AUDITING THEORY

Audit- a systematic process of objectively obtaining and evaluating evidence

regarding assertions about economic actions and events to ascertain the
degree of correspondence between these assertions and established criteria
and communicating the results to interested users.

Assertions- representations made by an auditee about economic actions and

events.
◉ Completeness- all that should have been recorded have been recorded
◉ Rights and obligations- the entity holds or controls the rights to assets
and liabilities are the obligations of the entity
◉ Existence or occurrence- all that are recorded pertains to the entity
◉ Valuation and allocation- all are in appropriate amounts and any
adjustments are properly record
◉ Presentation and disclosure
Categories:
◉ Transactions and events (COCAC) Completeness,
Occurrence, Cutoff, Accuracy, Classification

◉ Account balances at period end (CREV) Completeness,

Rights and obligations, Existence, Valuation and allocation

◉ Presentation and disclosure (COCA) Completeness,

Occurrence and rights and obligations, Classification and
understandability, Accuracy and valuation
Established criteria- needed to judge the validity of an assertion

Authority Attaching to Philippine Standards Issued by AASC:

1. Philippine Standards on Auditing (PSAs) – applied to audit of historical
information
2. Philippine Standards on Review Engagements (PSREs)- applied to review on
historical financial information
3. Philippine Standards on Assurance Engagements- applied to assurance
engagements dealing with subject matters other than historical financial
information
4. Philippine Standards on Related Services (PSREs)- applied to compilation
engagements, engagements to apply agreed-upon procedures to information and
other related services engagements as specified by the AASC

Philippine Practice Statements- issued to provide interpretive guidance and practical

assistance to professional accountants in implementing Philippine Standards
 AUDIT in accordance with PSAs

1. Overall objectives
○ to obtain reasonable assurance about whether the financial statements as
a whole are free from material misstatement, whether due to fraud or error,
thereby enabling the auditor to express an opinion on whether the financial
statements are prepared, in all material respects, in accordance with the
auditor’s findings
○ to report on the financial statements, and communicate as required by the
PSAs, in accordance with the auditor’s findings
2. High but not absolute assurance
3. Positive assurance
 REVIEW Engagements

1. Objective by way of negative assurance

2. Comprises of an INQUIRY and ANALYTICAL procedures
3. Level of assurance is less than that given in an audit
report
4. Moderate assurance

 AGREED-UPON engagements
1. Report on FACTUAL FINDINGS
2. Report is restricted those parties that have agreed to the
procedures to be performed
 COMPILATION
1. Accountant is engaged to use accounting expertise
2. Collect, classify and summarized financial information
3. Reduce data to manageable and understandable form

SUBJECT MATTER OF AN ASSURANCE ENGAGEMENTS

◉ FINANCIAL PERFORMANCE/ CONDITIONS
◉ NON-FINANCIAL PERFORMANCE
◉ PHYSICAL CHARACTERISTICS
◉ SYSTEMS AND PROCESSES
◉ BEHAVIOR
 AUDITING FIRM
Shall established a SYSTEM OF QUALITY CONTROL to provide assurance that
○ The firm and its personnel comply with professional standards and regulatory and legal
requirements
○ Reports by the firm or engagement partners are appropriate in the circumstance
○ Addresses the following (HARLEM)
■ Human resources-perform in accordance with professional standards, and issue
report that is appropriate in the circumstance
■ Acceptance and continuance of client relationships and specific engagements-
engagement partner shall see to it that the appropriate procedures have been
followed and determine that conclusion reached are appropriate
■ Relevant ethical requirements-engagement partner shall form a conclusion on
noncompliance with independence requirements that apply to audit engagement
■ Leadership responsibility for quality within the firm-engagement partner is
responsible for overall quality on each audit
■ Engagement performance
■ Monitoring
 Engagement letters- contains agreed terms of the audit
engagement. Includes:
○ Objective and scope of the audit of financial statements
○ Responsibilities of the auditor
○ Responsibilities of management
○ Identification of the applicable financial reporting framework for
the preparation of the financial statements
○ Reference to the expected form and content of any reports to be
issued by the auditor and a statement that there may be
circumstances in which a report may differ from its expected form
and content
Assessment of risks of material misstatements includes:
(1) inquiries within the entity
(2) analytical procedures,
(3) observation
(4) Inspection

Internal Control- the process designed, implemented and maintained by those

charged with governance, management and other personnel to provide reasonable
assurance about the achievement of an entity’s objectives with regard to:
1. RELIABILITY OF FINANCIAL REPORTING
2. EFFECTIVENESS AND EFFICIENCY OF OPERATIONS
3. COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS
COMPONENTS ( CRIMC)
◉ Control environment- includes the governance and management functions and
the attitudes, awareness, and actions of those charged with governance and
management concerning the entity’s internal control and its importance in the
entity.
ELEMENTS (IMACPA):
 Integrity and ethical values
 Management philosophy and operating style
 Active participation of those charged with governance
 Commitment to competence
 Personnel policies and procedures
 Assignment of responsibility and authority/ organizational structure
◉ Risk Assessment
◉ Information system
◉ Monitoring- assess the design and operation of controls on a timely basis
◉ Control activities- policies and procedures to help ensure that management
directives are carried out
Accounting system means the series of tasks and records of an entity by which
transactions are processed as a means of maintaining financial records. Such systems
identify, assemble, analyze, calculate, classify, record, summarize and report
transactions and other events.
Internal Control System means all the policies and procedures (internal controls)
adopted by the management of an entity to assist in achieving management’s
objective of ensuring, as far as practicable,:
○ orderly and efficient conduct of its business, including adherence to management policies;
○ safeguarding of assets;
○ prevention and detection of fraud and error;
○ accuracy and completeness of the accounting records; and
○ timely preparation of reliable financial information.

The internal control system extends beyond those matters which relate directly to the functions of the
accounting system.
Control environment- The control environment includes the attitudes, awareness, and
actions of management and those charged with governance concerning the entity’s
internal control and its importance in the entity. The control environment also includes
the governance and management functions and sets the tone of an organization,
influencing the control consciousness of its people. It is the foundation for effective
internal control, providing discipline and structure.

The control environment encompasses the following elements:

○ Communication and enforcement of integrity and ethical values.
○ Commitment to competence.
○ Participation by those charged with governance.
○ Management’s philosophy and operating style.
○ Organizational structure.
○ Assignment of authority and responsibility.
○ Human resource policies and practices.
Entity’s risk assessment process
An entity’s risk assessment process is its process for
identifying and responding to business risks and the results
thereof. For financial reporting purposes, the entity’s risk
assessment process includes how management identifies
risks relevant to the preparation of financial statements
that are presented fairly, in all material respects in
accordance with the entity’s applicable financial reporting
framework, estimates their significance, assesses the
likelihood of their occurrence, and decides upon actions to
manage them.
Risks can arise or change due to circumstances such as the
following:
○ Changes in operating environment. Changes in the regulatory or operating
environment can result in changes in competitive pressures and
significantly different risks.
○ New personnel. New personnel may have a different focus on or
understanding of internal control.
○ New or revamped information systems. Significant and rapid changes in
information systems can change the risk relating to internal control.
○ Rapid growth. Significant and rapid expansion of operations can strain
controls and increase the risk of a breakdown in controls.
○ New technology. Incorporating new technologies into production processes
or information systems may change the risk associated with internal
control.
○ New business models, products, or activities. Entering into business areas
or transactions with which an entity has little experience may introduce
new risks associated with internal control.
○ Corporate restructurings. Restructurings may be accompanied by staff
reductions and changes in supervision and segregation of duties that may
change the risk associated with internal control.
○ Expanded foreign operations. The expansion or acquisition of foreign
operations carries new and often unique risks that may affect internal
control, for example, additional or changed risks from foreign currency
transactions.
○ New accounting pronouncements. Adoption of new accounting principles
or changing accounting principles may affect risks in preparing financial
statements.
Information system, including the related business processes, relevant to
financial reporting, and communication

An information system consists of infrastructure (physical and hardware

components), software, people, procedures, and data. Infrastructure and
software will be absent, or have less significance, in systems that are
exclusively or primarily manual.

The information system relevant to financial reporting objectives, which

includes the financial reporting system, consists of the procedures and
records established to initiate, record, process, and report entity transactions
(as well as events and conditions) and to maintain accountability for the
related assets, liabilities, and equity.
Accordingly, an information system encompasses methods and
records that:

○ Identify and record all valid transactions.

○ Describe on a timely basis the transactions in sufficient detail to
permit proper classification of transactions for financial reporting.
○ Measure the value of transactions in a manner that permits recording
their proper monetary value in the financial statements.
○ Determine the time period in which transactions occurred to permit
recording of transactions in the proper accounting period.
○ Present properly the transactions and related disclosures in the
financial statements.
Communication- involves providing an understanding of individual roles and
responsibilities pertaining to internal control over financial reporting. It includes the extent
to which personnel understand how their activities in the financial reporting information
system relate to the work of others and the means of reporting exceptions to an
appropriate higher level within the entity. Open communication channels help ensure that
exceptions are reported and acted on.
Control activities- are the policies and procedures that help ensure that management
directives are carried out, for example, that necessary actions are taken to address
risks that threaten the achievement of the entity’s objectives.
Generally, control activities that may be relevant to an audit may be categorized as
policies and procedures that pertain to the following:

○ Performance reviews.
○ Information processing.
○ Physical controls.
○ Segregation of duties.
Monitoring of controls
Management’s monitoring of controls includes considering whether they are
operating as intended and that they are modified as appropriate for changes in
conditions. Monitoring of controls may include activities such as management’s
review of whether bank reconciliations are being prepared on a timely basis, internal
auditors’ evaluation of sales personnel’s compliance with the entity’s policies on
terms of sales contracts, and a legal department’s oversight of compliance with the
entity’s ethical or business practice policies.
Inherent Limitations of Internal Controls

◉ Management’s usual requirement that the cost of an internal

control does not exceed the expected benefits to be derived.
◉ Most internal controls tend to be directed at routine transactions
rather than non-routine transactions.
◉ The potential for human error due to carelessness, distraction,
mistakes of judgment and the misunderstanding of instructions.
◉ The possibility of circumvention of internal controls through the
collusion of a member of management or an employee with
parties outside or inside the entity.
◉ The possibility that a person responsible for exercising an internal
control could abuse that responsibility, for example, a member of
management overriding an internal control.
◉ The possibility that procedures may become inadequate due to
changes in conditions, and compliance with procedures may
deteriorate.
Accounting and Internal Control Assessment

1st Understanding of Accounting and Internal Control Systems

In the audit of financial statements, the auditor is only concerned with those policies
and procedures within the accounting and internal control systems that are relevant to
the financial statement assertions. The understanding of relevant aspects of the
accounting and internal control systems, together with the inherent and control risk
assessments and other considerations, will enable the auditor to:
◉ identify the types of potential material misstatements that could occur in the
financial statements;
◉ consider factors that affect the risk of material misstatements; and (c)
design appropriate audit procedures.
The nature, timing and extent of the procedures performed by the
auditor to obtain an understanding of the accounting and internal
control systems will vary with, among other things:

◉ The size and complexity of the entity and of its computer system.
◉ Materiality considerations.
◉ The type of internal controls involved.
◉ The nature of the entity’s documentation of specific internal
controls.
◉ The auditor’s assessment of inherent risk.
◉ Experience gained from prior audits.
Procedures in Obtaining Understanding
◉ Make inquiries of appropriate company personnel
◉ Inspect documents and records
◉ Observe the company’s activities and operations
◉ Walk-through

Documentation of Understanding
The auditor should document his understanding of internal control. The extent of documentation is
a matter of the CPA’s judgment and the form of documentation depends upon his preference and
skills.
◉ Narrative descriptions
◉ Flowcharts
◉ Internal control questionnaires (ICQ)
◉ Checklists
2nd Preliminary Assessment of Control Risk

The preliminary assessment of control risk is the process of

evaluating the effectiveness of an entity’s accounting and internal
control systems in preventing or detecting and correcting material
misstatements. There will always be some control risk because of
the inherent limitations of any accounting and internal control
system.

After obtaining an understanding of the accounting and internal

control systems, the auditor should make a preliminary assessment
of control risk, at the assertion level, for each material account
balance or class of transactions.
The auditor ordinarily assesses control risk at a high level for
some or all assertions when:
○ the entity’s accounting and internal control systems are not effective; or
○ evaluating the effectiveness of the entity’s accounting and internal
control systems would not be efficient.

The preliminary assessment of control risk for a financial

statement assertion should be high unless the auditor:
○ is able to identify internal controls relevant to the assertion which are
likely to prevent or detect and correct a material misstatement; and
○ plans to perform tests of control to support the assessment.
3rd Test of Controls
If appropriate, tests of control are performed to obtain audit evidence about the
effectiveness of the:
◉ design of the accounting and internal control systems, that is, whether they are
suitably designed to prevent or detect and correct material misstatements;
◉ operation of the internal controls throughout the period.

Procedures for Performing Tests of Controls

◉ Inspection
◉ Inquiry
◉ Observation
◉ Reperformance
◉ Walk-through
 REQUIRED DOCUMENTATION
ASSESSED CONTROL RISK

HIGH (maximum) LESS THAN (below

maximum)

Understanding of ICS Required Required

Test of Controls Required Required

Assessment of Control Risk Required Not Required

Reason for assessment Not Required Required

4th Reassessment of control risk

Based on the results of the tests of control, the auditor should evaluate whether
the internal controls are designed and operating as contemplated in the preliminary
assessment of control risk. The evaluation of deviations may result in the auditor
concluding that the assessed level of control risk needs to be revised. In such cases,
the auditor would modify the nature, timing and extent of planned substantive
procedures.

5th Final Assessment of Control Risk

Before the conclusion of the audit, based on the results of the substantive
procedures and other audit evidence obtained by the auditor, the auditor should
consider whether the assessment of control risk is confirmed.
Communication of Weaknesses

As a result of obtaining an understanding of the accounting and internal control

systems and tests of control, the auditor may become aware of weaknesses in the
systems. The auditor should make management aware, as soon as practical and at an
appropriate level of responsibility, of material weaknesses in the design or operation of
the accounting and internal control systems, which have come to the auditor’s attention.
The communication to management of material weaknesses would ordinarily be in
writing. However, if the auditor judges that oral communication is appropriate, such
communication would be documented in the audit working papers. It is important to
indicate in the communication that only weaknesses which have come to the auditor’s
attention as a result of the audit have been reported and that the examination has not
been designed to determine the adequacy of internal control for management purposes.
Related PSA: PSA 530

When designing audit procedures, the auditor should determine appropriate means of
selecting items for testing. The means available to the auditor are:
◉ Selecting all items (100% examination)
◉ Selecting specific items
◉ Audit sampling

The decision as to which approach to use will depend on the circumstances,

and the application of any one or combination of the above means may be appropriate
in particular circumstances. While the decision as to which means, or combination of
means, to use is made on the basis of audit risk and audit efficiency, the auditor needs
to be satisfied that methods used are effective in providing sufficient appropriate audit
evidence to meet the objectives of the test.
Selecting All Items
The auditor may decide that it will be most appropriate to
examine the entire population of items that make up an account
balance or class of transactions (or a stratum within that
population). 100% examination is unlikely in the case of tests of
control; however, it is more common for substantive procedures.
100% examination may be appropriate on the following:
○ When the population constitutes a small number of large value items;
○ When both inherent and control risks are high and other means do not
provide sufficient appropriate audit evidence; or
○ When the repetitive nature of a calculation or other process performed
by a computer information system makes a 100% examination cost
effective.
Selecting Specific Items
The auditor may decide to select specific items from a
population based on such factors as knowledge of the client’s
business, preliminary assessments of inherent and control risks,
and the characteristics of the population being tested. The
judgmental selection of specific items is subject to non-sampling
risk. Specific items selected may include:
◉ High value or key items. The auditor may decide to select
specific items within a population because they are of high
value, or exhibit some other characteristic, for example items
that are suspicious, unusual, particularly risk-prone or that have
a history of error.
GENERALLY ACCEPTED
AUDITING STANDARDS
General standards
◉ The examination is to be performed by a person
or persons having adequate technical training
and proficiency as an auditor.
◉ In all matters relating to the assignment, an
independence in mental attitude is to be
maintained by the auditor or auditors.
◉ Due professional care is to be exercised in the
performance of the examination and the
preparation of the report.
Standards of Fieldwork
◉ The work is to be adequately planned, and assistants,
if any, are to be properly supervised.
◉ There is to be a proper study and evaluation of the
existing internal control as a basis for reliance thereon
and for the determination of the resultant extent of the
tests to which auditing procedures are to be restricted.
◉ Sufficient, competent evidential matter is to be
obtained through inspection, observation, inquiries,
and confirmations to afford a reasonable basis for an
opinion regarding the financial statements under
examination.
Standards of Reporting
◉ The report shall state whether the financial statements
are presented in accordance with generally accepted
principles of accounting.
◉ The report shall identify those circumstances in which
principles have not been consistently observed in the
current period in relation to the preceding period.
◉ Informative disclosures are to be regarded as
reasonably adequate unless otherwise stated in the
report.
Standards of Reporting
The report shall either contain an expression of opinion
regarding the financial statements, taken as a whole, or
an assertion to the effect that an opinion cannot be
expressed. When an overall opinion cannot be expressed,
the reasons therefor should be stated. In all cases where
an auditor’s name is associated with financial statements,
the report should contain a clear-cut indication of the
character of the auditor’s examination, if any, and the
degree of responsibility the auditor is taking.
PSA 210 - Terms of Audit Engagements
The auditor and the client should agree on the terms of
the engagement. The agreed terms would need to be
recorded in an audit engagement letter or other suitable
form of contract. It is in the interest of both client and
auditor that the auditor sends an engagement letter,
preferably before the commencement of the engagement,
to help in avoiding misunderstandings with respect to the
engagement.
PSA 210 - Terms of Audit Engagements

The engagement letter documents and confirms:

the auditor’s acceptance of the appointment;
the objective and scope of the audit;
the extent of the auditor’s responsibilities to the
client; and
the form of any reports.
Principal Contents
of the Audit
Engagement Letter

“
The form and content of audit engagement letters may vary for
each client, but they would generally include reference to:
 The objective of the  The form of any  The fact that because
audit of financial reports or other of the test nature and
statements. communication of other inherent
results of the limitations of an audit,
 Management’s engagement. together with the
responsibility for the inherent limitations of
financial statements.  Unrestricted access to
whatever records, any accounting and
 The scope of the documentation and internal control
audit, including other information system, there is an
reference to requested in unavoidable risk that
applicable legislation, connection with the even some material
regulations, or audit. misstatement may
pronouncements of remain undiscovered.
professional bodies to
which the auditor
The auditor may also wish to include in the letter:

 Arrangements regarding the  Description of any other

planning of the audit. letters or reports the auditor
expects to issue to the client.
 Expectation of receiving from
management written  Basis on which fees are
confirmation concerning computed and any billing
representations made in arrangements.
connection with the audit.
 Request for the client to confirm
the terms of the engagement by
acknowledging receipt of the
engagement letter.
When relevant, the following points could also be made:

 Arrangements concerning the  Any restriction of the

involvement of other auditors auditor’s liability when such
and experts in some aspects of possibility exists.
the audit.  A reference to any further
 Arrangements concerning the agreements between the
involvement of internal auditors auditor and the client.
and other client staff.
 Arrangements to be made with
the predecessor auditor, if any,
in the case of an initial audit.
Audits of Components
When the auditor of a parent entity is also the auditor of its
subsidiary, branch or division (component), the factors that
influence the decision whether to send a separate engagement
letter to the component include:
○ Who appoints the auditor of the component.
○ Whether a separate audit report is to be issued on the
component.
○ Legal requirements.
○ The extent of any work performed by other auditors.
○ Degree of ownership by parent.
○ Degree of independence of the component’s management.
Recurring Audits
“On recurring audits, the auditor should consider whether circumstances require
the terms of the engagement to be revised and whether there is a need to remind
the client of the existing terms of the engagement. “

The auditor may decide not to send a new engagement letter each period.
However, the following factors may make it appropriate to send a new letter:
 Any indication that the client misunderstands the objective and scope
of the audit.
 Any revised or special terms of the engagement.
 A recent change of senior management, board of directors or
ownership.
 A significant change in nature or size of the client’s business.
 Legal requirements.
Acceptance of a
Change in
Engagement

“
A request from the client for the auditor to change the
engagement may result from:
1) A change in circumstances
affecting the need for the
service;
2) A misunderstanding as to the
nature of an audit or related
service originally requested; or
3) A restriction on the scope of the
engagement, whether imposed
by management or caused by
circumstances.
 Items 1 and 2 would
ordinarily be considered a
reasonable basis for
requesting a change in the
engagement. In contrast a
change would not be
considered reasonable if it
appeared that the change
relates to information that is
incorrect, incomplete or
otherwise unsatisfactory.
If the auditor agreed to a change of the engagement:

 the auditor and the client should agree on the new terms;
 the report issued would be that appropriate for the revised
terms of engagement; and
 in order to avoid confusing the reader, the report would not
include reference to:
 (a) The original engagement; or
 (b) Any procedures that may have been performed in the
original engagement, except where the engagement is
changed to an engagement to undertake agreed-upon
procedures and thus reference to the procedures performed
is a normal part of the report.
If the auditor is unable to agree to a change of engagement
and is not permitted to continue the original agreement:

 the auditor should withdraw; and

 consider whether there is any obligation, either contractual
or otherwise, to report to other parties, such as the board
of directors or shareholders, the circumstances
necessitating the withdrawal.
Appointment of the Independent Auditor

Early appointment of the independent auditor has many advantages

to both the auditor and his client. Early appointment enables the
auditor to plan his work so that it may be done expeditiously and to
determine the extent to which it can be done before the balance
sheet date. Although early appointment is preferable, an
independent auditor may accept an engagement near or after the
close of the fiscal year. In such instances, before accepting the
engagement, he should ascertain whether circumstances are likely
to permit an adequate audit and expression of an unqualified
opinion and, if they will not, he should discuss with the client the
possible necessity for a qualified opinion or disclaimer of opinion.
PSA 300 - Planning

“
The first standard of fieldwork (performance standards)
states that:

”The work is to be adequately planned and assistants, if any, are to

be properly supervised.”

The auditor should plan the audit work so that the audit will be
performed in an effective manner.

“Planning” means developing a general strategy and a detailed

approach for the expected nature, timing and extent of the audit.
The auditor plans to perform the audit in an efficient and timely
manner.
Importance of Adequate Planning

◉ Adequate planning of the ◉ Planning also assists in

audit work helps to ensure proper:
that:
1) Assignment of work to
1) Appropriate attention is assistants; and
devoted to important areas of
2) Coordination of work
the audit;
done by other auditors
2) Potential problems are
identified; and and experts.
3) The work is completed
expeditiously.
Extent of Planning

The extent of planning will vary according to the following:

1) Size of the entity;
2) Complexity of the audit; and
3) Auditor’s experience with the entity and knowledge
of the business.
The Overall
Audit Plan

“
The auditor should develop and document an overall
audit plan describing the expected scope and conduct of
the audit.

While the record of the overall audit plan will need to be sufficiently
detailed to guide the development of the audit program, its precise
form and content will vary depending on the following:
1) Size of the entity;
2) Complexity of the audit; and
3) Specific methodology and technology used by
the auditor.
Matters to be considered by the auditor in developing
the overall audit plan include:

1. Knowledge of the Business

2. Understanding the Accounting and Internal
Control Systems
3. Risk and Materiality
4. Nature, Timing, and Extent of Procedures
5. Coordination, Direction, Supervision, and
Review
6. Other matters
KNOWLEDGE OF THE BUSINESS

 General economic factors and industry

conditions affecting the entity’s business.
 Important characteristics of the entity, its
business, its financial performance and its
reporting requirements including changes since
the date of the prior audit.
 The general level of competence of
management.
UNDERSTANDING THE ACCOUNTING AND INTERNAL
CONTROL SYSTEMS

 The accounting policies adopted by the entity

and changes in those policies.
 The effect of new accounting or auditing
pronouncements.
 The auditor’s cumulative knowledge of the
accounting and internal control systems and the
relative emphasis expected to be placed on
tests of control and substantive procedures.
RISK AND MATERIALITY

 The expected aassessments of inherent and control

risks and the identification of significant audit areas.
 The setting of materiality levels for audit purposes.
 The possibility of material misstatement, including the
experience of past periods, or fraud.
 The identification of complex accounting areas
including those involving accounting estimates.
NATURE, TIMING, AND EXTEND OF PROCEDURES

 Possible change of emphasis on specific audit

areas.
 The effect of information technology on the
audit.
 The work of internal auditing and its expected
effect on external audit procedures.
COORDINATION, DIRECTION, SUPERVISION, AND REVIEW

 The involvement of other auditors in the audit of

components, for example, subsidiaries,
branches and divisions.
 The involvement of experts.
 The number of locations.
 Staffing requirements.
OTHER MATTERS

 The possibility that the going concern assumption may

be subject to question.
 Conditions requiring special attention, such as the
existence of related parties.
 The terms of the engagement and any statutory
responsibilities.
 The nature and timing of reports or other
communication with the entity that are expected under
the engagement.
The Audit Program

“
The auditor should develop and document an audit program setting out the nature,
timing and extent of planned audit procedures required to implement the overall
audit plan.

The audit program serves as a:

 Set of instructions to assistants involved in the audit; and
 Means to control and record the proper execution of the
work.

The audit program also contains:

 The audit objectives for each area; and
 A time budget in which hours are budgeted for the various
audit areas or procedures.
In preparing the audit program, the auditor would consider the following:

1. Specific assessments of inherent and control risks and the

required level of assurance to be provided by substantive
procedures;
2. Timing of tests of controls and substantive procedures;
3. Coordination of any assistance expected from the entity, the
availability of assistants and the involvement of other auditors or
experts; and
4. Other matters considered by the auditor in developing the overall
audit plan need to be considered in more detail during the
development of the audit program.
Changes to the Overall Audit Plan and Audit Program

The overall audit plan and the audit program should be revised as
necessary during the course of the audit. Planning is continuous
throughout the engagement because of changes in conditions or
unexpected results of audit procedures. The reasons for significant
changes would be recorded.
 PSA 310 - Knowledge
of Business
“In performing an audit of financial statements, the
auditor should have or obtain a knowledge of the business
sufficient to enable the auditor to identify and understand
the events, transactions and practices that, in the
auditor’s judgment, may have a significant effect on the
financial statements or on the examination or audit
report.”

“
Required Level of Knowledge

The auditor’s level of knowledge for an engagement would

include:
 a general knowledge of the economy and the
industry within which the entity operates, and
 a more particular knowledge of how the entity
operates.

“The level of knowledge required by the auditor would, however,

ordinarily be less than that possessed by management.“
 Obtaining the Knowledge
Prior to accepting an engagement,
the auditor would obtain:
 a preliminary knowledge of the
industry and of the ownership,
 management and operations of
the entity to be audited, and
 would consider whether a level
of knowledge of the business
adequate to perform the audit
can be obtained.
Following acceptance of the engagement, further and
more detailed information would be obtained. To the
extent practicable, the auditor would obtain the
required knowledge at the start of the engagement.
As the audit progresses, that information would be
assessed and updated and more information would
be obtained.
For continuing engagements, the auditor would:
 update and reevaluate information gathered
previously, including information in the prior year’s
working papers.
 also perform procedures designed to identify
significant changes that have taken place since
the last audit.
 The auditor can obtain knowledge of the industry and the entity from a number
of sources. For example:
 Previous experience with the entity and its industry.
 Discussion with people with the entity (for example, directors and senior operating personnel).
 Discussion with internal audit personnel and review of internal audit reports.
 Discussion with other auditors and with legal and other advisors who have provided services to the entity or
within the industry.
 Discussion with knowledgeable people outside the entity (for example, industry economists, industry
regulators, customers, suppliers, competitors).
 Publications related to the industry (for example, government statistics, surveys, texts, trade journals, reports
prepared by banks and securities dealers, financial newspapers).
 Legislation and regulations that significantly affect the entity.
 Visits to the entity’s premises and plant facilities.
 Documents produced by the entity (for example, minutes of meetings, material sent to shareholders or filed
with regulatory authorities, promotional literature, prior years’ annual and financial reports, budgets, internal
management reports, interim financial reports, management policy manual, manuals of accounting and
internal control systems, chart of accounts, job descriptions, marketing and sales plans).
Using the Knowledge

A knowledge of the business is a frame of reference within which

the auditor exercises professional judgment. Understanding the
business and using this information appropriately assists the
auditor in:

 Assessing risks and identifying problems.

 Planning and performing the audit effectively and efficiently.
 Evaluating audit evidence.
 Providing better service to the client.
 Using the Knowledge
The auditor makes judgments about many matters
throughout the course of the audit where knowledge of
the business is important. For example:
•Assessing inherent risk and control risk.
•Considering business risks and management’s
response thereto.
•Developing the overall audit plan and the audit
program.
•Determining a materiality level and assessing
whether the materiality level chosen remains
appropriate.
•Assessing audit evidence to establish its
appropriateness and the validity of the related financial
statement assertions.
•Evaluating accounting estimates and management
representations.
•Identifying areas where special audit consideration
and skills may be necessary.
•Identifying related parties and related party
transactions.
•Recognizing conflicting information (for example,
contradictory representations).
•Recognizing unusual circumstances (for example,
fraud and noncompliance with laws and regulations,
unexpected relationships of statistical operating data
with reported financial results).
•Making informed inquiries and assessing the
reasonableness of answers.
•Considering the appropriateness of accounting
policies and financial statement disclosures.
Using the Knowledge

The auditor should ensure that assistants assigned to an audit

engagement obtain sufficient knowledge of the business to enable
them to carry out the audit work delegated to them.
To make effective use of knowledge about the business, the auditor
should consider how it affects the financial statements taken as a
whole and whether the assertions in the financial statements are
consistent with the auditor’s knowledge of the business.
 PSA 320 – Audit
Materiality
“Information is material if its omission or misstatement could
influence the economic decisions of users taken on the basis of the
financial statements. Materiality depends on the size of the item or
error judged in the particular circumstances of its omission or
misstatement. Thus, materiality provides a threshold or cut-off
point rather than being a primary qualitative characteristic which
information must have if it is to be useful.”

“
Materiality should be considered by the
auditor when:
a) determining the nature, timing and extent of audit
procedures; and
b) evaluating the effect of misstatements.

 The auditor should consider materiality and its relationship

with audit risk when conducting an audit.
 The auditor considers materiality at both the overall financial
statement level and in relation to individual account balances,
classes of transactions and disclosures.
The Relationship Between Materiality and Audit Risk

“There is an inverse relationship between

materiality and the level of audit risk, that is, the
higher the materiality level, the lower the audit risk
and vice versa. “
Materiality and Audit Risk in Evaluating Audit Evidence

The auditor's assessment of materiality and audit risk may be

different at the time of initially planning the engagement from at the
time of evaluating the results of audit procedures. This could be
because of:

 a change in circumstances; or
 because of a change in the auditor's knowledge as a result of the
audit.
 Evaluating the Effect of Misstatements
“In evaluating the fair presentation of the
financial statements the auditor should
assess whether the aggregate of
uncorrected misstatements that have
been identified during the audit is
material.“
If the auditor concludes that the
misstatements may be material the
auditor needs to:
 consider reducing audit risk by
extending audit procedures; or
 requesting management to
adjust the financial statements.
The aggregate of uncorrected
misstatements comprises:
a) specific misstatements
identified by the auditor
including the net effect of
uncorrected misstatements
identified during the audit of
previous periods; and
b) the auditor's best estimate of
other misstatements which
cannot be specifically
identified (i.e., projected
errors).
Evaluating the Effect of Misstatements

If management refuses to adjust the financial statements and the

results of extended audit procedures do not enable the auditor to
conclude that the aggregate of uncorrected misstatements is not
material, the auditor should consider the appropriate modification
to the auditor’s report in accordance with PSA 700 “The Auditor’s
Report on Financial Statements.”

The auditor should obtain an understanding of the accounting and

internal control systems sufficient to plan the audit and develop an
effective audit approach.