatement set will generally require the auditor to perform
more effective and extensive audit procedures.
Documentation requirements
The auditor shall include in the audit documentation the amounts
and the factors considered in the determination of the materiality
levels including the basis for any revisions to those materiality
levels.

Audit documentation should demonstrate the judgment and

rationale used by the auditor in determining these materiality
levels.

NOTE: For the subsequent procedures of identifying and assessing risk of

material misstatements through understanding the entity and its
environment, we will be using concepts related to audit risk, its
components, and its effects to the determination offurther audit
procedures.
AUDIT RISK
Definition
Audit risk is the risk that the auditor gives an inappropriate audit opinion
when the financial statements are materially misstated.
Com onentso Audit risk
a Risk of material misstatements (RoMMs)
. Risk of material misstatement is the possibility that material
misstatements exist on the financial statements prepared and presented
by the entity. Items contributing to this risk include:
Inherent Risk is the susceptibility of an account balance or class of
transactions to misstatement that could be material, individually or
when aggregated with misstatements in other balances or classes,
assuming that there were no related controls.
Control Risk is the possibility that a misstatement, that could occur in
an account balance or class of transactions that could be material,
individually or when aggregated with misstatements in other balances
or classes, will not be prevented or detected and corrected on a
timely basis by the accounting and internal control systems.
b. Risk of not Detecting the Misstatement (more popularly known as
detection risk) o Detection Risk is the risk that the auditor's
substantive procedures will not detect a misstatement that exists in
an account balance or class of transactions that could be material,
individually or when aggregated with misstatements in other
balances or classes.
These components may be assessed in both quantitative (percentage or
basis points) and qualitative (high, low or medium). Also, these
components may be expressed in a formula which shows how they will
comprise the audit risk:

AUDIT RISK = Risk of material misstatement x Risk of non-detection

AUDIT RISK = Inherent risk x Control risk x Detection risk

 CONTINUATION Of procedures of identifying and assessing risk of
material misstatements through understanding the entity and its
environment..

3. Identifying and Assessing the Risks of Material MiSStatements

(RoMMs)
Using the understanding of the entity and its environment,
including its internal control, obtained by the auditor, the auditor
identifies and
assesses RoMMs at financial statements (FS) level; and v/
assertion level for classes of transactions, account balances, and
disclosures.

With this, we can say that risk of material misstatements is a

function of the entity's environment.

Objective
The main purpose of this is to provide the auditor a basis for
designing and performing further audit procedures.

Procedures
For this purpose, the auditor shall:
a. Identify risks throughout the process of obtaining an
understanding of the entity and its environment, including
relevant controls that relate to the risks, and by considering
the classes of transactions, account balances, and disclosures
in the financial statements;
b. Assess the identified risks, and evaluate whether they relate
more pervasively to the financial statements as a whole and
potentially affect many assertions;
c. Relate the identified risks to what can go wrong at the
assertion level, taking account of relevant controls that the
auditor intends to test; and
d. Consider the likelihood of misstatement, including the
possibility of multiple misstatements, and whether the
potential misstatement is of a magnitude that could result in a
material misstatement.

Assessment of Risks of Material Misstatements

 At Financial At Assertion
Statement
Level
Scope Financial Assertions related
statements as a classes of transactions,
whole and account
potentially affect balances
many assertions disclosures

Level

and
Purpose Represent Assists in determining
circumstances that the nature, timing,
may increase the risks and extent of further
of material audit procedures at
misstatement at the the assertion level
assertion level that will necessary to obtain
affect the nature, sufficient appropriate
timing and extent of audit evidence
audit procedures
Examples Through management
override of controls; Existence of cash in
recognition of bank; completeness
revenue of accounts payable
Other Financial Statement In identifying and
remarks level RoMMs may assessing risks of
derive in particular material
from a weak control misstatement at the
environment assertion level, the
(although these risks auditor may conclude
may also relate to that the identified
other factors, such as risks relate more
declining economic pervasively to the
conditions). For financial statements
example, as a whole and
weaknesses such as potentially affect
management's lack of many assertions.
competence may
have a more
pervasive effect on
the financial
statements and may
require an overall
response by the
auditor.

Revision of Risk Assessment

The auditor's assessment of the risks of material misstatement at the
assertion level may change during the course of the audit as
additional audit evidence is obtained. In circumstances where the
auditor obtains audit evidence from performing further audit
procedures, or if new information is obtained, either of which is
inconsistent with the audit evidence on which the auditor originally
based the assessment, the auditor shall revise the assessment and
modify the further planned audit procedures accordingly.

Page 173 Claim...

Effects of assessment to auditoHs procedures
Since the objective of the auditor when auditing financial
statements is to provide reasonable assurance that the financial
statements are free from material misstatements, a higher risk of
material will require the auditor to perform more effective and
extensive audit procedures.

4. Determine the acceptable level of audit risk

The determination of acceptable level of audit risk is a matter of
professional judgment to be made by the auditor. When making
that judgment, the auditor considers the level of assurance to be
provided by his or report and the extent of reliance to be placed
by users to his or her work.
The auditor should plan the audit in such a way that, after
Performing audit procedures, an opinion can be issued on the
financial Statements at an acceptably low level.

5. Identify detection risk to determine the nature, timing and extent

of further audit procedures
As defined previously, detection risk is the risk that the auditor's
substantive procedures will not detect a misstatement that exists
in an account balance or class of transactions that could be
material, individually or when aggregated with misstatements in
other balances or classes.

From this definition, we can conclude that detection risk is

function of the effectiveness of audit procedures. When the
auditor implements effective audit procedures, detection risk will
be low since there is a greater possibility that the misstatement
will be detected. We can further say that detection risk
complements the assurance provided by the substantive tests.

Determination of detection risk

The determination of detection risk will be highly dependent on the
acceptable level of audit risk set by the auditor (step 4) and
assessed level of risk of material misstatement (step 3). Detection
risk may be determined by rearranging the formula for audit risk:
 From the above formula, we can say that detection risk is an item that
may be changed by the auditor in order to maintain the acceptable
level of audit risk (as if balancing figure). Unlike inherent and control
risks, detection risk may be changed by the auditor by performing
substantive procedures.
Example:
Through the understanding of the entity obtained by the auditor
during planning activities, there was an increase in the assessed
level of control risk. How will this affect the different components
of audit risk?

The above scenario will require for a decrease in detection risk in

order to maintain the acceptable level of audit risk. Remember
the following characteristics of these components:
IR and CR: Function of the entitVs environment
DR: Function of the effectiveness of auditor's procedures
Since the auditor only assesses the levels of IR and CR, the only
way to maintain the acceptable level of audit risk when there is
an increase in CR is to change DR.

Use of assessed level of detection risk

From the assessed level of detection risk, the auditor will then design
substantive procedures. The following table summarizes the effects
of detection risk to auditor's procedures.
Lower DR Higher DR
Natur More effective Less effective procedures
e procedures may be may be applied
applied
Timing Procedures will be Procedures will be
performed closer or performed at interim or
nearer to year-end several dates
Extent Larger sample size will be Smaller sample
tested size will be tested
Materiality in relation to audit risk
The auditor should consider materiality and its relationship with audit risk
when conducting an audit. The auditor's purpose in considering materiality
at the planning stage of the audit is to determine the appropriate scope of
their audit procedures.

There is an inverse relationship between materiality and the level of audit risk,
that is, the higher the materiality level, the lower the audit risk and vice versa.
 175
Interrelationship of the Components of Audit Risk
From the above concepts, we can summarize the relationship of inherent
and

control risks to detection risk.

risk is
Low
Medium
Higher

*For the auditor to be considered conservative, inherent and control risks

are assessed at high levels. Such assessment will require the auditor to set
detection risk at the lowest level in order to maintain the acceptable level
of audit risk.

Relationships of Risks and Materiality to substantive procedures

From the above concepts, we can summarize the relationship of
components of audit risk and materiality to audit procedures
Audit
procedures
Risk of material misstatement (inherent and Direct
control risks)
Risk of not detecting the misstatement (detection Inverse
risk)
Materiality Inverse
B. ESTABLISHING THE OVERALL AUDIT STRATEGY
In establishing the overall audit strategy, the auditor shall:
Identify the characteristics of the engagement that define its scope
such as
I. the financial reporting framework used;
2. industry-specific reporting requirements; and
3. the locations of the components of the entity.
Ascertain the reporting objectives of the engagement to plan the
timing of the audit and the nature of the communications required
such as
1. deadlines for interim and final reporting; and
2. key dates for expected communications with management and
those charged with governance.
Consider the factors that, in the auditor's professional judgment, are
significant in directing the engagement team's efforts such as
1. determination of appropriate materiality levels;
2. preliminary identification of areas where there may be higher risks
of material misstatement;
3. preliminary identification of material components and account
balances;
 4. evaluation of whether the auditor may plan to obtain evidence
regarding the effectiveness of internal control; and
5. identification of recent significant entity-specific, industry, financial
reporting or other relevant developments.
Considers the results of preliminary engagement activities and, where
practicable, whether knowledge (experience) gained on other
engagements performed by the engagement partner for the entity
is relevant.
Ascertain the nature, timing and extent of resources necessary to perform
the engagement.

Considerations in Establishing the Overall Audit Strategy

As provided by PSA 330, the following is a list of examples of matters the
auditor may consider when establishing the overall audit strategy. Many
of these matters will also influence the auditor's detailed audit plan.

The examples provided cover a broad range of matters applicable to

many engagements. While some of the matters referred to below may
be required by other PSAs, not all matters are relevant to every audit
engagement and the list is not necessarily complete.

177
 Characteristics of the Engagement
The financial reporting framework on which the financial information to be
audited has been prepared, including any need for reconciliations to another
financial reporting framework.
Industry-specific reporting requirements such as reports mandated by industry
regulators.
The expected audit coverage, including the number and locations of
components to be included.
The nature of the control relationships between a parent and its components
that determine how the group is to be consolidated.
The extent to which components are audited by other auditors. The nature
of the business segments to be audited, including the need for specialized
knowledge.
The reporting currency to be used, including any need for currency translation
for the financial information audited.
The need for a statutory audit of standalone financial statements in addition to
an audit for consolidation purposes.
The availability of the work of internal auditors and the extent of the auditor's
potential reliance on such work.
The entity/s use of service organizations and how the auditor may obtain
evidence concerning the design or operation of controls performed by
them.
The expected use of audit evidence obtained in previous audits, for example,
audit evidence related to risk assessment procedures and tests of controls.
The effect of information technology on the audit procedures, including the
availability of data and the expected use of computer-assisted audit
techniques.
The coordination of the expected coverage and timing of the audit work with
any reviews of interim financial information and the effect on the audit of the
information obtained during such reviews. The availability of client personnel
and data.

Reporting Objectives, Timing of the Audit, and Nature of CommunicationS

The entity's timetable for reporting, such as at interim and final stag es• The
organization of meetings with management and those charged with governance
to discuss the nature, timing and extent of the audit work• The discussion
with management and those charged with governance regarding the expected
type and timing of reports to be issued and Other communications, both written
and oral, including the auditor's report' management letters and
communications to those charged with governance.
The discussion with management regarding the expected communications on

the status of audit work throughout the engagement.

 Communication with auditors of components regarding the expected types and
timing of reports to be issued and other communications in connection with the
audit of components.
The expected nature and timing of communications among engagement team
members, including the nature and timing of team meetings and timing of the
review of work performed.
Whether there are any other expected communications with third parties,
including any statutory or contractual reporting responsibilities arising from the
audit.

Significant Factors, Preliminary Engagement Activities, and Knowledge

Gained on Other Engagements
The determination of appropriate materiality levels, including:
in
1) Setting materiality for planning purposes.
2) Setting and communicating materiality for auditors of components.
3) Reconsidering materiality as audit procedures are performed
during the course of the audit. as
4) Preliminary identification of material components and account
balances.
Preliminary identification of areas where there may be a higher risk of
material misstatement.
The impact of the assessed risk of material misstatement at the overall
financial statement level on direction, supervision and review.
The manner in which the auditor emphasizes to engagement team
members the need to maintain a questioning mind and to exercise
professional skepticism in gathering and evaluating audit evidence.
Results of previous audits that involved evaluating the operating
effectiveness of internal control, including the nature of identified
weaknesses and action taken to address them.
The discussion of matters that may affect the audit with firm personnel
responsible for performing other services to the entity.
Evidence of management's commitment to the design, implementation
and maintenance of sound internal control, including evidence of
appropriate documentation of such internal control.
Volume of transactions, which may determine whether it is more
efficient for the auditor to rely on internal control.
Importance attached to internal control throughout the entity to the
successful operation of the business.
Significant business developments affecting the entity, including
changes in information technology and business processes, changes key
management, and acquisitions, mergers and divestments. Significant
industry developments such as changes in industry regulations and new

reporting requirements.
 Significant changes in the financial reporting framework, such changes in
accounting standards. Other significant relevant developments, such as changes
in the legal environment affecting the entity.

Nature, Timing and Extent of Resources

The selection of the engagement team (including, where necessary, the
engagement quality control reviewer) and the assignment of audit work to the
team members, including the assignment of appropriately experienced team
members to areas where there may be higher risks of material misstatement.
Engagement budgeting, including considering the appropriate amount of time to
set aside for areas where there may be higher risks of material misstatement.

Important note:
When establishing the overall audit strategy, the auditor aims to create a
strategy or approach that will result to an effective and efficient audit. Thus,
appropriate levels of materiality and audit risk must be considered carefully.

Kindly refer to Appendix B of this book for an illustrative audit planning

memorandum.
 of Financial Statements
C. DEVELOPING AN AUDIT PLAN

c.
Overall Audit Strategy
Developing
an Audit
Plan

Risk Assessment
Procedures

Further Audit Procedures

Other Audit Procedures

Program
Audit
been established, the auditor is able to start
the audit plan to address the various matters
Once the audit strategy has
taking into account the need to achieve the
development of a more detailed
efficient use of the auditor's resources.
identified in the audit strategy,
audit objectives through the establishes the audit strategy before
plan, the two planning activities are not
Although the auditor ordinarily
processes but are closely inter-related in
developing the detailed audit
consequential changes to the other.
necessarily discrete or sequential
since changes in one may result
than the overall audit strategy in that it
Audit plan extent of audit procedures to be performed
The audit plan is more detailed An audit plan shall include a description of
includes the nature, timing and
of the risk assessment procedures, further
by engagement team members.
planned audit procedures that are required to
the nature, timing and extent
audit procedures and otherengagement
be complies with PSAs.
carried out so that the overview of the planned scope and conduct of
term the planned audit procedures. These
The audit plan serves as an the
audit. It sets out in broad documented in details in an audit program,
needed to reflect the particular engagement
procedures may be specified and
which shall be tailored as
circumstances.
Page 181

Aim... Believe... Claim...

 The form and content of the audit program may vary for each Particular
engagement but would generally contain the following:
The audit objectives for each area;
The nature, timing, and extent of audit procedures required to
implement the overall audit plan; and
A time budget in which hours are budgeted for the various audit
areas or procedures.
The audit program shall serve as a:
Set of instructions to assistants involved in the audit; and
Means to control and record the proper execution of the work.

Documentation of overall audit strategy and audit plan

The documentation of the overall audit strategy is a record of the key
decisions considered necessary to properly plan the audit and to
communicate significant matters to the engagement team.
The documentation of the audit plan is a record of the planned nature,
timing and extent of risk assessment procedures and further audit
procedures at the assertion level in response to the assessed risks. It also
serves as a record of the proper planning of the audit procedures that can
be reviewed and approved prior to their performance.

Communication during planning phase

The auditor may decide to discuss elements of planning with the entitys
management to facilitate the conduct and management of the audit
engagement (for example, to coordinate some of the planned audit
procedures with the work of the entity's personnel).
When discussing matters included in the overall audit strategy or audit plan,
care is required in order not to compromise the effectiveness of the audit by
making the audit procedures too predictable.
Furthermore, regardless of communication made to the entity, the overall audit
strategy and the audit plan remain the auditor's responsibility.

Page 182

D. DIRECTION, SUPERVISION, AND REVIEW

 The auditor shall plan the nature, timing and extent of direction and
supervision of engagement team members and the review of their
work. Presented on the above diagram are the factors that affect the
nature, timing and extent of direction and supervision of the
engagement team.

E. OTHER PLANNING CONSIDERATIONS

1. Determining the need of an auditor's expert
If expertise in a field other than accounting or auditing is necessary
to obtain sufficient appropriate audit evidence, the auditor shall
determine whether to use the work of an auditor's expert
(previously called auditor's specialist).

Definition
An auditor's expert is an individual or organization possessing
expertise in a field other than accounting or auditing, whose work in
that field is used by the auditor to assist the auditor in obtaining
sufficient appropriate audit evidence. An auditor's expert may be
either an auditor's internal expert (who is a partner or staff, including
temporary staff, of the auditor's firm or a network firm), or an
auditor's external expert.

Aim... Believe... Claim... Page 183

 Objectives of the auditor when determining the need of an
auditor's expert
The objectives of the auditor are:
a. To determine whether to use the work of an auditor's expert;
and
b. If using the work of an auditor's expert, to determine whether
that work is adequate for the auditor's purposes.
When using the work of an auditor's expert, the following shall be
considered by the auditor
Selecting an expert. The auditor shall evaluate whether the
auditor's expert has the necessary competence, capabilities
and objectivityfor the auditor's purposes.
Obtaining an understanding of the field of expertise of the
expert, The auditor shall obtain a sufficient understanding of
the field of expertise of the auditor's expert to enable the
auditor to:
a. Determine the nature, scope and objectives of that expert's
work for the auditor's purposes; and
b. Evaluate the adequacy of that work for the auditor's
purposes, Considering the nature, timing and extent of
audit procedures. In determining the nature, timing and
extent of those procedures, the auditor shall consider
matters including:
a. The nature of the matter to which that expert's work relates;
b. The risks of material misstatement in the matter to which that
expert's work relates;
c. The significance of that expert's work in the context of the
audit;
d. The auditor's knowledge of and experience with previous work
performed by that expert; and
e. Whether that expert is subject to the auditor's firm's quality
control policies and procedures.

Effects to auditor's responsibility of using the work of an expert

The auditor has sole responsibility for the audit opinion expressed,
and that responsibility is not reduced by the auditor's use of the work
of an auditor's expert. However, the auditor may accept that expert's
findings or conclusions in the expert's field as appropriate audit
evidence.
Page 184
 2. Additional considerations in initial audit engagements
The purpose and objective of planning the audit are the same whether the
audit is an initial or recurring engagement. However, for an initial audit, the
auditor may need to expand the planning activities because the auditor does
not ordinarily have the previous experience with the entity that is considered
when planning recurring engagements.
Preliminary engagement activities
The auditor shall perform the following activities prior to starting an initial audit:
1. Perform procedures regarding the acceptance of the client relationship and
the specific audit engagement; and
2. Where there has been a change of auditors, communicate with the previous
auditor in compliance with relevant ethical requirements.
Establishing overall audit strategy and audit plan
For initial audits, additional matters the auditor may consider in establishing
the overall audit strategy and audit plan include the following:
Unless prohibited by law or regulation, arrangements to be made with the
previous auditor (for example: to review the predecessor auditor's
working papers).
Any major issues (including the application of accounting principles or of
auditing and reporting standards) discussed with management in
connection with the initial selection as auditor, the communication of
these matters to those charged with governance and how these matters
affect the overall audit strategy and audit plan.
The audit procedures necessary to obtain sufficient appropriate audit evidence
regarding opening balances.
Other procedures required by the firm's system of quality control for initial
audit engagements (for example, the firm's system of quality control may
require the involvement of another partner or senior individual to review
the overall audit strategy prior to commencing significant audit
procedures or to review reports prior to their issuance).

Page 185

3. Considerations specific to smaller entities

In audits of small entities, the entire audit may be conducted by a very
small audit team. Many audits of small entities involve the engagement
partner (who may be a sole practitioner) working with one engagement
team member (or without any engagement team members). With a
smaller team, co-ordination of, and communication between, team
members are easier.
Less complex or time-consuming planning activities
Establishing the overall audit strategy and plan for the audit of a small
entity need not be a complex or time-consuming exercise; it varies
according to the size of the entity, the complexity of the audit, and the
size of the engagement team.
Consultation
When an audit is carried out entirely by an audit engagement partner,
who may be a sole practitioner, it may be desirable to consult with other
suitably-experienced auditors or the auditor's professional body.
 186
page
CHAPTER 6

10 STUDY AND EVALUATION OF INTERNAL CONTROL

Chapter Overview and Objectives:

This chapter discusses fundamental principles of internal controls and its

impact in the audit process. At the end of this chapter, readers should be able
to discuss
1. The definition, characteristics and scope of internal control
2. The difference between accounting system and internal control system
3. The different controls related to audit
4. The components of internal control
a. Control environment
b. Risk assessment process
c. Information system
d. Control activities relevant to audit
e. Monitoring of controls
5. The requirements of effective internal control
6. Internal control deficiencies
7. Audit procedures to be performed related to internal control
a. Risk assessment procedures
b. Further audit procedures

Relevant references:
PSA 315 (Revised) - Identifying and Assessing the Risks of Material Misstatement through
Understanding the Entity and its Environment

PSA 265 - Communicating Deficiencies in Internal Control to Those Charged with

Governance and Management
Chapter 6 — Study and Evaluation of Internal Control

INTRODUCTION TO INTERNAL CONTROL

The auditor should consider and obtain an understanding of the aCCOunting
and internal control systems sufficient to plan the audit and develop an
effective and efficient audit approach.
The consideration of internal control system by the auditor is supported by
the following audit concepts:
 Evidence that is generated internally is more reliable when the
related controls are effective (one of rules on generalizations about
reliability of evidence discussed in Chapter 1).
• Effective internal control system reduces the possibility of error and
fraud (one of the assumptions in Theoretical Framework of FS Audit
discussed in Chapter 2).
If the auditor can obtain evidence that the entity's internal control is
Operating effectively, this could lead to less extensive further audit
procedures. Thus, improving audit efficiency without compromising audit
effectiveness.
The auditor uses the understanding of internal control to
a. identify types of potential misstatements,
b. consider factors that affect the risks of material misstatement, and
c. design the nature, timing, and extent of further audit procedures.

INTERNAL CONTROL
Definition
Internal control is the process designed, implemented and
maintained by those charged with governance, management and
other personnel to provide reasonable assurance about the
achievement of an entitvs objectives with regard to
a. reliability of financial reporting;
b. effectiveness and efficiency of operations; and
c. compliance with applicable laws and regulations.
The term "controls" refers to any aspects of one or more of the components
Of internal control. Moreover, the way in which internal control is designed'
implemented and maintained varies with an entity's size and complexity.

Characteristics of internal control

From the definition of internal control, the following essential characteristiCS
may be drawn:
I. Internal control is a process
Internal control is a means to an end. It is designed and implemented in
order to achieve the entity's objectives.

Believe... Claim...
Aim... Page
2. Internal control is effected by entity's personnel
Internal control is effected by those charged with governance,
management and other personnel. In order to achieve internal control's
objectives, each member of the organization must perform their
respective roles and responsibilities. Management and those charged
 with governance shall establish policies and procedures that will assist
the entity in achieving its objectives. On the other hand, staff personnel
shall comply with these established policies and procedures.

3. Internal control provides reasonable assurance of achieving its

objectives There is a direct relationship between an entity's objectives
and the controls it implements to provide assurance about their
achievement. However, no matter how effective, internal control can
only provide an entity with reasonable assurance about achieving the
entity's objectives.

This is due to existence of inherent limitations that may affect the

effectiveness of internal controls. Such limitations include: (COC CHA)
Management usual requirement that a control be cost-effective
(Costbenefit consideration);
The possibility that a person responsible for exercising control could
abuse that responsibility (Management Overriding the control); and
The possibility of circumvention of controls through Collusion with
parties outside the entity or with employees of the entity;
The possibility that procedures may become inadequate due to
Changes in condition and compliance with procedures may deteriorate.
The potential for Human error due to carelessness, distraction,
mistakes of judgment or the misunderstanding of instructions;
The fact that most controls tend to be directed at Anticipated types
(routine) of transactions and not at unusual (non-routine) transactions;
4. Internal control is geared toward attainment of entity's objectives The
achievement of internal control objectives will greatly contribute to the
attainment of entity's objectives. As provided above, the objectives of
internal control fall in the following categories:
a. Financial: Reliability of financial reporting
b. Operational: Effectiveness and efficiency of operations
c. Compliance: Compliance with applicable laws and regulations

Having the ability to generate reliable financial reports, which will be

used as basis in making business decisions, will assist the entity in
having favorable outcomes for each activity it performs.
 Chapter 6 - study and Evaluation of Internal control
If the entity's operations are conducted effectively and efficiently and
compliant with applicable laws and regulations, this will enable entity to
Administrative Includes, but is not limited to, plan of organization and
(1) generatethe
Control revenues,
procedures(2) and
minimize costs
records thatand expenses, and
are concerned with(3)
theavoid
fines and penalties.
decision These conditionsleading
processes will definitely
to enable the entity to
management's
authorization
achieve its overall objectiveofas transactions.
a business. Administrative controls
promote operational efficiency and adherence to
Areas of internal control policies.
managerial
Areas of internal control
Accounting can be classified
Comprises of the planas either administrative
of organization andControl
the or
Control
accounting control. procedures and records that are concerned with
the safeguarding of assets and the reliability of
financial records. It involves systems of
authorization and approval controls over assets,
internal audit and all other financial matters.

Accounting system vs. Internal control system

Accounting system means the series of tasks and records of an entity by
which transactions are processed as a means of maintaining financial
records. Such systems identify, assemble, analyze, calculate, classify, record,
summarize and report transactions and other events.
Internal Control System means all the policies and procedures (internal
controls) adopted by the management of an entity to assist in achieving
management's objective of ensuring, as far as practicable:
• orderly and efficient conduct of its business, including adherence to
management policies;
• safeguarding of assets;
• prevention and detection of fraud and error;
• accuracy and completeness of the accounting records; and o timely
preparation of reliable financial information.
From these characteristics, we can conclude that internal control system is
much broader than accounting system. It encompasses accounting system
since it extends beyond those matters which relate directly to the functions
Of the accounting system.

Aim... Believe... Claim... Page

206
Controls Relevant to the Audit
It is a matter of professional judgment, subject to the requirements of PSA,
whether a control, individually or in combination with others, is relevant to
the auditor's considerations in assessing the risks of material misstatement
and designing and performing further procedures in response to assessed
risks. In exercising that judgment, the auditor considers the applicable
component and factors such as the following:
a. The auditor's judgment about materiality
b. The significance of the related risk
c. The size of the entity
d. The nature of the entity's business, including its organization and ownership
characteristics
e. The diversity and complexity of the entity's operations
f. Applicable legal and regulatory requirements
g. The circumstances and the applicable component of internal control
h. The nature and complexity of the systems that are part of the entity's internal
control, including the use of service organizations
Whether, and how, a specific control, individually or in combination with others,
prevents, or detects and corrects, material misstatement.

Generally, auditor's consideration of such controls is limited to those relevant to

the reliability of financial reporting. These controls include, but not limited to,
the following:
I. Controls over the completeness and accuracy of information produced by
the entity if the auditor intends to make use of the information in
designing and performing further procedures

2. Controls relating to operations and compliance objectives if they relate to

data the auditor evaluates or uses in applying audit procedures
3. Internal control over safeguarding of assets against unauthorized
acquisition, use, or disposition may include controls relating to both
financial reporting and operations objectives.

IMPORTANT NOTES:
v/ Other controls relating to objectives that are not relevant to an audit need not
be considered.
Although internal control applies to the entire entity or to any of its
operating units or business processes, an understanding of internal
control relating to each of the entity's operating units and business
processes may not be relevant to the audit.
 207
COMPONENTS OF INTERNAL CONTROL

Components of Internal Control and its Objectives

Internal control, as discussed in PSA 315, consists of the following

components:
(CRIME)
a. Control Environment
b. Entity's Risk assessment process
c. Information and communication systems
d. Control Activities
e. Monitoring of Controls

A. The control environment

The control environment describes a set of standards, processes, and
structures that provide the basis for carrying out internal control across
the organization. Control environment is the foundation on which an
effective system of internal control is built and operated in an
organization.
The control environment includes the governance and management
functions and the attitudes, awareness, and actions of those charged with
governance and management concerning the entitvs internal control and
its importance in the entity. The control environment sets the tone of a n
organization, influencing the control consciousness of its people.

Elements of control environment (1M CPA HO), that could be relevant

when obtaining an understanding of the control environment include the
following:
1. Communication and enforcement of Integrity and ethical values
These are essential elements that influence the effectiveness Of the
design, administration and monitoring of controls.
2. Management's philosophy and operating style Characteristics such as
management's:
v/ Approach to taking and managing business risks
 Attitudes and actions toward financial reporting v/
Attitudes toward information processing and accounting
functions and personnel

3. Commitment to competence
Matters such as management's consideration of the competence levels for
particular jobs and how those levels translate into requisite skills and
knowledge.

4. participation by those charged with governance Attributes of those

s
charged with governance such as: / Their independence from management
s
/ Their experience and stature s/ The extent of their involvement and the
information they receive, and the scrutiny of activities
The appropriateness of their actions, including the degree to which
difficult questions are raised and pursued with management, and
their interaction with internal and external auditors

5. Assignment of authority and responsibility

Matters such as how authority and responsibility for operating activities are assigned
and how reporting relationships and authorization hierarchies are established.

6. Human resources policies and procedures

Policies and practices that relate to, for example, recruitment, orientation, training,
evaluation, counseling, promotion, compensation, and remedial actions.

7. Organizational structure
The framework within which an entity's activities for achieving its
objectives are planned, executed, controlled, and reviewed.

B. The entity's risk assessment process

An entity's risk assessment process is its process for identifying and responding
to business risks and the results thereof.

The risk assessment forms the basis for determining how risks will be managed. A
risk is defined as the possibility that an event will occur and adversely affect the
achievement of organizational objectives. Risk assessment requires management
to consider the impact of possible changes in the internal and external
environment and to potentially take action to manage the impact.
For financial reporting purposes, the entity's risk assessment process
includes how management identifies risks relevant to the
 preparation of financial statements that are presented fairly, in all
material respects in accordance with the entity's applicable financial
reporting framework estimates their significance, assesses the
likelihood of their OCCUrrence, and decides upon actions to manage
them.

Risks can arise or change due to circumstances such as the following:

a. Changes in operating environment
b. New personnel
c. New or revamped information systems
d. Rapid growth
e. New technology
f. New business models, products, or activities
g. Corporate restructurings
h. Expanded foreign operations
New accounting pronouncements
The auditor shall obtain an understanding of whether the entity has a
process for: (IAM) o Identifying business risks relevant to financial
reporting objectives
• Assessing the significance of risks and the likelihood of their
occurrence
• Deciding how to Manage those risks
If this process is appropriate to the circumstances, including the nature,
size and complexity of the entity, it assists the auditor in identifying
risks of material misstatement. Whether the entity's risk assessment
process is appropriate to the circumstances is a matter of judgment.

C. The information system, including the related business processes

relevant to financial reporting, and communication. Information system
Information is obtained or generated by management from both
internal and external sources in order to support internal control
components.

An information system enables the entity to have the ability to generate

timely and meaningful information. An information system consists Of
(PliS0)
a. People
b. Input or data
 c. Infrastructure (physical and hardware components),
d. Software (processes and procedures)
e. Output or meaningful information.
NOTE: Infrastructure and software will be absent, or have less significance, in
systems that are exclusively or primarily manual.

The information system relevant to financial reporting objectives, which includeS

the accounting system, consists of the procedures and records designed and
established to:
Initiate, record, process, and report entity transactions (as well as
events and conditions) and to maintain accountability for the
related assets, liabilities, and equity;
Resolve incorrect processing of transactions, for example, automated
suspense files and procedures followed to clear suspense items out
on a timely basis;
Process and account for system overrides or bypasses to controls;
Transfer information from transaction processing systems to the
general ledger;
Capture information relevant to financial reporting for events and
conditions other than transactions, such as the depreciation and
amortization of assets and changes in the recoverability of accounts
receivables; and
Ensure information required to be disclosed by the applicable financial
reporting framework is accumulated, recorded, processed, summarized
and appropriately reported in the financial statements.
Communication
Communication based on internal and external sources is used to disseminate
important information throughout and outside of the organization, as needed to
respond to and support meeting requirements and expectations. The internal
communication of information throughout an organization also allows senior
management to demonstrate to employees that control activities should be
taken seriously.
ant

Communication involves providing an understanding of individual roles and

responsibilities pertaining to internal control over financial reporting.
Communication may take such forms as policy manuals and financial reporting
manuals. Communication may be done in writing, orally or through actions of
the management.
As far as audit is concern, the auditor gives emphasis on the communication of
financial reporting roles and responsibilities and significant matters relating to
financial reporting. This includes:
a. Communications between management and those charged with governance
b. External communications, such as those with regulatory authorities
D. Control activities relevant to the audit
Control activities are actions (generally described in policies, procedures,
standards) that help management mitigate risks in order to ensure
andthe achievement of objectives. Control activities may be preventive
or detective in nature and may be performed at all levels of the
organization.

Simply stated, control activities are the policies and procedures to help
ensure that management directives are carried out. Examples of control
activities include those relating to the following: (APIPS)
a. Authorization
• Specific authorization (for unusual, material, or infrequent
projects)
• General authorization (for regular transactions)
b. Performance reviews (actual performance versus budget, forecasts
and prior period performance)

c. Information processing (from initiation up to the eventual inclusion

of transaction in financial reports)
d. Physical controls (for both assets and documents)
e. Segregation of duties
To achieve optimum segregation of duties and responsibilities, the
following functions should be performed by different employees:
(l CARE)
Independent checks
Custody of assets v/
Authorization of transactions
Recording of transactions
Execution of transactions
 However, if it is impractical to segregate the above functions, at a
minimum, three functions must be segregated. These are: (CAR)
Custody
Authorization
Recording

Consideration to owner-managed small businesses

Generally, it is impractical to have adequate segregation Of
incompatible duties for owner-managed small businesses. TO
compensate for the inadequacy, the owner shall actively and
effectively conduct an oversight over the operations of the
business Control activities that are relevant to the audit are:
a. Those that are required to be treated as such, being control
activities that relate to significant risks and those that relate to
risks for which substantive procedures alone do not provide
sufficient appropriate audit evidence; or
b. Those that are considered to be relevant in the judgment of the
auditor.

E. Monitoring of controls.
Monitoring is the process of assessing the quality of internal control
performance over time. It involves assessing the design and operations of controls on a
timely basis and taking necessary corrective actions. Monitoring is done to ensure that
controls are present and continue to t; function effectively.

Monitoring can be accomplished through (OST)

a. Ongoing monitoring activities (performed by persons within the same
line function)

b. Separate evaluations (performed by internal auditors, audit committee,

and/or external auditors) c. Combination of the two
Evaluation and communication of deficiencies
After the monitoring activities, the entity shall evaluate and communicate
deficiencies noted. The purpose of this is for the entity to take corrective actions
or introduce improvements that will make the internal controls more effective
and efficient.

Other Concepts: Components of Internal Control

 The following discussion relates to other concepts related to the different
components of internal control. These concepts include: v/ Entity-Wide Controls and
Transaction Controls s/ Requirements of Effective Internal Control v/ Parties affecting Internal
Control
Internal Control Deficiencies

Entity-Wide Controls and Transaction Controls

The five components of internal controls may differ depending on the scope of Of its
implementation. Some controls are designed and effected across the whole organization
while others only affect certain business processes, transactions, accounts and assertions.
Based on the scale of its implementation, controls may fall into two categories namely, (1)
entity-wide controls and (2) transaction controls.
Entity-wide Entity-wide controls operate across the whole
organization controls and affect numerous business processes,
accounts transactions and assertions. The ineffectiveness of these
controls may have pervasive effects on the organization. These controls
commonly include the following: v/ Controls on management override v/
Risk assessment process
Monitoring of results of operations
s/ Financial closing and reporting controls
Risk management policies
Transaction Transactions controls operate only at a certain level or
controls department in an organization and thus, affect only certain
business processes, accounts, transactions and assertions. The
ineffectiveness of these controls may not have pervasive effects on the
organization. These controls commonly include the following:
v/ Periodic inventory counts v/ Bank reconciliation v/
Three-way match and review of supporting documents
of purchases v/ Review of contracts with customers for
revenue recognition
Requirements of Effective Internal Control
For management to conclude that its system of internal control is
effective, all five components of internal control and all relevant
principles must be present and functioning. Being "present" implies
a given component or principle exists within the design and
implementation of an entitvs system of internal control,
"Functioning" implies the component or principle continues to exist
in the operation and conduct of the control system.

Moreover, to be effective, internal control components operate

together in an integrated manner.

Parties affecting Internal Control

The effective design and implementation of an internal control
system is influenced by the actions of numerous parties that can
affect the system and help an organization attain its objectives.
These parties can be grouped into the following categories:
1. Internal Parties — These are parties that are internal to the
organizati0n and are part of the internal control system.
Through their cumulatiVe efforts, they help provide
reasonable assurance that the planned objectives of the
organization are attained.
 Page
These include, but are not limited to management, the board of
directors, internal auditors and other entity personnel.

2. External Parties- Parties that are external to the organization

contribute to the efficacy of the internal control system
through their actions that provide vital information to the
entity in effecting control and achieving objectives.

These include, but are not limited to, external auditors,

legislators, regulators, financial analysts, bond rating agencies
and media providers.

Internal Control Deficiencies

A major deficiency exists if an internal control deficiency or
combination thereof severely reduces the likelihood of an entity
achieving its objectives.
In other words, if management used its professional judgment to
determine that a control objective isn't being met because a relevant
principle or associated component isn't present and functioning, or the
five components aren't operating together, the entity has a major
deficiency.

AUDIT PROCEDURES: RESPONSES TO ASSESSED RISKS

The auditor shall design and implement overall responses to address the
assessed risks of material misstatement at the financial statement level.
Moreover, the auditor shall design and perform further audit procedures
whose nature, timing, and extent are based on and are responsive to the
assessed risks of material misstatement at the assertion level.
The succeeding diagram is a summary of procedures performed
during the study and evaluation of internal control to appropriately
respond to assessed
 11
l,
Procedures Performed in Study and Evaluation (B) Further of

(A) Risk assessment procedures

Obtain an
understandingof
the internal
control (Al)

Internal audit Controlprocedures

Make a preliminary
assessment of
Control Risk (A.2)
A. RISK ASSESSMENT PROCEDURES
1. Obtain an understanding of internal control relevant to the audit
As required by the standard, the auditor shall obtain an
understanding of internal control relevant to the audit.
When obtaining an understanding of controls that are relevant to
the audit, the auditor shall evaluate the design and
implementation of the controls by performing procedures in
addition to inquiry of the entitys personnel.
a. Design of the controls.
Evaluating the design of a control involves considering
whether the control, individually or in combination with other
 controls, is capable of effectively preventing, or detecting and
correcting, material misstatements.

b. Determine whether controls have been implemented

Implementation of a control means that the control exists and
that the entity is using it. There is little point in assessing the
implementation of a control that is not effective, and so the
design of a control is considered first. An improperly designed
control may represent a material weakness in the entity's
internal control.
IMPORTANT NOTES:
When obtaining an understanding, the auditor focuses on
the design and implementation and not on effectiveness.

v/ Effectiveness of the controls is evaluated during tests of

controls since procedures performed are not sufficient to
test the controls.

Specific audit procedures

Risk assessment procedures to obtain audit evidence about the design
and implementation of relevant controls may include: s/ Inquiring of
entity personnel.
Observing the application of specific controls. s/
Inspecting documents and reports.
v/ Tracing transactions through the information system
relevant to financial reporting (This may be done by
performing "walkthrough" tests).
NOTE: Inquiry alone is not sufficient for such purposes.

Documentation
PSA 315 requires the auditor to document the following:
a. The discussion among the engagement team and the significant
decisions reached;
b. Key elements of the understanding obtained regarding each of the
aspects of the entity and its environment; s/ each of the internal
control components; sources of information from which the
 understanding was obtained; and risk assessment procedures
performed.
c. The identified and assessed risks of material misstatement at the
financial statement level and at the assertion level; and
d. The risks identified, and related controls about which the auditor has
obtained an understanding.

Form and content

The manner of documentation may vary and is a matter of auditor's
using professional judgment. The form and extent of the
documentation is influenced by v/ nature, size and complexity of the
entity and its internal control; v/ availability of information from the
entity; and v/ audit methodology and technology used in the course of
the audit.
Chapter 6 — Study and Evaluation of Internal Control
The most well-known and commonly used forms of control
documentation include:
a. Flowcharts. Auditors use flowcharts to describe the flow of
activity through a process, as well as the relevant documentation.
The main output of a flowchart is a process map — a graphical
representation of events performed by a group of people. Process
maps can help auditors better understand business processes;
save time on communicating and confirming business processes
With identify risks, controls, deficiencies, and management;
inefficiencies; and develop recommendations for imProvements
They enhance supervisory review and provide a method of
recording systems in considerable detail.
b. Narrative Descriptions. Narratives describe process flows in written
form, without graphical representations. They provide a useful
supplement to flowcharting documentation by detailing existing
practices and thereby minimizing potential misunderstandings.
Independently, however, narrative descriptions do not serve as an
effective tool for process description — they can be lengthy and difficult
to review, and typically are not considered user-friendly.

c. Internal Control Questionnaires. Effective ICQ documents comprise a

carefully structured, logically sequenced series of questions that help
management and internal auditors document processes and highlight
control gaps, strengths, and weaknesses within a system. Typically, ICQs
present information in a format that is easy to understand and help
simplify and expedite the control evaluation process.

d. Risk and Control Matrices. Risk and control matrices link controls
with control objectives and related risks. They are designed both
to document risks and controls and to facilitate evaluation of the
design and effectiveness of the control system.

e. Policy and Procedure Manuals. Policy and procedure manuals establish

a systematic framework and sound guidelines for the specific processes
and activities of an organization, facilitating effective implementation of
business strategy on both a strategic and operational level. IMPORTANT
NOTES:
s/ No one particular form of documentation is required.
s/ For recurring audits, certain documentation may be carried forward,
updated as necessary to reflect changes in the entit}/s business or
processes.
 Aim... Believe... Claim...
Page 218

v/ Regardless of the specific methods used, auditors should pay

close attention to the control documentation process since
control evaluations cannot be performed effectively unless all
key risks and controls are adequately identified and
documented.

2. Make a preliminary assessment of control risk

After obtaining an understanding of the accounting and internal
control systems, the auditors should make a preliminary assessment
of control risk, at the assertion level, for each material account
balance or class of transactions. Assessment to be made may either
be (1) at high or maximum level; or (2) at less than high or below
maximum level.

High or maximum level

The auditors ordinarily assess control risk at a high level for some or all
assertions when:
'/ the entity's accounting and internal control systems are not
effective; or v/ evaluating the effectiveness of the entity's
accounting and internal control systems would not be efficient.

This assessment is commonly known as:

a. "no reliance approach" since this assessment will lead the auditor
not to rely on the controls.
b. "primarily substantive approach" since the auditor will rely heavily
on substantive tests.

Less than high or below maximum level

The preliminary assessment of control risk for a financial statement
assertion should be high unless the auditors:
v/ are able to identify internal controls relevant to the assertion
which are likely to prevent or detect and correct a material
misstatement; and s/ plan to perform tests of control to support
the assessment.

This assessment is also known as "reliance approach" since the auditor

will place reliance on the controls identified.

B. FURTHER AUDIT PROCEDURES

When developing the further audit procedures, the auditors consider the
preliminary assessment of control risk (in conjunction with the assessment of
inherent risk) to determine the appropriate detection risk to accept for the
financial statement assertions and to determine the nature, timing and extent
of substantive procedures for such assertions.

Page 219

-
The objective of the auditor is to obtain sufficient appropriate audit
about the assessed risks of material misstatement, through designing
and implementing appropriate responses to those risks. In order to
achieve this objective, the auditor shall design and implement overall
responses to address the assessed risks of material misstatement at the
financial statement level.
The auditor shall design and perform further audit procedures whose
timing, and extent are based on and are responsive to the assessed risks
of material misstatement at the assertion level. Again, further audit
procedures include (1) Tests of controls and (2) Substantive tests.
In designing the further audit procedures to be performed, the auditor
shall: a. Consider the reasons for the assessment given to the risk of
material misstatement at the assertion level for each class of transactions
account balance, and disclosure, including:
i. The likelihood of material misstatement due to the particular
characteristics of the relevant class of transactions, account balance
or disclosure (i.e., the inherent risk); and ii. Whether the risk
assessment takes account of relevant controls (i.e. the control risk),
thereby requiring the auditor to obtain audit evidence to determine
whether the controls are operating effectively (i.e., the auditor
intends to rely on the operating effectiveness of controls in
determining the nature, timing and extent of substantive
procedures); and
b. Obtain more persuasive audit evidence.

1. Perform tests of control

Definition
Test of control is an audit procedure designed to evaluate the
operating effectiveness of controls in preventing, or detecting and
correcting, material misstatements at the assertion level.

To determine the nature, timing, and extent of tests of controls, the

auditor should give adequate consideration to controls relevant to the
 audit. The quality of the entity's internal control can have a significant
impact in determining the nature, timing and extent of the audit
procedures in gathering audit evidence related to class of transaction¶
account balances and disclosures.

Objective
The auditor shall design and perform tests of control to obtain sufficient
appropriate audit evidence as to the operating effectiveness of relevant
controls when:

Page 220

a. The auditor's assessment of risks of material misstatement at the

assertion level includes an expectation that the controls are operating
effectively (i.e., the auditor intends to rely on the operating
effectiveness of controls in determining the nature, timing and extent
of substantive procedures); or

b. Substantive procedures alone cannot provide sufficient appropriate

audit evidence at the assertion level.

Furthermore, another major objective of tests of control is for

the auditor to obtain sufficient appropriate evidence to support
the preliminary assessment of control risk at less than high or
below maximum level.

NOTE: Auditor will only test controls that he or she plans to rely
on.
Specific procedures
Tests of controls over the design of a policy or procedure include
Inquiry;
1/ Observation (including walk-through tests); s/
Inspection; and
Reperformance; and
Inquiry alone is not sufficient to test the operating effectiveness of
controls. Accordingly, other audit procedures are performed in
combination with inquiry. In this regard, inquiry combined with
inspection or reperformance may provide more assurance than inquiry
and observation, since an observation is pertinent only at the point in
time at which it is made.
Recurring audit
 In case of recurring audit, the auditor shall establish the continuing
relevance of the evidence from a previous audit about the operating
effectiveness of specific controls by obtaining audit evidence about whether
significant changes in those controls have occurred subsequent to the
previous audit.
The auditor shall obtain this evidence by performing inquiry combined with
observation or inspection, to confirm the understanding of those specific
controls, and:
a. If there have been changes that affect the continuing relevance of
the audit evidence from the previous audit, the auditor shall test the
controls in the current audit.

Page 221

-
b. If there have not been such changes, the auditor shall test the
controls at least once in every third audit, and shall test some
controls each audit to avoid the possibility of testing all the controls
on which the auditor intends to rely in a single audit period With no
testing of controls in the subsequent two audit periods.

Significant risk is an identified and assessed risk of

misstatement that, in the auditor's judgment, requires
special consideration.

Significant Risk

material audit

Auditor's consideration
The auditor shall determine whether any of the risks identified are, in the
auditor's judgment, a significant risk.
In exercising judgment as to which risks are significant risks, the auditor
shall consider at least the following:
a. Whether the risk is a risk of fraud;
 b. Whether the risk is related to recent significant economic, accounting
or other developments and, therefore, requires specific attention;
c. The complexity of transactions;
d. Whether the risk involves significant transactions with related
parties;
e. The degree of subjectivity in the measurement of financial
information related to the risk, especially those measurements
involving a wide range of measurement uncertainty; and
f. Whether the risk involves significant transactions that are outside the
normal course of business for the entity, or that otherwise appear to
be unusual.

Controls over significant risk

When the auditor has determined that a significant risk exists, the
auditor shall obtain an understanding of the entity's controls, including
control activities, relevant to that risk.
When the auditor plans to rely on controls over a risk the auditor has
determined to be a significant risk, the auditor shall test those controls
in the current period even if there were no significant changes that have
occurred from those controls.

Page 222
2. Make a re-assessment of control risk
After testing the controls, the auditor shall make a reassessment of
control risk. The table below is a summary of the effect of reassessment
of control risk on audit approach.
Reassessment of Audit
Effect on Substantive
Control Risk Approac
Test
h
v
Assessment remains Reliance / Less effective procedures
at Less than High approach Interim testing may be
appropriate
Smaller sample size
Assessment is Switch to no Y/ More effective
changed to High Reliance procedures s/ Tests moved
approach to nearer or at year-end
Larger sample size
 NOTE: The assessment of control risk is inversely related to the amount of
detection risk.

3. Perform substantive procedures

Irrespective of the assessed risks of material misstatement, the auditor

shall design and perform substantive procedures for each material class
of transactions, account balance, and disclosure.
Substantive testing concepts are discussed in details in Chapter 8

DOCUMENTATION
Below is a summary of the required documentation by the standards related to study
and evaluation of internal control.
Control Risk Understanding Control risk Basis for the
Assessment of internal assessment control risk
control assessment
High Yes Yes No
Less Yes Yes Yes
than
high
COMMUNICATION
The auditor may identify deficiencies in internal control not only during
this risk assessment process but also at any other stage of the audit. The
objective of the auditor is to communicate appropriately to those charged
with governance and management deficiencies in internal control that the
auditor has identified during the audit and that, in the auditor's
professional judgment, are of sufficient importance to merit their
respective attentions.

Page 223
—

The table below presents a summary of required communications relating to

identified deficiencies:
Requirement
Definition
Deficiency in A control is designed, Determine, on the basis of internal
implemented or operated in the audit work performed control such a way
that it is unable to whether, individually or in prevent, or detect and correct,
combination, they misstatements in the financial constitute significant
statements on a timely basis; deficiencies.

A control necessary to prevent,

or detect and correct,
misstatements in the financial
statements on a timely basis is
missing.
'Significant' A deficiency or combination of Communicate in writing
deficiency in deficiencies in internal control significant deficiencies in internal
that, in the auditor's internal control identified control professional
judgment, is of during the audit on a sufficient importance to merit timely basis
to:
the attention of those charged a. management at
an with governance. appropriate level of
responsibility; and with those charged with governance
(unless all of those charged with governance are
involved in managing the entity).

Page 224
CHAPTER 7
TRANSACTION CYCLES - TEST OF CONTROLS

Chapter Overview and Objectives:

This chapter discusses the different transaction cycles and the key controls for each
transaction cycle. At the end of this chapter, readers should be able to discuss
I. Describe the different categories of transaction cycles.
a. Revenue and receipt cycle
b. Expenditure and disbursement cycle
c. Conversion cycle
d. Investing and financing cycle
2. Determine which business process elements are associated with the different
transaction cycles.
3. Identify the forms or documents used in the different departments
involved in each transaction cycle.
4. Identify and describe the functions of departments in each transaction cycle.
5. Identify possible controls in each transaction cycle.

Relevant references:
BEST PRACTICES implemented by different entities in their business processes.

NOTE: There is no official standard/s governing the different transaction cycles as

these cycles will vary across industries and entities.
 Page 243
INTRODUCTION
An accounting system consists of business processes rformed by which an
entity can be to describecreate valued interrelated sets of structured
activities pe and to contribute in the attainment of business objective. The
execution Of business processes involves a logical time sequence and may
require employees external parties, resources, data, documents, and
machines. These busine$ processes are triggered by transactions and have
clearly defined starting and ending points.
A transaction is an agreement between two entities to exchange goods or
services or any other event that can be measured in economic terms by an i :
organization.

12 Definition

Businesses engage in multiple financial transactions during normal

operations and accurate reporting of each accounting transaction cycle
helps determine the profitability of a process or product. Though
voluminous, these transactions may be aggregated into a relatively small
number of transaction cycles.
Transaction cycles are the means through which an accounting system
process transaction of related activities such as sale of goods to customers;
acquisition of merchandise and payment to vendors; production of
finished products for sale; and payment to employees for services they had
rendered.

Categories
To understand these transaction cycles, we explore the nature of these cycles
using the following five categories of interrelated major cycles:

13 Category
Inclusion
Order to Cash • receives order from the customer (Revenue
and • examines the order for credit worthiness receipt) • ships
goods or provides services to customer
• issues an invoice
• collects payment
Purchase to • issues a purchase order to a supplier
 Pay • receives the goods or services (Expenditure
• records the related liability and
• pays the supplier disbursement)

Page 244

14 EntiWs responsibility

A key role of the entity, through its management and those charged with
governance, is to design and implement an appropriate set of policies,
procedures, forms, and integrated controls for each of these transaction
cycles to minimize the opportunities for fraudulent activities and ensure that
transactions are processed in as reliable and consistent manner as possible.

Auditor's objective
The auditor should consider and obtain an understanding of these
transaction cycles sufficient to plan the audit and develop an effective and
efficient audit approach. Moreover, the auditor will give emphasis to the
following objectives.
s
/ To determine the reliability of financial reporting of the different functions
affected by each transaction cycle.

of
 Hire to Retire • acquires services from employees o monitors and
(Human
records the time of its employees • verifies hours and
resources and
overtime worked o calculates gross pay, deductions,
payroll)
and net pay
• pays the employees
Plan to o monitors and records the production of entity's product
Inventory for sale
(Production or
conversion)
Financing and o generates capital funds from outside investors o
investing invests capital funds to other profitable activities
To determine the fairness of presentation in accordance with applicable
financial reporting framework of the account balances affected by each
transaction cycle.

UNDERSTANDING THE TRANSACTION CYCLES

For a better understanding of these transaction cycles, reader should be aware the
following basic concepts of each cycle.

General objectives
The following are general objectives of transaction cycles: v/ To
promote adequate segregation of incompatible duties v/ To
provide safeguards to entity's resources

Basic concepts
1. Departments involved, including its functions, objective, and possible control
that may be implemented

Page 245
2. Forms or documents initiated and processed
The following are the important concepts related to forms or documents

The department that initiated the processing approves the form.

The department that initiated the processing is accountable for
unused forms. Also, access to those forms shall be limited to the said

The notification of forms does not necessarily mean a hard copy shall
be forwarded. Notification can be done thru electronic mail.
v/ The department that initiated, received or processed a form shall
retain a copy for filing (not necessarily a hard copy).

Major assumptions
On the following transaction cycles discussed, the following assumptions are
used:
1. Entities are operating under normal operating cycle condition. With this,
we will only be accounting for sales and purchases on account.
2. Entities are using imprest and voucher systems.

REVENUE AND RECEIPT CYCLE

The revenue and receipt cycle is comprised of various classes of transactions.
It covers two main transactions, the sale transaction and the collection
transaction. This cycle starts when an entity accepts an order from the
customer and ends when the related receivable arising from the sale has
been collected. This cycle is also known as sale and collection cycle.

The primary objective of this cycle is (1) the proper valuation of accounts
affected such as receivables, sales, cash, bad debts, and allowance for bad
debts; and (2) provide assurance that resources arising from delivery of
goods or provision of services to customers are received by the entity.
Business Two major business functions are functions • Resources
are distributed to customers in exchange for promises of future
payments
• Customers pay cash for resources distributed to
them
Accounts Accounts affected include the following:
affected • Sales and related sales returns, allowances and discount o
Receivable, allowance for bad debts and Bad debts
expense
Cash
 Page 246
Departments Significant departments affecting the cycle are:
involved Revenue
• Sales or Customer order o Credit
• Inventory control or Warehouse o
Shipping o Billing
• Accounting (inventory, receivable
and general)
Receipt
• Mail room or receptionist o
Treasury
Accounting (receivable and general)
—

Forms or documents received, initiated and processed

Form Description Initiated by: Distributed to:
Sales order Contains the details Sales department o Customers
(order slip; of goods ordered o Credit o
customer order) (quantity, prices Shipping o
and payment Billing
terms)
Shipping Describes the goods Shipping o Carrier o
document (bill of to be shipped and department Customers o
lading or serves as contract Billing
delivery receipt) between the entity
and carrier
Sales invoice Describes the goods Billing Customers o
(billing sold, amount due department Accounting
statement or and the terms of
statement of payment
account)
Remittance Intended to Billing • Customers
advice facilitate the department
accounting for cash
collection
Daily Summarizes Receivable and General
summaries transactions Treasury (for accounting
recorded during the sales and
day by the different collection,
department respectively)
Treasury and
Mail room (for Receivable
mail received)

Page 247
Chapter 7 —

Summary of Functions of Departments in the Revenue cycle

A. Sales department
Primary
Possible controls
Activities Common controls adopted
1. Locates and encourages buyers different entities in this
2. Negotiates terms with buyers
include:

4. Prepares sales order and • Sales department has

an function to
distribute copies to customers, credit,
communicate customers
shipping
• Entity maintains list of
and billing customers to minimize
5. Retains copy in unfilled order file exposure high-risk
6. Monitors the status of the order customers
7. Updates customers as to the • Entity maintains range
status of the order of prices for its products
objective: To increase entity's sales by department

exclusive with the

authori

zed

to

sell

ing
 B. Credit department

Activities Possible controls

1. Receives and review sales order Common controls adopted by
from sales department different entities in this
2. Conducts credit investigation department include:
3.Approves credit request by • Entities establish a credit
preparing a memo or placing an department that is independent
"approved" mark in the sales order with the sales department o
4. Notifies sales department as Credit department issues list of
to the approval/disapproval of the authorized customers
credit request
5. Forwards the approved sales
order to invento control
Primary objective: To minimize exposure to high-risk customers
 —

C. Inventory control (or warehouse) department primary objective: To

control transfers of inventory in and out of storage areas, monitor

Activities
Possible controls
Reviews approved sales order Common controls adopted by
received from credit department different entities in this department
Monitor the availability of goods include:
ordered • Inventory control provides
Authorizes the issuance of goods access to sales department to
to shipping department inventory levels
Forwards the approved sales • Different inventory
order shipping department management concepts may be
applied to provide reasonable
assurance the availability of goods
when needed
inventory levels, and report slow-moving or damaged items

1.

2.

3. the
4.
to

D.Shipping department
Primary objective: To provide reasonable assurance that all shipments are
authorized and customers are billed
Activities Possible controls
1. Compares sales order from Common controls adopted by
sales department with goods and different entities in this
approved sales order from department include:
inventory control • Shipping documents are
2. Completes shipping prenumbered and assure that
documents and prepares goods for related billings are made on a
shipment periodic basis
3. Release goods to carrier and
obtains receipt
4. Notifies sales department that
goods have been shipped
5. Forwards the shipping
documents and approved sales
order to Billing department

— —

E. Billing department
Primary objective: To provide reasonable assurance that all billings are

Activities Possible controls

I. Compares the following documents: Common controls adopted
a. sales order from sales different entities in this
department b. approved sales order include:
and shipping document from o Sales invoice are and
pre-numbered
shipping department shall ensure that
2. Prepares sales invoice and preparation, a shipping
send copies to customer (thru the should be present.
carrier) and to inventory
accounting
3. Prepares remittance advice
and send copy to customers (thru
the carrier)
shipped

F. Accounting department
• Inventory: Provides cost information on the goods sold to be
forwarded to General accounting and records transaction related to
the cost of goods sold.
• General:
Records the sale and forward sales invoice and related
documents to Accounts receivable.
 • Accounts Receivable: Updates subsidiary ledger related to customer's
account.

Summary of Functions of Departments in the Receipt Cycle

Collections
A. Mail room or Receptionist
• Receives remittance advises and customer checks from customers e
Prepares list of receipts
• Endorses checks and list of receipts to the treasury department
• Endorses remittance advices and list of receipts to the accounts
receivable department

B. Treasury department
• Updates cash records
• Prepares deposit slips
• Prepares cash summaries, send copy to Accounts receivable and
general accounting, and retain a copy
• Deposits cash collection to the bank

250
 —
Accounting department
Accounts receivable: compares remittance advice from mail
room and cash summaries from treasury; updates subsidiary
ledgers; and prepares daily summaries to be forwarded to
general accounting.
General: compares daily summaries from treasury and accounts
receivable, then, updates general ledgers.
Other
activities in the revenue and receipt cycle
Uncollected accounts Accounts receivable o Review individual
customer accounts periodically as a check against credit limits
Prepare monthly accounts receivable trial balances for
reconciliation with the general ledgers
Authorized Personnel independent of Credit department
• Review and age accounts receivable balances periodically

Authorized Personnel who reports to the treasurer and

independent of recording functions or Treasurer to authorize the
write-off • In case of delinquent accounts, such account should
be reviewed o If judged to be uncollectible, written authorization
to write off should be sent to Accounts Receivable and General
Accounting

Sales returns and allowances

I. Sales department
• Reviews customer's request for returns and allowances o Grants sales
returns and allowances and prepares credit memo which is forwarded to
customer, accounts receivable (for recording), and inventory control (for
returns)
2. Inventory control o Compares goods received through the receiving
department and credit
memo
3. Accounting o Inventory: updates inventory records upon receipt of goods
and prepare daily summaries to be forwarded to general accounting
• Accounts receivable: update records based on the credit memo received
and prepares daily summaries to be forwarded to general accounting.
• General: compares daily summaries from inventory and accounts
receivable, then, updates general ledgers.
Presented on the next page is a flowchart illustrating the interactions between
departments involved in the credit sales process and the documents used.
 Test of Controls
—
Chapter 7 — of Controls
 page 254 —

EXPENDITURE AND DISBURSEMENT CYCLE

The expenditure and disbursement cycle is comprised of various classes of
transactions. It covers two main transactions, the acquisition transaction and
the disbursement transaction. This cycle starts when an entity placed an
order to a supplier and ends when the related payable arising from the
acquisition has been paid. This cycle is also known as acquisition and
disbursement cycle.

The primary objective of this cycle is (1) the proper valuation of accounts
affected such as payables, cash, and specific asset recognized (office supplies,
inventories); and (2) provide assurance that resources paid to a supplier
represents payment to goods or services received by the entity.
 Business Two major business functions are o Resources are
functions acquired from vendors in exchange for obligations to pay
• Entity pays cash to vendors and employees

Accounts Accounts affected include the following: o

affected Purchases (e.g. Inventory and Supplies) o
Purchase returns, allowances and discount o
Payables o Cash

Departments Significant departments affecting the cycle are:

involved Expenditure
• User (any department within the entity) o
Purchasing o Receiving o Accounts payable o
Accounting (inventory and general)
Disbursement o Treasury o Accounting
(receivable and general)

Forms or documents received, initiated and processed

Page
Summary of Functions of Departments in Expenditure Cycle
A. User department
• Prepares requisition slip to be forwarded to purchasing and accounts
payable departments

B. Purchasing department
Primary objective: To meet the specific needs of the user department at
the least possible cost
 Activities Possi
by
ble
contr
ols
Commo
n
controls
adopted

differe
nt
entities
in this
include
:
department

vendor and negotiates with o Purchasing department has an

Page 256
exclusive function to communicate
purchase orders and with the vendor o Entity maintains
copies to vendor, and list of authorized vendors o Entity
accounts payable the status compares purchase price to market
of the order user prices
departments as to the of the
order
Activities Possible controls
1. Files purchase orders until Common controls adopted by
goods are received different entities in this
2. Upon receipt, counts and department include:
checks the goods for appropriate o To ensure that the receiving
quantity and condition department will count and check
3. Reviews and compares the goods received, the
purchase orders from purchasing purchasing department sends a
and shipping document from the blank purchase order
carrier
4. Prepares receiving reports to
be forwarded to purchasing and
accounts payable accompanied by
supporting documents (purchase
orders
Locates from purchasing and
shipping
terms document from carrier)
 based

prepares
distribute
receiving
Monitors
Updates
status
Receiving department primary objective: To provide reasonable
assurance that received goods are on approved purchase order

D. Accounts payable department Primary objective: To provide

reasonable assurance that payments will only be made to shipments
received
Activities Possible controls
1. Reviews and compares Common controls adopted by
requisition slip, purchase order, different entities in this
receiving report and vendor's department include:
invoice o Accounts payable department
2. Prepares voucher files voucher package by due date
3. Prepares voucher package so as to pay liability on time and
(requisition slip, purchase order, take advantage of discounts, if any
receiving report, vendor's invoice, o Prior to preparation of voucher,
and voucher) and daily summary to the vendors invoice should be
be forwarded to the treasury and accompanied by a receiving report
general accounting, respectively

Page 257
— —Test of Controls
E. T r e a s
Activities Possible controls
1. Reviews voucher package Common controls adopted
received different entities in this
2. Prepares check and have it include:
signed by authorized signatories • The person last signing
3. Forwards checks to vendors the cancels the voucher
4. Prepares daily summary which package placing a mark
is to be forwarded to general such as
accounting "cancelled" or check number.
o Entity may adopt any
following in relation to issuance
checks
• Check over a certain
should have an identified
• No checks shall be
without an identified payee
• Checks should be
signed least two authorized
persons
(Disbursement) by dePartment

check by "paid"

of the of

amount
payee
issued

by at

Presented on the next page is a flowchart illustrating the interactions

between departments involved in the expenditure and disbursement cycle
and the documents used in the process.
Page 258
 Test of Controls
Chapter 7 —Transaction Cycles —

Aim... Believe... Claim... Page 259

—
HUMAN RESOURCES AND PAYROLL CYCLE
Human resources (HR) and payroll cycle is a continuation of the
expenditure and disbursement cycle. This cycle covers the entiti/s
acquisition of services from its employees or personnel. The following are
main reasons why the auditor is concern with this cycle.
a. Payroll include different categories of employee benefits (short-
term. post-employment, other long-term and retirement) that
could significantly affect major elements of financial statements;
and
b. For most entities, significant amount of resources is incurred
Business Two major business functions are o Services are
functions received from employees in exchange for
obligations to pay
Entity pays cash to employees
Accounts Accounts affected include, but not limited to the
affected following:
o Salaries and wages expense and payable
Premiums expense and payable o
Withholding taxes payable
o Inventories (for inventoriable salaries and
wages) o Cash
Departments Significant departments affecting the cycle are:
involved Expenditure o User (any department within
the entity) o HR or Personnel o Payroll
• Accounting (inventory and general)
Disbursement and distribution o
Treasury o Accounting (general)

Form Description Initiated by: Distributed

HR records It contains all HR e payroll
(Personnel information related to department (limited
records or entity's employees from payroll
201 file) related
time they are hired up
information
to their eventual
only
termination. rates
It documents all actions deductions)
taken by the employees
or management on
behalf of an emplo ee.

Forms or documents received, initiated and processed

Page 260 to:
 and

Commonly, it also
documents salary rates,
deductions, and other
payroll-related
information
Daily time Describes the number of User o Payroll
record (DTR) hours worked by an department
employee during a
particular day covered by
a pay period
payroll Shows all related payroll Payroll
o Treasury o
register information (gross pay,
General
all deductions, and net
accounting
pay) for each pay period
Labor cost Shows payroll Payroll o Inventory
summary information which is accounting
capitalizable or can be
attributed to a particular
job or customer order
Employee Shows the cumulative, Payroll Accounts
earnings year-to-date summary of payable
record earnings and deductions
of every employee
Daily Summarizes transactions Payroll(for o General
summaries recorded during the day liability accounting
by the different recognition)
department
Inventory (for
capitalizable
labor costs)

Treasury (for
payment)
 15 Summary of Functions of Departments in Human Resources and Payroll Cycle

A. User department
Primary objective: To ensure that time records prepared by employees
Possible controls
Activities Common controls adopted by
1. Monitors and approves daily time different entities in this
records department include:
• Appropriate review activities shall
*Note: However, due to introduction be made to ensure the validity
of computerized human resources daily time records prepared by
systems, time records are commonly employees o In case of
tracked through biometrics and computerized systems, approval of
access devices. any exceptions shall made by the
user department head

represent actual hours worked during a pay period

of

be

B. HR department
Primary objective: To ensure employees included in the payroll are
rendering services to the entity
Activities Possible controls
1. Initiates, updates and Common controls adopted by
maintains HR records different entities in this department
2. Forwards payroll related include:
information to payroll department o Access, including initiating
(e.g. salary and wage rates, changes, to HR records shall be
bonuses, overtime pays, and payroll limited only to the HR
deductions) department
3. Determines terms of o Information not relevant to
 settlement (lump-sum or payroll calculation shall not be
installment) in case of termination shared to other departments
of employee/s
4. Immediately notify payroll
department of terminated
employee to avoid inclusions of
these employees in the subsequent
payroll calculations

C. Payroll department primary objective: To provide reasonable assurance

that the payroll calculation in every pay period is valid
Activities
Possible controls
Receives and reviews relevant Common controls adopted by
payroll-related information from different entities in this
HR and user departments department include:
Considers any update on • Appropriate level of
employees' pay rates and management (preferably a
deductions Prepares payroll member who is not involved in
register payroll preparation) reviews the
Updates cumulative employee payroll register for accuracy and
earnings records reasonableness
Identifies and submits to • To assure adequacy of
inventory accounting capitalizable segregation of duties, payroll
payroll in case of servicing and department should be
manufacturing companies with segregated from HR, Treasury,
inventoriable labor costs and some user departments.

I.
2.

3,
4.

5.
D. Treasury department (Disbursement)
Primary objective: To provide reasonable assurance that all payroll
cash disbursements are based upon a recognized liability or actual
services rendered by employees
Activities Possible controls
1. Reviews payroll register Common controls adopted by
received different entities in this department
2. Prepares check and have it include:
signed by authorized signatories* • Separate bank account should be
3. Distributes checks to maintained exclusively for payroll
employees disbursements o On a surprise basis,
an employee independent from
4. Prepares daily summary
payroll and user departments may
which is to be forwarded to
distribute paychecks. The purpose of
general accounting this is to identify whether or not
*Note: Most companies disburse fictitious employees exist o
payroll through bank fund transfers Unclaimed payroll checks shall be re-
from company's payroll fund to deposited to the bank
individual employees' payroll
account. In this case, the treasury
department should be the one
authorizing the bank transfer.

Controls

E. Accounting department
Primary objective: To provide reasonable assurance that items related
to payroll are appropriately classified and recorded in correct
accounting period at appropriate amounts
• Inventory: Records inventoriable labor costs to appropriate jobs or
customers account and forward a daily summary to general
aCCOunting.
• General: Reviews daily summaries and documents received from
payroll Treasury and Inventory departments. It records the
recognition of payroll related expenses and liabilities in the general
journal.

Presented on the next page is a flowchart illustrating the interactions

between departments involved in the human resources and payroll cycle
and the documents used in the process.
Page 264
 Controls
7
 Controls

PRODUCTION OR CONVERSION CYCLE

Production or conversion cycle covers the production of entity's product for sale
It is where materials, labor and overhead are converted into finished goods
The primary objective of this cycle is the proper valuation of inventories
and cost of goods sold. Such objective encompasses the proper allocation
of costs to each run made by the production department. In order to
attain this, the Production department uses inputs from the expenditure
and disbursement cycle and provides resources and information to
revenue and receipt cycle.
The details of the processes used in this cycle have been discussed in Cost
Accounting course. The focus of this discussion will be purely on controls
over custody of resources involved, authorization of activities, and
recording of transactions.

Summary of control-related duties and responsibilities

 Duties and Person/s assigned to perform Procedures performed by
responsibilities the function auditor
Custody Physical custody of materials Auditor observes physical and labor
documents is count and reconciles the normally held by the
result of such count to production department. entitVs
records.
Since most of the assets here If held by other parties, are
highly susceptible to theft auditor may send and
misappropriation, confirmation requests to adequate
physical controls the custodian (e.g. thirdmust be
implemented. party warehouses, consignees, agents, or
branches)
Authorization The production department is Auditor reviews authorized to make
normal production orders and production runs. related
documents However, in case of special supporting production
runs (to meet a special order), runs made by the authorization
must come from department to determine the board of
directors or its whether it bears the authorized representative.
necessary authorization.

page 266
 then

FINANCE AND INVESTMENT CYCLE

Finance and investment cycle generally involves three major categories of
transactiOnS: investments, long-term debts, and shareholders' equity. It covers
complicated processes such as accounting for investments, mergers, long-term
liabilities, and equity transactions.
This cycle normally involves few but significant amounts of resources. Thus,
auditor commonly employs substantive testing to gather sufficient appropriate
evidence. However, it must be noted that prior to designing of substantive test
procedures, control-related duties and responsibilities is one of the major
considerations of the auditor.
With this, similar with the production or conversion cycle, the focus of this
discussion will be on the different controls over custody, authorization, and
recording of the different transactions covered by this cycle.

Summary of control-related duties and responsibilities

Finance cycle
Duties and Person/s assigned to perform Procedures
responsibilities the function performed by
auditor
Custody Unissued equity and debt Auditor inquires
certificates must be kept by directly to
appropriate internal official assigned
(e.g. Corporate Secretary) or custodians.
independent external If held internally,
custodian. auditor observes
the accounting of
unissued
certificates.
Authorization As mentioned, transactions Auditor reviews
covered in this cycle involve minutes of the
large amounts of cash or board of directors'
other resources. With this, meetings.
 transactions shall be
approved by the board of
directors.

Page 267
of the

entries.
of and
ledgers

IMPORTANT NOTES:
1. In case of settlement of equity or debt securities previously issued, the
certificate is cancelled thru perforation (e.g. the certificate is defaced). The
purpose of this is to avoid duplicate payments. The SIUPporting records
and documents are then kept as audit trail of the transactions.
2. In case of debt instruments, the general accounting shall appropriately
monitor any accruing interests from the liabilities.

Investment cycle
Duties and Person/s assigned to Procedures
responsibilities perform the function performed by
auditor
Custody Generally, investment Auditor inquires
certificates are kept as directly to assigned
follows: o Negotiable custodians thru
certificates — brokerage sending of
account e Titles to real estate confirmation
— may be kept in a safe with requests.
the entity or bank safe deposit
box If held
internally,
the auditor
observes the
 accounting
for
certificates
held.
Authorization As mentioned, transactions Auditor reviews
covered in this cycle involve minutes of the
large amounts of cash or board of directors'
other resources. With this, meetings.
transactions shall be
approved by the board of
directors or by an
investment committee.

Page 268

chapter
Recording

IMPORTANT
 —

CHAPTER 8
CONSIDERATION OF FRAUD, ERROR
AND NON-COMPLIANCE

Chapter Overview and Objectives:

This chapter discusses the auditor's consideration of fraud, error and

noncompliance in audits of financial statements. At the end of this chapter,
readers should be able to discuss the following:
I. Primary causes of material misstatements
2. Definition of fraud and its types
3. Fraud in comparison with error
4. Characteristics of fraud
5. Responsibilities for the prevention and detection of fraud
6. Responsibilities of the auditor over fraud
7. Audit procedures and documentation relating to fraud
8. Consideration of laws and regulations and non-compliance
9. Responsibilities of the auditor for laws, regulations and non-compliance
10. Audit procedures and documentation relating to laws, regulation and
non-compliance
11. Examples of fraud risk factors, indications of possibility of fraud and
indications of non-compliance

Relevant References:
PSA 240 - The Auditor's Responsibilities Relating to Fraud in an Audit of Financial
Statements

PSA 250 (Revised) - Consideration of Laws and Regulations in an Audit of

Financial Statements

PSA 260 - Communication with Those Charged with Governance

 Page 285

-
As luditor established earlier, the objective of an audit of financial statements is for the

to obtain reasonable assurance about whether the financial as a

whole are free from material misstatement, whether due to fraud or
error thereby enabling the auditor to express an opinion on whether
the financial statements are prepared, in all material respects, in
accordance with an applicable financial reporting framework.

From the above objective, fraud and error are the primary causes of material
misstatement that could affect the financial statements. PSA 240 even
explici
tly provided that misstatements in the financial statements can arise from
either fraud or error. Thus, it is only appropriate for the auditor to consider
these items in an audit of financial statements.
 Definition
For audit of financial statements purposes, the following are the definition
fraud and error.

Error refers to an unintentional misstatement in financial statements,

the omission of an amount or a disclosure, such as the following:
> A mistake in gathering or processing data from which statements
are prepared.
> An incorrect accounting estimate arising from oversight
misinterpretation of facts.
A mistake in the application of accounting principles relating
measurement, recognition, classification, presentation or
disclosure.

Fraud (previously known as irregularities) refers to an intentional act by more

individuals among management, those charged with governance' employees,
or third parties, involving the use of deception to obtain an unjust illegal
FRAUD AND
advantage. TheERROR
person committing a fraudulent activity is called fraudster.

Although fraud is a broad legal concept, for the purposes of the PSAs, the auditor is
concerned with fraud that causes a material misstatement in the financial
statements.
 NOTE: The distinguishing factor between fraud and error is whether the
underlying actions that result in the misstatements of the financial
statements are intentional or unintentional.

286
page

Types of Fraud
The two types of intentional misstatements relevant to the auditors are
misstatements resulting from the following:
financial reporting involves intentional misstatements
including of amounts or disclosures in financial statements to
deceive statement users.
Fraudulent financial reporting (FFR)
1,
Fraudulent omissionS
financial

FFR can be caused by the efforts of management to manage earnings in

order to deceive financial statement users by influencing their perceptions
as to the entity's performance and profitability.

FFR may be accomplished by the following:

v/ Manipulation, falsification (including forgery), or alteration Of
accounting records or supporting documentation from which the
financial statements are prepared.
Misrepresentation in, or intentional omission from, the financial
statements of events, transactions or other significant information.
s/ Intentional misapplication of accounting principles relating to amounts,
classification, manner of presentation, or disclosure.

FFR often involves management override of controls that otherwise

may appear to be operating effectively. FFR can be committed by
management overriding controls using such techniques as:
Recording fictitious journal entries, particularly close to the end of
an accounting period, to manipulate operating results or achieve
other objectives;
Inappropriately adjusting assumptions and changing judgments used to
estimate account balances;
 Omitting, advancing or delaying recognition in the financial
statements of events and transactions that have occurred during
the reporting period;
Concealing, or not disclosing, facts that could affect the amounts
recorded in the financial statements;
Engaging in complex transactions that are structured to
misrepresent the financial position or financial performance of the
entity; and Altering records and terms related to significant and
unusual transactions.

2. Misappropriation of assets (MOA)

Misappropriation of assets involves the theft of an entity's assets
MOA is often accompanied by false or misleading records or
documents in order to conceal the fact that the assets are missing or
have been pledged without proper authorization.

Page 287
 MOA can be accomplished in a variety of ways including:

Embezzling receipts (for example, misappropriating collections on

accounts receivable or diverting receipts in respect of written_Off
accounts to personal bank accounts); v/ Stealing physical assets or
intellectual property (for example, stealing inventory for personal use or
for sale, stealing scrap for resale, colluding with a competitor by
disclosing technological data in return for payment);
Causing an entity to pay for goods and services not received (for
example, payments to fictitious vendors, kickbacks paid by Vendors to
the entity's purchasing agents in return for inflating prices, payments to
fictitious employees); and v/ Using an entity's assets for personal use (for
example, using the entity's assets as collateral for a personal loan or a
loan to a related party).

Summary — Primary Causes of Material Misstatements

Fraud Error
Various types (e.g.
Fraudulent rounding,
financial Misappropriation transposition,
Types
reporting of assets (MOA) errors of
(FFR) commission and
omissions)
Intentional. To
conceal assets that
Intentional.
are missing/
Intention To deceive FS Unintentional.
pledged without
users
proper
authorization
Management
Committed override of Theft of entitvs Mistake;
through controls assets misinterpretation
(MOOC)
Impact on audit procedures
Nature More extensive Less extensive
Timing Closer to period-end Interim period
Lower sample
Extent Higher sample sizes and procedures sizes and
procedures

Page 288

Other types of fraud

 Other types of fraud that may be relevant to audit of financial statements
Management fraud refers to fraud involving one or more members of
management or those charged with governance. This type of fraud is
commonly associated to FFR since FFR usually involves members of
the management and those charged with governance.
Employee fraud refers to fraud involving only employees of the entity. This
type of fraud is commonly associated to MOA since MOA is often
perpetrated by employees in relatively small and immaterial amounts
include
IMPORTANT NOTES:
•e/ Employee fraud can also involve management who are usually
more able to disguise or conceal misappropriations in ways that
are difficult to detect.
Employees could also take part in committing FFR.
Fraudulent activities that could affect the entity s financial
statements may be committed by management and or employees
with or without the participation of an outsider or other parties.

Characteristics of Fraud
Fraud involves (1) incentive or pressure to commit fraud, (2) a perceived
opportunity to do so and (3) some rationalization of the act.
Examples (lifted from PSA 240):
Incentive or pressure to commit fraudulent financial reporting may exist when
management is under pressure, from sources outside or inside the entity, to
achieve an expected (and perhaps unrealistic) earnings target or financial
outcome — particularly since the consequences to management for failing
to meet financial goals can be significant. Similarly, individuals may have an
incentive to misappropriate assets, for example, because the individuals are
living beyond their means.

A perceived opportunity to commit fraud may exist when an individual

believes internal control can be overridden, for example, because the
individual is in a position of trust or has knowledge of specific weaknesses
in internal control.
Individuals may be able to rationalize committing a fraudulent act. Some
individuals possess an attitude, character or set of ethical values that allow
them knowingly and intentionally to commit a dishonest act. However, even
otherwise honest individuals can commit fraud in an environment that
imposes sufficient pressure on them.
This concept is more popularly known as the fraud triangle or fraudulent
triangular.

Responsibility for the prevention and detection of fraud

The primary responsibility for the prevention and detection of fraud rests
With both those charged with governance of the entity and management.
Management means such personnel who are responsible to perform day
to day functions of the business, internal controls and for making
financial statements.
Those charged with governance means such personnel who Will
supervise the performance of management and are responsible for
approving financial statements.
Specific responsibilities of management include the following:
1. It is important that management, with the oversight of those charged with
governance, place a strong emphasis on fraud prevention, which may
reduce opportunities for fraud to take place, and fraud deterrence, which
could persuade individuals not to commit fraud because of the likelihood
of detection and punishment. This involves a commitment to creating a
culture of honesty and ethical behavior which can be reinforced by an
active oversight by those charged with governance.
2. It is the responsibility of management, with oversight from those charged
with governance, to establish a control environment and maintain policies
and procedures to assist in achieving the objective of ensuring, as far as
possible, the orderly and efficient conduct of the entity's business.
 3. It is the responsibility of those charged with governance of the entity to
ensure, through oversight of management, that the entity establishes and
maintains internal control to provide reasonable assurance with regard to
reliability of financial reporting, effectiveness and efficiency of operations
and compliance with applicable laws and regulations.

Responsibilities of the Auditor

When considering fraud, the objectives of the auditor are:
To identify and assess the risks of material misstatement of the financial
statements due to fraud;
To obtain sufficient appropriate audit evidence about the
assessed risks of material misstatement due to fraud, through
designing and implementing appropriate responses; and s/ To
respond appropriately to identified or suspected fraud

Page 290

In order to attain these objectives, the auditor shall consider and observe the
following:
1. Overall objective of the audit
An auditor conducting an audit in accordance with PSAs obtains
reasonable assurance that the financial statements taken as a whole are
free from material misstatement, whether caused by fraud or error.

2. Inherent limitations of an audit in the context of fraud

a. Owing to the inherent limitations of an audit, there is an unavoidable
risk that some material misstatements of the financial statements will
not be detected, even though the audit is properly planned and
performed in accordance with PSAs.

b. The risk of not detecting a material misstatement resulting from fraud

is higher than the risk of not detecting a material misstatement
resulting from error because fraud may involve sophisticated and
carefully organized schemes designed to conceal it, such as forgery,
deliberate failure to record transactions, or intentional
misrepresentations being made to the auditor.
c. The risk of the auditor not detecting a material misstatement resulting
from management fraud is greater than for employee fraud, because
 management is frequently in a position to directly or indirectly
manipulate accounting records and present fraudulent financial
information.
d. The subsequent discovery of a material misstatement of the financial
statements resulting from fraud does not, in and of itself, indicate a
failure to comply with PSAs.

3. Professional skepticism
Professional skepticism is an attitude that includes a questioning mind and
a critical assessment of audit evidence. Professional skepticism requires an
ongoing questioning of whether the information and audit evidence
obtained suggests that a material misstatement due to fraud may exist.
When obtaining reasonable assurance, an auditor maintains an attitude of
professional skepticism throughout the audit, considers the potential for
management override of controls and recognizes the fact that audit
procedures that are effective for detecting error may not be appropriate in
the context of an identified risk of material misstatement due to fraud.
 The auditor should maintain an attitude of professional skepticism
throughout the audit, recognizing the possibility that a material
misstatement due to fraud could exist, notwithstanding the auditor's
past experience with the entity about the honesty and integrity of
management and those charged with governance.
An example of application of professional skepticism is: were responses
to inquiries of management or those charged with governance are
inconsistent the auditor shall investigate the inconsistencies.

4. Discussion among the Engagement Team

Members of the engagement team should discuss the susceptibility of
the entity's financial statements to material misstatement due to fraud.

Prior to or in conjunction with obtaining information to identify risks

of fraud the audit team should discuss the potential for a material
misstatement due to fraud, including o Fraud Brainstorming -
Exchanging of ideas among team members about how and where the
financial statements might be susceptible to fraud, how management
could perpetrate and conceal fraudulent financial reporting, and how
assets could be misappropriated.
• Fraud Discussion - Emphasizing the importance of maintaining the
proper state of mind regarding the potential for material
misstatement due to fraud
The discussion should
a. Include consideration of known factors affecting
incentives/pressures for fraud, opportunities, and culture or
environment that enables management to rationalize committing
fraud
b. Emphasize the need to maintain a questioning mind and to exercise
professional skepticism
c. Include key members of the audit team
• If multiple locations are involved, there could be multipl e
discussions in different locations.
• It may be useful to include any specialists assigned to the audit
team in the discussion.

AUDIT PROCEDURES
Risk Assessment Procedures and Related Activities
In planning and performing the audit to reduce audit risk to an acceptably
IOW level, the auditor should consider the risks of material misstatements
in the
financial statements whether due to fraud or error. The auditor
shall

Aim... Believe... Claim... Page 292

1. Obtain an understanding of the entity and its environment

As required by PSA 315, to obtain an understanding of the entity and
its environment, including its internal control, the auditor performs
risk assessment procedures. As part of this work, the auditor
performs the following procedures to obtain information that is used to
identify the risks of material misstatement due to fraud:
a. Makes inquiries of management, of those charged with governance,
and of others within the entity as appropriate and obtains an
understanding of how those charged with governance exercise
oversight of management's processes for identifying and responding
to the risks of fraud and the internal control that management has
established to mitigate these risks.

When obtaining an understanding of the entity and its environment,

including its internal control, the auditor should make inquiries of
management regarding:
Management's assessment of the risk that the financial statements
may be materially misstated due to fraud;
 Management's process for identifying and responding to the risks of
fraud in the entity, including any specific risks of fraud that
management has identified or account balances, classes of
transactions or disclosures for which a risk of fraud is likely to exist;
Management's communication, if any, to those charged with
governance regarding its processes for identifying and responding to
the risks of fraud in the entity; and
Management's communication, if any, to employees regarding its
views on business practices and ethical behavior.

b. Consider whether one or more fraud risk factors are present.

Fraud risk factors are events or conditions that indicate an incentive
or pressure to commit fraud, or provide an opportunity to commit
fraud. In considering fraud risk factors, the auditor should use
professional judgment in determining whether a risk factor is present
and in identifying and assessing the risk of material misstatement due
to fraud.
A list of fraud risk providers can be found at Appendix C of this book.

c. Considers any unusual or unexpected relationships that have been

identified in performing analytical procedures.
The auditor should consider unusual or unexpected relationships that
have been identified in performing analytical procedures including its
internal control, may indicate risks of material misstatement due to
fraud.
In performing this, the auditor shall:
• Develop expectations about plausible relationships that are
reasonably expected to exist based on the auditor's
understanding of the entity and its environment, including its
internal control.
• Design analytical procedures that will include procedures
related to revenue accounts with the objective of identifying
unusual or unexpected relationships that may indicate risks of
material misstatement due to fraudulent financial reporting,
such as, for example, fictitious sales or significant returns from
customers that might indicate undisclosed side agreements.

d. Considers other information that may be helpful in identifying the risks of

material misstatement due to fraud.
2. Identify and assess the risks of material misstatement due to fraud To
assess the risks of material misstatement due to fraud, the auditor
uses professional judgment and:
• Identifies risks of fraud by considering the information obtained through
performing risk assessment procedures and by considering the classes of
transactions, account balances and disclosures in the financial
statements;
• Relates the identified risks of fraud to what can go wrong at the
assertion level; and
• Considers the likely magnitude of the potential misstatement
including the possibility that the risk might give rise to multiple
misstatements and the likelihood of the risk occurring.

Further Audit Procedures and Related Activities

1. Responses to the risks of material misstatement due to fraud
The auditor should determine overall responses to address the
assessed risks of material misstatement due to fraud at the financial
statement level and should design and perform further audit
procedures whose nature, timing and extent are responsive to the
assessed risks at the assertion level.
The auditor responds to the risks of material misstatement due to fraud in
the following ways:
A response that has an overall effect on how the audit is conducted,
that is, increased professional skepticism and a response involving more
general considerations apart from the specific procedures otherwise
planned.
A response to identified risks at the assertion level involving the nature'
timing and extent of audit procedures to be performed.
 A response to identified risks involving the performance of certain
audit procedures to address the risks of material misstatement due
to fraud involving management override of controls, given the
unpredictable ways in which such override could occur.

In determining overall responses to address the risks of material

misstatement due to fraud at the financial statement level the auditor
should:
Consider the assignment and supervision of personnel;
Consider the accounting policies used by the entity; and
Incorporate an element of unpredictability in the selection of the
nature, timing and extent of audit procedures.

Audit procedures responsive to management override of controls

As discussed earlier, management is in a unique position to perpetrate
fraud because of management's ability to directly or indirectly
manipulate accounting records and prepare fraudulent financial
statements by overriding controls that otherwise appear to be
operating effectively.
To respond to the risk of management override of controls, the auditor
should design and perform audit procedures to:
I. Test the appropriateness of journal entries recorded in the general
ledger and other adjustments made in the preparation of financial
statements;
2. Review accounting estimates for biases that could result in material
misstatement due to fraud; and
3. Obtain an understanding of the business rationale of significant
transactions that the auditor becomes aware of that are outside of
the normal course of business for the entity, or that otherwise
appear to be unusual given the auditor's understanding of the entity
and its environment.

Audit procedures responsive to risks of material misstatement due to

fraud at the assertion level
The auditor's responses to address the assessed risks of material
misstatement due to fraud at the assertion level may include changing
the nature, timing, and extent of audit procedures in the following ways:
The nature of audit procedures to be performed may need to be
changed to obtain audit evidence that is more reliable and relevant
or to obtain additional corroborative information.
 The timing of substantive procedures may need to be modified. The
auditor may conclude that performing substantive testing at or near
the period end better addresses an assessed risk of material
misstatement due to fraud.

Page 295
The extent of the procedures applied reflects the assessment of the
risks of material misstatement due to fraud. For example, increasing
sample sizes or performing analytical procedures at a more detailed
level may be appropriate.

2. Evaluation of audit evidence

The auditor shall evaluate whether analytical procedures that are
Performed at or near the end of the audit when forming an overall
conclusion as to whether the financial statement as a whole are
consistent with the auditor's knowledge of the business indicate a
previously unrecognized risk of material misstatement due to fraud.
When the auditor identifies a misstatement, the auditor should
Consider whether such a misstatement may be indicative of fraud and
if there is such an indication, the auditor should consider the
implications of the misstatement in relation to other aspects of the
audit, particularly the reliability of management representations.
When the auditor confirms that, or is unable to conclude whether, the
financial statements are materially misstated as a result of fraud, the
auditor should consider the implications for the audit.

3. Obtain management representations

The auditor should obtain written representations from management that:
a. It acknowledges its responsibility for the design and
implementation of internal control to prevent and detect fraud;
b. It has disclosed to the auditor the results of its assessment of the
risk that the financial statements may be materially misstated as a
result of fraud;
c. It has disclosed to the auditor its knowledge of fraud or suspected
fraud affecting the entity involving: e Management;
• Employees who have significant roles in internal control; or
• Others where the fraud could have a material effect on the
financial statements; and
d. It has disclosed to the auditor its knowledge of any allegations of
fraud' or suspected fraud, affecting the entity's financial statements
 communicated by employees, former employees, analysts,
regulators or others.

AUDITOR IS UNABLE TO CONTINUE THE ENGAGEMENT

If, as a result of a misstatement resulting from fraud or suspected fraud, the
auditor encounters exceptional circumstances that bring into question the
auditor's ability to continue performing the audit the auditor should:
a. Consider the professional and legal responsibilities applicable in the
circumstances, including whether there is a requirement for the
auditor to report to the person or persons who made the audit
appointment or, in some cases, to regulatory authorities;
b. Consider the possibility of withdrawing from the engagement; and
c. If the auditor withdraws:
o Discuss with the appropriate level of management and those
charged with governance the auditor's withdrawal from the
engagement and the reasons for the withdrawal; and o Consider
whether there is a professional or legal requirement to report to the
person or persons who made the audit appointment or, in some cases,
to regulatory authorities, the auditor's withdrawal from the
engagement and the reasons for the withdrawal.
Such exceptional circumstances can arise, for example, when:
o The entity does not take the appropriate action regarding fraud
that the auditor considers necessary in the circumstances, even when
the fraud is not material to the financial statements; o The auditor's
consideration of the risks of material misstatement due to fraud and
the results of audit tests indicate a significant risk of material and
pervasive fraud; or o The auditor has significant concern about the
competence or integrity of management or those charged with
governance.

COMMUNICATION
Communications to management
The determination of which level of management is the appropriate one is a
matter of professional judgment and is affected by such factors as the
likelihood of collusion and the nature and magnitude of the suspected fraud.
Ordinarily, the
appropriate level of management is at least one level above the persons who
appear to be involved with the suspected fraud.

If the auditor has identified a fraud or has obtained information that

indicates that a fraud may exist, the auditor should communicate these
matters as soon as practicable to the appropriate level of management. This
is so even if the matter might be considered inconsequential (for example, a
minor defalcation by an employee at a low level in the entity's organization).

Page 297
Communications with those charged with governance
The auditor should communicate the following matters to those charged
with governance as soon as practicable either in writing or orally.
1. When the auditor has identified fraud involving management,
employees who have significant roles in internal control or others where
the fraud results in a material misstatement in the financial statements
2. Significant deficiency in the design or implementation of internal control
to prevent and detect fraud which may have come to the auditor's
attention
Moreover, if the integrity or honesty of management or those charged with
governance is doubted, the auditor considers seeking legal advice to assist
in the determination of the appropriate course of action.

Communications to Regulatory and Enforcement Authorities

The auditor's professional duty to maintain the confidentiality of client
information may preclude reporting fraud to a party outside the client
entity. The auditor considers obtaining legal advice to determine the
appropriate course of action in such circumstances.
However, in certain circumstances, the duty of confidentiality may be
overridden by regulatory requirements, statute, the law or courts of law.
Examples (lifted from PSA 240)
Under a BSP requirement, the auditor of a financial institution has a
statutory duty to report the occurrence of fraud to the BSP.
v/ Under an SEC requirement, the auditor has a duty to report material
audit findings, such as those involving fraud or error, in those cases
where management and those charged with governance fail to
report those findings to the SEC within the prescribed period.

DOCUMENTATION
 The items related to fraud listed below are required to be documented.
The extent to which these matters are documented is for the auditor to
determine using professional judgment.
1. The documentation of the auditor's understanding of the entity and its
environment and the auditor's assessment of the risks of material
misstatement should include:
a. The significant decisions reached during the discussion among the
engagement team regarding the susceptibility of the entity's financial
statements to material misstatement due to fraud; and
b. The identified and assessed risks of material misstatement due to
fraud at the financial statement level and at the assertion level.
 2. The documentation of the auditor's responses to the assessed risks of
material misstatement should include:
a. The overall responses to the assessed risks of material misstatements
due to fraud at the financial statement level and the nature, timing and
extent of audit procedures, and the linkage of those procedures with
the assessed risks of material misstatement due to fraud at the
assertion level; and
b. The results of the audit procedures, including those designed to
address the risk of management override of controls.

3. The auditor should document communications about fraud made to

management, those charged with governance, regulators and others.

4. When the auditor has concluded that the presumption that there is a risk of
material misstatement due to fraud related to revenue recognition is not
applicable in the circumstances of the engagement, the auditor should
document the reasons for that conclusion.

CONSIDERATION OF LAWS AND REGULATIONS

The effect on financial statements of laws and regulations varies considerably.
Some entities operate in heavily regulated industries such as banks and chemical
companies. Others are subject only to the many laws and regulations that
relate generally to the operating aspects of the business such as those related
to occupational safety and health, and equal employment opportunity. Those
laws and regulations to which an entity is subject constitute the legal and
regulatory framework.

Some laws or regulations have a direct effect on the financial statements

in that they determine the reported amounts and disclosures in an
entity's financial statements. Other laws or regulations are to be
complied with by management or set the provisions under which the
entity is allowed to conduct its business but do not have a direct effect on
an entity's financial statements.
Non-compliance with laws and regulations may result in fines, litigation or
other consequences for the entity that may have a material effect on the

financial statements.

NON-COMPLIANCE
Non-compliance (previously referred to as illegal acts) pertains to acts of
omission or commission, intentional or unintentional, committed by the
or
entity, by those charged with governance, by management or by other
individuals Working for or under the direction of the entity, which are
contrary to the Prevailing laws or regulations. Non-compliance does not
include personal misconduct (unrelated to the business activities of the
entity).

Such acts include transactions entered into by, or in the name of, the entity,
or on its behalf, by those charged with governance, management or
employees.
Non-compliance does not include personal misconduct (unrelated to the
business activities Of the entity) by those charged with governance,
management or employees of the entity.

Responsibility for the compliance with laws and regulations

It is the responsibility of management, with the oversight of those charged
with governance, to ensure that the entity's operations are conducted in
aCCOrdance with laws and regulations, including compliance with the
provisions of laws and regulations that determine the reported amounts and
disclosures in an entity's financial statements.
Consequently, the responsibility for the prevention and detection of
noncompliance rests with management and those charged with governance.
The following policies and procedures, among others, may assist those
charged with governance and management in discharging its responsibilities
for the prevention and detection of noncompliance:
Monitoring legal requirements and ensuring that operating
procedures are designed to meet these requirements.
Instituting and operating appropriate systems of internal control.
Developing, publicizing and following a Code of Conduct.
Ensuring employees are properly trained and understand the Code of
Conduct.
Monitoring compliance with the Code of Conduct and acting
appropriately to discipline employees who fail to comply with it.
Engaging legal advisors to assist in monitoring legal requirements.
Maintaining a register of significant laws with which the entity has to
comply within its particular industry and a record of complaints.
In larger entities, these policies and procedures may be supplemented by
assigning appropriate responsibilities to:
An internal audit function.
An audit committee.
A compliance function.
Responsibilities of the Auditor
The auditor is not, and cannot be held responsible for preventing
noncomplianæ•
The fact that an annual audit is carried out may, however, act as a
deterrent•

page
When considering laws and regulations, the objectives of the auditor are:
v/ To obtain sufficient appropriate audit evidence regarding compliance
with the provisions of those laws and regulations generally recognized
to have a direct effect on the determination of material amounts and
disclosures in the financial statements; v/ To perform specified audit
procedures to help identify instances of noncompliance with other laws
and regulations that may have a material effect on the financial
statements; and
To respond appropriately to non-compliance or suspected
noncompliance with laws and regulations identified during the audit.

In order to attain these objectives, the auditor shall consider and observe the
following:
1. Overall objective of the audit
An auditor conducting an audit in accordance with PSAs obtains
reasonable assurance that the financial statements taken as a whole are
free from material misstatement, whether caused by fraud or error.

2. Inherent limitations of an audit in the context of fraud

An audit is subject to the unavoidable risk that some material
misstatements of the financial statements will not be detected, even
though the audit is properly planned and performed in accordance with
PSAs. This risk is higher with regard to material misstatements resulting
from noncompliance with laws and regulations due to factors such as:
There are many laws and regulations, relating principally to the
operating aspects of the entity, that typically do not have a material
effect on the financial statements and are not captured by the
entity's information systems relevant to the audit.
Noncompliance may involve conduct designed to conceal it, such as
collusion, forgery, deliberate failure to record transactions, senior
management override of controls or intentional misrepresentations
being made to the auditor.
 Much of the evidence obtained by the auditor is persuasive rather than
conclusive in nature.
Whether an act constitutes non-compliance is ultimately a matter for
legal determination by a court of law.

3. Professional skepticism
The auditor should plan and perform the audit with an attitude of
professional skepticism recognizing that the audit may reveal conditions
or events that would lead to questioning whether an entity is complying
with laws and regulations.
GENERAL AUDIT PROCEDURES
1. Risk assessment procedures and related activities
When planning and performing audit procedures and in evaluating and
reporting the results thereof, the auditor should recognize that
noncompliance by the entity with laws and regulations may materially
affect the financial statements. However, an audit cannot be expected
to detect noncompliance with all laws and regulations.

In order to plan the audit, the auditor should obtain a general

Understanding of the legal and regulatory framework applicable to the
entity and the industry and how the entity is complying with that
framework.
To obtain the general understanding of laws and regulations, the auditor
would ordinarily:
Use the existing knowledge of the entity's industry and business.
Inquire of management concerning the entity's policies and
procedures regarding compliance with laws and regulations.
Inquire of management as to the laws or regulations that may be
expected to have a fundamental effect on the operations of the
entity. Discuss with management the policies or procedures
adopted for identifying, evaluating and accounting for litigation
claims and assessments.
Discuss the legal and regulatory framework with auditors of
subsidiaries in other countries (for example, if the subsidiary is
required to adhere to the securities regulations of the parent
company).

After obtaining the general understanding, the auditor should perform

procedures to help identify instances of noncompliance with those
laws and regulations where noncompliance should be considered when
preparing financial statements, specifically:
Inquiring of management as to whether the entity is in compliance
with such laws and regulations.
Inspecting correspondence with the relevant licensing or regulatory
authorities.

2. Further audit procedures

The auditor should obtain sufficient appropriate audit evidence
regarding compliance with those laws and regulations generally
recognized by the auditor to have a direct effect on the determination
of material amounts and disclosures in financial statements.
 Of
During the audit, the auditor should be alert to the fact that procedures
applied for the purpose of forming an opinion on the financial statements
may bring instances of possible noncompliance with laws and regulations
to the auditor's attention.
ExampleS of instances indicating possible non-compliance are provided at
Appendix C of this book.

3. Management representations
The auditor shall request management, and where appropriate, those
charge with governance, to provide written representations that all
known actual or possible noncompliance with laws and regulations whose
effects should be considered when preparing financial statements have
been disclosed to the auditor.

AUDIT PROCEDURES WHEN NON-COMPLIANCE IS IDENTIFIED OR SUSPECTED

When the auditor becomes aware of information concerning a possible
instance of noncompliance, the auditor shall perform the following
procedures
1. The auditor shall obtain:
s/ An understanding of the nature of the act and the circumstances in
which it has occurred Sufficient other information to evaluate the
possible effect on the financial statements.

2. If the auditor suspects there may be non-compliance, the auditor shall

discuss the matter with management and, where appropriate, those charged
with governance. The purpose of this is to obtain sufficient information that
supports that the entity is in compliance with laws and regulations when, in
the auditor's judgment, the effect of the suspected noncompliance may be
material to the financial statements.
v/ If management or, as appropriate, those charged with governance do
not provide sufficient information the auditor shall consider the need
to obtain legal advice.
v/ If sufficient information about suspected non-compliance cannot be
obtained, the auditor shall evaluate the effect of the lack of sufficient
appropriate audit evidence on the auditor's opinion.
3
. The auditor shall evaluate the implications of non-compliance in relation to
Other aspects of the audit, including the auditor's risk assessment and the
reliability of written representations, and take appropriate action.
 4. The auditor may discuss the findings with those charged with
gOVernance where they may be able to provide additional audit
evidence. For example the auditor may confirm that those charged
with governance have the same understanding of the facts and
circumstances relevant to transactions or events that have led to the
possibility Of non-compliance with laws and regulations.

REPORTING OF NONCOMPLIANCE
To Those Charged with Governance
Unless all of those charged with governance are involved in management of
the entity, the auditor shall communicate with those charged with
governance matters involving non-compliance with laws and regulations
that come to the auditor's attention during the course of the audit, other
than when the matters are clearly inconsequential.
If, in the auditor's judgment, the non-compliance referred is believed to be
intentional and material, the auditor shall communicate the matter to
those charged with governance as soon as practicable.
If the auditor suspects that management or those charged with
governance are involved in non-compliance, the auditor shall communicate
the matter to the next higher level of authority at the entity, if it exists,
such as an audit committee or supervisory board. Where no higher
authority exists, or if the auditor believes that the communication may not
be acted upon or is unsure as to the person to whom to report, the auditor
shall consider the need to obtain legal advice.

Moreover, in certain cases, communication with management or those

charged with governance may be restricted or prohibited by law or
regulation.
Example (lifted from PSA 250 Revised)
Tipping-off provisions that might prejudice an investigation by an appropriate
authority into an actual, or suspected, non-compliance.

In the Auditor's Report on the Financial Statements

The following are the possible effects of non-compliance in the auditor's
report: 1. If the auditor concludes that the non-compliance has a material
effect on the financial statements, and has not been adequately reflected in
the financial statements, the auditor shall express a qualified or adverse
opinion on the financial statements.

2. If the auditor is precluded by management or those charged with

governance from obtaining sufficient appropriate audit evidence to
evaluate whether noncompliance that may be material to the financial
statements has or is likely to have, occurred, the auditor shall express a
qualified opinion or disclaim an opinion on the financial statements.

Page
chapter 8 — Consideration Of Fraud, Error, and Non-compliance
3. If the auditor is unable to determine whether non-compliance has
occurred becaUSe of limitations imposed by the circumstances rather
than by management or those charged with governance, the auditor
shall evaluate the effect on the auditor's opinion.
4. The auditor may conclude that withdrawal from the engagement is
necessary when the entity does not take the remedial action that the
auditor considers necessary in the circumstances, even when the non-
compliance is not material to the financial statements.

To Regulatory and Enforcement Authorities

If the auditor has identified or suspects non-compliance with laws and
regulations, the auditor shall determine whether the auditor has a
responsibility to report the identified or suspected non-compliance to
parties outside the entity.

Although the auditor's professional duty to maintain the confidentiality of

client information may ordinarily preclude such reporting, the auditor's
legal responsibilities may override the duty of confidentiality in some
circumstances.

communication to an appropriate authority outside the entity may be

required or appropriate in the circumstances because of the following
conditions:
I. Law, regulation or relevant ethical requirements require the
auditor to report;
Examples (lifted from PSA 250 Revised)
In some jurisdictions, statutory requirements exist for the
auditor of a financial institution to report the occurrence, or
suspected occurrence, of non-compliance with laws and
regulations to a supervisory authority.
 s
/ Misstatements may arise from non-compliance with laws or
regulations and, in some jurisdictions, the auditor may be
required to report misstatements to an appropriate authority in
cases where management or those charged with governance fail
to take corrective action.
2. The auditor has determined reporting is an appropriate action to respond to
identified or suspected non-compliance in accordance with relevant
Aim... Believe... Claim...
Page 305
Chapter 8 — Consideration Fraud, Error, and Non-compliance
3. Law, regulation or relevant ethical requirements provide the auditor with the right
to do so.
Example (lifted from PSA 250 Revised)
When auditing the financial statements of financial institutions, the auditor may have the right
under law or regulation to discuss matters such as identified or suspected non-compliance
with laws and regulations With a supervisory authority.

To Other Auditor
The auditor shall consider the necessity of communicating identified or suspected non-compliance
with laws and regulations to other auditors (e.g. in an audit of group financial statements.

To Proposed Auditor
On receipt of an inquiry from the proposed auditor, the existing auditor should advise whether
there are any professional reasons why the proposed auditor should not accept the
appointment or engagement. The extent to which an existing auditor can discuss the affairs of
a client with a proposed auditor will depend on whether the client's permission to do so has
been obtained and/or the legal or ethical requirements that apply relating to such disclosure.

DOCUMENTATION
The auditor shall include in the audit documentation identified or suspected noncompliance with laws
and regulations and:
v/ The audit procedures performed, the significant professional judgments made and the
conclusions reached thereon; and
 The discussions of significant matters related to the non-compliance with management, those
charged with governance and others, including how management and, where applicable,
those charged with governance have responded to the matter.

The auditor's documentation of findings regarding identified or suspected noncompliance with

laws and regulations may include, for example:
v/ Copies of records or documents.
s/ Minutes of discussions held with management, those charged with governance or parties
outside the entity.

Furthermore, law, regulation or relevant ethical requirements may also set out additional
documentation requirements regarding identified or suspected compliance with laws and
regulations.

Aim... Believe... Claim...

Page 306