Auditing Theory Review Notes PDF
Document Details
Uploaded by AdaptableAmazonite
Tags
Summary
This document provides review notes on auditing theory, specifically focusing on assurance engagements. It covers the fundamentals, objectives, and different types of assurance engagements, including reasonable and limited assurance. The document emphasizes the importance of independence in performing assurance services.
Full Transcript
AUDITING THEORY REVIEW NOTES FUNDAMENTALS OF ASSURANCE ENGAGEMENTS1 Assurance Services/Engagements: Assurance services – independent professional services in which a practitioner issues a written communication that expresses a conclusion designed to enhance...
AUDITING THEORY REVIEW NOTES FUNDAMENTALS OF ASSURANCE ENGAGEMENTS1 Assurance Services/Engagements: Assurance services – independent professional services in which a practitioner issues a written communication that expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria Assurance engagement – an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria Assurance services improve the quality of information for decision-making. Assurance refers to the practitioner‘s satisfaction as to the reliability of an assertion being made by one party for use by another party; it is the degree of certainty the practitioner has attained and wishes to convey to intended users Independence is required whenever a professional accountant performs assurance services. Objective of an Assurance Engagement, In General: Assurance engagements performed by professional accountants are intended to enhance the credibility of information about the outcome of the evaluation or measurement of a subject matter against criteria , thereby improving the likelihood that the information will meet the needs of an intended user. Assurance engagements enhance the degree of confidence of the intended user because the quality of information for decision making is improved. Objective of Assurance Engagements: According to the Philippine Framework for Assurance Engagements, an assurance engagement is conducted: a. To provide a high level of assurance that the subject matter conforms in all material respects with identified suitable criteria; or b. To provide a moderate level of assurance that the subject matter is plausible in the circumstances. Types of Assurance Engagements and their Objectives: 1. Reasonable assurance engagements – engagements that provide high, but not absolute, level of assurance Also called high-level engagements The objective of a reasonable assurance engagement is a reduction in assurance engagement risk to an acceptably low level as the basis for a positive form of expression of the practitioner‘s conclusion. Reasonable assurance is achieved if assurance engagement risk is reduced to an acceptably low level (close to zero). For assurance engagements regarding historical financial information in particular, reasonable assurance engagements are called audit engagements. An audit engagement is an assurance engagement to provide a high level of assurance that the financial statements are free of material misstatement. This high level of assurance is expressed positively in the audit report as ―reasonable assurance‖. Absolute assurance is not attainable: In assurance engagements, absolute assurance is generally not attainable because of such factors as: Use of judgment Use of testing Inherent limitations of internal control Most evidence available to the practitioner is persuasive rather than conclusive In some cases, the characteristics of the subject matter 2. Limited assurance engagements – engagements that provide only a ―moderate‖ or ―limited‖ level of assurance The objective of a limited assurance engagement is a reduction in assurance engagement risk to an acceptable level as the basis for a negative form of expression of the practitioner‘s conclusion. Thus, the risk in limited assurance engagement is greater than for a reasonable assurance engagement. Moderate assurance is achieved if assurance engagement risk is reduced to an acceptable 1 NOTES FROM SIR RED SIRUG HANDOUTS ON AUDITING THEORY AUDITING THEORY REVIEW NOTES level. For assurance engagements regarding historical financial information in particular, limited assurance engagements are called review engagements. Assurance Engagement Risk: Assurance engagement risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. Components of assurance engagement risk: 1. Risk of material misstatement – the risk that the subject matter is materially misstated a. Inherent risk – the susceptibility of the subject matter information to a material misstatement, assuming that there are no related controls b. Control risk – the risk that a material misstatement that could occur will not be prevented, or detected and corrected, on a timely basis by related internal controls 2. Detection risk – the risk that the practitioner will not detect a material misstatement that exists Assertion-based and Direct Reporting Engagements: 1. Assertion based engagements – evaluation or measurement of the subject matter is performed by the responsible party, and the subject matter information is in the form of an assertion by the responsible party that is made available to the interested users Assertion-based engagements are also known as attestation engagements Examples of assertion-based engagements: a. Audit engagements b. Review engagements In an assertion-based engagement, the practitioner‘s conclusion can be worded in terms of the responsible party‘s assertion. For example: ―In our opinion the responsible party‘s assertion that internal control is effective, in all material respects, based on XYZ criteria, is fairly stated‖ 2. Direct reporting engagements – the practitioner either directly performs the evaluation or measurement of the subject matter, or obtains a representation from the responsible party that has performed the evaluation or measurement that is not available to the intended users In a direct reporting engagement, the practitioner‘s conclusion is worded directly in terms of the subject matter and the criteria. For example: ―In our opinion internal control is effective, in all material respects, based on XYZ criteria‖ Range of Assurance Engagements: a. Engagements to report on a broad range of subject matters covering financial and non-financial information b. Attest and direct reporting engagements c. Engagements to report internally and externally, and d. Engagements in the private and public sector Examples of Assurance Engagements: 1. Audits of financial statements 2. Examination of prospective financial statements 3. Reporting on compliance with laws, rules and regulations 4. Other assurance services: a. CPA risk advisory b. Business performance measurement services c. Health care performance measurement services d. Elder Care Plus e. Risk Assessment Services f. CPA Web Trust Service g. Information Systems Reliability Requirements before a practitioner can accept an assurance engagement: Only where the practitioner‘s knowledge of the engagement circumstances indicates that: 1. Relevant ethical requirements, such as independence and professional competence will be satisfied; and 2. The assurance engagement exhibits all of the following characteristics: a. The subject matter is appropriate b. The criteria to be used are suitable and are available to the intended users AUDITING THEORY REVIEW NOTES c. The practitioner has access to sufficient appropriate evidence to support the practitioner‘s conclusion; d. The practitioner‘s conclusion, in the form appropriate to either a reasonable assurance engagement or a limited assurance engagement, is to be contained in a written report, and e. The practitioner is satisfied that there is a rational purpose for the engagement. Elements of Assurance Engagements: Not all engagements performed by practitioners are assurance engagements. An assurance engagement must have the following elements: 1. Three party relationship (involving a practitioner, a responsible party and intended users) 2. Appropriate subject matter 3. Suitable criteria 4. Sufficient appropriate evidence 5. Written assurance report in the form appropriate to a reasonable assurance engagement or a limited assurance engagement Three Party Relationship: a. Practitioner – CPA in public practice who performs the assurance engagement The term practitioner is broader than the term ―auditor‖ as used in professional standards, which only refers to practitioner performing audit or review engagements with respect to historical financial information. b. Responsible party – person/s who is responsible for the subject matter or the assertion (sub ject matter information) For example, an entity‘s management is responsible for the preparation and presentation of financial statements or the establishment and implementation of internal control. c. Intended user/s – person, persons or class of persons for whom the practitioner prepares the assurance report; they are the users to whom the practitioner usually addresses the report Responsible party and intended user: The responsible party and the intended users may be from different entities or the same entity. The practitioner may be engaged by the responsible party or the intended user. The responsible party can be one of the intended users, but not the only one. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. In cases where the CPA may not be able to identify all intended users, intended users may be limited to major stockholders with significant and common interests. In some circumstances, the intended user may be established by law. The responsible party may also be one of the intended users. The intended user may be established by agreement between the practitioner and responsible party or those engaging or employing the practitioner. Appropriate Subject Matter: Subject matter refers to the information to be evaluated or measured against the criteria. Subject matter information means the outcome of the evaluation or measurement of a subject matter. Subject matter in an audit of financial statements: Subject matter includes the financial position, financial performance and cash flows of the entity Subject matter information is the set of financial statements Responsible party is the client/entity management Requirements for subject matter to be considered appropriate: a. Identifiable b. Capable of consistent evaluation and measurement against suitable criteria c. In the form that can be subjected to procedures for gathering evidence to support that evaluation or measurement Forms of subject matter of an assurance engagement: 1. Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may AUDITING THEORY REVIEW NOTES be the recognition, measurement, presentation and disclosure represented in the financial statements 2. Non-financial performance or conditions (for example, performance indicators of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness 3. Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document 4. Systems and processes (for example, entity‘s internal control or IT system) for which the subject matter information may be an assertion about effectiveness 5. Behavior (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness Suitable Criteria: Criteria refer to the standard or benchmark used to evaluate or measure the subject matter of an assurance engagement, including, where relevant, benchmarks for presentation and disclosure. Without frame of reference provided by suitable criteria, any conclusion is open to individual interpretation and misunderstanding. Five characteristics of suitable criteria: a. Relevance – relevant criteria contribute to conclusions that assist decision-making by the intended users b. Completeness – criteria are sufficiently complete when relevant factors that could affect the conclusions in the context of the engagement circumstances are not omitted. Complete criteria include, where relevant, benchmarks for presentation and disclosure. c. Reliability – reliable criteria allow reasonably consistent evaluation or measurement of the subject matter when used in similar circumstances by similarly qualified practitioners d. Neutrality – neutral criteria contribute to conclusions that are free from bias e. Understandability – understandable criteria contribute to conclusions that are clear, comprehensive, and not subject to significantly different interpretations Two types of criteria: 1. Established criteria – are those criteria that are embodied in laws or regulations or issued by authorized or recognized bodies of experts that follow a transparent due process Examples: 2. Specifically developed criteria – those criteria specifically designed for the purpose of the engagement Whether criteria are established or specifically developed affects the work that the practitioner carries out to assess their suitability for a particular engagement. Examples of suitable criteria: Applicable financial reporting framework which is the Philippine Financial Reporting Standards (PFRS) – in case of audit of financial statements Applicable law or regulation or contract – in case of compliance audit Established internal control framework or stated internal control criteria – in case of report on internal control Availability of criteria to intended users: Criteria need to be made available to the intended users in one or more of the following ways: a. Publicly b. Through inclusion in a clear manner in the presentation of the subject matter information c. Through inclusion in a clear manner in the assurance report d. By general understanding, for example, the criterion for measuring time in hours and minutes Sufficient Appropriate Evidence: The practitioner shall plan and perform the engagement with an attitude of professional skepticism to obtain sufficient appropriate evidence that the assertions are free of material misstatements. Professional skepticism – an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of evidence Evidence – refers to the information obtained by the practitioner in arriving at the conclusions on which the conclusion is based Sufficiency – refers to the measure of the quantity of evidence Appropriateness – refers to the measure of the quality of evidence, that is, its relevance and AUDITING THEORY REVIEW NOTES its reliability Written Assurance Report: A written assurance report should be in the form appropriate to a reasonable assurance engagement or a limited assurance engagement. The practitioner should provide a written report containing a conclusion that conveys the assurance obtained about the subject matter information. In addition, the practitioner considers other reporting responsibilities, including communicating with those charged with governance when it is appropriate to do so. Levels of assurance provided in the written report: Type or level Form of conclusions Example of assurance Reasonable Positive form of ―In our opinion internal control is effective, in assurance expression of the all material respects, based on XYZ criteria.‖ practitioner‘s conclusion Limited Negative form of ―Based on our work described in this report, assurance expression of the nothing has come to our attention that causes us practitioner‘s conclusion to believe that internal control is not effective, in all material respects, based on XYZ criteria.‖ Attestation Services: An attestation service is a type of assurance service in which a practitioner is engaged to issue a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of another party. Attestation generally refers to an expert's written communication of a conclusion about the reliability of someone else's assertions. The subject matter of attestation services include: Financial and non-financial in nature Future-oriented financial information (such as the examination of prospective financial information) Management's discussion and analysis Effectiveness of internal control Compliance with statutory, regulatory, and contractual obligations Relationships among Auditing, Attestation, and Assurance Services: a. Similarity: These services are often used interchangeably because they encompass the same decision-process b. Main difference/distinction: Scope of services ―Assurance services‖ is broader in scope and in concept than either auditing or attestation. It encompasses both audit and attestation services. Otherwise stated, attestation and audit services are subsets of assurance services. ―Attestation services‖ is broader than audit because attest function is beyond historical FS. Attestation services cover even non-GAAP FS. Auditing, particularly FS audit, is a type of assurance and attestation service that involves examination of historical FS prepared in accordance with GAAP. Non-assurance Engagements: Not all engagements are assurance engagements. Other engagements performed by practitioners that do not meet the definition of assurance engagement are classified as non-assurance engagements or services. Non-assurance engagements are those that do not result in the practitioner‘s expression of a conclusion that provides a level of assurance, whether negative assurance or other form of assurance. The practitioner does not convey to the intended users any assurance as to the reliabi lity of an assertion. The practitioner‘s primary purpose for performing non-assurance services is to provide advice and technical assistance that will enable a client to conduct its business more effectively. Examples of non-assurance engagements: 1. Related services, such as: a. Agreed-upon procedures engagements, and b. Compilations of financial or other information engagements 2. Tax services (such as the preparation of tax returns where no conclusion conveying assurance is expressed) 3. Consulting (or advisory) engagements, such as management and tax consulting AUDITING THEORY REVIEW NOTES Agreed-upon Procedures Engagements: Objective of agreed-upon procedures engagements: For the auditor to carry out procedures of an audit nature as agreed by the auditor and the entity and any appropriate third parties and to report on factual findings No assurance is expressed in the report: The users/recipients of the report assess for themselves the procedures and findings reported by the auditor and form their own conclusions from the report by the auditor. Distribution of report is restricted: The report on agreed upon procedures engagement is restricted to those parties that have agreed to the procedures to be performed since others who are unaware of the reasons for the procedures may misinterpret the results. According to PSRS 4400, the report on an agreed-upon procedures engagement needs to describe the purpose and the agreed-upon procedures of the engagement in sufficient detail to enable the users of the report to understand the nature and extent of the work performed. Compilation of Financial or Other Information Engagements: Objective of compilation engagements: For the accountants to use accounting expertise, as opposed to auditing expertise, to collect, classify and summarize financial information. Compilation engagements ordinarily include preparation of financial statements. No test of assertions: A compilation engagement ordinarily entails reducing detailed data to a manageable and understandable form without a requirement to test the assertions underlying that information. No assurance is expressed in the report: The procedures employed are not designed to enable the accountant to express any assurance on the financial information. Benefit to users: Users of the compiled financial information derive some benefit as a result of the accountant's involvement because the service has been performed with professional competence and due care. Tax Services: 1. Tax compliance – includes the preparation of tax returns (for individuals, corporations, estates and trusts, and other entities) and acting as client‘s representative to tax authorities or in tax litigations 2. Tax planning – includes the determination of the tax consequences of planned or potential transactions (legally minimizing client‘s tax liability) followed by making suggestions on the most desirable course of action Management Consulting: Management advisory (consulting) services – refers to the function of providing professional advisory (consulting) services, the primary purpose of which is to improve client‘s use of its capabilities and resources to achieve the objectives of the organization. Advisory (consulting) services are professional services that provide advice and assistance to clients by improving their condition directly. Advice or assistance to clients may cover the entity‘s organization, operations, risk management, systems design and implementation, process personnel, corporate finances, or other activities. A pervasive characteristic of a CPA‘s role in a consulting services engagement is that of being an objective advisor on the use of information. Assurance Services vs. Consulting Services: Although assurance services and consulting services have basic similarities in terms of knowledge employed and exercise of skills, they can be distinguished as follows: Points of distinction Assurance services Consulting services Primary purpose To improve quality or context of To recommend uses for information information by enhancing its for better outcomes credibility Number of parties 3 parties 2 parties: the CPA and the client Focus Decision makers and information they used for optimum decisions Outcomes Output’s objective Intended to improve decision Designed to improve client‘s maker‘s condition only indirectly condition directly through findings, through the use of high-quality conclusions and recommendations information Competing interests May exist between management No competing interests and users of financial statements Form of communication Written report Either written or oral with the client communication Comparative Examples of Assurance and Non-Assurance Services: AUDITING THEORY REVIEW NOTES Categories of Services / Engagements Assurance Services Non-Assurance Services Audit Review Other assurance 1. Audit of FS 1. Review of FS 1. Examination of 1. Agreed-upon procedures prospective FS 2. Compilation of financial or other 2. Audit of internal 2. Review of interim information control over financial 2. CPA risk 3. Preparation of tax returns when financial reporting information advisory no conclusion is expressed 4. Consulting or advisory services: Tax consulting Management consulting Other advisory services Levels of Assurance for Audit, Review, Agreed-upon Procedures and Compilation The basic distinction between audit, review and related services is the level of assurance provided by the auditor in the engagement. Assurance refers to the practitioner‘s satisfaction as to the reliability of an assertion being made by one party for use by another party. The level of assurance is the degree of the practitioner‘s satisfaction or degree of certainty the practitioner has attained and wishes to convey to intended users. Such level o r degree of assurance depends on the procedures performed and the evidence collected by the practitioner. Engagements and level of assurance: 1. Audit: The auditor provides a reasonable (high, but not absolute) level of assurance that the information subject to audit is free of material misstatement. This is expressed positively in the audit report as reasonable assurance. 2. Reviews: The auditor provides a moderate/limited level of assurance that the information subject to review is free of material misstatement. This is expressed in the form of negative assurance. 3. Agreed-upon procedures: No assurance is expressed. The auditor simply provides a report of the factual findings. Users of the report assess for themselves the procedures and findings reported by the auditor and draw their own conclusions from the auditor's work. 4. Compilation: Although the users of the compiled information derive some benefit from the accountant's involvement, no assurance is expressed in the report. Distinctions between Typical Assurance and Non-Assurance Services: Non-Assurance Services Point of Assurance Services (Related Services) distinction Audit Review Agreed-upon Compilation procedures Objective To express To report whether To perform audit To assist the client in opinion on anything has come procedures agreed financial statements fairness of to the auditor‘s on with the client preparation by using financial attention that causes and any appropriate accounting expertise statement him to believe that third parties as opposed to auditing the financial identified in the expertise statements are not report fair Characteristics Audit opinion Substantially less in Recipients of Accounting enhances the scope of procedures the report must expertise, rather credibility of than audit form their own than auditing, is financial conclusions used statements from the report Users derive some Report is benefit because restricted to the service has contracting been performed parties with due professional skill and care Evidence Risk assessment, Limited to: Reading of the FS for gathering Tests of controls Inquiry; and As agreed obvious misstatements procedures and Substantive Analytical tests procedures (The auditor obtains AUDITING THEORY REVIEW NOTES an understanding of the entity and its environment, including internal control, but no evaluation of internal control is conducted.) Level of Reasonable assurance assurance Moderate (limited) No assurance No assurance provided by (High, but not assurance the CPA absolute, assurance) Report Audit Report Review Report Factual findings of Compilation Report provided containing containing procedures which identify positive negative assurance information compiled assurance on on assertion assertion Skills used by Audit skills Audit skills Audit skills Accounting skills the auditor Pronouncements on Assurance Engagements: The following are the forms of pronouncements of the Auditing and Assurance Standards Council (AASC): AASC Engagement Standards Applications Related Practice Statements a. Philippine Standards on Auditing FS audit engagements Philippine Auditing Practice (PSAs) Statements (PAPSs) b. Philippine Standards on Review Review engagements Philippine Review Engagements (PSREs) Engagement Practice Statements (PREPSs) c. Philippine Standards on Assurance Other assurance Philippine Assurance Engagements (PSAEs) engagements dealing Engagement Practice with subject matters other Statements (PAEPSs) than historical financial information d. Philippine Standards on Related Related services Philippine Related Services Services (PSRSs) Practice Statements (PRSPSs) Other pronouncements: e. Philippine Standards on Quality Control (PSQCs) – to be applied for all services that fall under the AASC‘s engagement standards, namely, audit, review, other assurance, and related services f. Philippine Framework for Assurance Engagements – to be applied for assurance engagements PSAs, PSREs, PSAEs, and PSRSs are collectively referred to as the AASC's Engagement Standards. The AASC issues Practice Statements to provide interpretive guidance and practical assistance to practitioners in implementing the Engagement Standards and to promote good practice. Philippine Framework for Assurance Engagements: The Framework: Defines and describes the elements and objectives of an assurance engagement. Identifies engagements to which assurance engagement standards (PSAs, PSREs, and PSAEs) apply Provides frame of reference for: a. Practitioners who perform assurance engagements (such as audit and review engagements) b. Others involved with assurance engagements (such as the intended users and the responsible party), and c. The International Auditing and Assurance Standards Board (IAASB) in its development of assurance engagement standards which will be adopted by the AASC for application in the Philippines. Distinguishes assurance engagements and non-assurance engagements (non-assurance engagements are not covered by the Framework). Sets out characteristics that must be exhibited before a practitioner can accept an assurance engagement. AUDITING THEORY REVIEW NOTES In addition to the Framework and PSAs, PSREs and PSAEs, practitioners who perform assurance engagements are governed by: The Code of Ethics for Professional Accountants in the Philippines The Philippine Standards on Quality Control (PSQCs) The Framework does not itself establish standards or provide procedural requirements for the performance of assurance engagements. Reports on Non-Assurance Engagements: a. Should not use the words ―assurance‖, ―audit‖ or ―review‖ b. Should not imply compliance with assurance engagement standards (PSAs, PSREs or PSAEs) c. Should not include a statement that may be misinterpreted as assurance engagements Practitioner’s association with the subject matter: A practitioner is associated with financial information when: a. The practitioner reports on information about that subject matter, that is, the practitioner attaches a report to that financial information; or b. The practitioner consents to the use of the his name in a professional connection with that subject matter If the practitioner is not associated in this manner, third parties can assume no responsibility of the practitioner. Remedies in case of inappropriate use of the practitioner’s name by other party: If the practitioner learns that a party is inappropriately using the practitioner‘s name in association with a subject matter, the practitioner should: Require the other party (i.e., management) to cease associating the practitioner with the subject matter Consider what other steps may be needed, such as informing any known third party users of the inappropriate use of the practitioner‘s name Seek legal advice INTRODUCTION TO AUDITING Auditing, Defined: Auditing is ―a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to the interested users.‖ Two processes of auditing: a. Investigative process – involves the systematic gathering and evaluation of evidence as a basis for determining whether assertions made by responsible person correspond with the established criteria b. Reporting process – involves communicating the audit opinion to interested users Important Concepts: 1. Systematic process – auditing involves structured/logical series of sequential steps or procedures known as the audit process 2. Objectively obtaining and evaluating evidence – auditing involves gathering and evaluating sufficient appropriate audit evidence that will support the auditor‘s opinion Objectivity refers to the combination of impartiality, intellectual honesty and freedom from conflicts of interest. Audi evidence is the information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. 3. Assertions about economic actions and events – assertions are the subject matter of auditing In the context of audit of financial statements, assertions are representations of management, explicit or otherwise, that are embodied in the financial statements. Assertions include the accounts, balances/amounts and disclosures appearing on the face of the financial statements (and in the notes to financial statements) and which the management claims to be free of misstatements. AUDITING THEORY REVIEW NOTES Audit evidence gathered and evaluated by the auditor may support or contradict the assertions of management. 4. Established criteria – the standards or benchmarks that are needed to judge the validity of the assertions on the financial statements In the context of audit of financial statements, the established criteria are the applicable financial reporting framework (for example, the PFRS). 5. Ascertain the degree of correspondence between assertions and established criteria – The auditor‘s objective is to determine whether the assertions conform with established criteria, that is, whether the financial statements are prepared, in all ma terial respects, in accordance with the applicable financial reporting framework (such as the PFRS). 6. Communicating the results to the interested users – The ultimate objective of audit is the communication of audit findings/opinion on the fairness of the financial statements to interested users. Communicating results is achieved through issuance of a written audit report which contains the audit opinion (or disclaimer of opinion). Interested users are the wide variety of financial statements users who rely on the auditor‘s opinion such as the stockholders, creditors, potential investors and creditors, management, government agencies, and the public (in general). FS audit is an Assurance Engagement: Financial statements audit engagement is an assurance engagement because it provides a reasonable (high but not absolute) level of assurance that the subject matter conforms in all material respects with identified suitable criteria. It has the elements of an assurance engagement as follows: 1. Three Party Relationship: a. Practitioner: Independent or External auditor b. Responsible party: Client‘s management c. Intended users: Users of financial statements 2. Subject matter: Assertions/Financial statements of the client company 3. Criteria: Applicable financial reporting framework / GAAP in the Philippines (PFRS) 4. Sufficient appropriate evidence: Auditor obtains sufficient appropriate audit evidence as a basis for audit conclusion/opinion 5. Written Assurance Report: Independent auditor‘s report contains the audit conclusion/opinion Need for Independent Audit of Financial Statements: The primary economic reason for an audit of financial statements is the demand by external users for reliable or fairly stated financial statements that they will use in making economic decisions. Thus, the market for auditing services is driven by demand by external financial statements users. An audit can help reduce information risk, that is, the risk that the financial statements that will be used for decision-making are materially misleading, unreliable or inaccurate. Four conditions/reasons that gave rise to a demand for independent audit of financial statements: a. Potential conflict of interest between users and preparers of the financial information can result in biased information – Client management may not be objective in financial reporting. It may provide impressive but biased, unrealistic, or misleading financial statements to obtain benefits that it seeks. On the other hand, financial statement users need unbiased, realistic, or reliable financial statements. b. Remoteness of users – Users do not have access to entity‘s records to personally verify the reliability of the financial information. c. Complexity of subject matter requires expertise – Expertise is often required for information preparation and verification. Users of financial statements are not equipped with the necessary skills, competence, and knowledge of complexities of accounting and auditing to determine whether the financial statements are reliable. d. Consequence for decision making – Financial statements are used for important decisions that involve significant amount of money. If a decision is based on misleading financial information, it could have substantial financial or economic consequences on decision makers. Another condition that gave rise to demand for audit of financial statements is the stewardship or agency theory which means that management wants the credibility an audit adds to the financial statement to enhance stewardship of the financial statement and to lessen the owner‘s mistrust of the management. AUDITING THEORY REVIEW NOTES Elements of Theoretical Framework of Auditing: Auditing concepts and standards are based on the following postulates and assumptions which form part of the elements of theoretical framework of auditing: 1. An audit benefits the public. – the primary beneficiary of reliable financial statements are the wide variety of users (intended users) 2. Financial data and statements to be audited are verifiable. – if financial statements are not verifiable, there can be no audit Financial statements or data are verifiable if two or more qualified individuals, working independently, each reach essentially similar conclusions. 3. The auditor should always maintain independence with respect to the client whose financial statements are subject to audit. – audit opinion and the audit report would be of little or no value if auditor is not independent 4. Effective internal control system reduces the possibility of errors and fraud affecting the financial statements. – Internal control affects the reliability of the financial statements. The stronger the internal control is, the lesser the possibility of errors and fraud, and consequently, the more reliance on internal control can be placed or assurance that it can generate reliable accounting data and financial statements. 5. There should be no long-term conflict between the auditor and the client management. – Short-term conflicts may exist between the management who prepare the data and auditors who examine the data but such conflicts must be resolve since both must be interested in fairness of the financial statements. 6. Consistent application of GAAP results in fair presentation of FS. – The criterion in financial statement audit is an identified or applicable financial reporting framework, which is usually the PFRS. 7. What was held true in the past will continue to hold true in the future in the absence of known conditions to the contrary. – Experience and knowledge accumulated from auditing a client in prior years can be used to determine the appropriate audit procedures that need to be performed. Examples of Instances Requiring Independent Financial Statements Audit: Application for a bank loan Establishing credit worthiness for purchase of merchandise, equipment, or other assets Reporting financial position, operating results, and cash flows to absentee owners (stockholders or partners) SEC requirements: Issuance of securities by a corporation Annual FS by a corporation with securities listed on a stock exchange or traded over the counter Sale of a business (such as merger) requires due diligence audit Termination of a partnership Preparation of income tax returns Establishing losses from fire, theft and burglary Bankruptcy and insolvency cases Audit of Financial Statements: Audit of financial statements is the objective examination of financial statements to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Synonyms: Audit of financial statements is sometimes called: Independent audit because in an audit of financial statements the auditor is independent of the client subject to audit. External audit because it is performed by an external auditor who is not an employee of the client subject to audit. Financial audit Various descriptions: Independent auditing has been described in a variety of ways, as follows: It involves objective examination of and reporting on financial statements prepared by management It is a discipline which attests to the results of accounting and other functional operations and data. It lends credibility to the financial statements. It provides increased assurance to users as to the fairness of the financial statements. AUDITING THEORY REVIEW NOTES Its essence is to determine whether the client‘s financial statements are fairly stated. It enhances the degree of confidence of interested users in the financial statements. It provides reasonable assurance that the financial statements fairly reflect the economic substance of the transactions and events reflected in those statements. Purpose of an Audit of Financial Statements: The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. Such purpose is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Overall Objectives of the Independent Auditor: a. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. Reasonable assurance means high, but not absolute, level of assurance Reasonable assurance is the basis for the auditor‘s opinion. Reasonable assurance is achieved when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. b. To report on the financial statements and to communicate such report in accordance with the auditor‘s findings. Auditor’s opinion and reasonable assurance: The auditor's opinion, as expressed in the auditor‘s report, enhances the credibility of the financial statements by providing a reasonable assurance that the financial statements are fairly presented or free from material misstatement. Audit opinion is based on whether reasonable assurance is obtained: 1. When reasonable assurance is obtained: Auditor shall express an unqualified opinion 2. When reasonable assurance cannot be obtained: The auditor is required to: a. Express a qualified opinion in the auditor‘s report b. If qualified opinion is insufficient in the circumstances: Disclaim an opinion or Withdraw from the engagement, where withdrawal is legally permitted Audit Opinion and Audit Report: Audit opinion: In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on which to base that opinion. The auditor‘s opinion is on the fairness of the audited financial statements. The auditor's opinion helps establish the credibility of the financial statements. Auditor’s report: the primary product of an audit engagement the end product of the audit process a written report that contains auditor‘s opinion about the fairness of the FS the medium through which the auditor communicates the results of his or her work Example of Standard Independent Auditor’s Report (pls. refer to PSA 700; pls. memorize) Importance of audit opinion/audit report: It lends credibility to the FS. It provides increased assurance (reasonable assurance) to users as to the fairness of the FS. An FS audit is: NOT a certification or guarantee as to accuracy or fairness of the FS. NOT an assurance as to future viability of the entity. NOT an assurance as to efficiency or effectiveness of the client‘s business operations. NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing business with it. AUDITING THEORY REVIEW NOTES Scope of an Audit of Financial Statements: The auditor‘s opinion on the financial statements deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. The auditor‘s opinion or the audit of financial statements is: NOT an assurance as to future viability of the entity. NOT an assurance as to efficiency or effectiveness with which client‘s management has conducted the affairs of the entity. NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing business with it. NOT a certification or guarantee as to accuracy or fairness of the financial statements. When an applicable law or regulation requires an auditor to provide opinions on other specific matters (such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements) the auditor would be required to undertake further work if he had additional responsibilities to provide such opinions. Financial Statements: Financial statements are a structured representation of historical financial information (including related notes which comprise a summary of significant accounting policies and other explanatory information), intended to communicate an entity‘s economic resources or obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework. The term ―financial statements‖ ordinarily refers to a complete set of financial statements, but can also refer to a single financial statement. End Products of Audit Engagement: a. Independent auditor‘s report – the primary product of audit engagement b. Certain other communication and reports – other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, in relation to matters arising from the audit (as may be required by the PSAs or by applicable laws or regulations) Examples: Communication with those charged with governance Auditor‘s responsibilities relating to fraud in an audit of financial statements Management Responsibility for the Financial Statements: An audit in accordance with PSAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged and understand that they have responsibility over the financial statements. Management responsibility over the financial statements includes: 1. Responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework which includes: a. Identification of applicable financial reporting framework, in the context of any relevant laws or regulations b. Preparing the financial statements in accordance with that framework c. Adequate description of that framework in the financial statements d. Making reasonable accounting estimates e. Selecting and applying appropriate accounting policies 2. Responsibility for designing, implementing and maintaining internal control that is relevant or necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error, and 3. Responsibility to provide the auditor with: a. All information (such as records, documentation and other matters) that are relevant to the preparation and presentation of the financial statements b. Any additional information that the auditor may request from management for the purpose of the audit; and c. Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. Auditor’s responsibility vs. client management’s responsibility: The client management, with oversight from those charged with governance, has the responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework. In other words, the management is primarily responsible for the fairness of the financial statements. The auditor‘s responsibility for the financial statements is confined to the expression of opinion on them. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities over the financial statements because the auditor merely audits the financial statements. AUDITING THEORY REVIEW NOTES However, an auditor may make suggestions on the form and content of financial statements or may draft statement. Applicable Financial Reporting Framework: Applicable financial reporting framework means the financial reporting framework adopted by management (and, where appropriate, those charged with governance) in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or that is required by law or regulation. The applicable financial reporting framework often encompasses financial reporting standards established by: An authorized or recognized standards setting organization (such as PFRSC) Legislative or regulatory requirements Other sources of applicable financial reporting framework: The legal and ethical environment (including statutes, regulations, court decisions, and professional ethical obligations in relation to accounting matters) Published accounting interpretations of varying authority issued by standards setting, professional or regulatory organizations Published views of varying authority on emerging accounting issues issued by standards setting, professional or regulatory organizations General and industry practices widely recognized and prevalent; and Accounting literature Where conflicts exist between the financial reporting framework and the sources from which direction on its application may be obtained, or among the sources that encompass the financial reporting framework, the source with the highest authority prevails. Financial reporting frameworks encompass primarily the financial reporting standards established by an organization that is authorized or recognized to promulgate standards to be used by entities for preparing general purpose financial statements are often designed to achieve fair presentation, for example, International Financial Reporting Standards (PFRSs). Basic Distinction between Auditing and Accounting: Auditing involves verification of FS and its fairness of presentation while accounting involves preparation and presentation of FS Accounting precedes auditing because without FS there could be no FS audit. Auditing begins when accounting ends. The end product of the accounting process is a set of FS while the end product of the audit process is an auditor‘s report. An auditor must be proficient/expert in accounting (since the auditor will use GAAP in evaluating the fairness of the FS) as well as in auditing (specifically in accumulation and interpretation of audit evidence); an accountant need not be proficient in auditing Separate disciplines: Auditing is a separate discipline or field of study With different frameworks/foundations: Accounting – Framework for Preparation of FS Auditing – a) Philippine Framework for Assurance Engagements, and b) Framework of Philippine Standards on Auditing Auditing – governed by GAAS; Accounting – governed by GAAP/PFRS Dissimilar bodies of knowledge (accounting – GAAP; auditing – GAAS) Requirements Relating to an Audit of Financial Statements: 1. Relevant ethical requirements – The auditor shall comply with relevant ethical requirements, including those pertaining to independence, relating to financial statement audit engagements. Relevant ethical requirements ordinarily comprise: a. Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics) promulgated by the Board of Accountancy Compliance with the Code of Ethics is necessary in order to ensure the highest quality of performance and to maintain public confidence in the profession and in the context o f audit of financial statements, maintain public confidence in the auditor‘s work. AUDITING THEORY REVIEW NOTES (1) Part A of the Code of Ethics – establishes the fundamental principles of professional ethics relevant to the auditor when conducting an audit of financial statements and provides a conceptual framework for applying those principles The fundamental principles of professional ethics are: a) Integrity b) Objectivity c) Professional competence and due care d) Confidentiality, and e) Professional behavior (2) Part B of the Code of Ethics – illustrates how the conceptual framework is to be applied in specific situations (3) Independence It is in the public interest that the auditor be independent of the entity subject to the audit. The auditor‘s independence from the entity safeguards the auditor‘s ability to form an audit opinion without being affected by influences that might compromise that opinion. Independence enhances the auditor‘s ability to act with integrity, to be objective and to maintain an attitude of professional skepticism. Independence requirements comprise of both: a) Independence of mind b) Independence in appearance b. National requirements that are more restrictive c. Philippine Standard on Quality Control (PSQC) – require the CPA firm to establish and maintain its system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence 2. Professional scepticism – The auditor shall plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. Professional skepticism is an attitude that includes a questioning mind, a critical assessment of validity of audit evidence, and being alert to conditions which may indicate possible misstatement due to error or fraud. Professional skepticism is necessary to the critical assessment of audit evidence. This includes: a. Questioning contradictory audit evidence b. Considering the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance c. Considering the sufficiency and appropriateness of audit evidence obtained in the light of the circumstances (for example, in the case where fraud risk factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount) Professional skepticism includes being alert to: Audit evidence that contradicts other audit evidence obtained. Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. Conditions that may indicate possible fraud. Circumstances that suggest the need for audit procedures in addition to those required by the PSAs. The auditor may accept records and documents as genuine unless the auditor has reason to believe the contrary. In cases of doubt about the reliability of information or indications of possible fraud, the PSAs require that the auditor investigate further and determine what modifications or additions to audit procedures are necessary to resolve the matter. Maintaining professional skepticism throughout the audit is necessary to reduce the risks of: Overlooking unusual circumstances. Over generalizing when drawing conclusions from audit observations. Using inappropriate assumptions in determining the nature, timing and extent of the audit procedures and evaluating the results thereof. The auditor cannot be expected to disregard past experience of the honesty and integrity of the entity‘s management and those charged with governance. Nevertheless, a belief that they are honest and have integrity does not relieve the auditor of the need to maintain professional AUDITING THEORY REVIEW NOTES skepticism in conducting the audit. 3. Professional judgement – The auditor shall exercise professional judgment in planning and performing an audit of financial statements. Professional judgment is essential to the proper conduct of an audit. This is because interpretation of relevant ethical requirements and the PSAs and the informed decisions required throughout the audit cannot be made without the application of relevant knowledge and experience to the facts and circumstances. Professional judgment is necessary on decisions about: Materiality Audit risk Nature, timing and extent of audit procedures used to meet the requirements of the PSAs and gather audit evidence Evaluating whether sufficient appropriate audit evidence has been obtained Evaluation of management‘s judgments in applying the entity‘s applicable financial reporting framework. Drawing of conclusions based on the audit evidence obtained (for example, assessing the reasonableness of the estimates made by management in preparing the financial statements) The distinguishing feature of the professional judgment expected of an auditor is that it is exercised by an auditor whose training, knowledge and experience have assisted in developing the necessary competencies to achieve reasonable judgments. The exercise of professional judgment in any particular case is based on the facts and circumstances that are known by the auditor. Consultation on difficult or contentious matters during the course of the audit, both within the engagement team and between the engagement team and others at the appropriate level within or outside the firm assist the auditor in making informed and reasonable judgments. Professional judgment can be evaluated based on whether the judgment reached reflects a competent application of auditing and accounting principles and is appropriate in the light of, and consistent with, the facts and circumstances that were known to the auditor up to the date of the auditor‘s report. Professional judgment needs to be exercised throughout the audit. It also needs to be appropriately documented. In this regard, the auditor is required to prepare audit documentation sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the significant professional judgments made in reaching conclusions on significant matters arising during the audit. Professional judgment is not to be used as the justification for decisions that are not otherwise supported by the facts and circumstances of the engagement or sufficient appropriate audit evidence. 4. Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion. a. Sufficiency and appropriateness of audit evidence Audit evidence includes information used by the auditor in arriving at the conclusions on which the auditor‘s opinion is based. Audit evidence includes both: Information contained in the accounting records underlying the financial statements and Other information Sufficiency is the measure of the quantity of audit evidence. Sufficiency is influenced or affected by: (1) The auditor‘s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and (2) The quality of such audit evidence (the higher the quality, the less may be required) Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor‘s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. AUDITING THEORY REVIEW NOTES Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion, is a matter of professional judgment. Note: Audit evidence is necessary to support the auditor‘s opinion and report. It is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. Audit evidence comprises both information that supports and corroborates management‘s assertions, and any information that contradicts such assertions. Most of the auditor‘s work in forming the auditor‘s opinion consists of obtaining and evaluating audit evidence. The sufficiency and appropriateness of audit evidence are interrelated. Obtaining more audit evidence, however, may not compensate for its poor quality. Sources of audit evidence: a. Primarily obtained from audit procedures performed during the course of the audit b. May be obtained from other sources such as: Previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit) or A firm‘s quality control procedures for client acceptance and continuance The entity‘s accounting records An expert employed or engaged by the entity In some cases, the absence of information (for example, management‘s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. b. Audit risk Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. Audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. Audit risk is a technical term related to the process of auditing; it does not refer to the auditor‘s business risks such as loss from litigation, adverse publicity, or other events arising in connection with the audit of financial statements. Risk of material misstatements is the risk that the financial statements are materially misstated prior to audit. Risk of material misstatement may exist at two levels: 1. Overall financial statement level – refer to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many assertions 2. Assertion level – refer to risks of material misstatement that relate to classes of transactions, account balances, and disclosures Risk of material misstatement at the assertion level has two components: (a) Inherent risk – the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could be material, either individually or when aggregated with other misstatements, before consideration of any related controls (b) Control risk – the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity‘s internal control Control risk is a function of the effectiveness of the design, implementation and maintenance of internal control by management to address identified risks that threaten the achievement of the entity‘s objectives relevant to preparation of the entity‘s financial statements. However, internal control, no matter how well designed and operated, can only reduce, but not eliminate, risks of material misstatement in the financial statements, because of the inherent limitations of internal control. Accordingly, some control risk will always exist. Risks of material misstatement at assertion level (inherent risk and control risk) are the entity‘s risks; they exist independently of the audit of the financial statements. Such risks are AUDITING THEORY REVIEW NOTES assessed in order to determine the nature, timing and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. This evidence enables the auditor to express an opinion on the financial statements at an acceptably low level of audit risk. The assessment of risks is a matter of professional judgment, rather than a matter capable of precise measurement. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk relates to the nature, timing and extent of the auditor‘s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a function of the effectiveness of an audit procedure and of its application by the auditor. For a given level of audit risk, the acceptable level of detection risk bears an inverse relationship to the assessed risks of material misstatement at the assertion level. For example, the greater the risks of material misstatement the auditor believes exists, the less the detection risk that can be accepted and, accordingly, the more persuasive the audit evidence required by the auditor. The following matters assist to enhance the effectiveness of an audit procedure and of its application and reduce the possibility that an auditor might select an inappropriate audit procedure, misapply an appropriate audit procedure, or misinterpret the audit results: Adequate planning Proper assignment of personnel to the engagement team The application of professional scepticism, and Supervision and review of the audit work performed Detection risk, however, can only be reduced, not eliminated, because of the inherent limitations of an audit. Accordingly, some detection risk will always exist. 5. The auditor shall conduct an audit in accordance with PSAs PSAs contain basic audit principles and essential procedures together with related guidance in the form of explanatory and other material which the auditor should follow An audit in accordance with PSAs includes: a. Compliance with PSAs relevant to the audit 1) Compliance with all PSAs relevant to the audit (a PSA is relevant to the audit when the PSA is in effect and the circumstances addressed by the PSA exist) Complying with relevant requirements means the auditor shall comply with each requirement of a PSA unless, in the circumstances of the audit: a. The entire PSA is not relevant (for example, if an entity does not have an internal audit function, nothing in PSA 610 is relevant) b. The requirement is not relevant because it is conditional (implicit or explicit) and the condition does not exist. Examples of conditional requirements: The requirement to modify the auditor‘s opinion if there is a limitation of scope represents an explicit conditional requirement. The requirement to communicate significant deficiencies in internal control identified during the audit to those charged with governance, which depends on the existence of such identified significant deficiencies; and The requirement to obtain sufficient appropriate audit evidence regarding the presentation and disclosure of segment information in accordance with the applicable financial reporting framework, which depends on that framework requiring or permitting 2) Having an understanding of the entire text of a PSA (including its application and other explanatory material) to understand its objectives and to apply its requirements properly 3) Prohibition from the auditor from representing compliance with PSAs in the auditor‘s report when he has not complied with the requirements of PSAs relevant to the audit b. The use of the objectives stated in relevant PSAs in planning and performing the audit to achieve the overall objectives of the auditor. In using the objectives, the auditor is required to have regard to the interrelationships among the PSAs. This is because the PSAs deal in some cases with general responsibilities and in others with the application of those responsibilities to specific topics. AUDITING THEORY REVIEW NOTES The auditor is required to use the objectives to evaluate whether sufficient appropriate audit evidence has been obtained in the context of the overall objectives of the auditor. If as a result the auditor concludes that the audit evidence is not sufficient and appropriate, then the auditor may follow one or more of the following approaches: Evaluate whether further relevant audit evidence has been, or will be, obtained as a result of complying with other PSAs; Extend the work performed in applying one or more requirements; or Perform other procedures judged by the auditor to be necessary in the circumstances. c. In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs). PAPSs provide interpretative guidance and practical assistance to auditors in implementing the PSAs and to promote good practice in the accountancy profession. Contents/Structure of the PSAs a. Objectives – each PSA contains one or more objectives which provide a link between the requirements and the overall objectives of the auditor The objectives in individual PSAs serve to focus the auditor on the desired outcome of the PSA. b. Requirements (requirements are expressed in the PSAs using ―shall‖) – the requirements of the PSAs are designed to enable the auditor to achieve the objectives specified in the PSAs, and thereby the overall objectives of the auditor c. Related guidance in the form of application and other explanatory material that are designed to support the auditor in obtaining reasonable assurance Application and other explanatory material: It provides further explanation of the requirements of a PSA and guidance for carrying them out It may explain more precisely what a requirement means or is intended to cover It may include examples of procedures that may be appropriate in the circumstances. While such guidance does not in itself impose a requirement, it is relevant to the proper application of the requirements of an PSA. It may also provide background information on matters addressed in a PSA. It may include appendices which form part of the application and other explanatory material. When appropriate, it may include additional considerations specific to audits of smaller entities and public sector entities. PSAs may also contain: Introductory material – provides context relevant to a proper understanding of the PSA Introductory material may include, as needed, such matters as explanation of: a. The purpose and scope of the PSA (including how the PSA relates to other PSAs) b. The subject matter of the PSA c. The respective responsibilities of the auditor and others in relation to the subject matter of the PSA d. The context in which the PSA is set Definitions – a description of the meanings attributed to certain terms for purposes of the PSAs Assist in the consistent application and interpretation of the PSAs Not intended to override definitions that may be established for other purposes, whether in law, regulation or otherwise The Glossary of Terms relating to PSAs contains a complete listing of terms defined in the PSAs. It also includes descriptions of other terms found in PSAs to assist in common and consistent interpretation and translation. Nature of the PSAs The PSAs, taken together, provide the standards for the auditor‘s work in fulfilling the overall objectives of the auditor. The PSAs deal with the general responsibilities of the auditor, as well as the auditor‘s further considerations relevant to the application of those responsibilities to specific topics. The scope, effective date and any specific limitation of the applicability of a specific PSA is made clear in the PSA. Unless otherwise stated in the PSA, the auditor is permitted to apply a PSA before the effective date specified therein. In performing an audit, the auditor may be required to comply with legal or regulatory requirements in addition to the PSAs. The PSAs do not override law or regulation that governs AUDITING THEORY REVIEW NOTES an audit of financial statements. In the event that such law or regulation differs from the PSAs, an audit conducted only in accordance with law or regulation will not automatically comply with PSAs. Departure from a relevant requirement in a PSA: In exceptional circumstances wherein the auditor may judge it necessary to depart from a relevant requirement in a PSA, the auditor shall perform alternative audit procedures to achieve the aim of that requirement. The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement. The PSAs do not call for compliance with a requirement that is not relevant in the circumstances of the audit. b. As the basis for the auditor‘s opinion, PSAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error. To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor‘s opinion. Considerations Specific to Smaller Entities For purposes of specifying additional considerations to audits of smaller entities, a ―smaller entity‖ refers to an entity which typically possesses qualitative characteristics such as: 1. Concentration of ownership and management in a small number of individuals (often a single individual – either a natural person or another enterprise that owns the entity provided the owner exhibits the relevant qualitative characteristics); and 2. One or more of the following: a. Straightforward or uncomplicated transactions; b. Simple record-keeping; c. Few lines of business and few products within business lines; d. Few internal controls; e. Few levels of management with responsibility for a broad range of controls; or f. Few personnel, many having a wide range of duties. These qualitative characteristics are not exhaustive, they are not exclusive to smaller entities, and smaller entities do not necessarily display all of these characteristics. The PSAs refer to the proprietor of a smaller entity who is involved in running the entity on a day-to-day basis as the ―owner-manager.‖ General Principles of Financial Statement Audit 1. The auditor should plan and perform the audit with an attitude of professional skepticism recognizing that circumstances may exist that may cause the FS to be materially misstated. Because of the possibility that the FS may be materially misstated, the auditor should conduct the audit with an attitude of professional skepticism. For example, the auditor would ordinarily expect to find evidence to support management representations and not assume they are necessarily correct. Attitude of professional skepticism: means the practitioner makes a critical assessment, with a questioning mind, of the validity of evidence obtained and is alert to evidence that contradicts or brings into question the reliability of documents or representations by the responsible party. In planning and performing the audit, the auditor neither assumes that the management is honest nor assumes unquestioned honesty. Concept of Reasonable Assurance: Although an independent FS audit in accordance with PSAs lends credibility to the FS, such audit is designed to provide only reasonable assurance , rather than absolute assurance, that the FS taken as a AUDITING THEORY REVIEW NOTES whole are free from material misstatement, whether due to fraud or error. In other words, the level of assurance provided by an audit of detecting a material misstatement is referred to as reasonable assurance. Reasonable assurance means high, but not absolute, assurance. Reasonable assurance refers to the gathering of the audit evidence necessary for the auditor to conclude that there are no material misstatements in the FS, taken as a whole. This concept recognizes the existence of audit risk. Notes on reasonable assurance: Reasonable assurance relates to the conclusion of the auditor that there are no material misstatements in the FS taken as a whole. Reasonable assurance is achieved when the auditor has reduced audit risk to an acceptably low level by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an audit opinion. Reasonable assurance relates to the whole audit process. Absolute assurance in audit of FS is not attainable. Accordingly, the audit opinion is not a guarantee or certification that the financial statements are free from material misstatements. When reasonable assurance cannot be obtained and a qualified opinion cannot be expressed, the auditor should: Disclaim an opinion, or Withdraw from the engagement (if legally permitted) As the basis for the auditor‘s opinion, PSAs require the auditor to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether The level of assurance provided by an audit of detecting a material misstatement is referred to as Reasonable assurance. Inherent Limitations of an Audit A45. The auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain absolute assurance that the financial statements are free from material misstatement due to fraud or error. This is because there are inherent limitations of an audit, which result in most of the audit evidence on which the auditor draws conclusions and bases the auditor‘s opinion being persuasive rather than conclusive. The inherent limitations of an audit arise from: a. The nature of financial reporting – The preparation of financial statements involves judgment by management in applying the requirements of the entity‘s applicable financial reporting framework to the facts and circumstances of the entity. Many financial statement items involve subjective decisions or assessments or a degree of uncertainty, and there may be a range of acceptable interpretations or judgments that may be made Consequently, some financial statement items are subject to an inherent level of variability which cannot be eliminated by the application of additional auditing procedures. For example, this is often the case with respect to certain accounting estimates. Nevertheless, the PSAs require the auditor to give specific consideration to whether accounting estimates are reasonable in the context of the applicable financial reporting framework and related disclosures, and to the qualitative aspects of the entity‘s accounting practices, including indicators of possible bias in management‘s judgments. b. The nature of audit procedures – there are practical and legal limitations on the auditor‘s ability to obtain audit evidence For example: There is the possibility that management or others may not provide, intentionally or unintentionally, the complete information that is relevant to the preparation of the financial statements or that has been requested by the auditor. Accordingly, the auditor cannot be certain of the completeness of information, even though the auditor has performed audit procedures to obtain assurance that all relevant information has been obtained. Fraud may involve sophisticated and carefully organized schemes designed to conceal it. Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an intentional misstatement that involves, for example, collusion to falsify documentation which may cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither trained as nor expected to be an expert in the authentication of documents. An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not given specific legal powers, such as the power of search, which may be necessary for such an investigation. AUDITING THEORY REVIEW NOTES The need for the audit to be conducted within a reasonable period of time and at a reasonable cost. Timeliness of Financial Reporting and the Balance between Benefit and Cost A48. The matter of difficulty, time, or cost involved is not in itself a valid basis for the auditor to omit an audit procedure for which there is no alternative or to be satisfied with audit evidence that is less than persuasive. Appropriate planning assists in making sufficient time and resources available for the conduct of the audit. Notwithstanding this, the relevance of information, and thereby its value, tends to diminish over time, and there is a balance to be struck between the reliability of information and its cost. This is recognized in certain financial reporting frameworks (see, for example, the IASB‘s ―Framework for the Preparation and Presentation of Financial Statements‖). Therefore, there is an expectation by users of financial statements that the auditor will form an opinion on the financial statements within a reasonable period of time and at a reasonable cost, recognizing that it is impracticable to address all information that may exist or to pursue every matter exhaustively on the assumption that information is in error or fraudulent until proved otherwise. A49. Consequently, it is necessary for the auditor to: Plan the audit so that it will be performed in an effective manner; Direct audit effort to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas; and Use testing and other means of examining populations for misstatements. A50. In light of the approaches described in paragraph A49, the ISAs contain requirements for the planning and performance of the audit and require the auditor, among other things, to: AUDITING Have a basis for the identification and assessment of risks of material misstatement at the financial statement and assertion levels by performing risk assessment procedures and related activities;21 and Use testing and other means of examining populations in a manner that provides a reasonable basis for the auditor to draw conclusions about the population. Other Matters that Affect the Inherent Limitations of an Audit A51. In the case of certain assertions or subject matters, the potential effects of the inherent limitations on the auditor‘s ability to detect material misstatements are particularly significant. Such assertions or subject matters include: Fraud, particularly fraud involving senior management or collusion. See ISA 240 for further discussion. The existence and completeness of related party relationships and transactions. See ISA 55023 for further discussion. The occurrence of non-compliance with laws and regulations. See ISA 250.24 for further discussion. Future events or conditions that may cause an entity to cease to continue as a going concern. See ISA 570.25 for further discussion. Relevant ISAs identify specific audit procedures to assist in mitigating the effect of the inherent limitations. A52. Because of the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with ISAs. Accordingly, the subsequent discovery of a material misstatement of the financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit in accordance with ISAs. However, the inherent limitations of an audit are not a justification for the auditor to be satisfied with less than persuasive audit evidence. Whether the auditor has performed an audit in accordance with ISAs is determined by the audit procedures performed in the circumstances, the sufficiency and appropriateness of the audit evidence obtained as a result thereof and the suitability of the auditor‘s report based on an evaluation of that evidence in light of the overall objectives of the auditor. Limitations of Financial Statements Audit: (Reasons why absolute assurance in auditing is not attainable or why reducing audit risk to zero is not attainable) Absolute assurance in auditing is not attainable because of inherent limitations in an audit that affect the auditor‘s ability to detect material misstatements. These limitations result from factors such as: AUDITING THEORY REVIEW NOTES 1. Need for auditor’s judgment The auditor‘s work requires exercise of professional judgment such in the following matters: Identifying and addressing risk factors Deciding what evidence to gather Making decisions about materiality and audit risk Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent of audit procedures) Evaluating management‘s judgments in applying the entity‘s applicable financial reporting framework. Assessing the sufficiency and appropriateness of audit evidence Drawing of conclusions based on the evidence gathered Forming an opinion (the phrase ―in our opinion‖ in the auditor‘s report is intended to inform that auditors based their conclusions on professional judgment) 2. Use of testing / sampling risk