Professional Documents
Culture Documents
Learning Objectives After studying this chapter, you should be able to:
Auditing Defined
Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance
with Philippine Standards on auditing (PSA 200)
Introduction
The Philippine Standard on Auditing (PSA) establishes the independent auditor’s overall
responsibilities when conducting an audit of financial statements. Specially, it sets out the overall
objectives of the independent auditor, and explains the nature and scope of an audit designed to
enable the independent auditor to meet those objectives. It also explains the scope, authority and
structure of the PSAs, and includes requirements establishing the general responsibilities of the
independent auditor applicable in all audits, including the obligation to comply with the PSAs.
In conducting an audit of financial statements, the overall objectives of the auditor are:
(a) To obtain reasonable assurance about whether the financial statements as a whole are free
from the material misstatement, wether due to fraud or error, thereby enabling the auditor to
express an opinion on wether the financial statements of the independent auditor applicable
financial reporting framework; and
ACCOUNTING 14 1
(b) To report on the financial statements, and communicate as required by the PSAs. in
accordance with the auditor’s findings.
The purpose of an audit is to enhance the degree of confidence of intended users in the financial
statements. This is achieved by the expression of an opinion by the auditor on whether the
financial statements are prepared, in all material respects, in accordance with an applicable
financial reporting framework. In the case of most general-purpose frameworks, that opinion is
on whether the financial statements are presented fairly, in all material respects, in accordance
framework. An audit conducted in accordance with PSAs and relevant ethical requirements
enables the auditor to form that opinion.
The auditor should comply with relevant ethical requirements relating to audit engagements.
As discussed in PSA 220, “Quality Control for an Audits of Financial Statements,” ethical
requirements r elating to audits of financial statements ordinarily comprise Parts A and B of the
Code of Ethics for Professional Accountants in the Philippines (Ethics Code)’ issued by the
Philippines Institute of Certified Public Accountants and adopted and promulgated by the Board
of Accountancy. PSA 220 (Clarified) identifies the fundamental principles of professional ethics
established by Parts A and B of the Ethics Code and sets out the engagement partner’s
responsibilities with respect to ethical requirements. PSA 220 recognizes that the engagement
team is entitled to rely on a firm’s systems in meeting its responsibilities with respect to quality
control procedures applicable to the individual audit engagement (for example, in relation to
capabilities and competence of personnel through their recruitment and formal training;
independence information; maintenance of client relationships through their recruitment and
formal training; independence through the accumulation and communication of relevant
independence information; maintenance of client relationships through acceptance and
continuance systems; and adherence to regulatory and legal requirements through the monitoring
process), unless information provided by Quality Control (PSQC) 1, “Quality Control for Firms
that Perform Audits and Reviews of Financial Statements, and Other Assurance and Related
Services Engagements,” requires the firm to establish policies and procedures designed to
provide it with reasonable assurance that the firm and its personnel comply with relevant ethical
requirements.
ACCOUNTING 14 2
Conduct of an Audit of Financial Statements
The auditor should conduct an audit in accordance with the Philippine Standards on Auditing.
PSAs contain basic principles and essential procedures together with related guidance in the
form of explanatory and other material, including appendices. The basic principles and essential
procedures are to be understood and applied in the context of explanatory and other material that
provides guidance for their application. The text of a whole Standard is considered in order to
understand and apply the basic principles and essential procedures.
In conducting an audit in accordance with PSAs, the auditor is also aware of and considers
Philippine Auditing Practice Statements (PAPSs) applicable to the audit engagement. PAPSs
provide interpretive guidance and practical assistance to auditors in implementing PAPS needs to
be prepared to explain how the basic principles and essential procedures in the Standard
addressed by the PAPS have been complied with.
The auditor may also conduct the audit in accordance with both ISAs and PSAs. However, there
are currently no fundamental differences between the IAASB pronouncements and
corresponding requirements issued by the AASC and no such differences are expected in the
future.
The term “scope of an audit” refers to the audit procedures deemed necessary in the
circumstances to achieve the objective of the audit. In determining the audit procedures to be
performed in conducting an audit in accordance with Philippine Standards on Auditing, the audit
should comply with each of the Philippine Standards on auditing relevant to the Audit.
The auditor should not represent compliance with Philippine Standards on Auditing unless the
auditor has complied fully with all of the Philippine Standards on auditing relevant to the audit.
The auditor may, in exceptional circumstances, judge it necessary to depart from a basic
principle or an essential procedure that is relevant in the circumstances of the audit, in order to
achieve the objective of the audit. In such a case, the auditor is not precluded from representing
compliance with PSAs, provide the departure is appropriately documented as required by PSA
230 (Clarified),”Audit Documentation.”
Professional Skepticism
The auditor should plan and perform an audit with an attitude of professional skepticism
recognizing that circumstances may exist that cause the financial statements to be materially
misstated.
An attitude of professional skepticism means the auditor makes a critical assessment, with a
questioning mind, of the validity of audit evidence obtained and is alert to audit evidence the
contradicts or brings into question the reliability of documents and responses to inquiries and
ACCOUNTING 14 3
other information obtained from management and those charged with governance. For example,
an attitude of professional skepticism is necessary throughout the audit process for the auditor to
reduce the risk of overlooking unusual circumstances, of over generalizing when drawing
conclusions from audit observations, and of using faulty assumptions in determining the nature,
timing and extent of the audit procedures and evaluating the results thereof. When making
inquiries and performing other audit procedures, and auditor is not satisfied with less-than-
persuasive audit evidence based on a belief that management and those charged with governance
are honest and have integrity. Accordingly, representations from management are not a substitute
appropriate audit evidence to be able to draw reasonable conclusions on which to base the
auditor’s opinion.
Reasonable Assurance
An auditor conducting an audit in accordance with PSAs obtains reasonable assurance that the
financial statements taken as a whole are free from material misstatement, whether due to fraud
or error. Reasonable assurance is a concept relating to the accumulation of the audit evidence
necessary for the auditor to conclude that there are no material misstatements in the financial
statements taken as a whole. Reasonable assurance relates to the whole audit process.
An auditor cannot obtain absolute assurance because there are inherent limitations in an audit
that affect the auditor’s ability to detect material misstatements. These limitations result from
factors such as the following:
Also, the work undertaken by the auditor to form an opinion is permeated by judgment,
particular regarding:
(a) The gathering of audit evidence, for example, in deciding the nature, timing and extent of
audit procedures; and
(b) The drawing of conclusions based on the audit evidence gathered, for example, assessing
the reasonableness of the estimates made by management in preparing the financial
statements.
Further, other limitations may affect the persuasiveness of evidence available to draw
conclusions on particular assertions (for example, transactions between related parties). In these
cases, certain PSAs identify specified audit procedures which will, because of the nature of the
particular assertions, provide sufficient appropriate audit evidence in the absence of:
(a) Unusual circumstances which increase the risk of material misstatement beyond that
which would ordinarily be expected; or
ACCOUNTING 14 4
(b) Any indication that a material misstatement has occurred.
Accordingly, because of the factors described above, an audit is not a guarantee that the financial
statements are free from material misstatement, because absolute assurance is not attainable.
Further, an audit opinion does not assure the future viability of the entity nor the efficiency or
effectiveness with which management as conducted the affairs of the entity.
The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether
the financial statements give a true and fair view or are presented fairly, in all material respects,
in accordance with the applicable financial reporting framework. The concept of reasonable
assurance acknowledges that there is a risk the audit opinion is inappropriate. The risk that the
auditor expresses an inappropriate audit opinion when the financial statements are materially
misstated in known as “audit risk.”
The auditor should plan and perform the audit to reduce audit risk to an acceptably low level that
is consistent with the objective of an audit. The auditor reduces audit risk by designing and
performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw
reasonable conclusions on which to base an audit opinion. Reasonable assurance is obtained
when the auditor has reduced audit risk to an acceptably low level.
While the auditor is responsible for forming and expressing an opinion on the financial
statements, the responsibility for the preparation and presentation of the financial statements in
accordance with the applicable financial reporting framework is that of the management of the
entity, with oversight from those charged with governance. The audit of the financial statements
does not relieve management or those charged with governance of their responsibilities.
Risk-based audit model is an audit approach that begins with an assessment of the types and
likelihood of misstatement in account balances and then adjusts the amount and type of audit
work to the likelihood of material misstatement occurring in account balances.
In risk-based audit, the audit team views all activities in the organization first in terms of risks to
strategies and objectives, and then in terms of management’s plans and processes to mitigate the
risk. The auditors obtain an understanding of the client’s objectives. The risks are identified and
the auditors determine how management plans to mitigate the risk and whether those plans are in
place and operating effectively.
Account-based audit is an approach wherein the auditor obtains an understanding of control and
assesses control risk for particular types of errors and frauds in specific accounts and cycle.
ACCOUNTING 14 5
Under the PSAs which are risk-based specific audit procedures vary form one engagement to the
next. The following stages, are, however, involved in every engagement.
B. Planning the audit to develop an overall audit strategy and audit plan.
A. Evaluating the audit evidence obtained to determine what additional audit work (if any)
is required.
B. Forming an opinion based on audit findings and preparing the auditor’s report.
Figure 1.1 shows the schematic risk-based audit process in accordance with the guidelines
provided by the International Federation of Accounts.
ACCOUNTING 14 6
ACCOUNTING 14 7
Understanding the audit Risk Model
Audit Risk is the risk that the auditor may give an unqualified opinion on materially misstated
financial statements. It is determined and managed by the auditor. The auditor always wants to
minimize that risk but should take into account the costs associated with gathering that evidence
to minimize the risk. It in intertwined with materiality and is influenced by engagement risk.
Engagement Risk deals with whether the auditor wants to be associated with a particular client
including loss reputation, inability of the client to pay the auditor or financial loss because
management is not honest and inhibits the audit process
Business Risk is risk that affects the operations and potential outcomes of organizational
activities.
Financial Reporting Risk relates to the recording of transactions and the presentation of the
financial data in an organization’s financial statements.
The following considerations are important in integrating the concepts of materiality and risk in
an organization’s financial statements.
1. Audit involves testing or sampling and thus cannot provide absolute (100%) assurance that
the financial statements are free of material misstatements without inordinately driving up
the cost of audits.
2. Not all clients are worth accepting. Since audits rely on testing and to some extent on the
integrity of management, there are some clients that an audit firm should not accept
because the engagement risk is too high.
3. Competition for clients among audit firm is high. Clients choose auditors based on a
number of factors including fees, service, industry knowledge, personal rapport and
ability to assist the client.
5. Risky areas of a business must be identified by the auditors to determine which account
balances are more prone to material misstatements, how the misstatements might occur
and how a client might be able to cover them up.
ACCOUNTING 14 8
Although audit risk is a concept, it is often illustrated using quantitative examples.
For instance, the relationship between engagement risk and audit risk may be presented as
follows:
Engagement Risk
High Moderate Low
Audit Risk Do not accept Set very low Set within
client (1%) professional standards
but can be higher than
companies with
higher engagement
risk (5%)
Setting audit risk at 1% is equivalent to performing a statistical test using 99% confidence
level. Audit risk set at 1% implies that the auditor is willing to take a 1% chance of
issuing an unqualified opinion on materially misstated financial statements.
Audit risk set at 5% implies that the auditor is willing to take a 5% chance for issuing an
unqualified opinion on materially misstated financial statements.
High levels of audit risk are appropriate for clients with lower levels of engagement risk.
Based on the assessment of engagement risk, the auditor sets the desired audit risk. Audit risk is
often times illustrated using numeric or quantitative examples. In fact many audit firms use the
measures associated with statistical sampling to set audit risk, e.g. setting audit risk at 1% level
for high-risk clients and 5% for lower risk clients. Other auditing firms use a broader description
of audit risk as high, moderate or low and adjust the nature of their audit procedures accordingly.
The following general observations are considered to have influenced the implementation of the
audit risk model:
The better the company’s internal controls, the lower the likelihood of material
misstatement.
Unusual or complex transactions are more likely to be erroneously recorded than are
recurring or routine transactions.
The amount and persuasiveness of audit evidence gathered should vary inversely with
audit risk; i.e., lower audit risk requires gathering more persuasive evidence.
These general premises have been incorporated into an audit risk (AR) model with three
components: inherent risk (IR), control risk (CR) and detection risk (DR) as follows:
AR = IR x CR x DR
ACCOUNTING 14 9
where
Control Risk (CR) is the risk that the client’s internal control system will fail to prevent
or detect a misstatement.
Detection risk (DR) is the risk that the audit procedures will fail to detect a material
misstatement.
Stated differently, audit risk is the risk that the auditor may give an unqualified opinion
on materially misstated financial statements. It is influenced by: (IR) the likelihood that a
transaction, estimate, or adjustment might be recorded incorrectly; (CR) the likelihood
that the client’s internal control processes would fail to prevent or detect the misstatement
and (DR) the likelihood that, if a misstatement occurred, the auditor’s procedures would
fail to detect the misstatement.
The audit risk model may also be illustrated using a quantitative approach with
probability assessments applied to each of the model’s component.
XYZ Mining Corporation, an audit client of Aquino and Marcos CPAs., has many
complex transactions and weak internal control. The auditors assess both inherent risk
and control risk at their maximum. This implies that the client does not have effective
control (CR) and there is a high risk that the transaction would be recorded incorrectly
(IR).
The auditors believe that engagement risk is high and have set audit risk at the 0.01 level.
This means that the auditors do not want to take much of a risk that the misstatement
goes undetected in the financial statements.
The effect on the extent of audit procedures and thus, detection risk is as follows:
AR = IR x CR x DR
DR = ( )
.
DR = or 0.01 or 1%
( . . )
In this particular case, detection risk and audit risk are the same because the auditor cannot rely
on internal control to prevent or detect misstatements.
ACCOUNTING 14 10
This illustration therefore yields the instinctive result:
“Poor controls and a high likelihood of misstatement would lead to extended audit work
to maintain audit risk at an acceptable level.”
Zoren Trading Corporation is an audit client of Cayetano and Loren CPAs. Zoren has simple
transactions, well-trained accounting personnel effective control and no incentive to misstate the
financial statements.
The auditor’s previous audit experience with the client; an understanding of the client’s internal
controls and the results of preliminary testing this year indicate a low risk of material
misstatement existing in the accounting records. The auditor assesses inherent risk as low as
50% and control risk of 20%.
DR=
( )
.
DR = (. . )
or 0.50 or 50%
The auditor could therefore design tests of the accounting records with a lower detection risk, in
this situation 50%, because only minimal substantive tests of account balances are needed to
provide corroborating evidence on the expectations that the accounts are not materially
misstated. The auditor, however would have had to test whether the controls are operating
effectively in order to support a control risk assessment below 100%.
The following general observations on an audit client influence the implementation of the audit
risk model:
1. High-risk activities
This includes operations or events where a material misstatement could easily
occur. For example, an inventory of high-value diamonds or gold bars held by a
jeweler, or a new/complex accounting system being introduced.
2. Existence of large non-routine transactions
ACCOUNTING 14 11
Identified significant related party transactions outside the entity’s normal course
of business are to be treated as giving rise to significant risks. This includes
infrequent and large transactions.
For example:
The risk of not detecting a material misstatement resulting from fraud (which is
intentional and deliberately concealed) is higher than the risk of not detecting
one resulting from error.
In evaluating whether significant risks could result from the identified fraud risk
factors and the possible scenarios and schemes identified in team discussions,
consider the following:
ACCOUNTING 14 12
Significant fraud risks may be identified at any stage in the audit as a result of
new information being obtained.
Audit risk is a concept that drives the auditor’s thinking about planning the audit and then
executing an audit. The illustrations are designed to provide guidance, but should not be applied
rotely to any audit client.
CPA firms in determining their approach to implementing the audit risk model should consider
the following limitations:
(a) Inherent risk is difficult to formally assess. Some transactions because of their
complexity are more susceptible to error but it is quite difficult to assess that level of risk
independent of the client’s accounting system.
(b) The model treats each risk component as separate and independent when in fact the
components are not independent. It is also quite difficult to separate a client’s material
controls and inherent risk.
(d) Audit technology is not so fully developed that each component of the model can be
accurately assessed. Auditing is based on testing and precise estimates of the model’s
components are not possible. Auditors can, however, make subjective assessments and use
the audit risk model as guide.
ACCOUNTING 14 13