Module 1: Audit – An Overview: • Expertise: Auditors have technical

skills that users may lack.

1. What is Auditing? • Remoteness: Stakeholders are often
far removed from company operations.
• Definition: A systematic process of • Financial Consequences: Inaccurate
obtaining and evaluating evidence about assertions financial statements can lead to significant
related to economic actions and events to ensure repercussions.
alignment with established criteria, and
communicating results to interested users. 7. Theoretical Framework of Auditing
• Example: Auditors examine a Key Assumptions:
company’s financial records to verify accuracy and 1. Financial data is verifiable.
fairness. 2. Independence is crucial.
3. No long-term conflicts of interest.
2. Types of Audits 4. Effective internal control systems are
essential.
• Financial Statement Audit: Assesses if 5. Consistent application of GAAP/PFRS.
financial statements are fairly presented under a 6. Continuity in business operations.
financial reporting framework (e.g., GAAP). 7. Auditing benefits the public.
Conducted by external auditors.
• Compliance Audit: Reviews whether Quick Activity:
an organization adheres to specified rules or
regulations. Conducted by government auditors. 1. Differentiate Accounting and Auditing:
• Operational Audit: Evaluates the • Accounting: Focuses on recording and
efficiency and performance of specific organizational summarizing transactions.
units. Conducted by internal auditors. • Auditing: Focuses on verifying the
accuracy of accounting records.
3. Independent Financial Statement Audit 2. Impact of COVID-19 on Auditing:
• Shift to remote audits, reliance on
• Management’s Role: Prepares and technology.
presents the financial statements. • Increased scrutiny on business
• Auditor’s Role: Provides an opinion on continuity and internal controls.
whether the financial statements are free from
material misstatements. The audit provides
reasonable assurance. Module 2: The Professional Standards, including an
expanded explanation of the categories of
4. Limitations of an Audit standards.

• Sampling Risk: Not all transactions 1. What are Professional Standards in Auditing?
are tested.
• Judgment Errors: Errors in applying Professional standards are established guidelines
professional judgment. and benchmarks for auditors to ensure high-quality
• Reliance on Management performance during an audit. They serve to:
Representations: Auditors rely on information
provided by management. • Protect the public interest.
• Client’s Internal Controls: May have • Ensure reliable financial reporting.
inherent weaknesses. • Maintain the integrity and competence
• Nature of Evidence: Audit evidence is of the auditing profession.
persuasive, not conclusive.
2. Generally Accepted Auditing Standards (GAAS)
5. General Principles Governing Audits
• Definition: These are benchmarks or
• Follow the Code of Professional rules that auditors must follow to ensure a
Ethics. consistent level of quality and credibility in their
• Comply with Philippine Standards on work.
Auditing (PSA). • Purpose: To provide a framework for
• Maintain professional skepticism. auditors to conduct their work effectively, ensuring
the fair presentation of financial statements.
6. Why an Independent Audit is Necessary • Minimum Requirement: GAAS serves
as the baseline, meaning all audits must meet or
• Conflict of Interest: Provides unbiased exceed these standards.
reporting.
3. Philippine Standards on Auditing (PSA) • Assigned tasks that match their skills
and experience.
• Definition: Local standards in the • Includes recruitment, performance
Philippines that interpret GAAS for audits conducted evaluation, and career development.
within the country. 6. Engagement Performance:
• Issued By: Auditing and Assurance • Proper supervision, direction, and
Standards Council (AASC). review of the audit work.
• Features: • Includes mechanisms like
• PSA outlines specific responsibilities engagement quality reviews to ensure accuracy and
of independent auditors. compliance.
• Includes practice statements: 7. Monitoring:
Additional resources to guide auditors on how to • Continuous review of the quality
apply standards effectively in real-world scenarios. control system to identify and address weaknesses.
• Example: Conducting periodic internal
4. System of Quality Control inspections of audits performed by the firm.

Quality control systems are policies and processes 5. Quality Control Review
implemented by auditors and firms to ensure
compliance with professional standards. These • Regulation: Governed by the
systems are critical for maintaining the quality and Professional Regulatory Board of Accountancy
integrity of audits. (BOA).
• Quality Review Committee (QRC):
Elements of Quality Control (PSA 220): • Evaluates firms and individual CPAs
applying for accreditation.
1. Leadership Responsibilities for Quality • Ensures compliance with established
on Audits: quality standards before granting permission to
• Leaders within the audit firm must set practice public accountancy.
a tone that emphasizes the importance of audit
quality. 6. Categories of Standards
• This includes promoting adherence to
ethical standards and allocating resources to These standards are divided into three key
support quality. categories that guide auditors through the process of
2. Ethical Requirements: conducting an audit.
• Auditors must demonstrate:
• Integrity: Be honest and A. General Standards
straightforward.
• Objectivity: Avoid conflicts of interest 1. Technical Training and Proficiency:
or undue influence. • Auditors must possess adequate
• Professional Competence & Due Care: knowledge and skills through education, certification,
Perform duties with skill and diligence. and continuous training.
• Confidentiality: Safeguard sensitive • Example: A CPA must keep up-to-date
information. with changes in accounting and auditing standards.
• Professional Behavior: Comply with 2. Independence in Mental Attitude:
laws and avoid actions that discredit the profession. • Auditors must maintain objectivity
3. Independence: and impartiality throughout the engagement.
• Auditors must be free from bias and • Example: Avoiding personal
any relationship that could impair their judgment. relationships or financial interests with the client.
• Example: An auditor cannot audit a 3. Due Professional Care:
company where they have a financial interest. • Auditors must perform their duties
4. Acceptance and Continuance of Client with diligence and follow established standards.
Relationships: • Example: Reviewing all evidence
• Before accepting or continuing a thoroughly and exercising caution in making
client relationship, auditors evaluate: conclusions.
• Risks associated with the client.
• Whether the firm has the capability to B. Standards of Fieldwork
perform the audit.
5. Human Resources: 1. Proper Planning and Supervision:
• Firms must ensure that team • Auditors must create a detailed audit
members are: plan and oversee the execution of tasks by team
• Properly trained and qualified. members.
 • Example: Outlining a schedule for • Primary Role: Express an opinion on
collecting evidence and supervising junior auditors. whether management has fairly presented the
2. Understanding of Internal Controls: information in the financial statements (FS).
• Auditors must assess the client’s • Objective: Obtain reasonable
internal controls to identify potential risks. assurance that the financial statements are free of
• Example: Evaluating if financial material misstatements (whether due to error or
processes prevent fraud or errors. fraud).
3. Sufficient Evidential Matter:
• Auditors must gather enough 2. Difference Between Error and Fraud
evidence to form a reliable opinion.
• Example: Collecting invoices, • Error:
contracts, or other documentation as proof of • Definition: Unintentional
financial transactions. misstatements or omissions in financial statements.
• Examples:
C. Standards of Reporting • Mathematical or clerical mistakes.
• Incorrect accounting estimates.
1. Compliance with GAAP: • Misapplication of accounting policies.
• Financial statements must align with • Fraud:
Generally Accepted Accounting Principles. • Definition: Intentional acts by
• Example: Ensuring that revenue management, employees, or third parties to
recognition policies follow accounting standards. misrepresent financial statements.
2. Consistency in Accounting Principles: • Types:
• Financial reports should maintain 1. Management Fraud (Fraudulent
consistent accounting policies unless changes are Financial Reporting):
disclosed. • Intentional misstatements or
• Example: If a company changes its omissions in FS to deceive users.
inventory valuation method, the change must be • Examples:
explained. • Manipulating records.
3. Adequate Disclosures: • Recording fictitious transactions.
• All material information must be • Intentional misuse of accounting
disclosed to provide transparency to users of policies.
financial statements. 2. Employee Fraud (Misappropriation of
• Example: Reporting contingent Assets):
liabilities like lawsuits. • Theft of assets accompanied by
4. Expression of Opinion: falsified records to conceal the act.
• The auditor’s report must clearly state • Examples:
whether the financial statements are presented fairly. • Embezzling receipts.
• Example: Issuing a “clean” or • Stealing inventory or cash.
unqualified opinion if no material issues are found. • Lapping of accounts receivable.

7. Activity Example: 3. Responsibilities in Fraud and Error (PSA 240)

• Importance of GAAS: Management and Governance Responsibilities:

• Serves as a universal guide for
auditors, ensuring audits are conducted • Management:
systematically and reliably. • Establish a strong control
• Enhances trust in financial reporting, environment.
benefiting both companies and stakeholders. • Implement internal controls to prevent
• How GAAS Helps Auditors: and detect fraud and error.
• Provides a framework to identify risks, • Those Charged with Governance:
assess internal controls, and ensure compliance with • Oversee financial reporting processes
accounting standards. and ensure their integrity.
• Promotes consistency and reduces
the likelihood of errors or oversight. Auditor’s Responsibility:

• Auditors are not responsible for

Module 3: The Auditor’s Responsibility, with detailed preventing fraud or errors.
explanations: • Role:
• Design audit procedures to detect
1. The Auditor’s Responsibility material misstatements in FS due to fraud or error.
 • Obtain reasonable assurance through • Tax evasion.
planned steps: • Insider trading.
1. Inquiries with management about the • Violation of environmental protection
possibility of misstatements. laws.
2. Assess risks related to fraud or error.
3. Perform audit procedures to detect Management’s Responsibility (PSA 250):
material misstatements.
4. Differentiate whether the • Ensure compliance with all applicable
misstatement arose from an error or fraud. laws and regulations.
5. Obtain written representations from • Design and implement controls to
management. detect and prevent noncompliance.
6. Recommend revisions to FS if
misstatements are detected. Auditor’s Responsibility:
7. If fraud is unresolved or impacts the
FS significantly, issue a qualified or disclaimer of • An audit cannot detect all instances of
opinion. noncompliance, but auditors must:
• Focus on instances that have material
4. Fraud Risk Factors effects on the FS.
• Design procedures to identify signs of
Fraud risk factors are conditions that increase the noncompliance.
likelihood of fraud. They can be categorized as • Document findings and discuss them
follows: with management.
• Issue appropriate audit opinions
A. Fraudulent Financial Reporting (Management based on findings:
Fraud): • Qualified or adverse opinion for
significant noncompliance.
1. Management Characteristics: • Disclaimer of opinion if evidence is
• Pressure or dominance over the insufficient.
control environment.
• Examples: High turnover of 6. Audit Phases for Fraud, Errors, and
management, lack of ethics. Noncompliance
2. Industry Conditions:
• Economic or regulatory challenges Auditors approach these issues in three key phases:
impacting the entity.
• Examples: New regulations, declining Planning Phase:
market conditions.
3. Operating Characteristics and • Obtain an understanding of the client’s
Financial Stability: legal and regulatory framework.
• Complex business models or inability • Identify risk factors related to fraud,
to generate cash flows. error, and noncompliance.
• Example: Financial instability despite
reported earnings. Testing Phase:

B. Misappropriation of Assets (Employee Fraud): • Perform specific procedures to gather

evidence.
1. Susceptibility of Assets: • Analyze transactions and internal
• Assets that are easily convertible or controls for indications of fraud, error, or
unprotected are at higher risk. noncompliance.
• Examples: Cash, inventory, small
valuable items. Completion Phase:
2. Lack of Controls:
• Inadequate systems to safeguard • Evaluate the significance of findings.
assets or monitor transactions. • Obtain written representations from
• Examples: Poor documentation, no management regarding their responsibilities.
oversight by management. • Discuss necessary adjustments with
management.
5. Noncompliance with Laws and Regulations • Issue an audit opinion based on the
final evaluation.
• Definition: Acts committed by an
entity that violate prevailing laws or regulations. 7. Activity Example:
• Examples:
 • Error Scenario: • Classification: Transactions are
• Clerical mistake in inventory valuation recorded in the correct accounts.
due to a typo. 2. Assertions about Account Balances:
• Response: Recommend adjustments • Existence: Assets, liabilities, and
to correct the FS. equity balances exist.
• Fraud Scenario: • Rights and Obligations: The entity
• Intentional recording of fictitious sales owns the assets and is responsible for liabilities.
to inflate revenues. • Completeness: All balances that
• Response: Notify management and should be reported are included.
governance, and adjust the FS or qualify the opinion • Valuation and Allocation: Balances are
if unresolved. reported at appropriate amounts.
• Fraud Risk Factors: 3. Assertions about Presentation and
• Example: Large amounts of cash on Disclosure:
hand increase susceptibility to theft. • Completeness: All required
• Auditor’s Role: Strengthen focus on disclosures are included.
internal controls and transaction documentation • Occurrence, Rights, and Obligations:
during testing. Disclosed transactions/events occurred and pertain
to the entity.
• Classification and Understandability:
Module 4.1: The Audit Process – Accepting an Information is clearly presented and classified.
Engagement: • Accuracy and Valuation: Disclosures
are accurate and fairly valued.
1. Overview of the Audit Process
3. Audit Procedures
The audit process begins with the preparation of
financial statements by the entity and involves Auditors perform various procedures to gather
several steps: sufficient appropriate audit evidence. These include:

1. Accepting an Engagement: Deciding 1. Inspection:

whether to accept a new client or retain an existing • Examining records, documents, or
one. tangible assets.
2. Audit Planning: Creating a detailed • Example: Reviewing contracts to verify
audit plan to address key risks. terms.
3. Understanding Internal Controls: 2. Observation:
Evaluating the client’s internal control systems. • Watching processes or procedures
4. Performing Substantive Tests: Testing performed by others.
account balances and transactions. • Example: Observing inventory counts.
5. Completing the Audit: Ensuring the 3. Inquiry:
evidence supports the auditor’s conclusions. • Asking knowledgeable individuals for
6. Issuing a Report: Providing an opinion information.
on the fairness of the financial statements. • Example: Discussing policies with
management.
2. Financial Statement Assertions 4. Confirmation:
• Obtaining direct responses from third
Assertions are claims made by management about parties.
the financial statements. They help auditors focus • Example: Confirming account
their procedures. balances with banks.
5. Computation:
Types of Assertions: • Verifying the mathematical accuracy
of records.
1. Assertions about Classes of • Example: Recalculating depreciation.
Transactions and Events: 6. Analytical Procedures:
• Completeness: All transactions that • Identifying significant trends and
should have been recorded are included. investigating inconsistencies.
• Occurrence: Recorded transactions • Example: Comparing current year
actually occurred. sales to prior years.
• Accuracy: Transactions are recorded
correctly. 4. Accepting an Engagement
• Cutoff: Transactions are recorded in
the correct period. Before accepting an engagement, auditors must
consider:
 • Engagement letters are not usually
1. Competence: sent annually unless:
• The auditor must have the necessary • Significant changes occur (e.g., new
skills and knowledge to perform the engagement. management, revised terms, legal pronouncements).
• Example: Understanding the client’s
industry. 7. Activity Examples
2. Independence:
• The auditor must ensure no threats to 1. Scenarios for Accepting
objectivity or independence exist. Engagements:
• Example: No financial interest in the • Acceptable: A company with
client. transparent financial records and a strong control
3. Ability to Serve the Client Properly: environment.
• The firm must have enough qualified • Rejected: A company with a history of
personnel to complete the audit in compliance with fraudulent activity and uncooperative management.
standards. 2. Importance of Assertions:
4. Integrity of Management: • Assertions guide the auditor in
• Conduct a background check on the planning procedures and identifying areas of
prospective client. potential misstatements.
• Example: Inquiring about the client’s • Example: The existence assertion
reputation and communicating with the predecessor ensures the assets listed actually exist.
auditor.

5. Retention of Existing Clients Module 5: Audit Planning:

• Client relationships are reviewed at 1. Audit Planning Overview

least once a year or after significant events, such as:
• Changes in management or • Purpose: Audit planning ensures:
ownership. • Important areas receive attention.
• Changes in the nature of the client’s • Potential problems are identified early.
business. • Work is completed efficiently and
• Termination of Engagement: effectively.
• Conditions leading to rejection of a • Main Objective: Determine the scope
new client may also result in termination of existing and approach of audit procedures.
engagements.
2. PSA 315: Understanding the Entity and Its
6. Engagement Letter Environment

• A formal contract between the auditor The auditor must gain sufficient understanding of:
and the client, which includes:
1. Objective and scope of the audit. 1. Industry, Regulatory, and Other
2. Management’s responsibility for fair External Factors:
presentation of FS. • Understand the financial reporting
3. Auditor’s responsibility to provide framework and industry-specific risks.
reasonable assurance. • Example: Regulatory changes
4. Limitations of the audit (e.g., material affecting reporting requirements.
misstatements might remain undiscovered). 2. Nature of the Entity:
5. Billing arrangements and terms. • Study the entity’s operations,
6. Requirements for management ownership, and governance structure.
representation letters. 3. Objectives, Strategies, and Related
7. Involvement of others (e.g., experts or Risks:
internal auditors). • Identify risks that may result in
material misstatements.
Importance: 4. Measurement and Review of
Performance:
1. Prevent misunderstandings about the • Review how management evaluates
terms of the engagement. and monitors financial performance.
2. Document the auditor’s acceptance of 5. Internal Control:
the engagement. • Assess how internal controls mitigate
risks.
Recurring Audits:
3. Additional Considerations for New Engagements
 • Impact: Higher inherent risk requires
PSA 510 outlines requirements for new more substantive procedures.
engagements: 2. Control Risk:
• Risk that internal controls fail to
• Ensure opening balances are free of prevent or detect material misstatements.
material misstatements. • Impact: Weak controls increase the
• Verify prior period closing balances need for substantive testing.
are carried forward correctly. 3. Detection Risk:
• Check for consistent application of • Risk that auditor’s procedures fail to
accounting policies. detect material misstatements.
• Impact: Reduced detection risk
4. Developing an Overall Audit Strategy requires more effective substantive procedures.

• Goal: Perform an effective audit at the 7. Relationship Between Materiality and Risk
lowest possible cost.
• Key Considerations: • Inverse Relationship:
• Determine how much evidence is • Lower materiality levels increase audit
needed and when to gather it. risk.
• Use levels of materiality and audit risk • To offset higher audit risk, auditors:
to guide the strategy. 1. Test controls more extensively.
2. Perform more substantive
5. Materiality procedures.

• Definition: Information is material if its 8. Risk Assessment Procedures

omission/misstatement affects users’ decisions.
• Uses: To assess risks, auditors perform:
1. Planning Stage:
• Determine the scope of the audit. 1. Inquiries: Ask management and staff
2. Completion Stage: about risks and processes.
• Evaluate misstatements’ impact on 2. Analytical Procedures: Analyze ratios,
FS. trends, and fluctuations.
• Relationship with Audit Evidence: 3. Observation and Inspection: Observe
• Inverse Relationship: Higher processes and inspect documents.
materiality means less evidence is needed.
• Steps to Determine Materiality: 9. Analytical Procedures
1. Determine Overall Materiality: FS level
(e.g., % of total assets or sales). • Purpose: Understand the client’s
2. Determine Tolerable Misstatement: business, identify risks, and corroborate evidence.
Account-level misstatements. • Steps:
3. Compare aggregate misstatements 1. Develop expectations based on prior
with overall materiality. FS, budgets, or industry averages.
2. Compare expectations with the
6. Audit Risk audited FS.
3. Investigate unexpected differences.
• Definition: The risk that an • Uses:
inappropriate audit opinion is issued on materially • Planning stage: Identify risk areas.
misstated FS. • Substantive testing: Validate
• Audit Risk Model: assertions.
• Audit Risk = Inherent Risk × Control • Completion stage: Review for unusual
Risk × Detection Risk fluctuations.

Components: 10. Audit Plan Documentation

1. Inherent Risk: The planning process concludes with:

• Risk of misstatement without
considering internal controls. 1. Audit Plan:
• Factors: • High-level overview of the audit scope
• Management integrity or aggressive and procedures.
reporting. 2. Audit Program:
• Industry or economic conditions. • Detailed procedures for each audit
• Complexity of transactions. area.
 3. Time Budget: • Example: Changes in customer
• Estimate of time required for each demand affecting revenue recognition.
procedure. 3. Information and Communication
Systems:
11. Activity Examples • Encompass methods and records to:
• Identify and record valid transactions.
1. Why Audit Risk Assessment is • Measure transactions accurately.
Important: • Present information clearly in FS.
• Helps focus resources on high-risk • Communication ensures all personnel
areas. understand their responsibilities regarding internal
• Reduces the likelihood of undetected controls.
material misstatements. 4. Control Activities:
2. Relationship Between Risk • Policies and procedures ensuring
Components and Procedures: management directives are executed.
• Inherent Risk: High risk requires more • Examples:
substantive procedures. • Performance Reviews: Compare
• Control Risk: Weak controls increase actual vs. budgeted results.
substantive testing. • Information Processing: Verify
• Detection Risk: Reduced risk requires transaction accuracy and completeness.
more effective testing, often at year-end and with • Physical Controls: Safeguard assets
larger sample sizes. and data.
• Segregation of Duties: Separate
authorization, recording, and custody functions.
Module 6: Consideration of Internal Control: 5. Monitoring:
• Ongoing assessment of internal
1. Internal Control in Audits control performance.
• Example: Internal audit reviews.
• Definition (PSA 315):
Internal control is a process designed by governance, 3. Steps in Internal Control Consideration
management, and personnel to provide reasonable
assurance regarding: 1. Understanding Internal Control:
1. Reliability of financial reporting. • Obtain knowledge of internal controls
2. Effectiveness and efficiency of through:
operations. • Inquiries with personnel.
3. Compliance with applicable laws and • Observation of operations.
regulations. • Inspection of documents.
• Auditor’s Role: • Walk-Through Test: Trace a
• Auditors evaluate internal controls to transaction from initiation to FS inclusion.
identify risks of material misstatements. 2. Documenting Understanding:
• They are not responsible for • Common methods include:
establishing or maintaining controls—that’s the • Narrative descriptions.
management’s role. • Flowcharts of processes.
• Internal control questionnaires.
2. Components of Internal Control 3. Assessing Control Risk:
• Evaluate the likelihood that controls
1. Control Environment: fail to detect/prevent misstatements.
• Foundation for other components, • High Risk: More substantive testing
influenced by management’s attitudes and values. required.
• Key Elements: • Low Risk: Reliance on controls
• Integrity and ethical values. reduces testing effort.
• Management philosophy and 4. Performing Test of Controls (TOC):
operating style. • TOC evaluates the effectiveness of
• Active governance participation. internal controls through:
• Commitment to competence. • Inquiry: Discuss control effectiveness
• Clear assignment of responsibilities. with knowledgeable personnel.
2. Risk Assessment: • Observation: Watch controls being
• Management identifies and analyzes applied.
business risks. • Inspection: Review documents and
• Auditor’s Focus: Risks affecting the records for evidence of control use.
reliability of financial statements. • Reperformance: Re-execute controls
to verify effectiveness.
 1. Lack of Visible Transaction Trails:
4. Nature and Timing of Tests of Controls • Many transactions are processed
electronically, making it difficult to trace them
• Timing: manually.
• TOCs are often performed during • Example: No physical invoices for
interim visits. online payments.
• Further evidence may be needed for 2. Consistency of Performance:
the remaining period. • Automated systems process data
• Extent: uniformly without manual intervention.
• Depends on control risk level and • Reduces human error but introduces
auditor’s judgment. risks if the system contains errors.
• Larger sample sizes are required for 3. Ease of Access to Data and Programs:
more rigorous testing. • CIS allows authorized users to access
data easily, but it increases vulnerability to
5. Operating Effectiveness vs. Implementation unauthorized access.
4. Concentration of Duties:
• Implementation: • Fewer individuals are needed to
• Confirm that relevant controls exist process data, which may weaken segregation of
and are being used. duties.
• Operating Effectiveness: 5. Systems-Generated Transactions:
• Evaluate if controls are applied • Many transactions (e.g., interest
correctly and consistently during the audit period. computations) are automatically generated, leaving
no physical documentation.
6. Communication of Internal Control Weaknesses 6. Vulnerability of Data Storage Media:
• Electronic data is prone to loss or
• Material Weaknesses: Must be corruption due to hardware failure, unauthorized
reported to appropriate management levels. access, or cyberattacks.
• Documentation:
• Weaknesses are often included in 2. Internal Control in a CIS Environment
formal management letters.
• Auditor’s Limitation: Internal controls in CIS are classified into:
• Auditors are not required to search for
material weaknesses but must report those 1. General Controls:
identified. • Controls that relate to the overall CIS
environment.
7. Importance of Internal Controls in FS Audits • Examples:
• Organization Controls: Clear
Internal controls help: assignment of responsibilities.
• Access Controls: Passwords and
1. Reduce control risk, lowering the other security measures.
extent of substantive tests. • Data Recovery Controls: Regular
2. Ensure accurate and reliable financial backups and offsite storage.
reporting. 2. Application Controls:
3. Prevent or detect material • Controls specific to transaction
misstatements due to fraud or error. processing.
• Categories:
Activity Example • Input Controls: Ensure data is
authorized and accurate (e.g., field checks, validity
1. Symbol for Internal Control: checks).
• A lock and key symbolizes internal • Processing Controls: Ensure
control, as it safeguards valuable information and transactions are processed accurately without
prevents unauthorized access. duplication.
• Importance: Protects FS reliability and • Output Controls: Ensure processed
reduces audit risks. data is accurate and distributed only to authorized
personnel.

Module 7: Auditing in a Computerized Information 3. Tests of Controls in a CIS Environment

Systems (CIS) Environment:
• The auditor’s responsibility is
1. Characteristics of a CIS Environment unchanged, but techniques vary due to
computerization.
 • Assess control risks related to
Techniques: computerized systems.
• Adapt audit techniques to address
1. Testing General Controls: risks unique to CIS environments, such as lack of
• Observing personnel during their transaction trails or system vulnerabilities.
duties.
• Inspecting documentation and 6. Advantages and Disadvantages of CIS in Auditing
security measures.
2. Testing Application Controls: Advantages:
• Audit Around the Computer (Black
Box Approach): 1. Improved Accuracy:
• Focus on input and output without • Automated processes reduce manual
examining data processing. errors.
• Example: Checking invoices against 2. Increased Efficiency:
processed data. • Faster processing of large datasets
• Audit Through the Computer (White using CAATs.
Box Approach): 3. Enhanced Analysis:
• Examines the computer systems • Tools like analytical software can
directly using Computer-Assisted Audit Techniques identify trends and anomalies.
(CAATs).
Disadvantages:
4. Computer-Assisted Audit Techniques (CAATs)
1. Reliance on System Integrity:
CAATs are tools used by auditors to analyze data and • Errors in software can cause
evaluate controls in computerized environments. widespread misstatements.
2. Limited Audit Trails:
Common CAATs: • Transactions may lack physical
documentation, complicating the review process.
1. Test Data: 3. Increased Risk of Cybersecurity
• Auditor inputs test data to check if the Breaches:
client’s system processes valid and invalid • Unauthorized access can compromise
transactions correctly. data integrity.
• Example: Inputting fictitious
transactions to test error detection. Activity Example
2. Integrated Test Facility (ITF):
• Creates fictitious data within the 1. Impact of Computerization on
client’s system for testing purposes without Auditing:
management’s knowledge. • Faster and more reliable audits using
• Ensures the system behaves correctly CAATs.
during actual operations. • Reduced human error but increased
3. Parallel Simulation: dependence on system integrity.
• Auditor develops a separate program 2. Pros and Cons:
to simulate the client’s system and reprocess • Pros:
transactions. • Efficiency, consistency, better error
• Used to compare outputs with the detection.
client’s results. • Cons:
4. Snapshots: • Cybersecurity risks, reliance on
• Captures transactions at various system integrity, lack of manual audit trails.
stages as they pass through the system for detailed
analysis.
5. System Control Audit Review Files Module 8: Performing Substantive Tests:
(SCARF):
• Embeds audit modules within the 1. Substantive Tests Overview
client’s system to continuously monitor transactions.
• Definition: Substantive tests are audit
5. Key Audit Considerations in a CIS Environment procedures designed to detect material
misstatements in financial statements (FS).
• The auditor must: • Purpose: To provide evidence that the
• Understand the client’s CIS FS are free of material misstatements by examining
environment. accounts, transactions, and supporting
documentation.
 • Types of Substantive Tests: • Weak controls require more extensive
1. Analytical Procedures: substantive testing.
• Use data comparisons and
relationships to identify unusual fluctuations. 6. Audit Evidence
2. Tests of Details:
• Directly test account balances and • Definition: Information collected to
underlying transactions. support audit conclusions.
• Sources:
2. Analytical Procedures 1. Underlying Accounting Data:
• Books of accounts, worksheets,
• Definition: Analysis of significant reconciliations.
trends, ratios, and relationships in FS. 2. Corroborating Information:
• Key Steps: • External documents like invoices,
1. Develop expectations using prior FS, contracts, and bank statements.
budgets, or industry averages. • Qualities:
2. Compare expectations with actual FS. • Sufficiency: Adequate volume of
3. Investigate significant differences to evidence.
detect potential misstatements. • Appropriateness: Relevant and reliable
• When to Use: evidence.
• Income statement accounts are more
predictable and suitable for analytical procedures. 7. Audit Documentation / Working Papers
• Useful for accounts less influenced by
management discretion. • Definition: Records that document
audit procedures, evidence, and conclusions.
3. Tests of Details • Functions:
• Primary: Support the auditor’s opinion
• Definition: Directly examines the and compliance with auditing standards.
components of account balances or transactions. • Secondary: Serve as reference for
• Types: future audits or legal defense.
1. Test of Details of Balances: • Types:
• Focus on ending account balances. 1. Permanent File:
• Suitable for accounts with many • Contains recurring information like
immaterial transactions. incorporation documents.
2. Test of Details of Transactions: 2. Current File:
• Focus on individual transactions. • Includes evidence specific to the
• Ideal for accounts with fewer but current audit period.
larger transactions. • Ownership and Confidentiality:
• Working papers are the auditor’s
4. Effectiveness of Substantive Tests property but must be kept confidential unless
required by law or used for defense in litigation.
• Nature:
• Relates to the quality of evidence 8. Auditing Accounting Estimates
gathered (e.g., reliability of external confirmations).
• Timing: • Definition (PSA 540): Accounting
• Higher risks of material estimates approximate values when precise
misstatements require tests closer to year-end. measurements are unavailable.
• Extent: • Auditor’s Role:
• The auditor increases the scope of • Obtain evidence to confirm estimates
substantive tests when risks are higher. are reasonable and disclosed properly.
• Approaches:
5. Relationship Between Substantive Tests and Tests 1. Review management’s process for
of Controls developing estimates.
2. Make independent estimates.
• Tests of Controls: 3. Review subsequent events for
• Provide evidence on whether validation.
misstatements are likely to occur.
• Substantive Tests: 9. Related Parties
• Detect whether misstatements exist in
FS balances. • Definition: Entities or persons with
• Combined Approach: significant influence over the entity’s decisions.
• Responsibilities:
 • Management: Identify and disclose 2. Risks in Sampling
related parties and transactions.
• Auditor: Review disclosures and 1. Sampling Risk:
ensure compliance but cannot guarantee discovery • The possibility that the auditor’s
of all related parties. conclusion from the sample differs from the result if
the entire population were tested.
10. Using the Work of an Auditor’s Expert • Types:
• Alpha Risk (Type I):
• Definition: Experts assist in areas • Incorrect rejection of a population.
requiring specialized knowledge (e.g., valuation, legal • Affects efficiency by increasing
matters). unnecessary audit procedures.
• Types of Experts: • Beta Risk (Type II):
1. Auditor’s Expert: • Incorrect acceptance of a population.
• Engaged by the auditor to obtain • Affects effectiveness by failing to
evidence. detect material misstatements.
2. Management’s Expert: • Controls:
• Engaged by the client for FS • Increase sample size.
preparation. • Use appropriate selection methods.
• Auditor’s Responsibility: 2. Non-Sampling Risk:
• Retain responsibility for the audit • Errors due to human mistakes or
opinion, even when relying on experts. misjudgment.
• Cannot be eliminated even with 100%
11. Considering the Work of Internal Auditors testing.
• Controls:
• Definition: Internal auditors assess • Adequate planning, supervision, and
controls and provide assurance within the entity. review of audit work.
• Steps for External Auditors:
1. Assess internal audit competence, 3. General Approaches to Audit Sampling
objectivity, and scope.
2. Evaluate and test the work of internal 1. Statistical Sampling:
auditors for use in the external audit. • Relies on probability theory.
• Benefits:
Activity Example • Provides a measurable sampling risk.
• Allows for objective evaluation of
1. Substantive Procedures for Petty sample results.
Cash Fund: 2. Non-Statistical Sampling:
• Procedure: Count cash on hand, • Relies on auditor’s judgment for
review vouchers, reconcile balances. sample size and selection.
• Evidence: Petty cash log, receipts, and • Benefits:
physical count results. • Flexible and simpler to apply.
2. Relationship Between Substantive
Tests and Audit Risk: 4. Audit Sampling Plans
• Higher inherent/control risks require
more extensive substantive testing to manage 1. Attribute Sampling:
detection risk. • Used in tests of controls.
• Estimates the frequency of control
deviations in a population.
Module 9: Audit Sampling: 2. Variable Sampling:
• Used in substantive tests.
1. What is Audit Sampling? • Estimates numerical values like
monetary misstatements.
• Definition (PSA 530):
The application of audit procedures to less than 5. Steps in Audit Sampling
100% of the items in a population, allowing all items
to have a chance of selection. 1. Define the Objective:
• Purpose: • Determine whether controls are
• Efficiently gather sufficient and functioning (test of controls).
appropriate audit evidence. • Assess the accuracy of account
• Draw conclusions about the entire balances (substantive testing).
population without testing every item. 2. Determine Procedures:
 • Identify the population and • Used when irregularities are
characteristics to test. suspected.
• Define the conditions that indicate
deviations or misstatements. Activity Examples
3. Determine Sample Size:
• Factors for Test of Controls: 1. Statistical vs. Non-Statistical
• Acceptable sampling risk (inverse Sampling:
relationship with sample size). • Statistical provides measurable risk;
• Tolerable deviation rate (maximum non-statistical is simpler but subjective.
deviation rate auditor will accept). 2. Sampling in Controls vs. Substantive
• Expected deviation rate (direct Testing:
relationship with sample size). • Controls test deviations; substantive
• Factors for Substantive Testing: testing focuses on misstatements.
• Acceptable sampling risk (inverse). 3. Why Use Sampling:
• Tolerable misstatement (inverse). • Testing 100% of a population is
• Expected misstatement (direct). impractical.
• Population variability (measured by • Sampling achieves efficiency while
standard deviation). still obtaining sufficient evidence.
4. Select the Sample:
• Techniques:
• Random number selection. Module 10: Completing the Audit and Post-Audit
• Systematic selection. Responsibilities:
• Haphazard selection (non-statistical
sampling only). 1. Completing the Audit
• Value-weighted selection (substantive
testing). The completion stage focuses on reviewing evidence
5. Apply Audit Procedures: and the final financial statements to form the audit
• Perform the selected audit procedures opinion. Key procedures include:
on the sampled items.
6. Evaluate Sample Results: A. Identifying Subsequent Events
• Test of Controls:
• Compare the sample deviation rate • Definition:
with the tolerable deviation rate. • Events or transactions occurring after
• Assess the likelihood of control risk. the balance sheet date but before the financial
• Substantive Tests: statements (FS) are issued.
• Project misstatements to the entire • Types:
population. 1. Requiring Adjustment:
• Compare projected misstatements • Events providing evidence of
with tolerable misstatements. conditions existing as of the balance sheet date.
• Example: Settlement of a lawsuit that
6. Evaluating Sampling Results confirms a liability existed at year-end.
2. Requiring Disclosure:
• Test of Controls: • Events indicating conditions arising
• If deviations exceed tolerable levels, after the balance sheet date.
control risk is assessed as high, requiring more • Example: Major acquisition or natural
substantive testing. disaster.
• Substantive Testing: • Auditor’s Responsibility:
• If projected misstatements exceed • Obtain sufficient evidence to identify
tolerable levels, conclude that the account balance is subsequent events up to the audit report date.
materially misstated. • No obligation to review events after
the audit report date unless discovered.
7. Additional Sampling Techniques
B. Identifying Contingencies (Litigations, Claims, and
1. Sequential Sampling: Assessments)
• Stops testing early if deviations are
unlikely. • PSA 501 Requirements:
• Suitable when deviations are expected • Identify potential litigation or claims
to be very low. that may materially affect FS.
2. Discovery Sampling: • Collaborate with the client to send
• Focuses on finding at least one legal letters to lawyers.
deviation in a population.
 • Actions if Management Refuses to • Notify those responsible and prevent
Cooperate: reliance on the audit report.
• Consider this a scope limitation and
issue a qualified or disclaimer of opinion. B. Discovery of Omitted Procedures

C. Obtaining Written Management Representation • Steps:

1. Assess the importance of omitted
• Purpose: procedures.
• Acknowledges management’s 2. Perform the omitted or alternative
responsibility for FS preparation. procedures.
• Confirms all information provided is • If the Audit Opinion Becomes
accurate and complete. Inappropriate:
• Requirements: • Discuss with management and advise
• Must be dated near the audit report notifying FS users.
date.
• Must be signed by senior 3. Activity Examples
management (e.g., CEO, CFO).
• Implications if Refused: 1. Why Management Representation
• Consider this a scope limitation and Letters Are Required:
issue a disclaimer of opinion. • Confirms management’s responsibility
for FS accuracy.
D. Performing Wrap-Up Procedures • Complements other audit evidence
but doesn’t replace it.
1. Final Analytical Procedures: 2. Significant Subsequent Events:
• Identify unusual trends or fluctuations • Example: A material asset loss after
missed earlier. the report date but before FS issuance may require
• Evaluate the overall presentation of disclosure or adjustment.
FS. • Reporting Implications:
2. Evaluating the Entity’s Ability to • Adjust the FS for material events.
Continue as a Going Concern: • Use dual dating or reissue the audit
• Assess if there are significant doubts report if necessary.
about the entity’s ability to continue operations.
• Audit Opinion Impact:
• If doubts are disclosed: Unmodified Module 11: The Auditor’s Report on Financial
Opinion with Emphasis of Matter. Statements:
• If doubts are not disclosed: Qualified
or Adverse Opinion. 1. Purpose of the Auditor’s Report
3. Evaluating Audit Findings:
• Prepare a list of adjusting entries for • Objective:
management. • Express an opinion on whether the
• Management’s Decision: financial statements (FS) are prepared fairly and in
• Accepting adjustments: Issue all material respects in accordance with applicable
Unmodified Opinion. financial reporting frameworks (e.g., PFRS).
• Refusing adjustments: Issue Qualified • Key Standard:
or Adverse Opinion. • PSA 700 requires a clear expression
of the auditor’s opinion in the report.
2. Post-Audit Responsibilities
2. The Unmodified Audit Report
Auditors’ responsibilities after the FS have been
issued include addressing newly discovered facts or Issued when:
omitted procedures.
• The FS are free of material
A. Subsequent Discovery of Facts misstatements.
• The applicable financial reporting
• Steps: framework is followed.
1. Discuss the issue with management
to determine if FS revisions are needed. Basic Elements:
2. Advise management to notify FS
users of any significant changes. 1. Title:
• If Management Refuses: • Emphasizes the auditor’s
independence.
 2. Addressee: 3. Disclaimer of Opinion:
• Directed to parties for whom the • Issued when:
report is intended (e.g., shareholders, board of • Scope limitations are both material
directors). and pervasive.
3. Introductory Paragraph: • Phrase: “The auditor has not been
• Identifies the entity, FS audited, and able to obtain sufficient appropriate evidence…”
the applicable period.
4. Management’s Responsibility: Basis for Modification Paragraph:
• Preparation and fair presentation of
FS. • Explains the reason for the modified
• Design and maintenance of internal opinion.
controls. • Placed immediately before the opinion
5. Auditor’s Responsibility: paragraph.
• Conducting the audit in compliance
with PSA. 4. Special Reporting Considerations
• Obtaining sufficient appropriate
evidence to provide a basis for the opinion. 1. Emphasis of Matter Paragraph:
6. Auditor’s Opinion: • Used to highlight significant matters
• States the FS are free of material such as:
misstatements. • Going concern uncertainties.
7. Other Reporting Responsibilities: • Early application of new accounting
• If applicable. standards.
8. Auditor’s Signature: • Major catastrophes.
• Name of the audit firm and personal • Does not modify the opinion.
name of the auditor. • Placed after the opinion paragraph.
9. Date of the Report: 2. Other Matter Paragraph:
• Indicates the completion of audit • Used to address matters not
procedures. disclosed in the FS but relevant to users.
10. Auditor’s Address: 3. Comparative Information:
• PSA 710 defines:
• Location of the auditor’s office. • Comparative FS: Prior period FS are
presented alongside the current FS.
3. Modifications to the Opinion • Corresponding Figures: Comparatives
are integrated into the current FS.
The opinion may be modified due to:
5. Reporting on Special Cases
1. Material Misstatement:
• Issues in the FS such as inappropriate 1. Material Inconsistencies:
accounting policies or inadequate disclosures. • Occurs when other information (e.g.,
2. Scope Limitation: annual reports) contradicts the audited FS.
• Auditor cannot obtain sufficient • Auditor’s Actions:
appropriate evidence. • Recommend corrections.
• Examples: • Include an Other Matter paragraph if
• Client-imposed limitations. not corrected.
• Circumstances beyond the auditor’s 2. Group Financial Statements:
control. • The group auditor oversees
components audited by other auditors.
Types of Modified Opinions: • The report does not refer to
component auditors.
1. Qualified Opinion: 3. Special Purpose FS:
• Issued when: • Prepared using non-standard
• Material misstatements or scope frameworks (e.g., cash basis, regulatory
limitations exist. frameworks).
• The issues are not pervasive. • Audit reports include an Emphasis of
• Phrase: “Except for the effects of the Matter paragraph.
matter described…” 4. Single FS or Specific Elements:
2. Adverse Opinion: • When auditing a single FS (e.g.,
• Issued when: balance sheet) or a specific element (e.g., inventory),
• Misstatements are both material and the auditor expresses a separate opinion for each.
pervasive. 5. Summary Financial Statements:
• Phrase: “The FS do not present fairly…” • Derived from the full FS.
 • Auditor opines whether they are • Objective: Express an opinion on
consistent with the complete FS. whether FS are fairly presented.
• Assurance Level: High/reasonable
6. Activity Examples assurance.
• Procedure: Risk assessment, test of
1. Different Types of Opinions: controls, substantive tests.
• Unmodified Opinion: FS are fairly • Report: Positive assurance.
presented. • Independence: Required.
• Qualified Opinion: Except for a specific 2. Review:
issue, FS are fairly presented. • Objective: Report if anything comes to
• Adverse Opinion: FS are not fairly the practitioner’s attention indicating FS are not fairly
presented. presented.
• Disclaimer of Opinion: Unable to • Assurance Level: Moderate/limited
express an opinion due to insufficient evidence. assurance.
2. Scenarios Affecting Opinions: • Procedure: Inquiry and analytical
• Material Misstatement: Incorrect procedures (no test of controls or corroborating
revenue recognition leads to a qualified or adverse evidence).
opinion. • Report: Negative assurance.
• Scope Limitation: Denied access to • Independence: Required.
inventory records may result in a disclaimer of 3. Compilation:
opinion. • Objective: Assist in preparing FS
without expressing assurance.
• Assurance Level: None.
• Procedure: Assemble FS from client’s
Module 12: Assurance Engagements and Related data.
Services: • Report: Identification of financial
information compiled.
1. Overview of Assurance Engagements • Independence: Not required.
4. Agreed-Upon Procedures:
• Definition (PSA 3000): • Objective: Perform specific audit
Assurance engagements enhance the credibility of procedures agreed upon by the client and third
information by evaluating whether it conforms to parties.
suitable criteria. • Assurance Level: None (provides
• Types of Assurance Engagements: factual findings only).
1. Reasonable Assurance Engagement: • Procedure: As agreed.
• Example: Audit. • Report: Description of procedures
• Provides high assurance. performed and findings.
2. Limited Assurance Engagement: • Independence: Not required.
• Example: Review.
• Provides moderate assurance. 3. Reports on Prospective Financial Information (PFI)

Elements of Assurance Engagements: • Definition:

Financial data based on assumptions about future
1. Three-Party Relationship: events and management actions.
• Practitioner, responsible party, and • Types:
intended users. 1. Forecast:
2. Appropriate Subject Matter: • Based on best-estimate assumptions
• Information relevant to user needs of future events.
(e.g., financial or non-financial data). • Example: Predicted revenue for the
3. Suitable Criteria: next fiscal year.
• Standards against which subject 2. Projection:
matter is evaluated (e.g., PFRS). • Based on hypothetical or mixed
4. Sufficient Appropriate Evidence: assumptions.
• Supports the practitioner’s conclusion. • Example: Revenue estimates
5. Written Assurance Report: assuming a new product launch.
• Communicates findings to intended • PSA 3400 Requirements:
users. • Auditor must obtain evidence that:
• Assumptions are reasonable.
2. Types of Services • PFI is properly prepared and
presented.
1. Audit: • Consistency is maintained
 • Eliminate or reduce threats to
4. Key Differences in Assurance Levels acceptable levels.
Service Objective Level of Report
Assurance Type Types of Threats:

1. Self-Interest Threat:
Audit Provide an High Positive • Financial or personal interests
opinion on Assurance
influence judgment.
FS
• Example: Holding shares in a client’s
Review Highlight Moderate Negative company.
any Assurance 2. Self-Review Threat:
potential • Difficulty objectively evaluating work
issues on previously performed.
FS
• Example: Auditing financial
Compilatio Assist in None Identificati statements you prepared.
n FS on of FS 3. Advocacy Threat:
preparatio • Promoting a client’s interests
n compromises objectivity.
• Example: Representing a client in tax
Agreed-up Perforn None Descriptio
on AU n of disputes.
Procedure procedure findings 4. Familiarity Threat:
s s to report • Close relationships with a client
findings impair objectivity.
• Example: Long-term audit
Activity Examples engagements.
5. Intimidation Threat:
1. Assurance Engagement Example: • Fear of consequences impedes
• An auditor reviews financial data of a objectivity.
company applying for a loan, providing negative • Example: Pressure from a dominant
assurance to the bank. client.
2. Agreed-Upon Procedures Example:
• Auditor checks inventory balances at Safeguards:
year-end based on specific procedures agreed upon
by the client and lenders. • Profession/Regulation-Based:
3. Compilation Example: • Laws, professional standards, and
• Preparing FS for a small business ethics boards.
using client-provided data without expressing • Workplace Safeguards:
assurance. • Internal policies, firm-wide quality
controls, and independent reviews.

Module 13: The Code of Ethics and Republic Act 2. Key Principles of the Code (Part A)
9298:
1. Integrity:
1. The Code of Professional Ethics • Act honestly and truthfully.
2. Objectivity:
• Definition: • Avoid bias and conflicts of interest.
• A set of standards for accountants 3. Professional Competence and Due
demonstrating integrity, objectivity, and public Care:
interest over self-interest. • Maintain up-to-date knowledge and
• Based on the International Federation perform duties with care.
of Accountants (IFAC) Code of Ethics. 4. Confidentiality:
• Protect client information unless
Conceptual Framework Approach: required by law.
5. Professional Behavior:
1. Identify Threats to compliance with • Comply with laws and avoid
fundamental principles. discreditable acts.
2. Evaluate Threats:
• Determine the significance of 3. Republic Act 9298: The Philippine Accountancy
identified threats. Act of 2004
3. Apply Safeguards:
 • Governs the practice, licensure, and 5. Activity Example
regulation of accountancy in the Philippines.
• Enacted on May 13, 2004. 1. Threats and Safeguards Example:
• Threat: Familiarity from long-term
Key Provisions: audit engagements.
• Safeguard: Partner rotation or
1. Regulation of Education and independent quality review.
Licensure: 2. RA 9298’s Contribution to Profession:
• Monitored by the Professional • Sets ethical standards, ensures
Regulatory Board. competent practice, and protects public interest.
• Ensures the quality of the
accountancy profession.
2. Professional Regulatory Board (PRB):
• Composition:
• Chairman and 6 members.
• Qualifications:
• Natural-born Filipino, CPA with 10+
years of experience, and good moral character.
• Functions:
• Monitor practice standards.
• Issue, suspend, or revoke CPA
licenses.
• Oversee CPA examinations and
curricula.
• Term: 3 years (up to a maximum of 12
years).
3. CPA Examination:
• Qualifications:
• Filipino citizen, good moral character,
holder of a BSA degree.
• Scope:
• Includes auditing theory, practice,
taxation, and other major topics.
• Passing Rate:
• 75% general average with no grade
lower than 65% in any subject.
4. Practice of Accountancy:
• Divided into:
• Public Accountancy.
• Commerce and Industry.
• Education.
• Government.

4. Independence Requirements

• Independence of Mind:
• Auditor’s own perception of
independence.
• Independence in Appearance:
• Public’s perception of the auditor’s
independence.

Independence Guidelines:

• No material financial interest in

clients.
• Restrictions on close personal or
business relationships.
• Required rotation of lead audit
partners every 5 years for listed entities.