APPLIED AUDITING With Comprehensive Review of Philippine Financial Reporting Standards (PFRSs) PART 1 Aguide in applying auditing procedures to specific accounts of the financial statements. 2018 Edition By DARRELL JOE O. ASUNCION, MBA, CPA MARK ALYSON B. NGINA, CMA, CPA “RAYMUND FRANCIS A. ESCALA, MBA, CPAChapter 1 - Overview of Audit Process and Pre-engagement Activities CHAPTER 1 OVERVIEW OF AUDIT PROCESS AND PRE-ENGAGEMENT ACTIVITIES TOPIC OVERVIEW: This chapter discusses the definition of audit, phases of audit and the different considerations of auditor in accepting an audit engagement. LEARNING OBJECTIVES: After studying this chapter, you should be able to: 1. Describe what an audit is. 2. Enumerate and describe different phase of an audit. 3. Identify and explain pre-engagement activities. 4. Identify the different considerations in accepting an audit. AUDIT ‘An audit is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between these assertions and established criteria and communicating the results thereof. (American Accounting Association) AUDIT PROCESS The audit process is the sequence of different activities involved in an audit. This process normally includes the following steps: PHASE DESCRIPTION [.Pre-engagement | This phase will require a decision from the auditor whether or not to accept a new client or continue relationship with an existing one. This process would require evaluation not only of the auditor's qualification, but also the integrity and auditability of the client’s financial statements. Primary objective: To minimize the likelihood of being associated to a client whose management lacks integrity __| 2.Audit planning | Audit planning involves the development of an overall audit strategy, audit plan and audit program. The auditor usually obtained more detailed knowledge about the client’s business and industry in order to understand the transactions and events affecting the financial statements. Preliminary assessment of risk and materiality is also made during this phase. 1Chapter 1 - Overview of Audit Process and Pre-engagement Activities Primary objective: To assess the different risks associated with the audit to determine the nature, oie and extent of further audit procedures necessary to be performed 3.Consideration of internal controls directly affects the ince entity's internal control S ey ae it is appropriate to reliability of the financial statements, study and evaluate these controls. Primary objective: To establish a basis for reliance 7 internal controls, in determining the nature, timing a extent of audit procedures to be performed. 4. Evidence- gathering (Substantive testing) Using the information obtained in audit planning and consideration of internal controls, the auditor performs i ity’s financial ive test to determine whether entity's i ease ly in accordance with statements are presented fairl: ¢ financial reporting standards. Substantive procedures could either be analytical procedures or test of details of transactions and balances. This phase will always be performed by the auditor. Primary objective: To ascertain the degree of correspondence between the financial statements prepared by client’s management and the financial reporting framework. With this, the auditor will be able to conclude whether or not the financial statements are presented fairly in accordance with financial reporting standards. 5. Completing the audit Wrapping-up procedures are performed; conclusions reached are reviewed; and an overall opinion is formed during this phase. Primary objective: To assist the auditor in assessing conclusion reached is consistent with evidence gathered 6. Issuance of the audit report In this stage, auditor prepares and issues audit report which describes the scope of the audit and states the auditor's conclusion regarding the fairness i of th statements. aces Primary objective: To communicate the conclusions reached by the auditor to various intended users 7.Post-audit responsibilities After completion of the audit engagement, auditor Performs procedures that will enable him/her identify areas for improvement in- the current and engagements. fare Primary objective: To assess and evaluate the quality of services delivered by the engagement teamChapter 1 - Overview of Audit Process and Pre-engagement. Activities, PRE-ENGAGEMENT Acceptance of an engagement : In making a decision whether to accept or reject an engagement, an auditor should consider the following: 4, Its competence; 2. Its independence; 3. Its ability to serve the client properly; and 4. The integrity of the prospective client's management. Furthermore, the auditor is expected to perform the following: | 1, Obtain a preliminary knowledge of the client's business and industry to determine whether the auditor has the degree of competence required by the engagement. ts to the firm’s independence 2. Consider whether there are any threa feguards can be and objectivity, and if so, whether adequate sa established. 3. Evaluation of the firm’s ability to serve the prospective client. 4, Evaluate auditability. 5. Investigation of the integrity of the client's m inquiry to appropriate parties or commun! predecessor auditor. Matters to be discussed with predecessor auditor include the following: (RID) a. The predecessor's understanding as to the Reasons for change in auditors; b. Information that might bear on the Integrity of the management; and c. Disagreements between the predecessor auditor and management as to accounting principles, auditing procedures, etc. anagement through ication with the Note: Every time communication is made to parties other than the client, the auditor shall seek permission from the client and document the items discussed. 6. Agree on the terms of the engagement and prepare an engagement letter. Agreeing the Terms of Audit Engagements The audio and the client shall agree on the terms of engagement. The agreed terms would need to be recorded in an audit engagement Ik other suitable form of contract. PLL\ Chapter 1 - Overview of Audit Process and Pre-engagement Activities Itis in the interest of both client id ditor that the auditor sends an engagement letter, preferably before the commencement of the engagement to help avoid misunderstandings with respect to the engagement. The engagement letter documents and confirms: a. Auditor’s acceptance of the engagement b. Objective and scope of the audit c. Extent of auditor's responsibilities to the client d. Form of any reports Contents of engagement letter (RA FORMS) The form and content of audit engagement letters may vé but they would generally include reference to: The presence of audit Risk Unrestricted Access to whatever records The financial reporting Framework used Objective of the audit ‘The form of any Reports or other communication Management's responsibility ‘The Scope of the audit ‘The auditor may also wish to include in the letter: (FRAP Reports) Basis in which Fees are computed and any billing arrangements Expectation of receiving Representation letter ‘Acknowledgment of management of terms of agreement Arrangements regarding the Planning of the audit Description of any other letters or Reports ary for each client, mmoeaorep epaoop When relevant, the following points could also be made: «Arrangements concerning the involvement of other auditors and experts in some aspects of the audit. © Arrangements concerning the involvement of internal auditors and other staff. « Arrangements to be made with the predecessor auditor, if any, in the case of initial. Any restriction of the auditor's liability when such possibility exists. e Areference to any further agreements between the auditor and the client. Audit of Components When the auditor of a parent entity is also the auditor of its subsidiary, branch, or division (component), the factors that influence the decision whether to send a separate engagement letter to the component include the following: «© Who appoints the Component auditor; * Legal requirements in relation to audit appointments; 4Chapter 1 - Overview of Audit Process and Pre-engagement Activities Degree of Ownership by parent; Whether a Separate auditor's report is to be issued on the component; and * Degree of Independence of the component's management from the parent entity. Recurring Audits On recurring audits, the auditor should consider whether circumstances require the terms of the engagement to be revised and whether there is a need to remind the client of the existing terms of the engagement. The auditor may decide not to send a new engagement letter each period. However, the following factors may make it appropriate to send a new letter: ¢ Any indication that the client misunderstands the objective and scope of the audit. Any revised or special terms of the engagement. Arecent change of management, board of directors or ownership. A significant change in ownership. A significant change in nature or size of the client's business. A change in legal or regulatory requirements. ‘Achange in financial reporting framework adopted in the preparation of the financial statements. © Achange in other reporting requirements. Acceptance of a Change in Engagement a, Stop performing the old engagement b. Stop referring to the old engagement, except Yes /+| when the new engagement involves agreed- upon procedures Is there a c, Start performing the new engagement reasonable justification? a. Continue the original audit engagement No |} p. When prohibited to continue, withdraw from the audit engagement Note: Every time withdrawal is made, the auditor should consider the necessity of communicating the reasons to appropriate level of management.Chapter 1 - Overview of Audit Process and Pre-engagement Activities Circumstances that could lead to Change in Engagement Circumstances Justifiable? 1.Change in circumstances affecting the need for the service Vv 2.A misunderstanding as to the nature of an audit or related v Services originally requested 3A restriction on the scope of the engagement, whether x imposed by management or caused by circumstances 4.1f the change relates to information that is incorrect, x incomplete or otherwise unsatisfactory 5.The auditor is unable to obtain sufficient appropriate audit x evidence regarding assertionsChapter 1 - Overview of Audit Process and Pre-engagement Activities CHAPTER 1: REVIEW QUESTIONS - THEORETICAL 1, Set the following phases in proper order: i, Pre-Engagement . _iy, Planning » Internal Controls; —_v. Post-Audit Responsibilities « fii, Evidence-Gathering - vi,Reporting ¢ . i iy, ili ji, v, vi b. 4. i, iv, i,t, v, vi 2. Acts to be performed in order to obtain audit evidence. a. Audit standards c. Audit program b. Audit procedures d. Audit strategy 3. Audit procedures performed to obtain an understanding of the entity and its environment, including its internal control, and to assess the risks of material misstatements at the financial statement and assertion levels. a, Risk assessment procedures c. Substantive procedures b. Tests of control d. Analytical procedures 4. Audit procedures to test the operating effectiveness of controls in preventing or detecting and correcting material misstatements at the assertion level. a. Riskassessment procedures _, Substantive procedures b. Tests of control d. Analytical procedures 5. Audit procedures to detect material misstatements at the assertion level. a. Riskassessment procedures __c. Substantive procedures b. Tests of control d. Analytical procedures 6. If the auditor believes that the scope of the audit examination has resulted in the auditor being unable to acquire sufficient appropriate evidence with respect to an item included in the financial statements then the materiality of the item will determine the choice of the proper audit opinion. The choice could be a. Either a qualified opinion or an adverse opinion b. Either a qualified opinion or disclaimer of opinion ¢. Either an adverse opinion or disclaimer of opinion d. Either an unqualified opinion or an adverse opinion 7. Ifa company’s external auditor expresses an unqualified opinion as a result of the audit of the company’s financial statements, readers of the audit report can assume that a, The company is financially sound and the financial statements are accurate b. The external auditor found no fraud ¢. Internal control is effective All material disagreements between the company and the auditor about the application of accounting principles were resolved in the satisfaction of the external auditor. 7Chapter 1 - Overview of Audit Process and Pre-engagement Activities 8. If the auditor determines that there are misstatements that remain uncorrected by the client, then the materiality of these misstatements will determine the choice of the proper audit opinion. The choice could be a. Either a qualified opinion or an adverse opinion b. Either a qualified opinion or disclaimer of opinion © Either an adverse opinion or disclaimer of opinion d._ Either an unqualified opinion or an adverse opinion 9. With regard to independence, which of the following ‘statements is alan a. Audit engagements provide assurance to a wide range of potent al users; consequently, both independence in mind and independence in appearance are of particular importance. i b. Oat the Sua partner is required by the Code of Ethics to be independent from their assurance clients. . ¢. In case of audits of financial statements, the Code of Ethics requires member of the assurance team, the firm but not network firms to be independent of the client. d. In case of audits of financial statements, the Code of Ethics requires the auditor to be independent from their assurance team from the start of performing procedures required by the engagement up to the issuance of the report. 10. Ultimately, the decision about whether or not an auditor is independent must be made by a. Auditor c. Client’s management b. Public d. Audit committee 11. Which of the following would not be a consideration of a CPA firm in deciding whether to accept a new client? a. The client's financial ability. b. The client’s relations with its previous CPA firm. c. The client's standing in the business community, 4. The client's probability of achieving an unqualified opinion. 12. Which of the following factors most likely would influence an auditor’s determination of the auditability of an entity’s financial statements? a. The operating effectiveness of control procedures b. The existence of related-party transactions c. The complexity of the accounting system d. The adequacy of the accounting records 13. Management's integrity affects all of tl a. Business risk b. Financial Reporting risk he following risks except: ©. Audit risk d. All of these risks are affectedChapter 1 - Overview of Audit Process and Pre-engagement Activities 14, 15. 16. 17. Prior to the acceptance of an audit engagement with a client who has terminated the services of the predecessor auditor, the CPA should a. Contact the predecessor auditor without advising the prospective client and request a complete report of the circumstances leading to the termination of the engagement with an understanding that all information disclosed will be kept confidential. b. Accept the engagement without contacting the predecessor auditor since the CPA can include audit procedures to verify the reason given by the client for the termination. c. Not communicate with the predecessor auditor because this would in effect be asking the auditor to violate the confidential relationship between an auditor and the client. d. Advise the client of the intention to contact the predecessor auditor and request a permission for the contact. Before accepting an audit engagement, a successor auditor should make specific inquiries of the predecessor auditor regarding: a. The predecessor's evaluation of matters of continuing accounting significance b. Disagreement which the predecessor had with the client concerning auditing procedures and accounting principles c. The degree of cooperation the predecessor received concerning the inquiry of the client's legal counsel d. The predecessor's assessment of inherent risk and judgments about materiality If the prospective client refuses to permit the predecessor to respond or limits the predecessor's response, the successor should: a. Continue to ask the predecessor auditor questions on facts that might bear on the integrity of management b. Accept the engagement but only after an equitable increase in the professional fee c. Inquire as to the reasons and consider the implications in deciding whether to accept the engagement d. Issue a disclaimer of opinion because the limited response of the predecessor auditor constitutes a significant scope limitation When an independent auditor is approached to perform an audit for the first time, he or she should make inquiries of the predecessor auditor. Inquiries are necessary because the predecessor may be able to provide the successor with information that will assist the successor in determining whether The company rotates auditors The engagement should be accepted The predecessor's work should be used In the predecessor's opinion, control risk is less than high poseChapter 1 - Overview of Audit Process and Pre-engagement Activities 18. If permission from the client to discuss its affairs with the proposed auditor is denied by the client, the predecessor auditor should: a. Keep silent of the denial b. Disclose the fact that the permission to disclosure is denied by the client ©. Disclose adequately to proposed auditor all noncompliance made by the client d. Seek legal advice before responding to the proposed auditor 19. A firm has obtained information that would have caused it to decline an engagement had the information been available earlier. Actions available to the auditor would include the following, except: a. Reporting the information and its implications to the person/s who appointed the CPA b. Withdraw from the client relationship c. Withdraw from the engagement d. Issue a disclaimer of opinion 20. According to PSA 210, the auditor and the client should agree on the terms of engagement. The agreed terms would need to be recorded in a(n) a. Memo placed in the permanent section of the working papers b. Client representation letter c. Engagement letter d. Comfort letter 21. An engagement letter is best described as a. A letter from the company to the auditors specifying management's expectations for completion of the audit on a timely basis and the fees. b. A letter from the auditors to company management specifying that management is responsible for the financial statements, and the auditors will issue an opinion on the financial statements. c. A letter from the auditors to company management that specifies the responsibilities of both the company and the auditors in completing the audit and the timing for its completion. d. A letter from the Board of Directors’ audit committee to the auditor that indicates the auditor has been engaged to perform the audit and the fees to be paid. 22, An engagement letter is prepared with the interest(s) of a. The auditor only c. The public b. The client only d, Both the client and the auditor 23. Which of the following statements is/are correct? Statement 1: The auditor and the client should agree on the terms of the engagement. Such an agreement may be in the form of audit engagement letter or other suitable form of contract. Statement 2: Even in those countries where the scope of the audit is established by law, an engagement letter may be informative for the client. 10Chapter 1 ~ Overview of Audit Process and Pre-engagement Activities 24, 25. 26. 27. 28. a. Only statement 1 is correct b. Only statement 2 is correct c. Both statements are correct d. Both statements are incorrect Engagement letters are widely used in practice for: a. Professional engagements of all types b. Assurance engagements only c. Related services only d. Audits only The primary purpose of the engagement letter is to: a. Satisfy the requirements of the CPA's liability insurance policy b. Remind management that the primary responsibility for the financial statements rests with management c. Provide a written record of the agreement with the client as to the services to be provided d. Provide a starting point for the auditor's preparation of the preliminary audit program Engagement letter that documents and confirms the auditor’s acceptance of the engagement would normally be sent to the client. a. Before the commencement of the engagement b. Before the auditor report is issued c. After the audit report is issued d. Atthe end of the fieldwork An audit engagement letter least likely include: a. A reference to the inherent limitations of an audit that there is an unavoidable risk that some material misstatements may remain undiscovered b. Description of any letters or reports that the auditor expects to submit to the client c. Identification of specific audit procedures that the auditor needs to undertake d. Basis on which fees are computed and any billing arrangements Which of the following matters is generally included in an auditor's engagement letter? a. The factors to be considered in setting preliminary judgments about materiality : : b. Management's vicarious liability for illegal acts committed by its employees : c. Management's responsibility for the entity’s compliance with laws and regulations : d. The auditor's responsibility to search for significant internal control deficiencies 11S Chapter 1 - Overview of Audit Process and Pre-engagement Activities 29. The form and content of the audit engagement aay vary for each * client, but they would generally include reference toecept a. Management's responsibility forall the financial state lat b. The scope of the audit, excluding reference to applicab le legislation, " regulations, or pronouncements of professional bodies to which the it es. on c Ths tori at any reports or any communication of results of agement, ; d, Unrestricted access to whatever records, documentation and other information requested in connection with the audit. 30. Arrangements concerning with which of the following are least likely to be included in the engagement letter? a. Fees and billing b. Apredecessor auditor c, CPA investment in client securities d. Other services to be provided in addition to the audit 31. Which of the following statements would least lil engagement letter? a, “Fees for our services are based on regular per diem rates, plus travel and other out-of-pocket expenses.” b. “During the course of our audit, economy in, or improved controls over your operations.” ¢, “Our engagement is subject to the risk that material misstatements of fraud, if they exist, will not be detected.” After performing our preliminary analytical Procedures we will discuss with you the other Procedures we consider necessary to complete the engagement.” 32. When a CPA is the auditor of a parent entity and also the auditor of its Subsidiary, branch or division (component), which of the following factors need not be considered in deciding whether to send a separation engagement letter to the component? a. Who appoints the audi b. Legal requirements c. Number of reports to be d. Whether a separate audi kely appear in an auditor's Wwe may observe opportunities for itor of the component Prepared during the peak audit season reports to be issued on the component 33. Which of the following statements is/are correct? Statement 1: On recurring audits, the au circumstances require the terms of the whether there is a need to remind the ditor should consider whether engagement to be revised and client of the existing terms of engagement. Statement 2: The auditor should send a new engagement letter each year to an established client. a. Only statement 1 is correct ¢. Both statements are correct b. Only statement 2 is correct d. Both statements are incorrect 12Chapter 1 ~ Overview of Audit Process and Pre-engagement Activities 34. On recurring audit engagements, the auditor may decide not to send a new engagement letter each period. In which of the following situations will there be no need to send a new letter? Revisions or special terms of the engagement Significant change in nature or size of the client’s business Indications of misunderstanding of the objective and scope of the audit Recent change of middle management and rank and file organizational structure Boge 35. A client's insistence that the audited results are reported quickly after the fiscal year end is of concern to auditors because: a, Many uncertainties inherent in the financial statements cannot be resolved until several months after the year-end closing of the books. b. The financial statements are less reliable because the period covered by the review for subsequent events is shortened ¢, Many clients have December 31 year ends and it is difficult to complete the audit when many of the client's personnel are on holidays. d. Time pressure created by unrealistic deadlines increases the risk of errors in judgment and in the performance of audit procedures. 36. If the auditor concludes that there is reasonable that there is a reasonable justification for the change in engagement, the report to be issued would a, Include reference to the original engagement b. Be that appropriate for the revised terms of the engagement c. Include reference to any procedures that may have been performed in the original engagement d. Not include reference to any procedures that may have been performed, particularly when the new engagement is to undertake agreed-upon procedures 37. Which of the following statements is/are correct? Statement 1: Where the terms of the engagement are changed, the auditor and the client should agree on the new terms. Statement 2: The auditor should not agree to a change of engagement when there is no reasonable justification for doing so. Statement 3: If the auditor is unable to agree to a change of the engagement and is not permitted to continue the original engagement, the auditor should withdraw and consider whether there is any obligation, either contractual or otherwise, to report to other parties, such as the board of directors or shareholders, the circumstances necessitating the withdrawal. Only one statement is correct Only two statements are correct All statements are correct All statements are incorrect poop 13Chapter 1 - Overview of Audit Process and Pre-engagement Activities 38. If a change in the type of engagement from higher to lower of assurance is not justified, the auditor should: a. Withdraw from the engagement. b. Qualify the report on the original engagement. c. Continue with the revised engagement, but make explicit reference i about the original engagement. Refuse to agree to management's request on the change of engagement and continue with the original engagement. 39. Which of the following helps prevent misunderstandings during audit planning? a. Auditor involvement in the preparation of the client's financial records. b. Client involvement in determining specific audit planning issues. c. A preliminary meeting conference with the client to discuss fees, timing, client assistance and related issues. d. Involvement of the client's internal auditors in setting materiality levels and determining the scope of audit tests. 40. One of the first things that the auditor will do after accepting a new client is: a. Contact the client's attorney to discover legal obligations. b. Communicate with the predecessor auditor. ¢. Study the client's internal control structure. d. Tour the client’s facilities. 14Chapter 2 - Audit Planning CHAPTER 2 AUDIT PLANNING - INTRODUCTION AND RISK ASSESSMENT PROCEDURES TOPIC OVERVIEW: This chapter discusses the audit planning process, audit strategy and risk assessment procedures, LEARNING OBJECTIVES: ‘After studying this chapter, you should be able to: Explain audit planning. Identify and explain the major audit planning activities. Identify considerations in establishing audit strategy. Describe the difference of audit strategy, audit plan and audit program. Identify the activities in risk assessment. Describe audit risk and its components and how will it affect the audit procedures. PLANNING AN AUDIT OF FINANCIAL STATEMENTS The primary objective of the auditor is to plan the audit so that the audit will be performed in an effective manner. However, adequate planning also leads to an efficient and timely audit engagement. Pere re The Role and Timing of Planning Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. Adequate planning benefits the audit of financial statements in several ways, including the following: * Appropriate attention is devoted to important areas «Potential problems are identified and resolved on a timely basis © Proper organization and management of the audit engagement leading to an effective and efficient performance * Work are properly assigned to appropriate engagement team members © Assistance in coordinating work done by other auditors and experts Assistance in facilitating direction, supervision and review The nature and extent of planning activities will vary according to the: (SECTa) © Size and complexity of the entity * Previous Experience with the entity of key engagement team members (partner, manager, and staff-in-charge) * Changes in circumstances that occur during the audit engagement a5Chapter 2 - Audit Planning Timing of the Appointment of the independent auditor Planning as a phase of the audit process ; Planning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit and continues until the completion of the current audit engagement. Major Audit Planning Activities The auditor shall establish an overall audit strategy that sets the scope, timing and direction of the audit, and that guides the development of the audit plan after performing the following procedures: Obtaining an understanding of the client and its environment Determining the need for experts Establishing materiality and assessing risks Assessing the possibility of non-compliance Identifying related parties Performing preliminary analytical procedures Development of the overall audit strategy and detailed audit plan Preparation of preliminary audit programs. THE OVERALL AUDIT STRATEGY AND AUDIT PLAN Overall Audit Strategy In establishing the overall audit strategy, the auditor shall: © Identify the characteristics of the engagement that define its scope; © Ascertain the reporting objectives of the engagement to plan the timing of the audit and the nature of the communications required; ¢ Consider the factors that, in the auditor's professional judgment, are significant in directing the engagement team’s efforts * Consider the results of preliminary engagement activities and, where practicable, whether knowledge gained on other engagements performed by the engagement partner for the entity is relevant ¢ Ascertain the nature, timing and extent of resources necessary to perform the engagement Audit Plan After the overall audit strategy has been established, an audit plan can be developed to address the various matters identified in the overall audit strategy, taking into account the need to achieve the audit objectives through the efficient use of the auditor's resources. Fame ao oP The audit plan is more detailed than the overall audit strategy in that it includes the nature, timing and extent of audit procedures to be performed by engagement team members. These procedures may be documented in an audit program. 16Chapter 2 - Audit Planning The audit program shall serve as a: © Set of instructions to assistants involved in the audit; and * Means to control and record the proper execution of the work. The audit program also contains: «The audit objectives for each area; and ¢ A time budget in which hours are budgeted for the various audit areas or procedures. Changes to Planning Decisions during the Course of the Audit The overall audit plan and the audit program should be revised as necessary during the course of the audit. Planning is continuous throughout the engagement because of changes in conditions or unexpected results of audit procedures. Completion of Overall Strategy and Audit Plan The establishment of the overall audit strategy and the detailed audit plan are not necessarily discrete or sequential processes, but are closely inter- related since changes in one may result in consequential changes to the other. Also, preferably, a plan shall be initially completed prior to consideration of internal controls or performance of specific procedures. Planning documentation The auditor shall document: a. the overall audit strategy b. the audit plan c. any significant changes made during the audit engagement to the overall strategy or audit plan, and the reasons for such changes Additional Considerations in Initial Audit Engagements After performing preliminary engagement activities, for an initial audit, the auditor may need to expand the planning activities because he/she does not ordinarily have the previous experience with the entity that is considered when planning recurring engagements. For initial audits, additional matters the auditor may consider in developing the overall audit strategy and audit plan include the following: « Arrangements to be made with the predecessor auditor to review prior years’ working papers; © Any major issues discussed with management in connection with the initial selection as auditors, the communication of these matters to those charged with governance and how these matters affect the overall audit strategy and audit plan; * The planned audit procedures to obtain sufficient appropriate audit evidence regarding opening balances; and * Other procedures required by the firm’s system of quality control for initial audit engagements. 17Chapter 2 - Audit Planning DIRECTION, SUPERVISION AND REVIEW : The auditor should plan the nature, timing an@ supervision of engagement team ‘members and revie irecti d supervision of , timing and extent of the direction an : oe cement aa embers ‘and review of their work vary depending on many factors, including the assessed risks of material size and complexity of the entity; «the area of audit; and «capabilities and competence o! extent of direction and w of their work. | misstatement; f personnel performing the audit work. Considerations Specific to Smaller Entities : When an audit is carried out entirely by an audit engagement partner, who may be a sole practitioner, it may be desirable to consult with other suitably-experienced auditors or the auditor's professional body. RISK ASSESSMENT PROCEDURES Identifying And Assessing The Risks Of Material Misstatement Through Understanding The Entity And Its Environment It is the objective of the auditor to identify and assess risks of material misstatements, whether due to fraud or error, at the financial statement and assertion levels, through understanding the entity and its environment, including the entity's internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatements. RISK ASSESSMENT PROCEDURES Risk assessment procedures are audit procedures performed to obtain an understanding of the entity and its environment, including the entity’s internal control, to identify and assess the risks of material misstatement, A neon due to fraud or error, at the financial statement and assertion levels. Risk Assessment Procedures and Related Activities The auditor shall: a. Identify risks throughout the process of obtaining an understanding of the entity and its environment, including relevant controls that te te ed theses anid consider the blsdses OF transactions acest belasces and disclosures in the financial statements; peau! b. Relate the identified risks to what can go wrong at the assertion level; c. Consider whether the risks are of a magnitude that could re ie material misstatement of the financial statements; and nit d. Consider the likelihood that the risks could result in a materi misstatement of the financial statements. = 18Chapter 2 - Audit Planning The risk assessment procedures shall include the following: a. Inquiries of management, and of others within the entity who in the auditor’s judgment may have information that is likely to assist in identifying risks of material misstatement due to fraud or error; b. Analytical procedures; and c. Observation and inspection. Note: Risk assessment procedures by themselves, however, do not provide sufficient appropriate audit evidence on which to base the audit opinion. Analytical Procedures during Planning Stage Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Analytical procedures also encompass the investigation of identified fluctuations and relationships that are consistent with other relevant information or that differ from expected values by a significant amount. Analytical procedure is required to be performed during planning stage. It is designed to assist the auditor in planning the nature, timing and extent of other auditing procedures. The Required Understanding of the Entity and its Environment The auditor shall obtain an understanding of the following: a. Relevant industry, regulatory, and other external factors including the applicable financial reporting framework; b. The nature of the entity, including its operations; ownership and governance structure; types of investments that the entity is making and plans to make; and the way the entity is structured and how it is financed; c. Entity’s selection and application of accounting policies, including reasons for changes thereto; d. Entity’s objectives and strategies, and those related business risks that may result in risk of material misstatement; e. The measurement and review of the entity's financial performance; and f. Internal control ASSESSMENT OF AUDIT RISK AND MATERIALITY Materiality and audit risk affect the application of PSA, and are reflected in the auditor’s report. The auditor must make judgments about materiality and audit risk in determining the nature, timing and extent of procedures to apply and in evaluating the results. Materiality Information is material if its omission or misstatement could influence the economic decisions of users taken on the basis of the financial statements. 19Chapter 2 - Audit Planning Materiality depends on the size of the item or error judged in the particular circumstances of its omission or misstatement. ‘ali izes that some matters, but not all, are The concept of materiality recognizes , a ! Important for fair presentation of the financial statements in conformity with PFRS. The auditor should consider materiality and its soe Ala rik when conducting an audit. The auditor's purpose in consi Ce ‘ality at the planning stage of the audit is to determine the appropriate scope of their audit procedures. Using professional judgment, the auditor shall determine materiality at © Financial statement level - the smallest aggregate amount of misstatement applicable to all financial statements. * Assertion level for classes of transaction, account balances and disclosures - largest tolerable misstatement. Audit Risk : : Pee Audit Risk is the risk that the auditor gives an inappropriate audit opinion when the financial statements are materially misstated. Components of Audit risk a. Risk of material misstatement ¢ Inherent Risk is the susceptibility of an account balance or class of transactions to misstatement that could be material, individually or when aggregated with misstatements in other balances or classes, assuming that there were no related controls, Control Risk is the risk that a misstatement, that could occur in an account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes, will not vented or detecte: corrected on a timely basis by the accounting and internal control systems. b. Risk of not Detecting the Misstatement * Detection Risk is the risk that the auditor's substantive Procedures will not detect a misstatement that exists in a account balance or class of transactions that could be material, individually or when aggregated with misstatements in other balances or classes. If the auditor wishes to reduce detecti performed shall be a. As to nature - more effective procedures b. As to timing - closer or nearer to year-end ©. Asto extent - larger sample size ion risk, procedures to be 20Chapter 2 - Audit Planning Interrelationship of the Components of Audit Risk ‘Auditor's Assessment of control risk is High Medium Low ‘Auditor's High Lowest Lower Medium assessment ofinherent risk | Medium | Lower Medium Higher Low Medium Higher Highest Relationships of Risk and Materiality to substantive procedures. Direct, Risk of material misstatement (inherent and control risks) Risk of not detecting the misstatement (detection risk) Inverse Materiality Inverse Summary of Procedures Performed in Planning an Audit Obtain an understanding of the entity's environment I Consider Materiality and Assess Risk of Material Misstatements I Determine the acceptable level of Audit Risk 1 Identify Detection Risk to determine the nature, timing and extent of further audit procedures 21Chapter 2 - Audit Planning CHAPTER 2: REVIEW QUESTIONS - THEORETICAL the engagement and ‘i i tegy for hing the overall audit strategy tne f acceptably low li gy I ‘eI Inv der to reduce audit risk developing an audit plan in 0} er aparing b, Planning © Field work a. Organizing 2. Adequate planning of the audit work helps the auditor of accomplishing the following objectives, except: a. Ensuring that appropri the audit. : a b. Identifying the areas that need a service ofan expert. c. Gathering ofall corroborating audit evidence, 4. The audit work is completed efficiently. ate attention is devoted to important areas of 3. Which of the following statements is/are correct? _ Statement 1: The client should plan the audit work so that the audit will be performed in an effective manner. Statement 2: The auditor should develop and document plan describing the scope and conduct of the audit. a. Only statement 1 is correct c. Both statements are correct b. Only statement 2 is correct d. Both statements are incorrect an overall audit 4, Which of the following activities should be performed by the auditor at the beginning of the current audit engagement? I. Perform procedures regarding the continuance of the client relationship and the specific audit engagement. IL. Evaluate compliance with the requirements of the Code of Ethics for Professional Accountants in the Philippines, including independence. III, Establish an understanding of the terms of the engagement. a. TandIl b. Hand IIT c. land III d. 1, Il, and II 5. Which of the following procedures should be pe h for i prior to starting an initial audit? Performed by the auditor I. Perform procedures regarding the ace i c ptance of th i and the specific audit engagement. © client relationship Il. Communicate with the previous auditor, wh unicat h where there has bi of auditors, in compliance with relevant ethical rieirementa acange a. lonly b. Ionly c, BothI&II d. Neither I nor II 6. Which of the following statements is incorrect? a. The auditor should plan the audit so thi lat i performed in an effective manner. the cogezament will be b. Planning an audit involves establishi1 ing the overall audit strat the engagement and developing the audit plan, in order to rodhice ude risk to an acceptably low level. ce audit 22Chapter 2 - Audit Planning e nga Saati the engagement partner and other key members of 7 © engage ay een to benefit from their experience and insight and a. Plamince the effectiveness and efficiency ofthe planning process. » Manning is not a discrete phase of an audit, but rather a continual and iterative process that often begins shortly after (or in connection with) the completion of the previous audit i ee udit and izati ‘ and continues until the final 7. The auditor should plan the audit work so that the audit will be performed 1 1 0. in an effective manner. The extent of planning wi i A nin, ths following seep Pl ig will vary according to any of a. Auditor's experience with the entity and knowledge of the business. b. The nature and complexity of the audit engagement c. The assessed level of control risk. d. Size of the audit client. Which of the following statements is/are correct? Statement 1: Obtaining knowledge of the entity business is an important part of the planning the audit work. Statement it ; The auditor's knowledge of the entity's business assists in the identification of events, transactions and practices which may have a material effect on the financial statements. a. Only statement 1 is correct c. Both statements are correct b. Only statement 2 is correct d. Both statements are incorrect ‘The auditors plan should A B c D Succeed action Yes Yes No No Be flexible Yes Yes Yes Yes Be cost-beneficial Yes No Yes Yes Which of the following statements is/are correct? Statement 1: The overall audit plan and the audit program should not be revised during the course of the audit. Statement 2: The auditor should develop and document an audit program setting out the nature, timing and extent of planned audit procedures required to implement the overall audit plan. a. Only statement 1 is correct c. Both statements are correct b. Only statement 2 is correct d. Both statements are incorrect Which of the following statements is/are correct? Statement 1: According to PSA 300, the auditor may discuss elements of planning with those charged with governance and the entity's management. Statement 2: The audit plan sets the scope, timing and direction of the audit guides the development of the more detailed overall audit strategy. 23Chapter 2 - Audit Planning Statement 3: The overall audit strategy is more detailed than the audit plan and includes the nature, timing and extent of audit procedures to be performed engagement team members to obtain sufficient appropriate audit evidence to reduce audit risk to an acceptably low level. a. Only 1 statement is correct c. All statements are correct b. Only 2statementsare correct d. All statements are incorrect 12. In planning the audit engagement, the auditor should consider each of the following except ; a. The kind of opinion (unqualified, qualified, or adverse) that is likely to be expressed. : fi b. Matters relating to the entity’s business and the industry in which it operates. c. The entity's accounting policies and procedures. d. Materiality level and audit risk. 13. Which of the following is least likely considered by the CPA when he makes an overall audit plan? a. The nature and timing of reports and other communication with the entity that are expected under the engagement b. Identification of complex accounting areas including those involving accounting estimates c. The effect of information technology on the audit d. The content of the representation letters 14. Which of the following matters should be considered by the auditor in developing the overall audit strategy? a, Important characteristics of the entity, its business, its financial performance and its reporting requirements including changes since the date of the prior audit b. Conditions requiring special attention, such as the existence of the related parties c. The setting of materiality level for audit purposes d. All of the above 15. In developing the overall audit strategy, the focus of the engagement team's efforts is considered. Which of the following is not appropriately classified asa factor affecting the focus of the team’s efforts? a. The financial reporting framework on which the financial information to be audited has been prepared, including any need for reconciliation to another reporting framework. b. Setting materiality for planning purposes. c. Audit areas where there is a higher risk of material misstatement. d. Volume of transactions, which may determine whether it is more efficient for the auditor to rely on internal control. 24Chapter 2 - Audit Planning 16. With respect to planning an audit, which of the following statements is always true? a, Aninventory count must be observed at year-end, b, An engagement should not be accepted after the client’s year-end. c. Final staffing decisions must be made prior to completion of the planning stage, d. It is acceptable to perform a Portion of the audit of a continuing client at interim dates, 17. In planning stage of an audit engagement, the auditor is required to perform audit procedures to obtain an understanding of the entity and its environment, including its internal control. These procedures are called a. Substantive tests ¢, Test of controls b. Risk assessment procedures —_d, Dual-purpose tests 18. Analytical procedures used in planning an audit should focus on identifying: a. Material weaknesses in the internal control system b. The Predictability of financial data from individual transactions c. The various assertions that are embodied in the financial statements 4. Areas that may represent specific risks relevant to the audit 19. Analytical procedures are required: 2 ABs @ OD * As a risk assessment. procedure Yes Yes Yes Yes performed during planning * As a substantive test procedure during Yes Yes No No evidence gathering * Asan overall review at audit completion No Yes No Yes 20. The objective of performing analytical procedures in planning an audit engagement is to identify the existence of: a. Related party transactions b. Unusual transactions and events c. Recorded transactions that were not properly authorized d. Illegal acts that went undetected because of internal control weaknesses 21, Which of the following procedures would an auditor most likely perform in planning an audit of financial statements? a. Inquiring of the client's legal counsel concerning pending litigation. b. Comparing the financial statements to anticipated results. c. Examining computer generated exception Teports to verify the effectiveness of internal controls. 4. Searching for unauthorized transactions that may aid in detecting unrecorded liabilities. 25Chapter 2 - Audit Planning 22. Analytical procedures used in planning an audit should focus on a. Reducing the scope of tests of controls and substantive tests. on b. Providing assurance that potential misstatements will be identi ied. c. Enhancing the auditor's understanding of the client's business. d. Assuming the adequacy of the available evidential matter. 23, This serves as the set of instructions to assistants involved in the audit ang as a means to control and record the proper execution of the work of the personnel involved in the service. a. Audit procedures c. Audit program b. Audit plan d. Audit risk model 24. The auditor should design the written audit program, so that: All material transactions will be selected for substantive testing. Substantive tests prior to the balance sheet date will be minimized. The audit procedures selected will achieve specific audit objectives. Each account balance will be tested under either tests of controls or tests of transactions. pose 25, In designing audit programs, an auditor should establish specific audit objectives that related primarily to the a. Selected audit techniques c. Financial statement assertions b. Timing of audit procedures _d. Cost-benefit gathering evidence 26. The auditor should document the overall audit strategy and the audit plan, including significant changes made during the audit engagement. Which of the following statements on documentation is incorrect? a. Documentation of the overall audit strategy may be made in the form of a memorandum that contains key decisions regarding the overall scope, timing and conduct of the audit. b. The auditor may use standard audit programs or audit completion checklists, but such programs and checklists need to be tailored to the particular client. c. The auditor’s documentation of any significant changes to the originally planned overall audit strategy and to the detailed audit plan need not include the reasons for the significant changes. d. The form and extent of documentation depend on such matters as the size and complexity of the entity, materiality, the extent of other documentation, and the circumstances of the specific engagement. 27. Audit procedures may be classified as risk assessment procedures and further audit procedures. Which of the following best describes risk assessment procedures? a. These procedures are used detect material misstatements at the assertion level. b, These procedures include tests of details of classes of transactions, account balances, and disclosures and analytical procedures. 26Chapter 2 - Audit Planning 28. 29. 30. 31. 32. c. These procedures test the operating effectiveness of controls in Preventing, or detecting and correcting, material misstatements at the assertion level, These are procedures for obtaining an understanding of the entity and its environment, including its internal control, to assess the risks of material misstatement at the financial statement and assertion levels. The audit program should contain the following, except: a, Audit objective b. Set of planned audit procedures c. Time budget for the various audit areas d. The combined assessed level of inherent and control risk Which of the following procedures is not performed as a part of planning an audit engagement? a. Reviewing working papers of the prior year b. Performing analytical procedures c. Designing an audit program d. Test of controls Cost-benefit considerations are part of audit planning. In relation to this, which of the following audit procedures is usually the least costly to perform? a. Tests of balances c. Analytical procedures b. Tests of transactions d. Tests of controls Which of the following procedures would an auditor least likely perform in planning a financial statement audit? a. Coordinating the assistance of entity personnel in data preparation. b. Discussing matters that may affect the audit with firm personnel responsible for non-audit services to the entity. c. Selecting a sample of vendor's invoices for comparison to receiving reports. d. Reading the current year’s interim financial statements. Audit risk has three components: inherent risk, control risk and detection risk, Which of the following statements is correct? a. Detection risk is a function of the efficiency of an audit procedure. b. Cash is more susceptible to theft than an inventory of coal because it has a greater inherent risk. c. The risk that material misstatement will not prevent or detected ona timely basis by internal control can be reduced to a zero by effective controls. d. The existing levels of inherent risk, control risk and detection risk can be changed at the discretion of the auditor. 27Chapter 2 - Audit Planning 33. Some accounts balances, such as those for retirement benefits and finance lease, are the results of complex calculations. The susceptibility to material misstatements in these types of accounts is referred to as. a. Audit risk c. Control risk b. Detection risk d. Inherent risk 34, Inherent risk and control risk differ from detection risk in that inherent risk and control risk are: Elements of audit risk while detection risk is not. ee Changes at the auditor's discretion while detection risk is not. Functions of the client and its environment while detection risk is not. Considered at the individual account balance level while detection risk is not. aos 35, There is an inverse relationship that exist between the acceptable level of detection risk and the a. Risk of falling to discover material misstatement b. Preliminary judgments about materiality levels ©. Assurance provided by substantive tests 4. Risk of misapplying audit process 36. Which of the following statements is not correct about materiality? a. The concept of materiality recognizes that some matters are important for fair presentation of financial statements in conformity with GAAP, while other matters are not important. An auditor considers materiality for planning purposes in terms of the largest aggregate level of misstatements that could be material to any one of the financial statements. Materiality judgments are made in light of surrounding circumstanced and necessarily involve both quantitative and qualitative judgments. d. An auditor's consideration of materiality is influenced by the auditor's perception of the needs of a reas: onable person who will rely on the financial statements. 37. In considering materiality for planning purposes, misstatements aggregating P60,000 would ha entity's income statement, but that misstatements would have to aggregate P40,000 to materially affect the balance sheet Ordinarily, it would be raeetate to design auditing procedures that would be expected to detect misstatements that aggregate: a. P40,000 b. P50,000 Ash, auditor believes that ve material effect on an c. P60,000 d. 100,000 8 Would an auditor most likely use in determining the judgment about materiality? ample size of theChapter 2 - Audit Planning 39. 40. Which of the following statements is/are correct? Statement 1: Supervision involves developing an overall strategy for the expected conduct and scope of the audit. Statement 2: Planning involves directing the efforts of assistants who are involved in accomplishing the objectives of the audit and determining whether those objectives were accomplished. a. Only statement 1 is correct c, Both statements are correct b. Only statement 2 is correct d. Both statements are incorrect In performing an audit of financial statements, the auditor should obtain a sufficient knowledge of a client's business and industry to a. Develop an attitude of professional skepticism concerning management's financial statement assertions. b. Make constructive suggestions concerning improvements to the client's internal control. c. Evaluate whether the aggregation of known misstatements causes the financial statements taken as a whole to be materially misstated. d. Understand the events and transactions that may have an effect on the client's financial statements, 29Chapter 3 - Internal Control Consideration CHAPTER 3 INTERNAL CONTROL CONSIDERATION AND RESPONSES TO ASSESSED RISKS RESPONSES TO ASSESOEe TOPIC OVERVIEW: isk: This chapter discusses internal controls, assessment of control risks ang how will it affect audit procedures. LEARNING OBJECTIVES: i ae After studying this chapter, you should be able to: \ 1, besérine ae objectives and inherent limitation ie an uinternal control. 2. Identify and explain each component of internal control. | 3. pea the appropriate responses of the auditor to assessed tisks. 4. Explain test of controls and substantive procedures and identify how they are affected by assessed risk. INTERNAL CONTROL CONSIDERATION The auditor should obtain an understanding of the accounting and internal control systems sufficient to plan the audit and develop an effective audit approach. The auditor uses the understanding of internal control to identify types of Potential misstatements, consider factors that affect the risks of material misstatement, and design the nature, timing, and extent of further audit procedures, ACCOUNTING AND INTERNAL CONTROL SYSTEMS Accounting system is a series of tasks and records of an entity by which transactions are processed as a means of maintaining financial records. Such systems identify, assemble, analyze, calculate, classify, record, summarize and report transactions and other events. Internal Control System means all the policies and procedures (internal controls) adopted by the managemer nt of an entity to assi opted by g st in achieving management's objective of ensuring, as far as practicable, * orderly and efficient conduct of its business, including adherence to management policies; safeguarding of assets; prevention and detection of fraud and error; accuracy and completeness of the timely preparation of reliable fina accounting records; and incial information, 30Chapter 3 - Internal Control Consideration The internal control system extends beyond those matters which relate directly to the functions of the accounting system. ENTITY'S INTERNAL CONTROL Internal control is a process, effected by those charged with governance, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a. Effectiveness and efficiency of operations; b. Reliability of financial reporting; and Compliance with applicable laws and regulations. Assurance provided by internal control There is a direct relationship between an entity’s objectives and the controls which are implemented to provide assurance of their achievement. However, no matter how well designed and operated, internal control can only provide reasonable assurance, Inherent Limitations of Internal Control The internal control can only provide reasonable assurance because of inherent limitations that may affect the effectiveness of internal controls. Such limitations include: (COC CHA) ¢ Management usual requirement that a control be cost-effective (Cost- benefit consideration); The possibility that a person responsible for exercising control could abuse that responsibility (Management Overriding the control); The possibility of circumvention of controls through Collusion with parties outside the entity or with employees of the entity; The possibility that procedures may become inadequate due to Changes in condition and compliance with procedures may deteriorate; The potential for Human error due to carelessness, distraction, mistakes of judgment or the misunderstanding of instructions; and The fact that most controls tend to be directed at Anticipated types (routine) of transactions and not at unusual (non-routine) transactions, Areas of Internal Control Areas of internal control can be classified as either administrative control or accounting control. Administrative control includes, but is not limited to, plan of organization and the procedures and records that are concerned with the decision Processes leading to management's authorization of transactions. Administrative controls promote operational efficiency and adherence to managerial policies. 31= Internal Control Consideration rises the plan of organization i, accounting control comp : a on the other hands records that are concerned with the safeB¥eT™ Ng of and the Procereeliability of financial records. It involses bys Nk 9 oa feion and approval controls over assets, internal au‘ ‘ author! financial matters. ‘ols Relevant to the Audit ae oe ators risk assessment process relates to cone Le poe entity's objective of preparing financial statements for 1S and the management risk that may give rise to a material misstatement in those financial statements. Chapter 3 It is a matter of professional judgment, subject to the requirements of PSA, whether a control, individually or in combination with others, is relevant to the auditor's considerations in assessing the risks of material misstatement and designing and performing further procedures in response to assessed risks. In exercising that judgment, the auditor considers the applicable component and factors such as the following: a. The auditor's judgment about materiality; b. The size of the entity; c. The nature of the entity's business, including its organization and ownership characteristics; d._ The diversity and complexity of the entity's operations; e. Applicable legal and regulatory requirements; and f. The nature and complexity of the systems that are part of the entity’s internal control, including the use of service organizations. Components of Internal Control Internal control, as discussed in PSA 315 (Redrafted), consists of the following components: (CRIME) a, Control Environment b. Entity’s Risk assessment process ©. Information and communication systems d. Control Activities e. Monitoring of Controls A. The control environment Fail rvironment includes the governance and management ‘unctions and the attitudes, awareness, and acti u a a tions of those charged with governance and mana; fa Beer n gement concer ity's i control and its importance in the entity. Tete Gety a (eternal Elements of control environment: (IM CPA HO) 1. Communication and enforcemer nt of Integrity and ethi : 2. Management's philosophy and operating style sie taa: 3. Commitment to competence; 5 3 Participation by those charged with governance; 32Chapter 3 - Internal Control Consideration 5. Assignment of authority and responsibility; 6. Human resources policies and procedures; and 7. Organizational structure. B, The entity’s risk assessment process An entity's risk assessment process is the process of identifying and responding to business risks and the results thereof, For financial reporting purposes, the entity's risk assessment process includes how management identifies risks relevant to the preparation of financial statements that are presented fairly, in all material respects in accordance with the entity's applicable financial reporting framework, estimates their significance, assesses the likelihood of their occurrence, and decides upon actions to manage them. Risks can arise or change due to circumstances such as the following: Changes in operating environment New personnel New or revamped information systems Rapid growth New technology New business models, products, or activities Corporate restructurings Expanded foreign operations New accounting pronouncements rom me aoop The auditor shall obtain an understanding of whether the entity has a process for: (IAM) Identifying business risks relevant to financial reporting objectives « Assessing the significance of risks and the likelihood of their occurrence * Deciding how to Manage those risks C. The information system, including the related business processes relevant to financial reporting, and communication. An information system consists of Infrastructure (physical and hardware components); a b. Software (processes and procedures; c. People; d. Input or data; and e Output or meaningful information. NOTE: Infrastructure and software will be absent, or have less significance in systems that are exclusively or primarily manual. The information system relevant to financial reporting objectives, such as the financial reporting system, consists of the procedures and records established to initiate, record, process, and report entity transactions 33, Chapter 3 - Internal Control Consideration Goneigerwtiog io ai at {as well as events and conditions) and to maintain accountability for the related assets, liabilities, and equity. Communication of financial reporting roles and responsibilities ang significant matters relating to financial reporting includes: a. Communications between management and those charged with governance and i b, External communications, such as those with regulatory authorities Control activities relevant to the audit Control activities are the policies and procedures to help ensure that management directives are carried out. Examples of control activities include those relating to the following: (APIPS) a. Authorization * Specific authorization (for unusual, material, or infrequent projects) * General authorization (for regular transactions) b. Performance reviews (actual performance versus budget, forecasts, and prior period performance) c. Information processing (from initiation up to the eventual inclusion of transaction in financial reports) d. Physical controls (for both assets and documents) €. Segregation of duties To achieve optimum segregation of responsibilities, the following functions should be performed by different employees: (I CARE) * Independent checks Custody of assets Authorization of transactions Recording of transactions Execution of transactions Monitoring of controls. Monitoring is the process of assessing the quality of internal control performance over time. It involves assessing the design and operations of controls on a timely basis and taking necessary corrective actions. Monitoring is done to ensure that controls continue to operate effectively. Monitoring can be accomplished through a. Ongoing monitoring activities (performed by persons within the same line function) b. Separate evaluations (performed by internal auditors, audit committee, and/or external auditors ¢. Combination of the two. 34Chapter 3 ~ Internal Control Consideration RESPONSES TO ASSESSED RISKS The auditor shall design and implement overall responses to address the assessed risks of material misstatement at the financial statement level. Moreover, the auditor shall design and perform further audit procedures whose nature, timing, and extent are based on and are responsive to the assessed risks of material misstatement at the assertion level. In designing the further audit procedures to be performed, the auditor shall: a. Consider the reasons for the assessment given to the risk of material misstatement at the assertion level for each class of transactions, account balance, and disclosure, including: i, The likelihood of material misstatement due to the particular characteristics of the relevant class of transactions, account balance, or disclosure (i.e,, the inherent risk); and ii, Whether the risk assessment takes account of relevant controls (ie, the control risk), thereby requiring the auditor to obtain audit evidence to determine whether the controls are operating effectively (ie, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); and b. Obtain more persuasive audit evidence, the higher the auditor’s assessment of risk. TESTS OF CONTROLS The auditor should give adequate consideration to controls relevant to the audit. The quality of the entity’s internal control can have a significant impact in determining the nature, timing and extent of the audit procedures in gathering audit evidence related to class of transactions, account balances and disclosures. The auditor shall design and perform tests of controls to obtain sufficient appropriate audit evidence as to the operating effectiveness of relevant controls when: a. The auditor's assessment of risks of material misstatement at the assertion level includes an expectation that the controls are operating effectively (ie, the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures); or Substantive procedures alone cannot provide sufficient appropriate audit evidence at the assertion level. Tests of controls over the design of a policy or procedure include Inquiry, Observation, Inspection, Reperformance, and Walk-through tests. 35Chapter 3 - Internal Control Consideration SUBSTANTIVE PROCEDURES Irrespective of the assessed risks of design and perform substantive p! transactions, account balance, and disclosure. Summary of Pros Control Risk assessment procedures material misstatement, the auditor shajj rocedures for each material class of cedures Performed in Consideration of Interna) Further audit procedures i Control risk Perform Obtain an atmaximum |p] Substantive understanding of Make a preliminary evel tests theinternal — }_»} assessment of control focusing Control Risk on the design Control risk Perform and at below Tests of implementation maximum, controls ofthe controls, level Perform Substantive tests Control risk at maximum level Make a reassessment Perform Substantive tests Control risk at below maximum level of Control Risk Effect of the reassessment of control risk on the audit approach Resevessment of Control ‘Audit Approach Effect on epee CR assessment remains at | Reliance approach |e Less effective Less than High procedures ¢ Interim testing may be appropriate ¢ Smaller sample size CR assessment is changed Switch to no © More effective to High Reliance approach | procedures ¢ Tests nearer or at year-end « Larger sample size Documentation requirements Control Risk eee Control risk Basis for the "aueseitenit of internal aasekenieat control risk control assessment High Yes Yes No Less than high Yes Yes Yes) 36Chapter 3 ~ Internal Control Consideration 1, It is the process designed and effected by those charged with governance, management, and other personnel to provide reasonable assurance about the achievement of the entity's objectives. a, Internal auditing c. Business strate, b. Internal control A d. Accounting process 2. Areason to establish internal control is to: a. Provide reasonable assurance that the objectives of the organization are achieved b. Ensure the accuracy, reliability and timeliness of information c. Encourage compliance with organizational objectives d. Have a basis for planning the audit 3. This is a basic concept of internal control which recognizes that the cost of internal control should not exceed the benefits expected to be derived from it: a, Management by exception c. Limited liability b. Management responsibility d, Reasonable assurance 4. Internal controls are not designed to provide reasonable assurance that a. The recorded accountability for assets is compared with the existing assets at reasonable intervals b. Access to assets is permitted only in accordance with management's authorization c. Transactions are executed in accordance with management's authorization d. Irregularities will be eliminated 5. Internal control can only provide reasonable, not absolute, assurance of achieving entity control objectives. One of the factors limiting the likelihood of achieving those objectives is that: a. The auditor's primary responsibility is the detection of fraud. b. The board of directors is active and independent. c. The cost of internal control should not exceed its benefits. d. Management monitors internal control. 6. Which of the following is an example of an inherent limitation in a client's internal control system? a. The effectiveness of procedures depends on the segregation of employee duties. b. Procedures are designed to assure the execution and recording of transactions in accordance with management's authorization. c. In the performance of most control procedures, there are possi of errors arising from mistakes in judgment. d. Procedures for handling large numbers of transactions are processed by information technology (IT) equipment. ities 37Chapter 3 - Internal Control Consideration 7. PSA 315 Redrafted requires the auditor client's internal controls a, Foreveryaudit — b, For first-time audits ; c. Whenever it would be appropriate d. Sufficient to find any frauds which 8. The primary purpose of the auditor’s conside to obtain an understanding of the may exist ration of internal control is to ide a basis for ; ie Determining whether procedures and records that are concerned with the safeguarding of assets are reliable. f lee b. Constructive suggestions to clients concerning deficiencies in internal control. : ; c. Determining the nature, timing and extent of audit tests to be applied. d._ The expression of an opinion. 9. In an audit of financial statements, an auditor’s primary consideration regarding a control is whether it: a. Reflects management's philosophy and operating style. b. Affects management's financial statement assertions. c. Enhances management's decision-making processes. d. Provides adequate safeguards over access to assets. 10. The following are components of internal control: a. Organizational structure, management philosophy, and planning. b. Control environment, risk assessment process, control activities, information system and communication, and monitoring of controls. c. Risk assessment process, backup facilities, responsibility accounting and natural laws. d. Legal environment of the firm, management philosophy, and organizational structure. 11. Which of the following statements best describes “control environment”? a. Policies and procedures that help ensure that management directives are carried out. b. The system for transferring information from transaction processing systems to the general ledger or the financial reporting system. c. The entity's Process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof. d. This includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity's intel if ral importance to the entity. ‘y adeChapter 3 - Internal Control Consideration 12. Which of the following considered control environment elements? 13. 14. 15. 16. sConumitment Detection Organizational -focompetence ___Risk __—__Structure a. Yes No Yes b. Yes Yes Yes . No No No . No No Yes An entity's risk assessment process includes how Management: A B c D ¢ Identifies risk Yes Yes No Yes ¢ Assess significance and likelihood of occurrence of these identified risks Yes Yes Yes No «Decides upon actions to manage these risks Yes No Yes No Risks can arise or change due to circumstances such as the following, except: a. There is a change in the regulatory or operating environment (ie. a new law has been passed which prohibits the use of a chemical which is a main ingredient of the company’s major product). b. New employees have been hired by the company. c. The company switched from manual information systems to a computerized system. d. The accounting and financial reporting framework has remained stable for the past five years, and no new pronouncements have been made. As part of a periodic planning exercise, Cedric Naranjo Company discovers that a political dispute may interfere with the company’s supply sources. This is an example of: a. Control environment c. Control activities b. Risk assessment d. Monitoring of controls Under PSA 315, monitoring of controls is an internal control component that involves a process of assessing the quality of internal control performance over time. It involves assessing the design and operation of controls on a timely basis and taking necessary corrective actions. Monitoring of controls is accomplished through ongoing monitoring activities, separate evaluations, or a combination of the two. An entity's ongoing monitoring activities often include a. Periodic reporting by the entity's internal auditors about the functioning of internal control b. The audit of the annual financial statements c. Periodic audits by the audit committee d. Reviewing the purchasing account 39Chapter 3 - Internal Control Consideration ee eenanieri constitute one of the five compo en or component? 1 retell is not included in this internal ¢' comp ioe fone duties ¢. An internal audit fun b. Sicramnee reviews d. Authorization Perfor 18. Which of the following statem types of controls to a financial Sipe rdinarily relevant b cn caver the reliability of assets and liabilities are of primary portance, while controls over the ‘liability of financial reporting also be relevant. « Controls over the reliability of financial reporting are ord nae ae "directly relevant to a financial statement audit. but other controls may also be relevant. 4. An auditor may ordinarily ignore substantive audit approach is taken. 19. Aninternal control system that is working effectively a. Eliminates risk and potential loss of to the entity b. Cannot be circumvented by management c. Reduces the need for management the review exception reports ona day-to-day basis d._ Is unaffected by changing circumstances by the entity 20. When considering an entity's system of internal control, one of the auditor's major concerns is to ascertain whether internal control is designed to provide reasonable assurance that a. Financial statements are fairly presented b. The accounting manager reviews all accounting transactions ¢. Profit margins are maximized, and operational efficiency is optimized d. Corporate morale problems are addressed immediately and effectively ents concerning the relevance of various nt audit is correct? to a financial statement audit. a consideration of controls when a and conditions encountered 21. When obtaining knowledge about an entity's internal control, it is important for the auditor to consider the competence of its employees because their competence bears directly and importantly upon the a. Cost-benefit relationship of internal control b. Comparison of recorded accountability with assets c. Achievement of the objectives of internal control d, Timing of substantive tests to be performed 2 NS Obtaining an understanding of internal control involves «Evaluating the design of a control Ya Ya ww 2 «Determining whether the control has sed been implemented Testing the effectiveness ofa control yaqCN@ Yes Yes No Yes Yes 40Chapter 3 - Internal Control Consideration 23. Control activities are the policies and Procedures that help ensure that management directives are carried out. These include activities relating partiemarnt performance reviews, information processing, physical controls and segregation of duties. There is proper segregation of duties when an individual who i ie a, Authorizes a transaction records it. b. Maintains custody of an asset has acc ess to the accounting records for the asset. Authorizes transaction maintains custody of the asset that resulted from the transaction. Records a transaction do not compare the accounting record of the asset with the asset itself. 24, The primary objective of procedures performed to obtain an understanding of internal control is to provide an auditor with a. Information necessary to prepare flowcharts. b. Evidence to use in reducing detection risk. c, Knowledge necessary to plan the audit. d. Abasis for modifying test of controls. 25. To obtain an understanding of the relevant policies and procedures of internal control, the auditor performs all of the following except: a, Make inquiries c. Make observations b. Design substantive tests d. Inspect documents and records 26. After obtaining an understanding of an entity's internal control, an auditor may assess control risk at the maximum level for some assertions because the auditor a. Believes the internal control policies and procedures are unlikely to be effective. b. Determines that the pertinent internal control components are not well documented. c. Performs tests of controls to restrict detection risk to an acceptable level. 4. Identifies internal control policies and procedures that are likely to prevent material misstatements. 27. After obtaining an understanding of internal control and assessing control risk, an auditor decided to perform tests of controls. The auditor most likely decided that a. Additional evidence to support a further reduction in control risk is not available. b. It would be efficient to perform tests of controls that would result in a reduction in planned substantive tests. c. An increase in the assessed level of control risk is justified for certain financial statement assertions. d. There were many internal control weaknesses that could allow errors to enter the accounting system. 41Chapter 3 - Internal Control Consideration i ‘ontrol? 28. Which of the following is a correct statement abou see “ fat choad a. The cost-benefit relationship HW a Sainte eri e considered in designing internal control pre b. The auditor can eliminate substantive tests on sine acount balances and classes of transactions for an entity tha tionally strong internal control ea 3 ani c. The suena auditor has the responsibility to establish and maintain internal control | 4. Properly maintained internal control reasonably ensures that collusion among employees cannot occur 29, In obtaining an understanding of internal control relevant to the audit, an auditor is required to obtain knowledge about the a. Effectiveness of controls that have been implemented. b. Consistency with which controls are currently being applied. ©. Design of the controls pertaining to internal control components. 4. Controls related to each class of transactions and account balance. 30. Information about segregation of duties ordinarily is best obtained by a. Performing test of transactions that corroborate management's financial statements assertions. b. Developing audit objectives that reduce control risk. c. Observing employees as they apply specific controls. d. Obtaining a flowchart of activities performed by entity personnel. 31. In conducting an audit in accordance with PSAs, the auditor is required to identify and assess the risks of material misstatement at the financial statements level, and at the assertion level for classes of transactions, account balances, and disclosure. Some of these risks, in the auditor's judgment, require special audit consideration, such as those that involve fraud or complex transactions. Such risks are called a, Business risks ¢. Significant risks b. Audit risks d. Material risks 32, The auditor's primary objective i client's control over the purchasing a. Investigate the recordin, materials. b. Determine the reliability of financial Teporting by the purchasing function. © Observe the annual physical count, d. Ascertain that raw material Paid for are on hand, in obtaining an understanding of the function is to 'g of unusual transactions regarding raw 33. When obtaining an understanding of an entity's internal control, an auditor should concentrate on the substance of controls rather than their form because: a. The controls may be Operating effectively but May not be documented. b. Management may establish appropriate controls but not act on them. 42Chapter 3 - Internal Control Consideration ¢. The controls may be so inappropriate that no reliance is contemplated by the auditor, d. Management may implement controls with costs in excess of benefits. 34. When obtaining an understanding of the accounting and internal control system the auditor may trace a few transactions through the accounting system. This technique is: a. Reperformance c. Control test b. Walk-through d. Validity test Control risk assessment procedures include all of the following except a, Inspection of documents c. Confirmation of bank balances b. Observation of procedures d. Inquiry of client personnel 35. 36. Evidence of the performance of control risk assessment procedures includes all of the following except a. Flowcharts ©. Questionnaires b. Lead schedule d. Memoranda 37. Which of the following statements regarding auditor documentation of the client’s internal control structure is correct? a. Documentation must include flowcharts, b. Documentation must include procedural write-ups. ¢. No documentation is necessary although it is desirable. d. No one particular form of documentation is necessary, and the extent of documentation may vary. 38. After obtaining a sufficient understanding of internal control, the auditor: a. Assesses the need to apply GAAS. b, Determines the preliminary assessment of control risk. c, Determines the assessed levels of detection risk and inherent risk. d. Assesses detection risk to determine the acceptable level of inherent risk. 39. The ultimate purpose of assessing control risk is to contribute to the auditor's evaluation of the risk that: a. Specified controls requiring segregation of duties may be circumvented by collusion. b. Tests of controls may fail to identify controls relevant to assertions. ¢. Material misstatement may exist in the financial statements. d. Entity policies may be circumvented by senior management. 40. An auditor may decide to assess control risk at the maximum level for certain assertions because the auditor believes a, Evaluating the effectiveness of policies and procedures is inefficient. b. Sufficient evidential matter to support the assertions is likely to be available. More emphasis on tests of controls than substantive tests is warranted, « 4. Considering the relationship of assertions to specific account balances is more efficient. 43Chapter 3 - Internal Control Consideration 41. 42, 43, An auditor’s flowchart of a client's accounting system is a diagrammatj, n audi f i ditor’s representation that depicts the au s ; a. : Assessment of control environment’s effectiveness b. Identification of weaknesses in the system © Understanding of the system d. Assessment of control risk i i is true? Which of the following statements is , a. Tests of controls are necessary if the auditor plans to use the substantive approach. : b. Tests of controls are necessary if the auditor plans to assess the level of control risk at maximum. : The auditor can simultaneously obtain an understai control and perform tests of controls. d. After performing tests of controls, th control risk at maximum. After documentin, perform tests on: a. Those controls that the auditor plans to rely on. b. Those controls that were r primarily nding of internal e auditor will always assess ig internal control in an audit engagement, the auditor may ify mana embodied in the financial statements, Apply analytical Pprocedui intive tests to validate the assessed level of control risk, Consider whether evidenti: reduction in the assessed le Evaluate whether the r structure policies and Procedures detected material misstatements in the financial statements, al matter is available to support a further vel of control risk, internal contro} sment includes ex; ectatic i effectiveness of controls, Pectation of the operating When substantive procedures al appropriate audit evidence at the ag lonly ¢. Either | or 11 Honly d. Neither I nor 11 one do ne J lot provide sufficient 'sertion level, oP 44Chapter 3 - Internal Control Consideration 46. 47. 48. 49. 50. Tests of controls are used to test whether controls are: a, Properly incorporated in the financial statements b. Placed in operation or implemented Properly documented by the client d. Operating effectively Tests of controls may include the following, except: a, Reperformance of internal control procedures b. Inquiries about, and observation of, internal controls which leave no audit trail ¢. Inspection of documentary support to transactions evidencing authorization d. Analytical procedures involving comparison of operating expenses with budget amount An auditor intends to perform test of controls on a client's control procedures that leaves no audit trail of documentary evidence. The auditor most likely will test the procedure by a. Inquiry and inspection b. Inquiry and observation ¢. Confirmation and reperformance d. Analytical procedures and confirmation Which of the following is the auditor's purpose of further testing internal control procedures? a. Provide a basis for reducing the assessed level of control risk below that which resulted from the auditor's initial understanding of internal control. b. Reduce the risk that errors or fraud which are not prevented or detected by internal control are not detected by the independent audit. c. Provide assurance that transactions are executed in accordance with management's authorization and access to assets is limited by a proper segregation of functions. d. Provide assurance that transactions are recorded as necessary to permit the preparation of the financial statements in accordance with PFRS. Which of the following statements is correct? a. Tests of controls are necessary if the auditor plans to use the primarily substantive approach. b. Tests of controls are necessary if the auditor plans to assess the level of control risk at a high (maximum) level. c. The auditor can simultaneously obtain an understanding of internal control and perform tests of controls. d. After performing tests of controls, the auditor will always assess control risk at a high level. 45Chapter 3 ~ Internal Control Consideration 51. 52. 53. 54, 55. Ha colt Which of the following is not a characteristic of the lower control risk approach? : 7 a 7 The auditor usually plans to place considerable Oia on the controls, b. The auditor plans to perform extensive tests promis s. © Control risk is usually assessed at maximum level. d. Substantive tests are usually restricted. A control that reduces the risk that an existing or potential contro} weakness will result in a failure to meet a control objective is referred to as; a. Compensating control c. Non-routine control b. Conditional control d. Offset control When a compensating control exists, a weakness in the system: a. Isno longer a concern because the potential for misstatement has been sufficiently reduced. b. Is reduced but it is not removed; therefore, it is still of concern to the auditor. ¢. Could cause a material loss, so it must be tested using substantive procedures. d. Is magnified and must be removed from the sampling process and examined in its entity. If no changes have occurred since the controls were last tested, a CPA should a, Rely on the prior year audit’s assessment of internal controls and use this assessment in the current year. b. Test the operating effectiveness of such controls at lea: fourth audit. c. Rely entirely on the performance of substantive audit procedures. d. Test the operating effectiveness of such contr third audit st once in every ols at least once in every Regardless of the assessed level of control risk, an auditor some a. Test of controls to determine the 0} would perform perating effectiveness of internal control policies b. Analytical procedures to verify the design of internal control procedures ©. Substantive test to restrict detection risk for significant classes of transactions d. Dual-purpose test to evaluate rpo: both the risk of Monetary misstatement and preliminary control risk 46