Audit: Introduction and Process PDF

Summary

This document is a presentation on audit introduction and process. It covers topics like agendas, audit definitions, and Philippine Standards on Auditing. The presentation seems to be geared towards professionals in the accounting field.

Full Transcript

Audit:
Introduction and
Process
Speaker: Arielle Angelique B. Macaraeg, CPA, CTT
Agendas

Financial Statement
SCP methodology
Audit Basic Information
Criteria & Standards
to follow
FS Audit Process
Skills Required
Audit definition by American Accounting Association
A systematic process of objectively obtaining and
evaluating evidence regarding assertions about
economic actions and events to ascertain the degree of
correspondence between these assertions and
established criteria and communicating the results to
interested users.
Philippine Standards on Auditing (Para A1)
This Philippine Standard on Auditing (PSA) establishes the independent
auditor’s overall responsibilities when conducting an audit of financial
statements in accordance with PSAs. Specifically, it sets out the overall
objectives of the independent auditor, and explains the nature and
scope of an audit designed to enable the independent auditor to meet
those objectives. It also explains the scope, authority and structure of
the PSAs, and includes requirements establishing the general
responsibilities of the independent auditor applicable in all audits,
including the obligation to comply with the PSAs. The independent
auditor is referred to as “the auditor” hereafter.
https://aasc.org.ph/wp-content/uploads/2021/11/PSA220-Quality-Management-for-an-Audit-of-Financial-Statements.pdf
What is the purpose of an audit?
Who is the responsible for the preparation of
the financial statements?
Management
Purpose of Audit
The purpose of an audit is to enhance the degree of confidence of
intended users in the financial statements. This is achieved by the
expression of an opinion by the auditor on whether the financial
statements are prepared, in all material respects, in accordance with
an applicable financial reporting framework. In the case of most
general purpose frameworks, that opinion is on whether the financial
statements are presented fairly, in all material respects, in accordance
with the framework. An audit conducted in accordance with PSAs and
relevant ethical requirements enables the auditor to form that
opinion. (PSA 200 para A3)
https://aasc.org.ph/wp-content/uploads/2021/11/PSA220-Quality-Management-for-an-Audit-of-Financial-Statements.pdf
Types of Audit
Types of Auditor

Internal Auditors
External Auditors
Government Auditors
Forensic Auditors
The Independent FS Audit

Responsibility for the FS
What is the responsibility of the auditor?
Form and express and opinion on these financial statements based on
his audit.
The Independent FS Audit

Responsibility for the FS

Assurance provided by the auditor
What type of assurance is provided by the FS
auditor?
Reasonable assurance, not absolute assurance that FS taken as a
whole are free from material misstatements.
The Independent FS Audit

Responsibility for the FS

Assurance provided by the auditor
The use of testing/ Sampling Risk
Error in application of judgment / Non Sampling risk
Reliance on management’s representation
Inherent limitations of the client’s accounting and internal control
system
Nature of evidence
General principles governing the audit of FS

Code of Professional Ethics for CPAs
promulgated by BOA

Philippine Standards on Auditing

Professional skepticism
Theoretical framework on Auditing

Audit function The auditor should There should be no Effective internal
operates on the always maintain long-term conflict control system
assumption that all independence with between the auditor reduces the possibility
financial data are respect to the FS and the client of errors and fraud
verifiable under audit management effecting the FS
Theoretical framework on Auditing

What was held true In the
Consistent application of past will continue to hold
An audit benefits the
GAAP or PFRS results in fair true in the future in the
public
presentations of FS absence of known
conditions to the contrary
Generally Accepted Auditing Standards

General Have adequate technical training and proficiency
Maintain independence in fact and appearance
Standards Exercise due professional care

Standards on Adequately plan the work of the audit
Obtain a sufficient understanding of the entity, environment & its internal control
Fieldwork Obtain sufficient appropriate audit evidence

Standards on State FS are in conformity with GAAP
Implicitly state the principles have been consistently applied
Implicitly state that the entity has disclosed all information
Reporting Express and opinion
PSA Adopted International Standards

International Standards on Auditing (ISAs)

International Standards on Assurance Engagements (ISAEs)

International Standards on Review Engagements (ISREs)

International Standards on Related Services (ISRSs)

International Standards on Quality Control (ISQCs)
System of Quality Control

Elements
Ethical Requirements
Integrity
Objectivity Acceptance
Leadership Professional competence and and Human
responsibilities due care Engagement
Independence continuance of resources and Monitoring
for Quality on Confidentiality performance
client assignment
audits Professional behavior
relationships
Three Main Phases of the Audit

II. III.
I. AUDIT
SUBSTANTIVE CONCLUDING
PLANNING
TESTING PROCEDURES
 Phase I

AUDIT PLANNING

Under a risk-based approach, audit
planning takes the most time of the audit.

Under audit planning, we do:

A. Planning and Risk Identification
B. Strategy and Risk Assessment
A. Planning and Risk
Identification
 Procedures Performed Under
Planning and Risk Identification Phase
Client acceptance and re-acceptance
(CAR)

Check for any independence conflict

Engagement proposal

Understand the client’s business and
industry

Understand entity-level controls
 CAR Procedures

Understanding of the client’s business starts with the acceptance and continuance
procedures.

Accepting the right client is the key to avoid audit failure

Evaluate the client’s background & the reason for the audit.
Determine whether the auditor is able to meet the ethical requirements regarding the client.
Determine need for other professionals.
Communicate with predecessor auditor.
Prepare client proposal.
Select staff to perform the audit.
Obtain an engagement letter.

NB: This form should be prepared for all clients and approved by partners before the
issuance of engagement letters. Accordingly, this should be prepared, if necessary,
at the concluding phase of the current year audit and updated as necessary before
sending the engagement proposal for the following year.
 Independence

All members of the engagement team must be
independent from the client all throughout the audit.

Aside from the yearly independence conflict, we also
document our independence from the client via the
completion of Engagement Independence Confirmation
document
Understanding the Client’s Business and
Industry

Nature of the entity and its environment (Industry, market and operations
Management owners
Suppliers
Accounting policies and information system
Financial performance and reporting
Compliance with laws and regulatory requirements
Outstanding lawsuits and legal correspondence

Related party relationships and transactions

Status of management’s going concern assessment

Role of IT in the entity
When should we complete the
“understanding the business” procedure?

ANS: Understanding the business is
done throughout the audit.
 Understanding the Entity-Level Controls

Understanding of the entity and its environment in
which it operates enables us to:

Identify and assess risk of material misstatements
at:
❖ the financial statement and:
❖ assertion levels

Identify whether these risks could be due to fraud or
error

Note that the risks are considered in developing the audit
strategy that respond to these risks
 Understand entity-level controls
Entity level controls pertain to those aspects of
internal controls that have pervasive impact on the
Company’s controls
Attitude, awareness, actions of
Control environment management/owners (TCWG)

How owners/management consider
Risk assessment risks and take actions to address them
Monitoring Anti-fraud controls; IT general controls
Capture events that affect reporting;
Communicating reporting roles and
Information and communication responsibilities
High-level activities that monitor
Control activities controls/overall accountability
Materiality
 Determine Materiality

When
determining the User expectations: Public entities often use a standard of 5% of
income before taxes, while non-public entities may lean towards
appropriate the lower end of this range if user perceptions are highly
sensitive to reported earnings.
measurement Previous year's materiality measures: Past assessments of
materiality in similar conditions can provide valuable insights.
percentage, Alternative measures: Industry standards like prevailing return on
investment benchmarks can offer additional perspectives.
engagement Entity's perspective: Input from the board or management
teams should regarding materiality can inform the team's assessment.
High-risk engagements: For clients posing greater risk, it's
take into account advisable to opt for percentages at the lower ends of the ranges.

several factors:
 Determine Materiality
Two Levels:

Planning Materiality (PM)
At the overall level, as it relates to financial statements

Tolerable error (TE) [previously called in SCP as Performance
Materiality]
At the individual account level

Nominal amount (NA)
Nominal amounts are determined in posting audit differences to the Summary
of Audit Differences (SAD)
 Determine Materiality

Remember:

TE is used as a basis for determining testing threshholds, while SAD NA is
used to establish a threshhold for clearly trivial misstatements.

We are changing the term “performance materiality (PM) to tolerable error
(TE) to easily distinguish planning materiality (PM) from performance materiality
(PM)

We are also changing the term “audit difference posting threshhold
(ADPT) to a more understandable and easier to remember term of nominal
amount (NA)
 Guidelines for Benchmark Selection

Change in
Normalized Total net assets
EBIT EBIT Revenues Assets Equity or liabilities
Public Entities X
Commercial entities operating under
normal circumstances X
Entities with volatile earnings X

Entities operating at breakeven levels X X X
Entities reporting losses X X

Very small and closely-held entities X X X

Entities under buy/sell agreements X X

Not-for-profit/governmental entities X X
Employee benefit plans X X
 Materiality Benchmarks.
Benchmark Measurement Percentage
Earnings before taxes:
Public entity 5%
Non-public entity 5% to 10%
Normalized earnings before taxes:
Public entity 5%
Non-public entity 5% to 10%
Total revenues 0.5% to 2%
Total assets 0.5% to 2%
Equity 1% to 5%

Change in net assets of benefit plans 3% to 8%
Total assets of benefit plans ¼% to ½%
Claims and insurance premiums of health
3% to 8%
and welfare plans
 Uses of Tolerable Error (TE)

Tolerable error is a concept that enables the auditor to apply planning
materiality at the individual account balance level. The concept is
used to:

Determine which accounts or group of accounts are significant

Develop expectations at the desired precision level when
performing analytics

Determine the extent of testing when using a representative
sample or testing various key items

Conclude on the fairness of the presentation
Summary of Audit Differences (SAD)

IMPORTANT REMINDER:

The Summary of Audit Differences (SAD) should be evaluated
at the end of the audit to determine the impact of the aggregated
uncorrected misstatements to the fairness of the financial
statements and/or the affected individual account.

The SAD evaluation should include not only amounts but also
completeness (or lack thereof) of required disclosures.
WORKSHOP TIME
MATERIALITY COMPUTATION
 Phase I

RECAP: AUDIT PLANNING

Under a risk-based approach, audit
planning takes the most time of the audit.

Under audit planning, we do:
A. Planning and Risk Identification

B. Strategy and Risk Assessment
S: Strategy and Risk
Assessment
 S: Understanding the Business Flow:

We Risk factors
identify

We Risks of material misstatement
determine

We relate
Risks to financial statements
Procedures Performed under this Phase of
the Planning
1. Identify COTs and SCOTS
2. Determine the FOT for the identified SCOTs (through inquiry,
observation, etc)
3. Perform walkthroughs
4. Determine WCGWs ( or the FS Risks)
5. Determine the Assertions affected by the WCGWs
6. Perform tests of controls
7. Design and perform test of journal entries and other
mandatory fraud procedures (this is done until
concluding procedures phase)
8. Perform combined risk assessment
9. Customize audit program
Definitions of COTs, SCOTs, FOT, WCGWs

Class of Transactions (COT)
Categories all transaction into different groups
Significant Class of Transaction (SCOT)
Are classes with high amounts
Flow of Transactions (FOT)
The way figures come into sub ledger and general
ledger. Enables the auditor to identify where
material misstatements could occur.
What can go Wrong (WCGW)
Refers to points where material misstatements due
to error or fraud can occur in a flow of transactions
We focus on those WCGWs that could have a
material effect on the related relevant financial
statement assertion(s).
S1.1: Identify SCOTs, FOT and WCGWs

Based on our understanding of the business, thus far,
identify SCOTs such as the following:
Cash disbursements
Cash receipts
Financial statement close
Purchases and trade payables
Sales and receivables
Payroll
Determine provisions and estimates

Once SCOTs are identified, determine FOT and the
WCGWs.
 S1.2 : Significant Class of Transaction
(SCOT) vs. Flow of Transaction (FOT)
Export Sales Not No
Significant Procedures!!!
100
Sales 10,000

TE: 100
Domestic sales
Audit
9,900 Significant Procedures

FOT

FOT: Record &
Customer Receive
Domestic Production Dispatch send
order Money
Sales Invoice
 S1.3 : Financial Statement vs. Flow of
Transaction
Balance sheet
Assets Liabilities
Equity
Cash

Accounts Payable

Inventory / PP&E

Flow of Receive GDN (Goods Receive &
Transaction Order Order Delivery Record Play Invoice
(FOT) Confirmation Note) Invoice
S1.5 : Understanding FOTs

IT Consideration
Automated aspects
Manual aspects
Computer applications/infrastructure
Critical Paths
How the transactions is:
Initiated
Authorized
Recorded
Processed Segregation of Incompatible Duties
Reported

Custody of assets
Authorized or approval
Recording related transactions
Document our understanding of the FOTs
through Walkthroughs
We perform walkthrough to confirm our understanding
of the processes and to verify that the controls we have
identified to address WCGWs have been placed in
operation. The results of our walkthroughs allow us to
evaluate whether or not the controls over the flow of
transactions identified are likely to be effective in
preventing and detecting material misstatements to the
financial statements.

Walkthrough procedures are conducted every year.
 Tests of Controls

We design the nature, timing and extent of our tests of
controls to obtain sufficient appropriate audit evidence
that the controls selected for testing operate effectively
as designed throughout the period of reliance to
prevent or detect and correct material misstatement
at the assertion level when:

We plan to rely on the operating effectiveness of
the controls in determining the nature, timing and
extent our substantive procedures
Substantive procedures alone cannot provide
sufficient appropriate audit evidence at the assertion
levels (e.g., for highly automated SCOTs)
 Risks and the Audit Formula
The audit risk...

The audit risk is the ultimate acceptable risk that
material monetary errors are not detected.

AUDIT RISK FORMULA
Inherent Risk X Control Risk X Detection Risk = Audit Risk

Combined Risk Assessment
S4: Understanding the Business Flow:
Step 6

Our
Combined
We Risk
Assessment
make (CRA)
S4: FS Risks and Assertions

4 Broad Categories of
Financial Statement Types of Assertions
Risks

accounting errors existence or occurrence
financial reporting completeness
errors cut-off
fraud rights and obligations
going concern valuation or allocation
(gross and net)
presentation and
disclosure
 Combined Risk Assessment (CRA) Table
CONTROL RISK

NOT RELY ON
RELY ON CONTROLS CONTROLS
(not effective test of
(effective tests of controls or controls
controls) not tested)
LOW HIGH
INHERENT RISK

LOWER LOW MODERATE
HIGHER MODERATE HIGH
Test of Journal Entries and Substantive
Procedures

We design the nature, timing and extent of our tests of journal
entries and substantive procedures to reduce the audit risk to an
acceptably low level and enable us to draw reasonable
conclusions on which to base our opinion
The appropriate mix of substantive procedures depends on
factors such as the nature of the account balance and our CRA.
Primary procedures are to be performed, however, regardless of
the CRA
Our CRA affects the timing and extent of our substantive
procedures
 Journal Entry Testing
PSA 240 Requires:
(a) Test the appropriateness of journal entries recorded and
other adjustments made in the preparation of the financial
statements by doing the following:

(i) Make inquiries of individuals involved in the financial
reporting process about inappropriate or unusual activity
relating to the processing of journal entries and other
adjustments;

(ii) Select and review journal entries and other adjustments
made at the end of a reporting period; and

(iii) Test journal entries and other adjustments throughout the
period.
 Journal Entry Testing
What to look for?

Entries that are made:
are made at year end;
are made to unrelated, unusual, or seldom-used accounts;
are posted/adjusted by an unauthorized personnel/ override;
are recorded at the end of the period or as post-closing entries that
have little or no explanation or description;
are made either before or during the preparation of the financial
statements that do not have account numbers;
contain round numbers or consistent ending numbers;
complex (e.g. contain significant estimates) or unusual in nature (e.g.
not in the normal course of business); and
are made subsequent to financial year-end but which affect the
financial statements for the current year.
showed reference code gaps
Prepare Audit Planning Memorandum
(APM) –Minimum Contents

Planning Materiality
Timetable and deliverables
Understanding the entity
Internal controls and risk assessment
Significant Changes in Risk Assessments and Audit
Strategies from prior year
Significant Accounting and Auditing Matters
Requiring Attention
Preliminary Analytic Review
Significant risks areas/accounts identified during
planning stage and our planned responses to them
 ????

Who is responsible for
preparing/performing the planning
phase?
 Phase II

EXECUTION: Testing and
Evidence
 Reliability of Evidence
Not all Audit Evidence is equally reliable. See below for the
hierarchy of audit evidence.

Least reliable Most reliable
Source relative to entity Internal (from inside entity External (from outside
entity)
Source – person: Employee Employee of company External auditor
or auditor
Source – person: Employee Employee of company Third party
of third party
Source: Independence of Associated with company Not Associated with
provider company

Source: Qualifications of Little knowledge of subject Expert in subject
provider
Source: Operation of Not in operation Effective operations
internal controls
 The Considerations for Determining
Whether Audit Evidence is “Sufficient
Appropriate Evidence
Assuming good internal controls and the possibility to
choose a method, these are the following techniques to
be considered (ordered by their reliability):

1. Recalculation
2. Inspection
3. Reperformance
4. Observation
5. Confirmation
6. Analytical procedures
7. Inquiry
Understand the Seven Evidence Gathering
Techniques
1. Recalculation:
► Consist of examining records, documents, or tangible
assets
► Example – checking the calculation of depreciation
expense.
2. Inspection:
► Examining records, documents or tangible assets
► Example – Performing an inventory count.
3. Re-performance:
► Independent execution of procedures or controls that were
originally performed as part of the entity’s internal control.
► Re-perform the aging of accounts receivable.
4. Observation:
► Observe a process or procedure being performed by
another.
► Performing a site visit at the client’s facilities.
Understand the Seven Evidence Gathering
Techniques
5. Confirmation
► The auditor’s receipt of a written or oral confirmation from a
independent third party verifying the accuracy or the information
requested.
► Four Keys Characteristics.
1. Information is requested by auditor.
2. Request and response is in writing, sent to the auditor.
3. Response comes from an independent third party.
4. Positive confirmation involves a receipt of information.
6. Analytical Procedures
► Analysis of significant trends and ratios including the
investigation of fluctuations and relationship that are inconsistent
with other relevant information or that deviate from predictable
amounts.
7. Inquiry
► Seeking information from knowledgeable persons inside or
outside the entity.
 Perform Substantive Testing Procedures

Audit programs should be customized and should be
approved by the manager before they can be used by the
engagement team.
For high risk clients, the audit programs should be
approved by both the manager and the partner

Important: The Audit Programs should not be
presented in 1 file only. Each account work
papers should be accompanied by the relevant
audit program.
 Analytical Review Procedures (ARPs)
When an analytical procedure is used during substantive testing,
as the principal substantive test for a risk, the audit team should
document the following:

the expectation and the factors considered in its development

results of the comparison between the expectation and the
entity’s recorded amount

any additional auditing procedures performed in response to
significant unexpected differences and the results of those
procedures

any corroborating evidence obtained to support any large or
unusual variances between expectations
 Phase III

Concluding and
Reporting
 Concluding Procedures

Review of:
Compliance with laws and regulations
Litigation and claims
Minutes and contracts
Consideration of going concern
Related party transactions and
relationships
Evaluation of SAD
Consolidation procedures
 Concluding Procedures

Preparation of Engagement Completion
Document
Obtaining management representation
letters Review of financial reports/tax
returns/GFFS
Final analytic review
Management letter
 Final Analytic Review

What is the purpose of the final analytic
review?

NB: Use the final/audited balances (CY) vs.
audited balances (PY)
 General

All clients should have duly approved (by partners) Client Acceptance and
Continuance Forms
Planning should be approved by partners. PM at the very least should be discussed
with the partners for their concurrence.
Do not perform procedures on accounts below our TE unless justified (fraud, unusual
account, etc).
An audit program should form part of the work papers of each account. That is, the
Audit Program file of SCP should be separated into accounts.
Always prepare APM
SRM should accompany FS when given to partners for review
Ensure that we obtain management representation (Mgt Rep) letter and ensure to
customize the same. Note: Mgt Rep is different from Mgt Responsibility and/or
Management Letter
 Cash

Send confirmation to ALL bank accounts regardless of the
balance
For cash on hand, esp. for insignificant amounts (e.g., petty
cash fund), certification by the cash custodian would be
enough
Send bank confirmation on or right after year-end
Bank confirmation requests should be prepared by client
but should be sent by us. Do not let the client send the
confirmation themselves.
 Receivables

Always send positive confirmation to sampled debtors/customers
Client’s refusal to send confirmation requests can be a ground for a
qualified opinion due to limitation, hence, should be clearly
documented in the work papers, if applicable
DO NOT WAIT for the confirmation replies. Once samples for
testing have been selected, perform alternative procedures
immediately. Perform subsequent collection testing and/or
examination of source documents (e.g., sales invoice, delivery
receipts, etc.). Examination should be 100%. Examining samples on
samples is not acceptable.
Always perform impairment testing for all types of significant
receivables including those due from related parties.
Always send confirmation to related parties
 Sales

When a company has sales returns,
perform a cutoff the debit/credit
memo covering the sales returns (or
any document used by the client for
sales returns)
If separate delivery receipts are issued
by the client for its sales, perform
cutoff procedures on delivery receipts
also together with the sales invoices.
 Inventories

Always observe physical count of
inventories. Our failure to observe any
count can be a ground for qualification
as this is a primary procedure.
Samples used for physical count
observation should be selected floor to
sheet and sheet to floor.
The sample size should be computed
using the sample calculator
 Liabilities

Negative confirmations are sent for liabilities.
Confirmation requests should be prepared by
client but should be sent by us. Do not let the
client send the confirmation themselves.
Client’s refusal to send confirmation requests
can be a ground for a qualified opinion due to
limitation, hence, should be clearly
documented in the work papers, if applicable
Always send confirmation to related parties
Matters that Do Affect the Auditor’s
Opinion
2. Disagreement with Management
regarding:
-Acceptability of accounting policies
1. Scope Limitation -Method of application and adequacy
of disclosures
-Compliance of statements with
relevant requirements

Disclaimer of
Qualified Opinion
Opinion

Qualified Opinion Adverse Opinion
What auditors actually do in layman’s term?
Skills Required
Strong communication skills
Emotional intelligence
Critical thinking and business acumen
Professional skepticism
Interpersonal skills
SCP Templates
FS audit toolbox
SOQM toolbox
END