Assurance Services

independent professional services that improve the quality of

information, or its context, for decision makers
Assurance
auditors satisfaction as to the reliability of an assertion being made by
one party for use by another
Independence
freedom from conflicts of interest that might impair ones objectivity
and integrity in the conduct of services allowed in the profession
Attestation Services
when a practitioner is engaged to issue or issues a report on a subject
matter, or an assertion about a subject matter that is the responsibility
of another party.
Report
manifestation of the attest function
Attest Function
practitioner attaches his credibility and integrity as to the genuineness
of the information in an assurance service.
Assertion
representations being made by the responsible party
Auditing
systematic process of objectively obtaining and evaluating evidence
regarding assertions about economic actions and events to ascertain
the degree of correspondence between those assertions and
established criteria, and communicating the results to interested users.
Assurance Engagement an engagement in which the practitioner expresses a conclusion
designed to enhance the degree of confidence of the intended users
other than the responsible party about the outcome of the evaluation
or measurement of a subject matter against criteria
Classification of Assurance Engagement
Assertion-based Engagement
o Assurance engagements on a subject matter that has written assertions or
representations
Direct Reporting Engagement
o Assurance engagements on a subject matter regardless of whether or not a
written assertion was made on it
Examples of Assurance Engagement
o Audits
o Reviews
o Other Assurance Engagements
Examples of Non-assurance Engagements
o Agreed-upon Procedures
o Compilation
o Preparation of Tax Returns, with no opinions expressed
o Management Consulting
o Other non-assurance engagements
2 Kinds of Independence
o Independence in mind (in fact)
attitude of impartiality; he knows that he is
independent
State of mind that permits the provision of an opinion
without being affected by influences that compromise
professional judgment, allowing an individual to act with
integrity, and exercise objectivity and professional
skepticism
o Independence in appearance manifestation that practitioner remain free from any overt
(evident)
interest in a client that would damage appearance of
independence
avoidance of facts and circumstances that are so
significant a reasonable and informed party, having
knowledge of all relevant information, including any
safeguards applied, would reasonably conclude that a
firms or a member of the assurance teams integrity,
objectivity or professional skepticism has been
compromised
Elements of an Assurance Engagement
o three-party relationship
practitioner
professionals requested to perform assurance
engagement on a variety or a
wide range of subject matters
responsible party
person responsible for the subject matter or subject
matter information of the
assurance engagement
intended users person, persons or class of persons, for whom the practitioner
prepares the
assurance report

appropriate subject matter must be in line and apt for the assurance engagement to
be provided
Forms:
Financial performance or condition e.g., FS
Non-financial performance or condition e.g., performance of an entity
Physical characteristics e.g., capacity of a facility
Systems and Processes e.g., entitys internal control, IT system
Behavior e.g., corporate governance, compliance with regulations

suitable criteria
including, where

benchmarks used to evaluate or measure the subject matter

relevant, benchmarks for presentation and disclosure

May be:
formal e.g., PFRS
less formal e.g., internally developed code of conduct
established e.g., laws and regulations
specifically developed e.g., designed for the engagement
Characteristics of criteria:
Relevance
Completeness
Reliability
Neutrality
Understandability
sufficient appropriate evidence
sufficiency
quantity of evidence
appropriatenessquality of evidence
Persuasiveness of evidence
capable of enabling the practitioner or auditor to
make a decision
regarding the reasonableness of information in the
assertions being represented by the responsible party
written assurance report
main output of an assurance engagement

Cost-benefit Relationship benefits to be derived from obtaining the particular type of evidence
should exceed the cost of obtaining it
the matter of difficulty or expense involved is not in itself a valid basis
for omitting an evidence gathering procedure for which there is no
alternative
Professional Skepticism practitioner makes critical assessment, with a questioning mind, of the
validity obtained and is alert to evidence that contradicts or brings into
question the reliability of documents or representations by the
responsible party
Types of Risks
Audit Risk
risk that the auditor may unknowingly fail to appropriately
modify his
opinion regarding a financial statement that is materially
misstated
Engagement Risk
risk of loss or injury to the auditors reputation by
association with client
that goes bankrupt or one whose management lacks
integrity
Business Risk
risk that threatens the managements ability to
achieve its objectives
Inherent Risk
risk of material misstatement of a financial
statement assertion,
assuming there were no internal control
Control Risk
risk that a misstatement that could occur will not be
prevented, or
detected and corrected, on a timely basis by related
internal controls
Detection Risk
risk that the practitioner will not be able to detect a
material
misstatement that exists
Information Risk
risk that information is misstated or misleading
Significant Risk
identified risks that require special audit
consideration

Reasonable Assurance

concept relating to accumulating evidence necessary for the

practitioner to conclude in relation to the subject matter information
taken as a whole
Why REASONABLE assurance only?
o Use of selective testing
o Inherent limitations of internal control
o The fact that much of the evidence available to the practitioner is persuasive rather
than conclusive
o The use of judgment in gathering and evaluating evidence, and forming conclusion
based on that evidence
o In some cases, the characteristics of the subject matter when evaluated or measured
against the identified criteria
Assert
to tell the whole world
Forms of Assertions
o Existence
o Occurrence
o Completeness
o Rights and Obligations
o Valuation or Allocation
o Accuracy
o Cutoff
o Classification
o Presentation and Disclosure
Transaction Cycles
all of the classes of transactions for a group of related business
activities
Class of Transactions
group of transactions of similar activities that are processed by the
accounting system in a similar manner and subject to similar control to
ensure proper processing
o Revenue/Receipt Cycle
o Expenditure/Disbursement Cycle
o Conversion Cycle
o Personnel/Payroll Cycle
o Financing Cycle
Objective of an Audit
the objective of an audit of financial statements is to enable the
auditor to express an opinion whether the financial statements are
prepared, in all material aspects, in accordance with an applicable
financial reporting framework.
Factors That Contributes to Information Risk
o Remoteness of information users from the information provider
o Potential bias and motives of information provider
o Voluminous data
o Complex exchange transaction
How to Reduce Information Risk
o Allow users to verify information
o User shares information risk with management
o Have the financial statements audited
Types of Opinion
o Unmodified Opinion
auditor concludes that the financial statements present
fairly the financial
position, results of operations, and cash flows consistently in all
material respects, in accordance with the identified financial
reporting framework
Audit has been performed in accordance with GAAS
The FS are fairly presented fairly and in conformity with applicable financial
reporting framework and include all disclosures necessary to make the statement
not misleading
o Qualified/Modified Opinion
auditor concludes that an unmodified opinion cannot be
expressed but the
effect of any disagreement with the management, or limitation
on scope is not so material and pervasive as to require an
adverse opinion or a disclaimer opinion
Departure from the applicable financial reporting framework
Disagreement with management
Limitation on scope
o Adverse Opinion
expressed when the effect of the departure from GAAP or a
disagreement with

management is so material and pervasive to the financial

statements that the auditor concludes that a qualification of a
report is not adequate to disclose the misleading or incomplete
nature of the financial statements
Departure from the applicable financial reporting framework
Disagreement with management
o Disclaimer of Opinion
an opinion cannot be expressed on the financial
statements
No sufficient and appropriate audit evidence
Auditor is not entirely independent of the client
o Piecemeal Opinion
Steps in an Audit
1. Client acceptance/continuance and establishing engagement terms
2. Preplanning
3. Establish materiality and assess risks
4. Plan the audit
5. Consider and audit internal control
6. Audit business processes and related accounts
7. Complete the audit
8. Evaluate results and issue audit report
Professional Judgment
application of relevant knowledge and experience, within the context
provided by auditing, accounting, and ethical standards, in reaching
decisions about the courses of action that are appropriate in the
circumstances of the audit engagement.
Scope of An Audit
audit procedures that, in the auditors judgment and based on the
PSAs, are deemed appropriate in the circumstances to achieve the
objective of the audit
10 Generally-Accepted Auditing Standards
General Standards
qualifications and quality of work
1. The auditor must have adequate technical training and proficiency to perform the
audit.
Education, CPE, experience
Knowledge about clients industry
2. The auditor must maintain independence in mental attitude in all matters relating to
the audit.
3. The auditor must exercise due professional care in the performance of the audit and
the preparation of the report.
Plan and carry out every step of the audit engagement in an alert and diligent
manner
Standards of Fieldwork
relate to actual conduct of the audit
1. The auditor must adequately plan the work and must properly supervise any
assistants.
Identify the nature and scope of the audit
2. The auditor must obtain a sufficient understanding of the entity and its
environment, including internal control, to asses risk of material misstatement in
the financial statements, whether due to error or fraud, and to design the nature,
timing and extent of further audit procedure.
To know what can go wrong
Auditors assessment of internal control has a substantial impact on the
nature of the audit process
3. The auditor must obtain sufficient appropriate audit evidence by performing audit
procedures to afford a reasonable basis for an opinion regarding the financial
statements under audit.
Standards of Reporting
specific directives for preparation of the auditors report
1. The auditor must state in the auditors report whether the financial statements ar
presented in accordance with generally-accepted accounting principles.
2. The auditor must identify in the auditors report those circumstances in which such
principles have not been consistently observed in the current period in relation to
the preceding period.
3. When the auditor determine that informative disclosures are not adequate, the
auditor must so state in the auditors report.
4. The auditor must either express an opinion regarding the financial statements,
taken as a whole, or state that an opinion cannot be expressed, in the auditors
report. When the auditor cannot express an overall opinion the auditor should state
the reasons therefore in the auditors report. In all cases where the auditors name
is associated with financial statements, the auditor should clearly indicate the
character of the auditors work, if any, and the degree of responsibility the auditor is
taking, in the auditors report.

4 Causes of Misstatement
1. Human Error
2. Collusion
3. Segregation of Duties
4. Management Override
Errors
unintentional misstatements or omission of amounts or disclosures in the financial
statements
Fraud
intentional acts that cause a misstatement of the financial statements
a. Fraudulent Financial Reporting
b. Misappropriation of Assets/Defalcation
Risk Assessment Procedures
1. Inquiry
2. Observation
3. Analytical Procedure
4. Inspection
Audit Committees
composed of at least 3 independent directors
Should not receive an compensatory fee
Must be financially literate
Responsible for appointment, compensation and oversight of the auditors
Staff Time
basic unit of measurement for audit fees
Communication with Predecessor Auditor
Disagreements with management over accounting principles
Reason for change of auditor
Other matters
Engagement Letter
executory contract between the auditor and the client
Do not follow a standard form
Parts of an Engagement Letter
1. Objectives of the Audit
2. Managements Responsibility
3. Scope of the Audit
4. Forms/Reports to be issued
5. Inherent Limitations
6. Responsibility of Management for Unrestricted Access
7. Others like fee arrangements, expectation for confirmation, request to confirm,
arrangement with third parties and client staffs
Audit Strategy
determine the scope
Audit Plan
nature, timing, extent
Risk Assessment Procedures
assess risk of RMM
Further Audit Procedures
test of controls, substantive procedure
Other Audit Procedures
Audit Program
detailed list of audit procedures
Time Budget
estimating the time for each step in the audit program for each various
levels of auditors and totaling those estimated amounts
Other Parties That May be Involved
Clients Staff
preparation of working papers
Other CPAs
auditor of subsidiaries
Specialists
experts for valuation, appraisal, etc
First-year Considerations
Beginning Balances
nd
2 Communication with Predecessor Auditor
Opening Balances
Consistency of Application of Accounting Principles
4 Responsibility of Internal Control
1. Custody
2. Authorization
3. Recordkeeping
4. Execution
Materiality
the magnitude of an omission or misstatement of accounting
information that, in the light of surrounding circumstances, makes it
probable that the judgment of a reasonable person relying on that
information would have been changed or influenced by the omission or
misstatement.
Planning Materiality
5, 10%
EBIT
, 1%Asset, Revenue
1%
Equity
Tracing
for completeness, source documents to FS

Vouching
for existence and occurrence, FS to source documents
Test of Controls
likelihood of RMM
Substantive Procedures
magnitude of RMM
Quantity of Evidence
based on amount or RMM and quality of evidence
Assertions about Acct Balances
1. Completeness
2. Allocation and Valuation
3. Rights and Obligation
4. Existence and Occurrence
Assertions about Transactions
1. Completeness
2. Occurrence
3. Cutoff
4. Accuracy
5. Classification
Assertions about Presentation and Disclosure
1. Completeness
2. Occurrence
3. Rights and Obligations
4. Accuracy and Valuation
5. Classification and Understandability
AR = IR x CR x DR
3 types of Transactions
1. Routine Transactions
2. Nonroutine Transactions
3. Estimation Transactions
Objective of Company
1. Reliability of Financial Reporting
2. Efficiency of Operation
3. Compliance with rules and regulations
4. Safeguarding of Assets

Audit Evidence
Relevance
Reliability
When

all information used by the auditor in arriving at a conclusion on which

the audit opinion is based
relates to the assertion being addressed
dependent on the circumstances in which it is obtained

evidence most reliable?

Obtained from knowledgeable independent source outside the company
Generated internally through effective control
Obtained directly rather than indirectly(Direct Personal Knowledge)
Documentary in form rather than oral
Provided by original documents rather than photocopies

Major types of audit evidences

Accounting information system
o Audit Procedure
comparison with internal records
o Consists of methods and records established to record, practice, summarize, and
report the companies transactions and to maintain accountability over related
assets, liabilities and equity
o Reliability lies on the extent of internal control over their preparation
o Financial Reporting Process
Transactions are entered into the general ledger
Journal entries are initiated, recorded and processed in the general ledger
o Subsidiary ledgers shall be maintained
o Journals
books of original entries
o Ledger
summarized form of journal
Control

 Subsidiary
Special Journals
Sales
Purchases
Cash Receipts
Cash Disbursements
Documentary evidence
o Audit Procedures
Tracing
for completeness
Vouching
for existence and occurrence
Inspection examine, review, read, scan
Reconciliation
agreement between sets of related records, segregation
of duties
o Includes a variety of records in support of the companys business and accounting
information system
o E.g. checks, invoices, contracts, minutes of meetings
o Reliability depends on whether it is a type that could easily be forged or created in
its entirety by a dishonest employee
Documentary evidence created outside the client and transmitted directly to
the auditor
Cutoff Bank Statement
bank statement covering a specified
number of business
days after the clients balance sheet date
Documentary evidence created outside the client and held by the client
Banks statements, vendors invoices and statements, property tax
bills, notes payable, contracts, customers purchase orders, stock and
bond certificate
Documentary evidence created and held by the client
Paid check, sales invoices, shipping notices, purchase orders, receiving
reports, credit memos
Electronic Documents
Electronic Data Interchange
used source documents such as
invoices, etc are replaced with electronic documents
Third party representations
o Audit Procedure
confirmation obtaining and evaluating response
o Confirmations
effective for proving existence
Positive
needs a reply, question with a blank
Done when IC is effective, material balances
Negative
does not need a reply, with specified amount
Done when RMM is low, immaterial balances
o Lawyers Letters
litigation
o Reports of Specialists
for valuation
Specialist
person possessing special skill or knowledge in a field rather
than accounting
and auditing, giving as examples actuaries, appraisers,
attorneys, engineers, environmental consultants and geologists
Physical evidence
o Audit Procedures
Physical Examination
viewing physical existence
Observation
viewing clients actiivity
o Bes evidence for proving existence of certain assets
Computations
o Audit Procedure
reperformance repeating a clients activity
o To prove arithmetical accuracy
o Footing
proving total of vertical columns
o Crossfooting
proving total of horizontal rows
o Extending
recomputing by multiplication
Data interrelationships
o Audit Procedure
Analytical Procedures
o Involve the comparison of relationships among financial and nonfinancial data
Client representations
o Audit Procedure
inquiry - questioning
o Representation Letter
o Categories of Representations
o

 All accounting records, financial data, and minutes of the directors meetings
have been made available to the auditors
The FS are complete and in conformity with the GAAP
Adjusting entries not recorded are not material, individually or in aggregate
Responsibility to design and implement programs and controls to prevent and
detect fraud
All items requiring disclosure have been properly disclosed
Types of Audit Procedures
Risk Assessment Procedures
and its environment,

Test of Controls
controls in preventing or

designed to obtain an understanding of the client

including its internal control, to assess the risk of material

misstatement
designed to test the operating effectiveness of

detecting material misstatements

Substantive Procedures
designed to detect material misstatements of
relevant assertions
o Analytical procedures
o Test of details of account balances, transactions and disclosures
o Timing
at year end rather than interim period
o Extent
the greater the RMM, the greater the extent of SP

Internal Control

a process, effected by the entitys board of directors, management and other

personnel, designed to provide reasonable assurance regarding the
achievement of objectives in the following categories:
Reliability of financial reporting
Effectiveness and efficiency of operations
Compliance with applicable laws and regulations
Foreign Corrupt Practices Act of 1997
All corporations under the jurisdiction of the SEC is required to maintain a system of
internal control that will provide reasonable assurance that
o Transactions are executed with the knowledge and authorization of the management
o Transactions are recorded as necessary to permit the preparation of reliable financial
statements and maintain accountability for assets
o Access to assets is limited to authorized individual
o Accounting records of assets are compared to existing assets at reasonable intervals
Means of Achieving Internal Control
Preventive Controls aimed at avoiding occurrence of misstatements i.e., segregation of
duties, approval of JEs
Detective Controls designed to discover misstatements after they have occurred, i.e.,
bank reconciliation
Corrective Control needed to remedy the misstatement
Complementary Control
they function together to achieve the same objective
Redundant Control address the same assertion or objective
Compensating Control
reduces the risk that an existing or potential control weakness
will result in a misstatement
Components of Internal Control
1. Control environment
sets the tone of an organization by influencing the control
consciousness of people
o Factors
Integrity and ethical values
establishment of behavioral, ethical and
antifraud programs
Commitment to competence
hiring employees with appropriate level of
education and
experience and providing supervision and training
Board of Directors and Audit Committee
overseeing the actions of
management
Management philosophy and Operating style
Organizational structure
divides authority, responsibilities and duties
Separate responsibilities for
Authorization of transactions
Record keeping for transactions
Custody of assets
Assignment of responsibility and authority use of job descriptions
Human resource policies and procedures hiring, training, evaluating,
counseling, promoting and
compensating employees
o Fidelity Bonds
form of insurance in which a bonding company agrees to
reimburse an
employer, within limits, for losses attributable to theft and
embezzlement by bonded employees
2. Risk assessment procedures
risk analysis on areas of operations and compliance
with laws

3. Control activities
directives are

policies and procedures that help ensure managements

carried out
Types of Control Activities
a)
Performance Reviews
actuals performance as compared to
budgets, forecasts, and
prior period performance
b)
Information Processing Controls
o General Control activities all information processing procedures
o Application Control activities
only to one particular activity
Types of authorization
o General authorization management establishes criteria for acceptance of
a certain
type of transaction
o Specific authorization transactions are authorized in an individual basis
c)
Physical controls
physical security over both records and other
assets
d)
Segregation of duties
no one department or person should handle all
aspects of a transaction
from beginning to end
4. Relevant information system
consist of methods and records established to
record, process,
summarize and report an entitys transactions to maintain
accountability for related assets, liabilities and equity
a)
Identify and record all valid transactions
b)
Describe on a timely basis the transactions in sufficient detail
c)
Measure the value of transactions
d)
Determine time period in which transaction has occurred
e)
Present properly the transactions and related disclosures
Chart of Accounts classifies listing of all accounts in use
5. Monitoring of controls
process to assess the quality of internal control
performance over time
o Ongoing monitoring activities
regularly performed supervisory and
management actvities
o Separate evaluations
performed on nonroutine basis
Internal audit function
investigate and appraise internal control
Limitations of Internal Control
Mistakes
Errors
Cost considerations

Application Control Activities

applies to processing of individual applications
Data from hard copy source documents are entered directly to the system from the
department initiating the transaction

Authorization is accomplished by assigning users with identification name that must be

entered before the system accepts the data
A log of activity is maintained at each terminal

Types of ACA
o Programmed Control Activities
written into the programs to help ensure accuracy
of input and
processing, test accuracy and completeness
Major aspect: Input Validation (edit) Checks
rejects data that fail to meet an edit
check
Limit Test
test of reasonableness of a field of data using a
predetermined
upper/lower data
Validity Test
comparison of data against a master file for accuracy
Self-checking Number contains redundant information to check accuracy
Control Activities for Batch Processing
used to determine that no data are lost or
added to the batch
Item/Record Count
count of the number of items or transactions being
input in a batch
Control Total
total of one field of information for all items in a batch
Hash Total
control total with no intrinsic meaning
Processing Controls
designed to ensure reliability and accuracy of IT
processing activities
File labels/header labels
Internal labels
o Manual Follow up Activities
review and analysis of outputs that have been
generated in the form of exception reports
User Control Activities
processed transactions

designed to test completeness and accuracy of IT

Designed to ensure reliability of output
Reconciliation of input and output

Control in a Decentralized and Single Workstation Environments

use of one user operated
workstation
Computers are located in users department
o Advantages
Direct access of employees
o Disadvantages
Possibility of software virus
Software Virus program that has the ability to attach itself to a legitimate
program and modify other programs and systems
Controls to prevent viruses
Obtain only from reputable sources
Prohibit unauthorized programs
Prohibit downloading of programs
Use antivirus software
o Internal Control
Computer processing procedures must be documented and users must be well
trained
Backups should be made frequently nas stored in secured locations
Authorization code to access
Auditors Consideration of IC in IT Environment
Obtaining an Understanding of IT based System Controls
nature, timing, extent
Use of IT Specialist
Auditor must have sufficient IT related knowledge to review the procedures
performed by the IT specialist
o Documenting IT based System Controls
varies depending on the
complexity of the system
For simple systems, written narrative is enough
For IT based systems, flowcharts and IC Questionnaires are used
Advantage of using flowchart
information systems department have
them available
Assessing the Risk of Material Misstatement
Identify risks

What can go wrong at a relevant assertion level

Magnitude, if it could result to MM
Likelihood, to result to MM
Determining the Approach to the Audit
For simple system that produces hard copy documents, bypass extensive
testing of IT processing (auditing around the computer)
For complex system with electronic reports, use TOC
Test of Controls
provide reasonable assurance that the
controls are actually operating as designed
Procedures to Test General Control Activities
o Inquiries of personnel
o Reviewing of minutes of meetings of users and IT staff
o Inspecting systems documentation of test performed before
systems were implemented
o Discussion with users to know their understanding and
assessment of the system
Procedures to Test Application Control Activities
o Inspecting exception reports and reviewing the way they were
handled
o Computer Assisted Audit Techniques, when auditors are unsure
of the softwares operation
CAAT includes
1. Test Data
tracing sample transactions
through the system
from their inception to their final
disposition
may contaminate the clients files
2. Integrated Test Facility
subsystem of dummy
records and files
built in the regular IT based system
minicompany approach
Control to prevent manipulation of the
genuine files by transferring dummy
files
3. Controlled Program using a duplicate program that
is held
under the control of the auditor to
monitor the processing of current data
no risk of contaminating clients files
4. Program Analysis Techniques
use of computer
generated
flowcarts to test the logic of the
application program and ensure that
documentation is actually used
5. Tagging and Tracing Transactions
o Tagging
use of indicators when
transactions are entered into the systes
o Tracing
computer provides a print
out of the processing of the tagged
transaction