AUDITING THEORY
RED SIRUG INTRODUCTION TO AUDITING
Overview of Auditing Auditing, Defined: Auditing is “a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to the interested users.” Two processes of auditing: a. Investigative process – involves the systematic gathering and evaluation of evidence as a basis for determining whether assertions made by responsible person correspond with the established criteria b. Reporting process – involves communicating the audit opinion to interested users Important Concepts: 1. Systematic process – auditing involves structured/logical series of sequential steps or procedures known as the audit process 2. Objectively obtaining and evaluating evidence – auditing involves gathering and evaluating sufficient appropriate audit evidence that will support the auditor’s opinion Objectivity refers to the combination of impartiality, intellectual honesty and freedom from conflicts of interest. Audi evidence is the information obtained by the auditor in arriving at the conclusions on which the audit opinion is based. 3. Assertions about economic actions and events – assertions are the subject matter of auditing In the context of audit of financial statements, assertions are representations of management, explicit or otherwise, that are embodied in the financial statements. Assertions include the accounts, balances/amounts and disclosures appearing on the face of the financial statements (and in the notes to financial statements) and which the management claims to be free of misstatements. Audit evidence gathered and evaluated by the auditor may support or contradict the assertions of management. 4. Established criteria – the standards or benchmarks that are needed to judge the validity of the assertions on the financial statements In the context of audit of financial statements, the established criteria are the applicable financial reporting framework (for example, the PFRS). 5. Ascertain the degree of correspondence between assertions and established criteria – The auditor’s objective is to determine whether the assertions conform with established criteria, that is, whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework (such as the PFRS). 6. Communicating the results to the interested users – The ultimate objective of audit is the communication of audit findings/opinion on the fairness of the financial statements to interested users. Communicating results is achieved through issuance of a written audit report which contains the audit opinion (or disclaimer of opinion). Interested users are the wide variety of financial statements users who rely on the auditor’s opinion such as the stockholders, creditors, potential investors and creditors, management, government agencies, and the public (in general). FS audit is an Assurance Engagement: Financial statements audit engagement is an assurance engagement because it provides a reasonable (high but not absolute) level of assurance that the subject matter conforms in all material respects with identified suitable criteria. It has the elements of an assurance engagement as follows: 1. Three Party Relationship: a. Practitioner: Independent or External auditor b. Responsible party: Client’s management AT – Introduction to Auditing
Red Sirug
Page 1
c. Intended users: Users of financial statements 2. Subject matter: Assertions/Financial statements of the client company 3. Criteria: Applicable financial reporting framework / GAAP in the Philippines (PFRS) 4. Sufficient appropriate evidence: Auditor obtains sufficient appropriate audit evidence as a basis for audit conclusion/opinion 5. Written Assurance Report: Independent auditor’s report contains the audit conclusion/opinion Basic Distinctions between Auditing and Accounting: Auditing involves verification of financial statements as to its fairness of presentation while accounting involves preparation and presentation of financial statements Auditing begins when accounting ends. Accounting precedes auditing because without financial statements there could be no audit of financial statements. The end product of the accounting process is a set of financial statements while the end product of the audit process is an auditor’s report. An auditor must be proficient/expert in accounting (since the auditor will use GAAP in evaluating the fairness of the financial statements) as well as in auditing, specifically, in accumulation and interpretation of audit evidence. An accountant need not be proficient in auditing. Auditing is considered as a separate discipline or field of study. As to frameworks/foundations: Accounting – Framework for Preparation of Financial Statements Auditing – Philippine Framework for Assurance Engagements Auditing is governed by generally accepted auditing standards (GAAS) while accounting is governed by GAAP/PFRS Elements of Theoretical Framework of Auditing: Auditing concepts and standards are based on the following postulates and assumptions which form part of the elements of theoretical framework of auditing: 1. An audit benefits the public. – the primary beneficiary of reliable financial statements are the wide variety of users (intended users) 2. Financial data and statements to be audited are verifiable. – if financial statements are not verifiable, there can be no audit Financial statements or data are verifiable if two or more qualified individuals, working independently, each reach essentially similar conclusions. 3. The auditor should always maintain independence with respect to the client whose financial statements are subject to audit. – audit opinion and the audit report would be of little or no value if auditor is not independent 4. Effective internal control system reduces the possibility of errors and fraud affecting the financial statements. – Internal control affects the reliability of the financial statements. The stronger the internal control is, the lesser the possibility of errors and fraud, and consequently, the more reliance on internal control can be placed or assurance that it can generate reliable accounting data and financial statements. 5. There should be no long-term conflict between the auditor and the client management. – Short-term conflicts may exist between the management who prepare the data and auditors who examine the data but such conflicts must be resolve since both must be interested in fairness of the financial statements. 6. Consistent application of GAAP results in fair presentation of FS. – The criterion in financial statement audit is an identified or applicable financial reporting framework, which is usually the PFRS. 7. What was held true in the past will continue to hold true in the future in the absence of known conditions to the contrary. – Experience and knowledge accumulated from auditing a client in prior years can be used to determine the appropriate audit procedures that need to be performed. Need for Independent Audit of Financial Statements: The market for auditing services is driven demand by external users for reliable, dependable or fairly stated financial statements that they will use in making economic decisions. Such demand is the primary economic reason for an audit of financial statements. Users demand for reliable financial statements because of information risk, that is, the risk that the financial statements that will be used for decision-making are materially misleading, unreliable or inaccurate. Four primary factors that contribute to information risk (causes of information risk): 1. Remoteness of information users from information providers 2. Potential bias and motives of information provider 3. Voluminous data, and 4. Complex exchange transactions AT – Introduction to Auditing
Red Sirug
Page 2
Methods or ways to reduce information risk: 1. Allow users to verify information such as in case of due diligence audit 2. Let users share information risk with management 3. Have the financial statements audited – the most commonly used method Four Conditions/Reasons that gave rise to a Demand for Independent Audit: a. Potential conflict of interest between users and preparers of the financial information can result in biased information – Client management may not be objective in financial reporting. It may provide impressive but biased, unrealistic, or misleading financial statements to obtain benefits that it seeks. On the other hand, financial statement users need unbiased, realistic, or reliable financial statements. b. Remoteness of users – Users do not have access to entity’s records to personally verify the reliability of the financial information. c. Complexity of subject matter requires expertise – Expertise is often required for information preparation and verification. Users of financial statements are not equipped with the necessary skills, competence, and knowledge of complexities of accounting and auditing to determine whether the financial statements are reliable. d. Consequence for decision making – Financial statements are used for important decisions that involve significant amount of money. If a decision is based on misleading financial information, it could have substantial financial or economic consequences on decision makers. Another condition that gave rise to demand for audit of financial statements is the stewardship or agency theory which means that management wants the credibility an audit adds to the financial statement to enhance stewardship of the financial statement and to lessen the owner’s mistrust of the management. Examples of Instances Requiring Independent Financial Statements Audit: Application for a bank loan Establishing credit worthiness for purchase of merchandise, equipment, or other assets Reporting financial position, operating results, and cash flows to absentee owners (stockholders or partners) SEC requirements: Issuance of securities by a corporation Annual financial statements by a corporation with securities listed on a stock exchange or traded over the counter Sale of a business (such as merger) requires due diligence audit Termination of a partnership Preparation of income tax returns Establishing losses from fire, theft and burglary Bankruptcy and insolvency cases Audit of Financial Statements Audit of financial statements is the objective or independent examination of financial statements of an entity to enable the auditor to express an opinion on thereon, that is, whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. In an audit of financial statements, the entity subject to audit may be profit-oriented or not, irrespective of size and legal form. Synonymous terms: Audit of financial statements is sometimes called: Independent audit because in an audit of financial statements the auditor is independent of the client subject to audit. External audit because it is performed by an external auditor who is not an employee of the client subject to audit. Independent financial statement audit Financial statement audit Financial audit Various descriptions: Independent auditing has been described in a variety of ways, as follows: It involves objective examination of and reporting on financial statements prepared by management AT – Introduction to Auditing
Red Sirug
Page 3
It is a discipline which attests to the results of accounting and other functional operations and data. It lends credibility to the financial statements. It provides increased assurance to users as to the fairness of the financial statements. Its essence is to determine whether the client’s financial statements are fairly stated. It enhances the degree of confidence of interested users in the financial statements. It provides reasonable assurance that the financial statements fairly reflect the economic substance of the transactions and events reflected in those statements.
Purpose of an Audit of Financial Statements: The purpose of an audit is to enhance the degree of confidence of intended users in the financial statements. Such purpose is achieved by the expression of an opinion by the auditor on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework. Objective of an Audit of Financial statements: The objective of an audit of financial statements is to enable the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an identified financial reporting framework. Overall Objectives of the Independent Auditor: a. To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error.
Reasonable assurance means high, but not absolute, level of assurance Reasonable assurance is the basis for the auditor’s opinion. Reasonable assurance is achieved when the auditor has obtained sufficient appropriate audit evidence to reduce audit risk to an acceptably low level.
b. To report on the financial statements and to communicate such report in accordance with the auditor’s findings. Auditor’s opinion and reasonable assurance: The auditor's opinion, as expressed in the auditor’s report, enhances the credibility of the financial statements by providing a reasonable assurance that the financial statements are fairly presented or free from material misstatement. Audit opinion is based on whether reasonable assurance is obtained: 1. When reasonable assurance is obtained: Auditor shall express an unqualified opinion 2. When reasonable assurance cannot be obtained: The auditor is required to: a. Express a qualified opinion in the auditor’s report b. If qualified opinion is insufficient in the circumstances: Disclaim an opinion or Withdraw from the engagement, where withdrawal is legally permitted Audit Opinion and Audit Report: Audit opinion: In a financial statement audit, the auditor obtains sufficient appropriate audit evidence to be able to draw conclusions on which to base the audit opinion. The auditor’s opinion is on the fairness of the audited financial statements. The auditor's opinion helps establish the credibility of the financial statements. Auditor’s report: The primary product of an audit engagement The end product of the audit process A written report that contains auditor’s opinion about the fairness of the financial statements The medium through which the auditor communicates the results of his or her work Importance of audit opinion/audit report: It lends credibility to the financial statements.
AT – Introduction to Auditing
Red Sirug
Page 4
It provides increased assurance (reasonable assurance) to users as to the fairness of the financial statements.
Financial statement audit (or the audit opinion and auditor’s report) is: NOT a certification or guarantee as to accuracy or fairness of the financial statements. NOT an assurance as to future viability of the entity. NOT an assurance as to efficiency or effectiveness of the client’s business operations. NOT attestation as to the financial strength of an entity, the wisdom of its management decisions, or the risk of doing business with it. Standard Independent Auditor’s Report (pls. refer to PSA 700 or page 1079 of your textbook) Scope of an Audit of Financial Statements: The auditor’s work is related to his responsibilities: Express an audit opinion on the financial statements: The primary responsibility of the auditor is to express an opinion on the financial statements. The audit opinion deals with whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. Opinion on other specific matters: When an applicable law or regulation requires an auditor to provide opinions on other specific matters (such as the effectiveness of internal control, or the consistency of a separate management report with the financial statements) the auditor would be required to undertake further work if he had additional responsibilities to provide such opinions. Financial Statements: Financial statements are a structured representation of historical financial information (including related notes which comprise a summary of significant accounting policies and other explanatory information), intended to communicate an entity’s economic resources or obligations at a point in time or the changes therein for a period of time in accordance with a financial reporting framework. The term “financial statements” ordinarily refers to a complete set of financial statements, but can also refer to a single financial statement. End Products of Audit Engagement: a. Independent auditor’s report – the primary product of financial statement audit engagement b. Certain other communication and reports – other communication and reporting responsibilities to users, management, those charged with governance, or parties outside the entity, in relation to matters arising from the audit (as may be required by the PSAs or by applicable laws or regulations) Examples: Communication with those charged with governance Auditor’s responsibilities relating to fraud in an audit of financial statements Management Responsibility for the Financial Statements: An audit in accordance with PSAs is conducted on the premise that management and, where appropriate, those charged with governance have acknowledged and understand that they have responsibility over the financial statements. This responsibility includes not only the preparation and presentation of the financial statements but also internal control and providing the auditor with information that is necessary in the conduct of audit. Management responsibility over the financial statements includes: 1. Responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework which includes: a. Identification of applicable financial reporting framework, in the context of any relevant laws or regulations b. Preparing the financial statements in accordance with that framework c. Adequate description of that framework in the financial statements d. Making reasonable accounting estimates e. Selecting and applying appropriate accounting policies 2. Responsibility for designing, implementing and maintaining internal control that is relevant or necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error, and AT – Introduction to Auditing
Red Sirug
Page 5
3. Responsibility to provide the auditor with: a. All information (such as records, documentation and other matters) that are relevant to the preparation and presentation of the financial statements b. Any additional information that the auditor may request from management for the purpose of the audit; and c. Unrestricted access to persons within the entity from whom the auditor determines it necessary to obtain audit evidence. Auditor’s Responsibility Vs. Client Management’s Responsibility: The client management, with oversight from those charged with governance, has the responsibility for the preparation and presentation of the financial statements in accordance with the applicable financial reporting framework. In other words, the management is primarily responsible for the fairness of the financial statements. The auditor’s responsibility for the financial statements is confined or limited to the expression of opinion on them. The audit of the financial statements does not relieve management or those charged with governance of their responsibilities over the financial statements because the auditor merely audits the financial statements. However, an auditor may make suggestions on the form and content of financial statements or may draft statement. Applicable Financial Reporting Framework: Applicable financial reporting framework means: The financial reporting framework adopted by management (and, where appropriate, those charged with governance) in the preparation of the financial statements that is acceptable in view of the nature of the entity and the objective of the financial statements, or The financial reporting framework that is required by law or regulation Financial reporting frameworks encompass primarily the financial reporting standards established by an organization that is authorized or recognized to promulgate standards to be used by entities for preparing general purpose financial statements are often designed to achieve fair presentation, for example, Philippine Financial Reporting Standards (PFRSs). Sources of Applicable Financial Reporting Framework: 1. Main sources: The applicable financial reporting framework often encompasses financial reporting standards established by: An authorized or recognized standards setting organization Legislative or regulatory requirements 2. Other sources: The legal and ethical environment (including statutes, regulations, court decisions, and professional ethical obligations in relation to accounting matters) Published accounting interpretations of varying authority issued by standards setting, professional or regulatory organizations Published views of varying authority on emerging accounting issues issued by standards setting, professional or regulatory organizations General and industry practices widely recognized and prevalent; and Accounting literature Where conflicts exist between the financial reporting framework and the sources from which direction on its application may be obtained, or among the sources that encompass the financial reporting framework, the source with the highest authority prevails. Acceptability of the Financial Reporting Framework The auditor should determine whether the financial reporting framework adopted by management in preparing the FS is acceptable. An acceptable financial reporting framework is what is referred to as the “applicable financial reporting framework.” The auditor determines whether the financial reporting framework adopted by management is acceptable in view of the nature of the entity (for example, whether it is a business enterprise, a public sector entity or a not for profit organization) and the objective of the FS. In financial statements audit, financial reporting frameworks that are acceptable as valid criteria include: 1. Philippine Financial Reporting Standards (PFRSs) 2. Philippine Accounting Standards (PASs) 3. International Accounting Standards (IASs) AT – Introduction to Auditing
Red Sirug
Page 6
4. Other authoritative basis Financial statements need to be prepared in accordance with one, or a combination of the above-cited financial reporting framework. Requirements Relating to an Audit of Financial Statements: 1. Relevant ethical requirements – The auditor shall comply with relevant ethical requirements, including those pertaining to independence, relating to financial statement audit engagements. Relevant ethical requirements ordinarily comprise: a. Code of Ethics for Professional Accountants in the Philippines (the Code of Ethics) promulgated by the Board of Accountancy Compliance with the Code of Ethics is necessary in order to ensure the highest quality of performance and to maintain public confidence in the profession and in the context of audit of financial statements, maintain public confidence in the auditor’s work. (1) Part A of the Code of Ethics – establishes the fundamental principles of professional ethics relevant to the auditor when conducting an audit of financial statements and provides a conceptual framework for applying those principles The fundamental principles of professional ethics are: a) Integrity b) Objectivity c) Professional competence and due care d) Confidentiality, and e) Professional behavior (2) Part B of the Code of Ethics – illustrates how the conceptual framework is to be applied in specific situations (3) Independence requirements It is in the public interest that the auditor be independent of the entity subject to the audit. The auditor’s independence from the entity safeguards the auditor’s ability to form an audit opinion without being affected by influences that might compromise that opinion. Independence enhances the auditor’s ability to act with integrity, to be objective and to maintain an attitude of professional skepticism. Independence requirements comprise of both: a) Independence of mind b) Independence in appearance b. National requirements that are more restrictive c. Philippine Standard on Quality Control (PSQC) – require the CPA firm to establish and maintain its system of quality control designed to provide it with reasonable assurance that the firm and its personnel comply with relevant ethical requirements, including those pertaining to independence 2. Professional scepticism – The auditor shall plan and perform an audit with professional scepticism recognizing that circumstances may exist that cause the financial statements to be materially misstated. Professional skepticism is an attitude that includes a questioning mind, a critical assessment of validity of audit evidence, and being alert to conditions which may indicate possible misstatement due to error or fraud. Professional skepticism is necessary because of the possibility that the financial statements may be materially misstated. For example, the auditor would ordinarily expect to find evidence to support management representations and not assume they are necessarily correct. In planning and performing the audit, the auditor neither assumes that the management is honest nor assumes unquestioned honesty. Professional skepticism is necessary to the critical assessment of audit evidence. This includes: a. Questioning contradictory audit evidence b. Considering the reliability of documents and responses to inquiries and other information obtained from management and those charged with governance c. Considering the sufficiency and appropriateness of audit evidence obtained in AT – Introduction to Auditing
Red Sirug
Page 7
the light of the circumstances (for example, in the case where fraud risk factors exist and a single document, of a nature that is susceptible to fraud, is the sole supporting evidence for a material financial statement amount) Professional skepticism includes being alert to: Audit evidence that contradicts other audit evidence obtained. Information that brings into question the reliability of documents and responses to inquiries to be used as audit evidence. Conditions that may indicate possible fraud. Circumstances that suggest the need for audit procedures in addition to those required by the PSAs. Maintaining professional skepticism throughout the audit is necessary to reduce the risks of: Overlooking unusual circumstances. Over generalizing when drawing conclusions from audit observations. Using inappropriate assumptions in determining the nature, timing and extent of the audit procedures and evaluating the results thereof. A belief that they are honest and have integrity does not relieve the auditor of the need to maintain professional skepticism in conducting the audit. 3. Professional judgement – The auditor shall exercise professional judgment in planning and performing an audit of financial statements. Professional judgment is essential to the proper conduct of an audit. This is because interpretation of relevant ethical requirements and the PSAs and the informed decisions required throughout the audit cannot be made without the application of relevant knowledge and experience to the facts and circumstances. Professional judgment is necessary on decisions about: Materiality Audit risk Nature, timing and extent of audit procedures used to meet the requirements of the PSAs and gather audit evidence Evaluating whether sufficient appropriate audit evidence has been obtained Evaluation of management’s judgments in applying the entity’s applicable financial reporting framework. Drawing of conclusions based on the audit evidence obtained (for example, assessing the reasonableness of the estimates made by management in preparing the financial statements) Professional judgment needs to be exercised throughout the audit. It also needs to be appropriately documented. In this regard, the auditor is required to prepare audit documentation sufficient to enable an experienced auditor, having no previous connection with the audit, to understand the significant professional judgments made in reaching conclusions on significant matters arising during the audit. 4. Sufficiency and appropriateness of audit evidence and audit risk – To obtain reasonable assurance, the auditor shall obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion. a.
Sufficiency and appropriateness of audit evidence Audit evidence includes information used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence is necessary to support the auditor’s opinion and report. Most of the auditor’s work in forming the auditor’s opinion consists of obtaining and evaluating audit evidence. Audit evidence is cumulative in nature and is primarily obtained from audit procedures performed during the course of the audit. Audit evidence comprises both information that supports and corroborates management’s assertions, and any information that contradicts such assertions. Audit evidence includes both:
AT – Introduction to Auditing
Red Sirug
Page 8
(a) Information contained in the accounting records underlying the financial statements and (b) Other information Sufficiency is the measure of the quantity of audit evidence. Sufficiency is influenced or affected by: (1) The auditor’s assessment of the risks of misstatement (the higher the assessed risks, the more audit evidence is likely to be required) and (2) The quality of such audit evidence (the higher the quality, the less may be required) Appropriateness is the measure of the quality of audit evidence; that is, its relevance and its reliability in providing support for the conclusions on which the auditor’s opinion is based. The reliability of evidence is influenced by its source and by its nature, and is dependent on the individual circumstances under which it is obtained. • •
•
The sufficiency and appropriateness of audit evidence are interrelated. Whether sufficient appropriate audit evidence has been obtained to reduce audit risk to an acceptably low level, and thereby enable the auditor to draw reasonable conclusions on which to base the auditor’s opinion, is a matter of professional judgment. Obtaining more audit evidence may not compensate for its poor quality.
Sources of audit evidence: a. Primarily obtained from audit procedures performed during the course of the audit b. May be obtained from other sources such as: • Previous audits (provided the auditor has determined whether changes have occurred since the previous audit that may affect its relevance to the current audit) or • A firm’s quality control procedures for client acceptance and continuance • The entity’s accounting records • An expert employed or engaged by the entity • In some cases, the absence of information (for example, management’s refusal to provide a requested representation) is used by the auditor, and therefore, also constitutes audit evidence. b.
Audit risk Audit risk is the risk that the auditor expresses an inappropriate opinion when the financial statements are materially misstated. Audit risk is a function of the risks of material misstatement and detection risk. Audit risk does not include the risk that the auditor might express an opinion that the financial statements are materially misstated when they are not. Audit risk is a technical term related to the process of auditing; it does not refer to the auditor’s business risks such as loss from litigation, adverse publicity, or other events arising in connection with the audit of financial statements. Components of audit risk: 1. Risk of material misstatements is the risk that the financial statements are materially misstated prior to audit. Risk of material misstatement may exist at two levels: Overall financial statement level – refer to risks of material misstatement that relate pervasively to the financial statements as a whole and potentially affect many assertions Assertion level – refer to risks of material misstatement that relate to classes of transactions, account balances, and disclosures Risks of material misstatement at assertion level (inherent risk and control risk) are the entity’s risks; they exist independently of the audit of the financial statements. Such risks are assessed in order to determine the nature, timing and extent of further audit procedures necessary to obtain sufficient appropriate audit evidence. Risk of material misstatement at the assertion level has two components: (a) Inherent risk – the susceptibility of an assertion about a class of transaction, account balance or disclosure to a misstatement that could
AT – Introduction to Auditing
Red Sirug
Page 9
be material, either individually or when aggregated with other misstatements, before consideration of any related controls (b) Control risk – the risk that a misstatement that could occur in an assertion about a class of transaction, account balance or disclosure and that could be material, either individually or when aggregated with other misstatements, will not be prevented, or detected and corrected, on a timely basis by the entity’s internal control Control risk is a function of the effectiveness of the design, implementation and maintenance of internal control by management to address identified risks that threaten the achievement of the entity’s objectives relevant to preparation of the entity’s financial statements. However, internal control, no matter how well designed and operated, can only reduce, but not eliminate, risks of material misstatement in the financial statements, because of the inherent limitations of internal control. Accordingly, some control risk will always exist. 2. Detection risk is the risk that the procedures performed by the auditor to reduce audit risk to an acceptably low level will not detect a misstatement that exists and that could be material, either individually or when aggregated with other misstatements. Detection risk relates to the nature, timing and extent of the auditor’s procedures that are determined by the auditor to reduce audit risk to an acceptably low level. It is therefore a function of the effectiveness of an audit procedure and of its application by the auditor. 5. The auditor shall conduct an audit in accordance with PSAs PSAs contain basic audit principles and essential procedures together with related guidance in the form of explanatory and other material which the auditor should follow An audit in accordance with PSAs includes: a. Compliance with PSAs relevant to the audit 1) Compliance with all PSAs relevant to the audit (a PSA is relevant to the audit when the PSA is in effect and the circumstances addressed by the PSA exist) 2) The use of the objectives stated in relevant PSAs in planning and performing the audit to achieve the overall objectives of the auditor. The auditor is required to use the objectives to evaluate whether sufficient appropriate audit evidence has been obtained in the context of the overall objectives of the auditor. If as a result the auditor concludes that the audit evidence is not sufficient and appropriate, then the auditor may follow one or more of the following approaches: • Evaluate whether further relevant audit evidence has been, or will be, obtained as a result of complying with other PSAs; • Extend the work performed in applying one or more requirements; or • Perform other procedures judged by the auditor to be necessary in the circumstances. 3) In addition, the auditor should also consider Philippine Auditing Practice Statements (PAPSs). PAPSs provide interpretative guidance and practical assistance to auditors in implementing the PSAs and to promote good practice in the accountancy profession. Departure from a relevant requirement in a PSA: In exceptional circumstances wherein the auditor may judge it necessary to depart from a relevant requirement in a PSA, the auditor shall perform alternative audit procedures to achieve the aim of that requirement.
The need for the auditor to depart from a relevant requirement is expected to arise only where the requirement is for a specific procedure to be performed and, in the specific circumstances of the audit, that procedure would be ineffective in achieving the aim of the requirement.
Concept of Reasonable Assurance: Although an audit of financial statements in accordance with PSAs lends credibility to AT – Introduction to Auditing 10
Red Sirug
Page
the financial statements, such audit is designed to provide only reasonable assurance, rather than absolute assurance, that the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. In other words, the level of assurance provided by an audit of detecting a material misstatement is reasonable assurance. Reasonable assurance means high, but not absolute, assurance. Reasonable assurance refers to the conclusion of the auditor or the gathering of the audit evidence necessary for the auditor to conclude that there are no material misstatements in the financial statements, taken as a whole. Reasonable assurance relates to the whole audit process. Reasonable assurance is achieved when the auditor has reduced audit risk to an acceptably low level by designing and performing audit procedures to obtain sufficient appropriate audit evidence to be able to draw reasonable conclusions on which to base an audit opinion. Absolute assurance in audit of financial statements is not attainable. Accordingly, the audit opinion is not a guarantee or certification that the financial statements are free from material misstatements. Reasonable assurance recognizes the existence of audit risk. It is the complement of audit risk.
Limitations of Financial Statements Audit: The auditor is not expected to, and cannot, reduce audit risk to zero and cannot therefore obtain absolute assurance that the financial statements are free from material misstatement due to fraud or error because there are inherent limitations of an audit that affect the auditor’s ability to detect material misstatements. The inherent limitations of an audit arise from: • Nature of financial reporting – The nature of financial reporting requires management judgments such as those as to application of the entity’s applicable financial reporting framework and as to making reasonable accounting estimates. • Time and cost constraint – The audit should be conducted within a reasonable period of time and at a reasonable cost. • Possibility of incompleteness of information – There is the possibility that management or others may not provide, intentionally or unintentionally, the complete information. Accordingly, the auditor cannot be certain of the completeness of information, even though the auditor has performed audit procedures to obtain assurance that all relevant information has been obtained. • Undetected fraud – Fraud is specifically designed not to be detected. Fraud may involve sophisticated and carefully organized schemes designed to conceal it. Therefore, audit procedures used to gather audit evidence may be ineffective for detecting an intentional misstatement that involves, for example, collusion to falsify documentation which may cause the auditor to believe that audit evidence is valid when it is not. The auditor is neither trained as nor expected to be an expert in the authentication of documents. Thus, there is always the possibility that fraud will not be detected. • Auditor has no specific legal powers – An audit is not an official investigation into alleged wrongdoing. Accordingly, the auditor is not given specific legal powers, such as the power of search, which may be necessary for such an investigation. • Need for auditor’s judgment – The auditor’s work requires exercise of professional judgment such in the following matters: Identifying and addressing risk factors Deciding what evidence to gather Making decisions about materiality and audit risk Gathering and evaluating audit evidence (for example, in deciding the nature, timing and extent of audit procedures) Evaluating management’s judgments in applying the entity’s applicable financial reporting framework. Assessing the sufficiency and appropriateness of audit evidence Drawing of conclusions based on the evidence gathered Forming an opinion (the phrase “in our opinion” in the auditor’s report is intended to inform that auditors based their conclusions on professional judgment) • Use of testing – The auditor uses testing and other means of examining populations in a manner that provides a reasonable basis for the auditor to draw conclusions about the population. An audit is conducted on a test basis or by examining only sample of less than 100% of a population. This may introduce some risk that a misstatement will not be detected. AT – Introduction to Auditing 11
Red Sirug
Page
• • •
• • • •
Direction of audit work – Audit effort is directed to areas most expected to contain risks of material misstatement, whether due to fraud or error, with correspondingly less effort directed at other areas. Possibility of occurrence of non-compliance with laws and regulations. Auditor’s responsibility is to detect non-compliance with material direct-effect on the financial statements. Inherent limitations of accounting and internal control – Although the auditor performs audit procedures to detect material misstatements, such procedures may not be effective in detecting misstatements resulting from the possibility of: Management override of controls Circumvention of internal control Collusion among employees Reliance on management representation – Some audit evidence must be obtained by obtaining oral or written representations from management because many financial statements assertions cannot be audited. Nature of audit evidence available – This is the fact that most of the evidence available to the auditor is persuasive, rather than conclusive, in nature. Availability of audit evidence – Insufficient support may be available for drawing absolute conclusions on specific assertions such as fair value estimates. Other limitations may affect the persuasiveness of audit evidence available to draw conclusions on particular assertions – For example, existence and completeness of related parties transactions and relationships.
Note: Physical limitations of auditors due to fatigue and stress are not a limitation of audit. Because of the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial statements may not be detected, even though the audit is properly planned and performed in accordance with PSAs. Accordingly, the subsequent discovery of a material misstatement of the financial statements resulting from fraud or error does not by itself indicate a failure to conduct an audit in accordance with PSAs. Concept of Materiality and Audit Risk: The auditor obtains and evaluates audit evidence to obtain reasonable assurance about whether the financial statements are fair or are presented fairly, in all material respects, in accordance with the applicable financial reporting framework. The term "present fairly, in all material respects": The auditor considers only those matters that are significant to the financial statements users. 1. Materiality – the magnitude of misstatement or omission; the ability to influence the economic decision of reasonable financial statement user When is information material? Information is material if it could influence the economic decision of financial statements users. In other words, if it is probable that the judgment of a reasonable person would have been changed or influenced by the omission or misstatement of information, then that information is material. 2. Audit Risk – the risk that audit opinion is inappropriate when the financial statements are materially misstated Specifically, audit risk is the risk that the auditor expresses an unqualified (or clean) audit opinion when the financial statements are materially misstated. The concept of reasonable assurance acknowledges the existence of audit risk. General Types of Audit 1. According to objectives or nature of assertion a. Financial statement audit – an audit conducted to determine whether the financial statements of an entity are fairly presented in accordance with an identified financial reporting framework (namely, the PFRS) An of financial statements is the type of audit most frequently performed by CPAs (due to the widespread use of audited financial statements) on a fee basis and for more than one client. b. Compliance audit: a review of an entity’s degree of compliance with applicable laws and rules/regulations or contracts AT – Introduction to Auditing 12
Red Sirug
Page
Compliance audits are usually performed by government auditors
Examples: Examination conducted by: i) BIR examiners: compliance of taxpayers with tax law, rules or regulations ii) BSP examiners: compliance of banks with banking laws, rules or regulations iii) COA auditors: compliance of government transactions/expenditures with the requirements of applicable laws, rules or regulations c. Operational audit involves a systematic review and evaluation of the specific operating units (or procedures, methods or activities) of an organization in relation to specified objectives for the purpose of measuring/assessing its performance in terms of efficiency and effectiveness of operations, identifying opportunities for improvement and making recommendations to improve performance (such as introduction of controls to reduce waste). Also called performance audit or management audit Example: Evaluation of a company’s computerized accounting system Operational audits are usually performed by internal auditors Internal auditor's responsibilities in operational audits: In operational audits, the company's management is responsible for setting operating standards. In contrasts, the internal auditor's responsibilities are to determine that: a. Management has established such standards. b. The standards are being met. c. Deviations from established standards are being identified and corrected. d. Corrective action has been taken. Objective of operational auditing: a. To assess performance in terms of efficiency and effectiveness of operations Efficiency relates to use of its resources, while effectiveness relates to accomplishing objectives. (1) Effectiveness – To verify fulfillments of plans and sound business requirements (2) Efficiency – To determine whether the entity is managing or utilizing its resources economically and efficiently b. To identify areas for improvement c. To develop recommendations to improve performance (such as introduction of controls to reduce waste) Operational audit includes: Program or effectiveness audit: an audit to determine whether the entity has been effective in achieving the desired results or benefits of the program or activity Economy audit: an audit to determine whether company objectives or goals are met at a cost commensurate with the task Efficiency audit: whether company objectives or goals are met at the least or minimal costs or resources Major differences between financial and operational auditing: The financial audit is oriented to the past whereas an operational audit concerns performance for the future. The financial audit report is distributed to many readers whereas the operational audit report goes to a few managers. Financial audits are limited to matters that directly affect the financial statements whereas operational audits cover any aspect of efficiency and effectiveness. 2. According to types of auditor or their affiliation with the entity being examined: a. External / Independent audit: performed by practitioners or independent CPAs who offer their professional services for a fee to various clients on a contractual basis Independent or external auditors are not employees of the client External audit complements internal audit b. Internal audit: audit performed by entity’s own employees known as internal auditors; internal auditors investigate and apprise the effectiveness and efficiency of operations and internal controls of the firm
i)
Internal auditing: An independent appraisal function or control or activity established within an entity to examine and evaluate its activities or other controls
AT – Introduction to Auditing 13
Red Sirug
Page
as a service to the entity. It is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization to accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Internal auditing is an appraisal control that measures and evaluates other controls. The increased complexity and sophistication of business operations have required management to rely on this appraisal control. Internal auditors review the adequacy of the company's internal control system primarily to ascertain whether the system provides reasonable assurance that the company's objectives and goals will be achieved efficiently and economically. Internal auditors assist in the prevention of fraud by examining and evaluating the system of internal control. Internal auditors are required to review the means employed by the company to safeguard its assets from various types of losses such as those resulting from fire, theft, unscrupulous or illegal activities, and exposure to the elements.
ii) Overall objective of internal auditing: to assist the members of the organization, particularly management and board of directors, in the effective discharge of their responsibilities; in short, to provide assistance to or serve the needs of management or board of directors Internal auditing includes the audit of: a. Financial and operating information; b. Compliance with policies, plans, procedures, laws, regulations, and contracts; c. The means of safeguarding assets and verifying their existence; d. The economy and efficiency with which resources are employed; and e. Operations or programs to ascertain whether results are consistent with established objectives and goals and whether they are being carried out as prescribed.
Internal auditors usually perform operational audits Internal auditors usually focus on improving the efficiency and effectiveness of their employer, unlike external auditors (public accounting firms) whose focus is the fairness of the FS of their clients.
c. Government auditing: audit performed by government employees whose main concern is to determine whether persons or entities comply with government laws, rules and regulations Scope of government audit: may extend beyond financial statements audit to include: i) Financial statements audit ii) Performance audit (includes (a) program results (effectiveness) audit and (b) economy and efficiency audit) iii) Compliance audit The Commission on Audit (COA) auditors perform financial audit and performance audit. Performance audits include economy, efficiency, and program audits. Included in the scope of financial and performance audits is determining whether the entity has complied with applicable laws and regulations. Thus, government auditors are required to prepare a written report on the entity's internal control and assessment of control risk made as part of a financial statement audit. The government auditor's report should include the following: The scope of the auditor's work in obtaining an understanding of the entity's internal control and in his/her assessment of control risk. The entity's significant controls including those that are established to ensure compliance with laws and regulations that have a material impact on the financial statements. The conditions, including the identification of material weaknesses, identified/ discovered as a result of the auditor's work. However, the report should not give any form of assurance on the design and AT – Introduction to Auditing 14
Red Sirug
Page
effectiveness of the entity's internal control. The audit of a government program involves obtaining information about the costs, outputs, benefits, and effects of the program. Auditors attempt to measure the accomplishments and relative success of the program based on the actual intent of the legislation that established the program. Types of Auditors: 1. Independent auditors or external auditors – are CPA firms and individual practitioners who perform audit services on contractual basis for more than one client Independent auditor – because the auditor is independent with respect to the client whose FS are being audited; External auditor – the auditor is an outsider (not an employee of the client) Practitioners perform operational audits and compliance audits as part of consultancy services 2. Internal auditors – they are employed by the entity thus they are not independent. However, to operate effectively, an internal auditor must be independent of the line functions of the entity. Internal auditors perform operational and compliance audits. 3. Government auditors – employed in government agencies BIR examiners perform compliance audits BSP examiners perform compliance and operational audits COA auditors perform compliance and operational audits The relationship between an external auditor and an internal auditor is that both of them use basically an identical approach; however, there are differences in the application of auditing techniques. The Audit Committee: The audit committee is composed of outside directors who are independent of management. The primary purpose is to assure that the directors are exercising due care and external and internal auditors are independent of management. Functions of the audit committee: Select the external auditors. Review the external auditor's overall audit plan. Evaluate the results of external and internal audits. Review the internal auditing work schedule, budget, etc. Meet regularly with the internal auditing director. The above functions should increase public confidence on the fair presentation of the company's financial statements.
Distinctions: Types of audit according to objectives or nature of assertion/data Point of distinction Primary objective
Financial Statement Audit To enable the auditor to express an opinion on the fairness of the FS
Compliance audit To determine degree of compliance
Subject matter (Assertion)
Assertion that the FS are presented in accordance with identified financial reporting framework (GAAP)
Assertion that the organization has complied with laws, regulations and specific procedures
Established criteria
GAAP – Identified financial reporting framework (as by standard setting bodies)
Applicable laws, regulations and specific procedures (as set by authoritative
AT – Introduction to Auditing 15
Red Sirug
Operational audit To assess entity’s performance (in terms of efficiency and effectiveness) Assertion that the organization’s activities/operations are conducted effectively and efficiently in relation to specified objectives Objectives (as set by the board of directors)
Page
Sufficient appropriate evidence / outcome Communication of results to intended users
Audit findings whether the FS are in accordance with Identified financial reporting framework (GAAP) Auditor’s report containing an opinion whether the FS are fairly presented in accordance with identified financial reporting framework (GAAP)
Users of audit report
Different groups for different purposes; wide variety of users (both internal and external users)
Type of auditor performing the audit
Independent / external auditors – practitioners
AT – Introduction to Auditing 16
bodies) Findings on degree of compliance Reports on the degree of compliance with applicable laws, regulations or specific procedures Authoritative bodies that sets down the regulations, rules and procedures Government auditors
Red Sirug
Findings on assessment of performance / operations Recommendations or suggestions on how to improve operations
Management of the entity
Internal auditors
Page