1.

​ Identify the client’s strategy

○​ Understand what the business is trying to achieve and how they plan to get there.
2.​ Examine the core business processes & resource management
○​ Look at the main activities (like production, sales, HR, finance) and how
resources like money, people, and equipment are handled.
3.​ Detail each key process
○​ For each major process, identify:
■​ Objectives → what the process is supposed to accomplish
■​ Inputs → what goes into the process (data, materials, etc.)
■​ Activities → steps or tasks involved
■​ Outputs → results or products of the process
■​ Systems & transactions → IT systems and specific
financial/non-financial records involved
4.​ Assess risks and controls
○​ Figure out the chances that the process won’t meet its goals.
○​ Check what controls (like checks, approvals, or system safeguards) exist to
prevent or detect those risks.

In essence:​
This version of the risk-based audit zooms in on the company’s core processes and asks,

“Where could things go wrong in achieving the company’s goals, and what’s in place to stop
that?”

Aspect Traditional Approach Risk-Based Approach

Main Focus Finding errors Finding risks

Transaction Volume Small number of transactions Large volume of transactions

Testing Method 100% testing Sample testing

Audit Type Transaction-based Process-based

Control Focus Financial controls only All business process controls

Data Source Manual records System-based data (“soft

data”)

Audit Perception External function Collaborative function

Team Composition Single discipline Multidisciplinary (with subject

matter experts)
Traditional = narrow, detail-heavy, past-oriented
Risk-based = broad, strategic, future-oriented

Factors to Consider in Implementing the Audit Risk Model

1.​ High-risk activities – Transactions or operations with a higher chance of error or

fraud.
2.​ Existence of large transactions – Big-value transactions that could significantly
affect the financial statements.
3.​ Matters requiring judgment or management intervention – Areas where
estimates, assumptions, or decisions by management have a major impact, and
are therefore more prone to bias or error.

Factors to Consider in Implementing the Audit Risk Model

1.​ High-risk activities

○​ Meaning: Activities where there is a greater chance of error or fraud.
○​ Example: A company that handles large amounts of cash daily (like a
retail store) is more prone to cash theft or miscounting.
2.​ Existence of large transactions
○​ Meaning: Transactions with a very high peso value that could significantly
change the financial results if recorded incorrectly.
○​ Example: A construction company buying heavy machinery worth ₱20
million — if recorded wrong, it will greatly affect the balance sheet.
3.​ Matters requiring judgment or management intervention
○​ Meaning: Items in the financial statements that depend on estimates or
decisions made by management.
○​ Example: Estimating the “useful life” of a delivery truck (e.g., 5 years or 8
years) affects depreciation expense and net income.

4. Potential for fraud

●​ Meaning: The chance that someone in the company intentionally misstates the
financial statements. Fraud is harder to detect than accidental errors because it’s
often concealed.
●​ Example: A sales manager records fake sales at year-end to make the
company’s revenue look higher so they can get a performance bonus.
●​ Why it matters: Auditors must be extra cautious because fraud can happen at
any time during the audit, especially if new information points to suspicious
activity.
 Materiality Basis Before After Findings Reason for
Type Findings (Higher Risk) Change

Individual 5% of ₱30,000 ↓ e.g., Significant

item — unaudited net ₱20,000–₱24, control
Income income 000 weaknesses &
Statement (₱600,000) suspected
overstatement
of income →
lower threshold
to catch
smaller errors

Individual 2% of ₱70,000 ↓ e.g., Higher risk of

item — unaudited net ₱50,000–₱56, misstatement
Balance Sheet assets 000 in assets →
(₱3,500,000) lower tolerance

Aggregate 20% of ₱6,000 ↓ e.g., Multiple small

Materiality — individual item ₱4,000–₱4,80 misstatements
Income materiality 0 more likely →
Statement reduce
accumulation
limit

Aggregate 20% of ₱14,000 ↓ e.g., Same reason

Materiality — individual item ₱10,000–₱11,2 as above —
Balance Sheet materiality 00 smaller
 cushion
allowed

Before → thresholds set based on normal risk, standard benchmarks (5% profit, 2% net
assets), and 20% aggregate limit for efficiency.

After → thresholds lowered across the board due to increased inherent & control
risk, making even smaller misstatements significant.

Here are comprehensive notes on audit engagement activities, planning, and

materiality, designed to be easy to understand and drawing directly from your provided
sources:

Auditor's Preliminary Engagement Activities & Planning

These activities are crucial steps taken by an auditor prior to performing other
significant activities for a current audit engagement. They help identify and evaluate
potential issues that might negatively affect the auditor's ability to plan and perform the
audit.

I. Overall Objectives and Standards

●​ PSA 200 outlines the Overall Objectives of the Independent Auditor and the
conduct of an audit in accordance with International Standards on Auditing.
●​ PSA 210 focuses on Agreeing on the Terms of Audit Engagement.
●​ PSA 220 addresses Quality Control of an Audit of Financial Statements.

II. Purpose of Preliminary Engagement Activities

The main purposes are to ensure that:

 ●​ There are no issues with client management’s integrity that might affect the
auditor’s willingness to continue the engagement.
●​ The auditor maintains the necessary independence and ability to perform the
engagement.
●​ There is no misunderstanding with the client regarding the terms of the
engagement.
●​ The auditor has considered any events or circumstances that could adversely
affect the audit plan and performance, aiming to reduce audit risk to an
acceptably low level.

III. Activities to Perform at the Beginning of an Engagement

Before starting significant audit work, the auditor should:

1.​ Perform procedures regarding acceptance or continuance of the client

relationship and the specific audit engagement.
2.​ Evaluate compliance with ethical requirements, including independence.
3.​ Establish an understanding of the terms of engagement.

Timing of Activities:

●​ New Audit Engagement: Initial procedures on client acceptance and ethical

requirements are performed prior to performing other significant activities.
●​ Continuing Audit Engagement: These procedures are performed shortly after
the completion of the previous audit.

IV. Evaluating Client Management's Integrity

This evaluation is critical to avoid association with management that lacks integrity,
as this typically leads to high audit risk and is a main cause of litigations involving
CPAs.

Factors to Consider:

●​ Identity, attitude, and business reputation of the client, including principal

owners, key management, or those charged with corporate governance.
●​ Nature of the client’s operations.
●​ Indications of inappropriate limitations in the scope of work.
●​ Involvement in money laundering or other criminal activities.
●​ Reasons for the proposed appointment of the CPA firm/auditor and the
non-reappointment of the previous CPA firm/auditor.

Investigation/Research Methods:
 ●​ Lookup through the internet.
●​ Obtain and review the entity’s financial statements.
●​ Obtain credit ratings and reports, if necessary.
●​ Know principals associated with the prospective client, considering
engaging professionals/investigators.

Communication with the Prospective Client’s Predecessor Auditor:

●​ The successor auditor has the responsibility to initiate communication.

●​ Client’s permission/consent (preferably in writing) is required to avoid
violating confidentiality.
●​ Information to inquire about:
○​ Facts/information that may bear on the integrity of the prospective
client.
○​ Predecessor auditor’s understanding of the reason for the change.
○​ Disagreements between the predecessor and client regarding accounting
principles, auditing procedures, or other significant matters.
○​ Communications to management, audit committee, and governance
regarding fraud, illegal acts, and internal control matters.
●​ If the client is unwilling to agree to such communication, the successor
auditor should:
○​ Consider the implications of such refusal/limitation.
○​ Decide whether to accept the engagement.

Other Inquiries and Considerations:

●​ Inquiring from other firm personnel or third parties (e.g., bankers, legal
counsel/advisors, industry peers).
●​ High level of public scrutiny and media interest.
●​ Financial health of the client.
●​ Ability to pay audit fees.

V. Auditability of Client’s Financial Statements

The auditor must determine if they can accumulate sufficient appropriate audit evidence
to render an opinion by considering:

●​ Adequacy of accounting records.

●​ Quality of internal control.

VI. Continuance of Retention Procedures

These procedures are performed to ensure the audit firm's continuing compliance
with acceptance and continuance procedures. Existing clients should be evaluated
once a year or upon the occurrence of:

●​ Changes in management, directors, or ownership.

●​ Changes in the nature of the client’s business.

VII. Auditor’s Capabilities and Ethics

The audit firm or auditor must evaluate their own capabilities and ethical standing.

●​ Independence:
○​ The auditor or CPA firm must be independent of the client.
○​ The audit opinion is not credible or of little to no value if the auditor is
not independent.
○​ Auditors must identify, evaluate, and respond to any threat to
independence. Independence includes independence of mind and in
appearance.
●​ Professional Competence:
○​ Auditors must determine if they possess the necessary skills and
competence.
○​ Professional accountants should not portray themselves as having
expertise they do not possess.
○​ Auditors should obtain a preliminary understanding of the prospective
client’s business and industry. If industry expertise is lacking, they
should obtain knowledge of relevant matters. This relates to technical
training and proficiency.
●​ Ability to Serve Client Properly:
○​ The CPA firm or auditor must have the capability, time, and resources to
perform the audit.
○​ This includes the availability of appropriately qualified staff and the
ability to complete the engagement within reporting deadlines.
○​ The firm should consider the need for expert’s assistance and any
conflicts of interest.
○​ Firm personnel should have knowledge of relevant industries.

VIII. Agreeing on the Terms of Engagement

An audit engagement should only be accepted or continued when:

 ●​ Preconditions are present: Management has used an acceptable financial
reporting framework (or suitable criteria/appropriate basis) for financial
statement preparation.
●​ There is an agreement on audit engagement terms.

The Engagement Letter:

●​ This is a formal written contract between the CPA firm/auditor and the client for
the conduct of the audit.
●​ It documents and confirms:
○​ The auditor’s acceptance of the appointment.
○​ The client’s acceptance of the terms of the audit engagement.
○​ Responsibilities of both client management and the auditor.
○​ Agreements or agreed terms of the engagement (e.g., objectives,
scope, forms of reports).

Key Contents of an Engagement Letter:

●​ Objective and scope of the audit of the financial statements.

●​ Responsibilities of the auditor.
●​ Responsibilities of management:
○​ Preparation of financial statements using the applicable financial
reporting framework, ensuring fair presentation.
○​ Implementing internal controls necessary for preparing financial
statements free from material misstatement due to fraud or error.
○​ Providing the auditor with access to all relevant information (records,
documentation), additional requested information, and unrestricted
access to persons within the entity to obtain audit evidence.
●​ Identification of the applicable financial reporting framework for FS
preparation.
●​ Reference to the expected form and content of reports, including a statement
that a report may differ from its expected form.
●​ Audit fee and a description of the timing of the external auditor’s work and
client-provided documentation.

Preliminary Conference:

●​ An initial meeting with the client after the CPA has determined that the firm is
independent, competent, can serve the client properly, and the client's reputation
is one of integrity.

Revising Engagement Terms:

 ●​ The auditor shall assess if circumstances require revision of the terms or if
there's a need to remind the entity of existing terms.
●​ The auditor is not always required to agree to a change in terms, especially
without reasonable justification.
●​ If terms change, the auditor and management shall agree on and record the
new terms, possibly sending a new engagement letter.

Factors for Sending a New Engagement Letter:

●​ Revisions of terms due to significant changes in ownership, nature/size of

business, legal/regulatory requirements, financial reporting framework, or other
reporting requirements.
●​ A reminder to the client of existing terms if there’s an indication of
misunderstanding about the audit’s objective and scope.

Options if Auditor Cannot Agree to Change in Terms:

●​ Withdraw from the engagement if permitted by law/regulations.

●​ Determine if there is an obligation to report the circumstances to other parties
(e.g., governance, owners, regulators).

Examples of Reasonable Bases for Change in Terms:

●​ Change in circumstances affecting the entity’s requirements (e.g., alternative

financing eliminating the need for an audit for a bank loan).
●​ Change related to incorrect, incomplete, or unsatisfactory information (e.g.,
entity asking for a change to a review engagement to avoid a qualified opinion or
disclaimer).

IX. Generally Accepted Auditing Standards (GAAS)

GAAS are the general audit guidelines auditors must follow, representing the
minimum standards of auditor’s performance and guidance for measuring audit
quality.

●​ GAAP vs. GAAS:

○​ GAAP (Generally Accepted Accounting Principles): Principles for
preparing and presenting financial statements; used by auditors as
criteria for fairness; foundation of accounting.
○​ GAAS (Generally Accepted Auditing Standards):
Standards/measures/guidance auditors must follow when conducting an
audit; foundation of auditing.
●​ Auditing Standards vs. Auditing Procedures:
 ○​ Auditing Standards: Measures of quality or minimum standard of
auditor’s performance.
○​ Auditing Procedures: The means used (acts performed) by the auditor
to attain the quality/minimum standard.

Three Categories of GAAS:

1.​ General Standards (TIP):

○​ Technical training and proficiency / Professional competence.
○​ Independence (of mind and in appearance).
○​ Professional care.
2.​ Standards of Fieldwork (PIE):
○​ Planning and proper supervision.
○​ Internal control consideration.
○​ Evidence should be sufficient and appropriate.
3.​ Standards of Reporting (SHOW):
○​ Historical and consistent application of GAAP/PFRS.
○​ Opinion regarding FS taken as a whole.
○​ While also having Adequate Disclosure of Information.
○​ Standards in accordance with GAAP/PFRS.

X. Planning an Audit of Financial Statements (PSA 300)

Planning involves establishing the overall audit strategy and developing an audit plan
to reduce audit risk to an acceptably low level.

Factors Affecting Planning:

●​ Size and complexity of the entity.

●​ Auditor’s previous experience with the entity.
●​ Changes in circumstances that occur during the engagement.

Benefits of Planning:

●​ Helps ensure appropriate attention is devoted to important areas.

●​ Aids in identifying potential problems and resolving them timely.
●​ Ensures the audit is properly organized, managed, and performed effectively
and efficiently.
●​ Assists in proper assignment and review of engagement team members’
work.
●​ Helps coordinate work by auditors of components and other parties (e.g.,
experts).
Key Activities in Establishing Overall Audit Strategy:

●​ Identifying characteristics of the engagement that define its scope.

●​ Ascertaining reporting objectives to plan timing and communication.
●​ Considering important factors that determine the engagement team’s focus
and direction.
●​ Considering results of preliminary engagement activities and knowledge
from other engagements.
●​ Ascertaining nature, timing, and extent of resources needed.
●​ This also revolves around efficient allocation of resources, especially
manpower (team members, experts).

XI. Materiality in Planning and Performing an Audit (PSA 320)

Materiality is a fundamental concept in auditing. Information is considered material if

its omission or misstatement could influence the economic decisions of users
based on the financial statements.

●​ Quantitative vs. Qualitative Materiality:

○​ Materiality doesn't involve quantitative considerations only.
○​ An error may not be quantitatively material but could be qualitatively
material (e.g., misstatement of sensitive areas, compliance with laws,
transactions affecting bonuses).
●​ Professional Judgment:
○​ The assessment of what is material is a matter of professional
judgment.
○​ It is affected by the auditor’s perception of users' financial information
needs.

When Materiality is Considered:

●​ Determining the nature, timing, and extent of audit procedures.

●​ Identifying and assessing the risks of material misstatements.
●​ Determining the nature, timing, and extent of further audit procedures.

Assumptions about Users of Financial Statements: Auditors reasonably assume

users:

●​ Have reasonable knowledge of business and economic activities and

accounting, and a willingness to study financial statements diligently.
●​ Understand that financial statements are prepared and audited to levels of
materiality.
 ●​ Recognize uncertainties inherent in measurement based on estimates,
judgment, and future events.
●​ Make reasonable economic decisions based on financial statement
information.

Types of Materiality:

1.​ Overall Materiality (or Materiality Level for the Financial Statements as a
Whole):
○​ This is the highest amount of misstatements that could be included in
the financial statements without affecting the economic decisions of
financial statement users.
○​ Benchmark: Profit Before Tax (PBT) is generally considered the most
important metric and appropriate benchmark.
○​ Ranges: Often set in a range of 3% to 10% of PBT (lower end for listed
entities, depending on various factors like financial covenants, business
stability, EPS sensitivity). No specific guidelines in PSA; other accepted
bases include 1-3% of revenues/expenditures, 1-3% of total assets, or
3-5% of total equity.
2.​ Specific Materiality (Materiality Level for Particular Classes of Transactions,
Account Balances, or Disclosures):
○​ This relates to sensitive areas where misstatements of lesser amounts
than overall materiality would still affect user decisions (e.g., particular
note disclosures, compliance, transactions affecting bonuses).
○​ Based on professional judgment and definitely lower than overall
materiality for specific or sensitive areas.
3.​ Performance Materiality:
○​ Set at a lower amount than overall or specific materiality.
○​ Purpose: To reduce the risk to an appropriately low level that the
accumulation of uncorrected and unidentified misstatements exceeds
overall or specific materiality. It provides a margin or buffer for possible
undetected misstatements.
○​ The objective is to perform more audit work than would be required by
overall or specific materiality.
○​ How it’s set: In reference to overall or specific materiality, applied with a
"haircut" (%).
○​ Example: If overall materiality is P200,000, and there are three P80,000
misstatements totaling P240,000 (which is material), performance
materiality helps catch this. A 40% haircut on P200,000 sets performance
materiality at P120,000, meaning smaller misstatements will be detected
and corrected.
 ○​ Ranges: No specific guidelines in PSA; percentage range is commonly
60% of overall or specific materiality, or up to 85% if assessed risk of
material misstatements is lower.

Relationship between Materiality and Audit Risk:

●​ There is an inverse relationship: the higher the materiality level, the lower
the audit risk, and vice versa.

Practical Application (Example Scenario - ABC Audit Co.):

●​ Factors to Consider in Setting Thresholds:

○​ In the example, ABC Audit Co. set individual item materiality for the
income statement (5% of unaudited net income) and balance sheet (2% of
unaudited net assets).
○​ They also set an aggregate materiality at 20% of the individual item
materiality.
○​ The source prompts us to consider why aggregate threshold is 20%
rather than 10% or 5%. This relates to balancing the risk of undetected
misstatements with audit efficiency. A higher aggregate threshold (like
20%) means the auditor tolerates a larger sum of individually immaterial
misstatements before they become collectively material, which influences
the amount of audit work. This decision would be based on the auditor's
professional judgment and risk assessment for the client.
●​ Effect of Findings on Materiality Thresholds:
○​ If significant weaknesses in internal controls are discovered, or if
analytical procedures reveal a likelihood of material overstatement, this
indicates a higher risk of material misstatement.
○​ In such cases, the auditor should reduce the materiality thresholds
(make them lower). This means the auditor will become more sensitive to
misstatements and will perform more audit work to detect smaller errors,
aligning with the inverse relationship between materiality and audit risk.
●​ Other Considerations for Materiality:
○​ Inquire about the overall materiality used by the previous auditor.
○​ Ensure that experts assisting the audit engagement are instructed to
use appropriate materiality levels.
Before

ABC Audit Co. set:

●​ ₱30,000 → for one income statement item (5% of net income)

●​ ₱70,000 → for one balance sheet item (2% of net assets)
●​ ₱6,000 and ₱14,000 → total limit for all small errors combined (20% of the above
numbers)

Why?​
Because risks seemed normal, and they used common audit benchmarks. The 20%
limit gives a cushion so that many small errors together don’t become big enough to
matter.

After

They found:

●​ Weak controls
●​ Signs that income and assets may be overstated

So what now?

●​ Lower all the numbers.

●​ Example: ₱30,000 might drop to ₱20,000–₱24,000, ₱70,000 might drop to
₱50,000–₱56,000.
●​ Aggregate limits (₱6,000 and ₱14,000) also get smaller.

Why?​
Because when risk is higher, even smaller errors could be important, so you tighten
your limits to catch more mistakes.